Slashdot Mirror
Interesting Uses for Trusted Computing
An anonymous reader writes "The Unlimited Freedom blog has published a new article describing 'interesting' uses of Trusted Computing. (Google cache here). Trusted Computing, as implemented in Microsoft's NGSCB (Palladium) or the Trusted Computing Group (TCPA), has been one of the most controversial technology proposals of recent years, to put it mildly. But the article on Unlimited Freedom offers a new perspective. The author examines 12 different applications which could benefit from access to Trusted Computing technology. And most of them are uncontroversial or would actually improve privacy and anonymity. Among the examples listed are multi-player games, online casinos, P2P networks, anonymous remailers, distributed computing and mobile agents. The analysis provides an interesting contrast to the usual focus on Trusted Computing's impact on control over digital content."
...I'm cool with Trusted Computing.
As long as my computer is being told what it can or cannot do by someone other than me, I DON'T WANT IT.
Whether we like the intended uses or not it's coming to a BIOS/OS near you. We might as well find "good" uses for it.
Although I don't see how telling another system what process you are running could be a good thing.
You can always flash that BIOS away and replace it with a new one that doesn't have the trusted computing crap in it. There are some open source alternatives out there already.
All those moments will be lost in time, like tears in rain.
I understand all of the benefits of trusted computing, but still find it hard to accept for two reasons.
First, I don't beleive that any system that is physically in the users hand is secure. Given enough time and motivation crafty end users will crack the system. For an example we need look no further than mod-chips and video game systems.
Second, I'm a tinkerer. I love to play around with new technology and software. Ultimately this technology would be in everything from your computer to your dishwasher. I'd hate to lose that ability to dig around the machine and software myself or have to pay extra to modify my computer and devices to gain that back.
As long as there are multiple competing trust providers, and administrators can choose which ones to certify for interoperability with their systems, I don't see much of a problem.
Of course, the problem is that right now there is essentially only one trust provider, and its previous behavior doesn't incline me toward trusting it.
The benefit of using multiple trust certifications is that OSS could get in on the game... if someone wanted to set up a way to submit source and receive signed compiled binaries for a small fee. A bit of a hassle and in effective in the event a licensee wants to modify the code, but then again the licensee could pay the original OSS coders or submit the modified source for signing themselves.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
And I'm sure there will be an option to disable it in that bios. And when that option disappears, Macs and their OpenFirmware will look very attractive.
Attractive to whom?
The majority of people using computers? Hardly. If the software they run (like Windows, for instance, or media players) doesn't either work or work poorly without DRM you can bet that they'll find DRM bios more attractive.
The owls are not what they seem
Among the examples listed are multi-player games, online casinos, P2P networks, anonymous remailers, distributed computing and mobile agents.
The problem with the typical Slashdot users' attitudes to Trusted Computing is that these obvious benefits get ignored while they harp on all the negatives. That's why articles like this get written. There's good reason to point out the problems with Trusted Computing. For example, a multi-player game success story would be the XBOX Live system. By ensuring the games are signed copies and blacklisting modchipped XBOXes, they've effectively eliminated cheating and helped prevent piracy. The problem is that they also prevent third party development for a machine that customers want apps to be developed for. The Xbox Media Center is an incredible accomplishment that's stymied by the tight control Microsoft has over this particular form of Trusted Computing.
If our opinions were more balanced, perhaps the inevibility of Trusted Computing would be more favorable to consumers and developers.
Your analogy of Trusted Computing to medical research in concentration camps is shockingly inappropriate.
Moreover, your assertion that Trusted computing should be fought because it is "immoral" and "evil" smacks of the very same totalitarianism you appear to despise. Are you the sole person to determine what is immoral and evil? What if I have a different morality or viewpoint? Will you compare me to a WWII doctor, then, too?
If the DRM catches on and it gets legitimized, we'll soon have closed and regulated hardware like network cards, audio and graphics card that won't transfer data, play music or show graphics unless the mandatory DRM chip gives the permission to do so.
What on earth does WWII have to do with trusted computing? It's a way to remove a lot of the blind faith people have in computers. Which, funnily enough, is the same blind faith that ends up screwing everyone when something goes wrong.
To the paranoid, trusted computing is "evil". To those with their heads screwed on properly, it's just another tool in their belt.
I'm not having a go at you, but the hysteria /. and other sources have built up around this topic. The same things were said about Intel's CPU-ID thing, which turned out to be absolutely nothing. The IT industry has a great track record of blowing things out of all proportions. Millennium bug, anyone?
Whilst people seem to have a knee-jerk reaction against "Trusted Computing", I think there is one crucial issue that actually determines wether or not it's a Good Idea(tm). And that is: Who holds the master keys to my computer?
Point being that hardware level security features can be a great boon, as long as I decide what to trust and what not to trust.
Ofcourse, that's pretty guaranteed not what MS wants to push, but still - when discussing "Trusted" architectures in general, I think it's a valid point. It could for instance enable me to say that I trust the FSF's list of trustworthy applications - and viruses and other malware would actually be physically unable to run on my workbox. How could that be wrong?
Another issue I've thought about is - how can anyone be so sure it won't be cracked? People seem to be tinking that hardware enabled "security" (DRM, whatever) will finally give watertight security. Yet, to my knowledge, both PlayStations and XBOX'es has tried that trick - to no avail. (In the sense that those wanting to subvert the protection mechanisms seems perfectly able to do so).
Ohwell, just my thoughts atleast. If I have misunderstood anything, feel free to correct me :)
That's the whole idea of trusted computing (amongst other things), is allowing a trusted remote service to know full well that the computer its talking to is on the level. It's based in hardware, and is drenched in encryption and intelligent process control.
The trusted computing will provide more security than you've got now, by far. And if you don't like it, you can turn it off. It's that simple. No-one's going to force you to use it, unless you want to run their software. That seems fair enough to me.
Um, the two concepts are utterly and completely unrelated to each other. They are suited to completely different purposes.
Some might argue that given the spoofable nature of TCP/IP, Symbiot's concept is suited to zero purposes, but that's orthogonal to the point:
Perhaps Symbiot considers their database of threats to be not only extremely valuable to competitors, but also extremely valuable to their targets. THEN THEY'RE GOING TO NEED SOME DRM, AREN'T THEY, SMARTIE?
There are many, many acceptable uses of DRM. Iduno if pingflooding for profit really counts as one of them, but: Pingflooding someone that you suspect of hacking is, technically speaking, completely unrelated. Pingflooding someone that you suspect of hacking is, morally speaking, way the fuck below the RIAA, Microsoft, and SCO all rolled together. So even if it were suited to the same tasks as DRM (wtf?), I wouldn't really care.
I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a suggestion. If you were trolling, well done.
There are no trails. There are no trees out here.
Why then and not now? It's basically the same thing.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Oh, so that's what "trust" is all about? It's all about being able to trust ME?
So my PC needs to be locked so I don't cheat in multiplayer games, steal from banks online, or modify my programs...? But why would I do that in the first place? Next thing they'll do is take away the knives from my kitchen to make sure I don't kill anyone?
"Trusted computing" is all about remote hosts trusting YOU. The only way in which this can happen is by making sure YOU won't be able to behave as you want. Those who are pushing this initiative forward are doing so because they want to control what you do, they want to be able to certify what you can do with your PC. While it may be a good thing to try to make online games, online gambling, online banking and others as secure as possible, personal freedom shouldn't be limited in such ways!
It's all a big paradox, because on one hand you get Microsoft releasing an OS that no-one trusts on a security level, while on the other hand they (and others) want to tell you how to use your computer to make sure you can be trusted?
I don't know if you feel the same way, but those examples that would make "trusted computing" such an interesting idea make me feel like a cybercriminal of some sort.
Diego Rey
diegoT
A shotgun is a good use for any hardware made with Palladium.
.net the public would understand. Yep thats right its mostly a marketing word. (I shutter to call it that)
Anyways something more serious. They (Palladium) are trying to implement something that should be totally in software not hardware. Its kinda like throwing hardware at virus's (which is what They are really doing)
Like almost everything microsoft does They are pretty bland about their technolgies. For example can anyone give me a concise answer on
Lets go through what Palladium does.
1 "Critical data is in the user's control"
Wow so thats what drm is all about.. I would of never known.. Seriously Why are they trying to implement part of drm in hardware.. Its not a portable device and even then. Lets get back on topic.. Users are already in control of files. Is it that the gui is confusing to users? Well whats to say that this new drm gui won't be either. I think this is more a case a gui design.
2 'Programs and computers can prove they are the other computer/program'
Seems to me that we can do that too in software.. SSH verifies the other computer when you connect. It's called keeping the private key private..
3 Something about allowing certain users access to certain documents..
We have this too. Its called permissions and useing pgp to send files..
Well I am going to stop there.
I am way past my original post.
I will not support any manufactor that will suppport Palladium, I will go with apple before that happens.
All and all this concept Microsoft is trying to do is overkill, if they only wrote secure code (they are doing better then in the past) they wouldn't need to take such drastic moves.
Uh, I dont get spam. Any spam. At all. I have been spam-free for nearly two years without any sort of filter. It's not hard, just dont give out your email in public. You dont give your home adress and phone number to everyone and their mother do you?
I also dont get any popups, I use Mozilla though its more for the tabbed browsing than the ad blocking.
There is no negative side to my internet experience, and even if there was, I would rather rely on myself to fix my own problems than trust Billy G and his buffoons.
It's called an analogy. Dont take it out of context, ok? That being said, trusted computing is evil because it is about taking away the rights and choices of others in the name of profit. The fact that it is intended to be brought in a manner such that there is no alternative only attestifies to it's evil nature. There is absolutely no consumer benefit to trusted computing. Even the name is inherintly dishonest as trusted computers cant be trusted by their owners. My point was that trusted computing is fundamentaly evil, and my point stands. Benefiting from the evil does not make it any less evil. Got it?
Yes, and that is certainly good enough to delay the development of your average Counterstrike Aimbot.
However, when significant amounts of money get involved, it's a whole different ballgame. Silicon can be debugged remotely. And given how sophisticated the schemes that casinos deal with right now - going on under their noses - it eventually would be.
Further, unlike a game hack, a true professional wouldn't necessarily broadcast the HOW-TO to the world. More likely, he'd just sit back, shuffle accounts, and make millions.
Parent post stolen from here.
Except that you will have no choice, there will be no alternative, and that's what trusted computing is about, taking away choice. It doesn't matter if your a business or a home user, you will have to have trusted computing. Just curious, are you really able to get all of your code signed? You are aware that you don't have to have special hardware to run signed code, aren't you?
It is good to see a few more articles that look at possible uses of Trusted Computing as opposed to just stating that MS is evil. I feel Trusted Computing is a natural evolution of PC design. The PC architecture has traditionally been developed (like almost everything else that old) without any security in mind. Without security in hardware on a PC, there is definite limits to how secure of systems you can build on top of it.. htm
I looked at the NGSCB plans in detail. Most of the things that people complain or fear about in NGSCB or Trusted Computing are not justified by the architecture. It is well designed, does not remove any privledges from the owner, does not lower privacy, but does enable new levels of security to be built into a PC based system. Without initiatives like NGSCB and Trusted Computing, some system will have to be built in proprietary hardware designs (with security in hardware, and additional cost).
I would like to see the Linux community use Trusted Computing features also. I fear if Linux does not act on this oppurtunity, MS will gain some advantage in the server market by offeringmore secure services based on Trusted Computing which Linux does not.
More details on NGSCB and Trusted Computing can be found at http://www.marzenka.com/technology/security/NGSCB
It's been argued (to death, actually), that this is in itself a major problem. If you're in the IT industry, you've heard/spoken the phrases ten thousand times. "Vendor lock-in", "[forced] migration path", "monopoly", "barriers to entry", ..."Microsoft", etc.
Point being, while no one will force you to use apps/systems X, Y, and Z; tomorrow it could be practically impossible to function in society without those very apps/systems.
So, I guess I'm disagreeing with your conclusion of fairness. Consumers and (small/mid-sized) businesses without the muscle/resources to escape or route around TC (should they want it) will - possibly - have no real choice but to "play ball"...
668.5
The big problem is that I do not trust the Trusted Computing. Even if it was carefully designed by the godly Linus Torvalds himself, I wouldn't trust it because it is based on unpatchable hardware with no-one-knows-how-many bugs in it.
OpenSSH is considered secure, and yet every once a while I have to install a bugfix. How would you install a bugfix for hardware? And how would you even know the hardware is broken, apart from noticing huge sums of money being transferred from your account to Nigeria using your brand new VISA Trusted Computing Internet Banking?
Even if the company behind TC wasn't Microsoft, it wouldn't be trustworthy by design. Howgh.
As long as the trusted computing crap is used to protect against copyright violations, you're prevented from circumventing it.
That is wrong. Whether it is used to protect against copyright violations is irrelevant. The DMCA specifically and deliberately addresses cirumvention of technical measures that effectively CONTROL ACCESS to a copyrighted work. That is infinitely broader in scope than just copyright violations.
People who think that the DMCA just seeks to prevent breaches of copyright and that it incidentally walks all over other rights have really missed the point. It is deliberately and maliciously designed to do what it does.
Here was my favorite part of the article.
>>Trusted Computing will totally change the security situation for financial transactions. For the first
>>time, personal computers will be suitable platforms for financial operations. Compared to the
>>security provided by TC, today's computers are defenseless against attacks, and it would be foolish
>>to perform online banking transactions of any significant amount of money.
Right, so I count three points here:
1) TC is going to solve all the problems with online commerce.
2) Today's computers are relatively defenseless.
3) Doing online banking at present is foolish.
Okay, I'll bite. First, I'd dispute the first conclusion, just because *no* technology solves problems of trust outright. I actually work for a major financial institution, and I help manage and maintain our online banking system. So I know, without doubt, that the majority of security problems in today's world are about 10% technology-related, and about 90% people-related - from people doing foolish things with passwords, to not checking the status of accounts when your relationships turn sour, that's what causes the vast majority of security issues with banking, online or no. So no, TC would *not* revolutionize online financial transactions.
I'd dispute conclusion #2 too. Maybe TC computers would be more secure - but to say that today's are "relatively defenseless" ignores not only the reality of today's online environment (that eCommerce works pretty darn well), but also ignores point #1 (that most problems aren't tech-related anyway).
As for number 3 - you can guess what my opinion of that is. Thbbbbpppbpbttt.
Whatta crock.
Intel(or AMD) creates a digital cert for the company.
Intel or AMD produces a hardware module for a PC.
Intel places a digital cert in that module, and signs it with the companies key.
You download the latest copy of emule.
You start it up, and connect to the network.
You querry one of the servers, or a peer and ask to start a connection.
That client asks you for an attestation of the version of emule you are running.
Your software passes that request to the TC Module (with your permission).
You module goes out, calculates a hash concerning the version of emule you are running, and then signs it with it's specific digital sig.
your client returns the attestation to the server or other client that asked for your info.
that client then checks to see if the signature you submited is valid (is it signed by Intel/AMD?). If it is, it checks a website for a list of all of the good hashs for the current emule executables.
The client doesn't need to know what your cert is, only that your sig is backed by one of the 'master' hardware sigs.
i very much appreciate the author's insights. but just as AARG! noticed the EFF report's shortcomings, so his/her analysis is also lacking at least one important perspective. what AARG!'s analysis fails to duly acknowledge is the idea that trusted computing supplies Microsoft (replace "Microsoft" with the existing powerful entity of your choice) with a tool to maintain their power over others.
if Microsoft can enable *wide-spread* lock-in prior to alternatives sufficiently establishing themselves, alternatives may never appear. and if they do appear they may never become a true alternative due to Microsoft's ability to control the environment in which any alternative exists.
we live in a society that allows the existence of monopoly corporations with more rights than people. this allows environments to be created where choice is even harder to come by. customer lock-in means not only limiting/eliminating choice, it also means making it too painful to choose freedom.
Microsoft will continue to attempt to lock-in customers by manipulating the environment so there is less choice. they may or may not succeed to one degree or another. trusted computing gives Microsoft a new tool (in addition to their immense leverage over the computing industry, their political power, their financial resources, and their existing monopoly position) in establishing an environment where choice effectively does not exist.
in my mind this is a much more glaring omission than the technical misunderstandings of the EFF report. what's obvious is that the EFF is interested in being a watchdog for freedom, whereas AARG! seems to assume freedom will just happen.
again, trusted computing gives corporations another tool that allows them to consolidate their power, increase their control, and create environments where alternatives exist only in name.
i choose freedom, and will do all i can to rollback the expansion of corporate rights to pre-1886 levels.
P.S.
AARG!, if you read this i'd love to hear your reply (publicly as i don't use the email address attached to this account) to this concern. btw, is there a way to get a message to you?
That being said, trusted computing is evil because it is about taking away the rights and choices of others in the name of profit.>
Yeah, and buying a car takes away your right to go 200 mph on the highway.
In many cases, if you purchase an item that could reasonably be used to harm others, you accept certain restrictions on its use. For instance, certain modifications to guns or cars are illegal. There's no reason to think that computers are so fundamentally different from any other technology that their modification and use cannot be restricted.
Even the name is inherintly dishonest as trusted computers cant be trusted by their owners.
Assuming, of course, that the user owns the computer. If you're using someone else's computer, you can hardly complain about any restrictions they place on its use.
Recall also the heyday of IBM, when computers were rented rather than bought. TC would be perfectly appropriate in such a scenario.
"Attestation is crucial for this application by allowing the voting server to make sure that the user's voting software has not been altered on the disk."
Since he refers to it as the "user's" voting software, I must assume this would be for home users, not some central polling location. If it's at the user's premises, it shouldn't matter if the user's software has been tampered with. A simple cryptographic hash can be used to ensure that the vote was not tampered with en-route.
"Trusted Computing will solve this problem by allowing the server to make sure that the game client software is clean and unmodified."
First off, many "cheats" don't modify the existing client at all. Instead, they act as wrappers to drivers, or even hack the driver itself. Plus, how can you be sure that the computer doing the checking is really a computer at all? I've written a patch for bochs that lets me tag a specific set of bytecode, and have bochs execute another set entirely. This system would pass any sort of memory check just fine, but none the less can easily be used to cheat.
"Without such a technology, cheating is only going to get worse, demoralizing players and driving them from the games."
Actually, Trusted Computing games would be even less likely to sell. Look at the distribution of games now: how many [non-console] games come out on CD vs DVD? How long have DVD drives been out? The long and short of the matter is that game designers are out to appeal to as broad an audience as possible. The people most likely to modify the game and keep it interesting (mods are a large part of why people still buy half-life one) are the people most likely to be turned off by TC anyway.
"Using remote attestation, player software could confirm that the casino was using a certified and validated software package for its game play calculations, one known to be free of bias and to give the player an honest chance."
And then the casino simply proxies the connection and modifies the output to tell you you lose anyway. Different type of cheating, only now since it's "Trusted", it's even harder to catch.
"Secure I/O prevents the financial application from being spoofed by false or malicious inputs, and protects the privacy of the user by insuring that other software cannot see the information that the financial application is presenting on the screen."
One need only look at email viruses and scams. People are already dumb enough to do it on their own anyway. Trusted computing just means that the bank can finally shift the blame to the consumers instead of the bank (possibly even when it's really not the consumer's fault). Whether you consider this a good thing or bad is a matter of opinion.
"Trusted Computing can alleviate this problem by allowing the formation of a new kind of VPN, one which will only allow trusted applications through the firewall."
How many attacks come through a VPN? Not many. Plus, the ones that do can simply attack the services offered (buffer overflows, race conditions, etc.) This is another case of "it's trusted, so it must be ok" thinking. Remember, trust is something that can compromise your security.
"P2P software can limit the amount of data available to the end user of the machine, so that he does not see which other computers in the network his data comes from".
Ok, even if the software disables netstat, there's nothing it can do about ettercap, or even a hub and a decent network sniffer. Even if the software were flawless, all the **AA would have to do is start a download, and start logging network traffic. Plus as an added bonus, the P2P clients can now refuse to run without or connect to spyware-free clients.
"The step of reading messages, decrypting and mixing them, can be fully protected within the TC security boundary. No longer will the operators of remailers be aware of how their machines are
Contact Me (got tired of viruses emailing me).