McAfee on Trusted Computing – Part 2

Posted by Ken Y-N on June 2nd, 2008 at 01:48pm

Gaith Taha at Avert Labs recently published part two of an introduction to the Trusted Platform Module (TPM). My review of part one may be found here.

This time the focus is on the aspect that makes many people very afraid (due to ignorance, I would argue), namely the loss of privacy and vendor lock-in, with a little bit of Digital Rights Management (DRM) thrown in for good measure.

First, remote attestion allows the authenticity of TPMs to be verified, and privacy may be violated as the TPM has an Endorsement Key (EK) embedded by the manufacturer (actually, that’s not 100% true, as the EK may alternatively be generated via a TPM API), so in theory, if they have the information available, vendors can identify customers. However, there is also an anonymous protocol, Direct Anonymous Attestation, that gets round the problem.

Sealing is another scary concept that binds data to a specific machine state, so in theory vendor lock-in can be achieved by disallowing the running of other software. However, this would be both commercial and legal suicide; think of all the problems Microsoft has had previously with bundling Explorer in the US and Media Player in Europe, and multiply them by ten.

To finish off there’s a hint that the column will be later looking at trusted virtualisation, and the highlighting that TPMs on mobile devices (the Mobile Trusted Module, or MTM) may enforce lock-in.

The mobile world is a very different beast, of course, with even the iPhone locking-out non-approved third parties, so I think the marketplace will be more accepting of a closed environment.

Catch the full article on the Avert Labs blog here.

Tags:

Under Advocacy+ TCG Tags:

Leave a Comment for McAfee on Trusted Computing – Part 2

Required

Required, hidden

RSS Comments Feed RSS Comments Feed  |  Trackback this post

Recent Articles
Adverts

Tags
Blogroll
Categories