23
Three Great Initiatives From The Trusted Computing Group
Category: Computers and TechnologyA lot of people are not aware of it, but many personal computers these days (forecast to be about 150 million this year alone) come with a very advanced security chip that can be used under full control of the owner of the computer to improve the level of safety and security of the computer, applications, and the internet connection. The chip’s behaviour has been specified by experts from all over the world working for many major companies through the Trusted Computing Group (TCG) initiative. They are specifying not just the chip, but many other protocols and systems that use the chip to enhance safety and security. This article describes some of the interesting developments that the TCG members are now bringing to you, or plan to bring to you, the user and controller of the chip.
Trusted Platform Module (TPM): This is the core of the Trusted Computing Group activities. A small secure hardware chip that provides encryption facilities secure enough for today’s applications. The chip can prove to other applications that the computer is in a known state, so online banking software, for instance, can be sure that the computer is who it claims to be, and you can be sure that there are no rogue viruses or spyware trying to steal your password. This level of assurance is unavailable with existing anti-spyware or virus detectors; they can only claim they can’t find known vulnerabilities. The Trusted Plaform Module tells you your machine is good, a much more reassuring state than today’s “I think it’s not compromised.”
Mobile Trusted Module (MTM): The Trusted Platform Module is designed for today’s personal computers, but in the mobile phone world there are different security requirements, so another working group within the TCG, the Mobile Phone Working Group (MPWG) has produced a specification for a TPM that fits into the cellphone business model, the Mobile Trusted Module. Strictly speaking, there’s actually two different MTMs, the Remote type and the Local type, respectively referred to as the MRTM and the MLTM. As the mobile phone world requires stricter control over the what applications run due to strict regulatory issues for mobile telephony, you have to relinquish some control of your mobile phone, but in return you can open up a world of new features such as secure mobile banking, mobile ticketing, mobile payment, and many other functions.
Trusted Network Connect (TNC): This is perhaps the most interesting development for the corporate world, a protocol that allows you to authenticate yourself to your computer, your computer to authenticate itself to the network, and the network to authenticate your computer, preventing any unauthorized access to the network. If the worst comes to the worst and your machine gets lost or stolen, the network managers can turn off access to the network for the stray machine. When this is combined with the TPM protecting the hard disk, the risks to your business from wayward machines is drastically reduced. This Trusted Network Connect also can protect the data stream, so risks from wiretapping or wireless evesdropping (or wireless leeching) are also virtually eliminated.
So, you can see how the TCG’s TPM and other initiatives under their umbrella are working to protect you from many of today’s risks in the ever-more connected world. Next time you buy a computer, ask for one with a Trusted Platform Module and reap the rewards! The latest news from the trusted computing world can be found at http://blogoftrust.com , so bookmark it and don’t miss an issue.
Ken Yasumoto-Nicolson is involved with trusted computing initiatives and keeps a close watch on developments to bring the latest news to you.
Tags: tcg, tpm, trusted computing