Blog of Trust » TCG

Confused by Trusted and Trustworthy Computing

Ken Y-N — Sun, 26 Dec 2010 16:47:00 +0000

In an otherwise very interesting read on the Kevin Townsend blog, an article on anti-virus and anti-spam technology made an all-too-common error of confusing Trusted Computing and Trustworthy Computing, as well as the capabilities of the Trusted Platform Module.

The answer might be in Scott Charney’s title: vice president of trustworthy computing. Microsoft, of course, is a leading member of the Trusted Computing Group (TCG). The TCG has developed specifications for how to control what can and cannot run on a computer – and this can already be achieved via Intel chips (Intel is another member of the TCG) installed on the majority of the world’s PCs.

My regular readers will have noticed the errors, I hope, of segueing Trustworthy Computing (a Microsoft initiative to improve the reliability of their own software with regards to security and robustness) into Trusted Computing, an industry-wide initiative to set standards for a root of trust. Strictly speaking, the Mobile Phone Working Group has defined a specification for how to control what can and cannot run on a mobile phone or similar device, but the much more popular Trusted Platform Module documents do not specify how to control what can be run.

The Trusted Multi-Tenant Infrastructure Work Group

Ken Y-N — Mon, 27 Sep 2010 15:42:30 +0000

Sorry I’m a bit slow with the news, but the Trusted Computing Group’s Trusted Multi-Tenant Infrastructure Work Group (that’s longhand for Cloud Security, basically) has now publically launched!

The TCG has also published a white paper on Cloud Computing and Security – A Natural Match, that discusses why you want a TPM in the cloud, and there has also been an extension to the IF-MAP protocol for Trusted Network Connect to support the Trusted Multi-Tenant Infrastructure Work Group.

TNC and NAC news roundup

Ken Y-N — Sun, 30 May 2010 15:55:33 +0000

There’s been a lot of news recently regarding NAC, Network Access Control, and the Trusted Computing Group’s Trusted Network Connect, so rather than look at each in detail, here is a roundup of the news:

NAC: What went wrong? ComputerWorld looks at why NAC devices don’t play together very well.

What’s Right with NAC The TCG official blog replies to the above article.

Cisco’s NAC goes off track, customers taken aback Problems with Cisco, one of the hold-outs not implementing the TNC standards.

NAC standards wars end in truce Why TNC and the IETF NEA working group are important for NAC standards.

Views clash on best NAC policy How to choose your NAC solution.

And finally, a product announcement press release from InfoBlox on their dedicated IF-MAP server.

TCG sets up Greater China Regional Forum

Ken Y-N — Mon, 14 Dec 2009 14:38:50 +0000

The big Trusted Computing Group news for me is the recent press release announcing the establishment of the TCG’s second regional forum, this time covering mainland China, Hong Kong, and Taiwan, the first being the Japan Regional Forum.

My first reaction was one of apprehension, as Google’s foray into China has not been without criticism, but:

The company argues it can play a more useful role in China by participating than by boycotting it, despite the compromises involved.

I do not for one second believe that the TCG will water down standards to meet Chinese government requirements as such an action would surely affect acceptance by western governments, but to not participate would give the local Trusted Cryptography Module a free rein, and I know which one of the two chips I’d wager did not have a back door…

By the way, the official Trusted Computing Group web site now also has a Chinese-language sub-site.

A rather poor look at Current Issues in Cryptography

Ken Y-N — Sun, 04 Oct 2009 15:09:00 +0000

I read an article on the Walden University Alumni Association Blog entitled Walden Think+Up Case Study "Tales from Decrypt: Current Issues in Cryptography", which seemed like a promising title, but sadly it turned out to be rather poor in its coverage of cryptography, and absolutely hopeless regarding the Trusted Computing Group. For instance:

In short, cryptography demands a fair amount of trust. Like the atom bomb before it, it’s a technology that’s profoundly shaping the modern world but whose complexities only a few individuals, most of them sworn to absolute secrecy, fully understand.

No, these days the best cryptographic algorithms are public algorithms, and people like Bruce Schneier will tell you secrecy is cryptography’s worst enemy.

Next, we reach Trusted Computing:

Yet another area where cryptography is likely to have significant impact is in so-called trusted computing.

[… ]

But some 170 companies, including Intel, Microsoft, and Seagate Technology, are backing it as a way to prevent pirating and to keep malicious and offensive programs from disrupting the computing environments for which they provide relatively costly support.

Ahh, the Trusted Computing Group, all a cunning plan to sell you an expensive service plan.

Dell and Nokia join TCG board

Ken Y-N — Tue, 11 Nov 2008 15:34:08 +0000

Just a short note to say that representatives from Dell and Nokia have been voted onto the Trusted Computing Group’s (TCG) board as Contributor Advisory Members for a one year term. The names of the representatives were not published in the press release, however.

Find the press release at SYS-CON here.

TCG Hands-On Day at RSA Europe

Ken Y-N — Thu, 09 Oct 2008 14:22:45 +0000

At the upcoming RSA Europe Conference on the 27th or 29th of October 2008 at the London ExCel Centre, on Monday the 27th from 11:30 to 17:00 in the centre’s Platinum Room 5/6/7 on Level 2 there will be a chance to experience first-hand the Trusted Computing Group’s (TCG) Trusted Platform Module, network security and self-encrypting drives all working together. The demonstration is free, but one should preregister here.

Hirsch Electronics newest TCG member

Ken Y-N — Thu, 25 Sep 2008 14:28:41 +0000

Just a quick bit of news that Hirsch Electronics, a leading supplier of physical access control and security management solutions to enterprises and government agencies, has signed up with the Trusted Computing Group to contribute to primarily Trusted Network Connect-related activities.

You can read the full press release in a number of places, and I found it at Euro Investor.

Fujitsu Ups their TCG Membership Level

Ken Y-N — Wed, 02 Jul 2008 16:50:28 +0000

JapanCorp reports that Fujitsu has become a Promotor Member of the Trusted Computing Group (TCG), gaining the right to a seat on the board in the process.

What they hope to bring to the group is described thus:

Fujitsu will strive to satisfy customers’ needs for secure and trusted systems by applying its technologies and know-how to TCG activities, promoting TCG specifications, and offering the most advanced products and services.

I know some of the people involved and their projects, so we should see a lot of good things coming out of this. Read the full press release here.

TCG blog on Japan Regional Forum

Ken Y-N — Wed, 25 Jun 2008 16:48:49 +0000

Just a quick note that the official Trusted Computing Group (TCG) blog has been updated by Brian Berger on the subject of the launch of the Japan Regional Forum at Interop Tokyo.

In addition, it also mentioned that the TCG’s “TNC 1.3 Framework Makes Coordinated Multi-vendor” (hmm, looks like a word is missing from that title) regarding the IF-MAP (Interface Metadata Access Point) from the TNC (Trusted Network Connect) specification won a Best of Show Award from Interop Tokyo.

See the full story at here.