Slashdot Mirror
Interesting Uses for Trusted Computing
An anonymous reader writes "The Unlimited Freedom blog has published a new article describing 'interesting' uses of Trusted Computing. (Google cache here). Trusted Computing, as implemented in Microsoft's NGSCB (Palladium) or the Trusted Computing Group (TCPA), has been one of the most controversial technology proposals of recent years, to put it mildly. But the article on Unlimited Freedom offers a new perspective. The author examines 12 different applications which could benefit from access to Trusted Computing technology. And most of them are uncontroversial or would actually improve privacy and anonymity. Among the examples listed are multi-player games, online casinos, P2P networks, anonymous remailers, distributed computing and mobile agents. The analysis provides an interesting contrast to the usual focus on Trusted Computing's impact on control over digital content."
Hmmm, it seems that another approach might also provide these desirable side benefits but also work to secure the Internet as a whole, and not have to use "Trusted" architectures. Although, there are new controversies from the following approach, in short, from my journal: "an emerging Internet security company, Symbiot is taking an entirely new, albeit controversial approach to Internet defense and cyberwarfare that should appeal to cyberpunks everywhere. Rather than the traditional passive response that has been used by sysadmins and CTO's worldwide, Symbiot is taking a more "active" defense approach by implementing a common subscription based access to a "threat database" that will allow participating networks to determine the degree of threat and respond democratically (by using the shared resources of other participating networks) and proportionally to the attack by allowing for a graduated response to cyber attacks. The potential of an asymmetrical response to a threat is also not out of the question.... Links for additional information are here and here."
Visit Jonesblog and say hello.
Just like Sauron's ring, DRM cannot be used for good.
I dont think so. Trusted computing is based in principal on evil. It should not be legitimized by finding ways to use it that were unintended. Endorsing something rooted in evil does not change the morality of the base. I don't care how shiny you giftwrap bullshit, it's still bullshit.
Think of it this way, Germany and Japan conducted much in the way of medical research in WWII, but since they conducted experiments that were inhumane, tortorous, and used unwilling subjects. The medical community wont touch their research, not because it is fundamentaly flawed, but because their research was fundamentaly evil.
Stand up for your morals here and fight trusted computing.
...I'm cool with Trusted Computing.
As long as my computer is being told what it can or cannot do by someone other than me, I DON'T WANT IT.
A nice faq on Trusted Computing.
You are receiving this message because your browser supports Slashdot Sigs and you have Slashdot Sigs enabled.
Applications like online casinos would also benefit from a magical honesty pill which users could take to prevent them from cheating - but it's not going to happen. The idea of trusted computing is to require a specially restricted client machine, but there's no way this could work and be secure enough for something like online gambling. An important rule of online security is *you cannot trust the client*, and even if the standard Dell PC that grandma buys is locked down with all sorts of nastyware, this will do nothing against a determined attacker who is able to program a computer to do what its he, its owner, wants.
Although trusted computing could never provide real security, it can give a lot of inconvenience to 90% of the population to stop them doing things with their computer that Microsoft would prefer them not to do. Just like other copy-protection measures over the years, its purpose is to keep the majority of users under control, not to stop the real criminals.
-- Ed Avis ed@membled.com
I understand all of the benefits of trusted computing, but still find it hard to accept for two reasons.
First, I don't beleive that any system that is physically in the users hand is secure. Given enough time and motivation crafty end users will crack the system. For an example we need look no further than mod-chips and video game systems.
Second, I'm a tinkerer. I love to play around with new technology and software. Ultimately this technology would be in everything from your computer to your dishwasher. I'd hate to lose that ability to dig around the machine and software myself or have to pay extra to modify my computer and devices to gain that back.
As long as there are multiple competing trust providers, and administrators can choose which ones to certify for interoperability with their systems, I don't see much of a problem.
Of course, the problem is that right now there is essentially only one trust provider, and its previous behavior doesn't incline me toward trusting it.
The benefit of using multiple trust certifications is that OSS could get in on the game... if someone wanted to set up a way to submit source and receive signed compiled binaries for a small fee. A bit of a hassle and in effective in the event a licensee wants to modify the code, but then again the licensee could pay the original OSS coders or submit the modified source for signing themselves.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
I got yer trusted computing right here, pal.
I also reply below your current threshold.
I've read about half of it. So far, the gist is that Trusted Computing will require digital certificates for all executables, documents, emails, and web pages (along with images). He claims that since a repository system of certificates will need to be formed (much like we have SSL certs like Thawte now), the power to deny publishing will be concentrated in the hands of the certificate repositories, which presumably will be large corps and governments. He claims this is the "Good Old Days" of producer/consumer media that the entrenched powers prefer, unlike the supposed new era of peer-to-peer internet publishing, whereby anyone can create their own web pages.
Actually, having signed certificates on documents and email is not a bad thing. I've wondered for years why the US Postal service hasn't created a trusted email system for a small postage fee. I use PGP signatures all the time to verify downloads from the Internet. A certificate/signature repository is just a convenience so I don't have to constantly email or call people asking for their public keys. In all likelyhood these repositories will be competitive-but-cooperative databases like DNS, so there will probably always be alternative or bargain signature repositories.
Yes, things will likely get buckled down as the Internet gets more mainstream and govts get their heads around it, but I don't see the gloomy future he does. Maybe he just had too idealistic dreams of the future. The bottom line is that most people don't want to publish their own content, and wouldn't even if they knew how. Blocking inbound port 80 to consumers is not the equivalent of book-burning or censorship, especially if port 80 is largely unused by consumers except as a vector for worms. If you want to publish, you'll just have to find a plan that allows you to do so. The fact the the large ISPs are figuring out that they can charge an extra $10-20/month for this is not the end of world, so long as more than one competing ISP exists.
Also, no matter how much the Internet falls under control of central authorities, new technologies will arise for the tech elite to go about their business as always. After all, we somehow managed to build the Internet and BBS's in spite of the fact that publishers and the media had total control of print and the airwaves. History will repeat.
--- I'll finish this after my cig. break
"a recent software update for Windows Media Player has caused controversy by insisting that users agree to future anti-piracy measures"
I think its time I start looking in to Linux, the only thing that keeps me with MS are the games.
or == Draconian Rules for Me sure DRM can be used for good. DRM has made you powerful, now fulfill your destiny and take Balmers place at my side.
freedom of speech is a small price to pay, for a cheater free online gaming enviorment... seriously are these few good uses supposed to outway the bad?
Among the examples listed are multi-player games, online casinos, P2P networks, anonymous remailers, distributed computing and mobile agents.
The problem with the typical Slashdot users' attitudes to Trusted Computing is that these obvious benefits get ignored while they harp on all the negatives. That's why articles like this get written. There's good reason to point out the problems with Trusted Computing. For example, a multi-player game success story would be the XBOX Live system. By ensuring the games are signed copies and blacklisting modchipped XBOXes, they've effectively eliminated cheating and helped prevent piracy. The problem is that they also prevent third party development for a machine that customers want apps to be developed for. The Xbox Media Center is an incredible accomplishment that's stymied by the tight control Microsoft has over this particular form of Trusted Computing.
If our opinions were more balanced, perhaps the inevibility of Trusted Computing would be more favorable to consumers and developers.
If the DRM catches on and it gets legitimized, we'll soon have closed and regulated hardware like network cards, audio and graphics card that won't transfer data, play music or show graphics unless the mandatory DRM chip gives the permission to do so.
Whilst people seem to have a knee-jerk reaction against "Trusted Computing", I think there is one crucial issue that actually determines wether or not it's a Good Idea(tm). And that is: Who holds the master keys to my computer?
Point being that hardware level security features can be a great boon, as long as I decide what to trust and what not to trust.
Ofcourse, that's pretty guaranteed not what MS wants to push, but still - when discussing "Trusted" architectures in general, I think it's a valid point. It could for instance enable me to say that I trust the FSF's list of trustworthy applications - and viruses and other malware would actually be physically unable to run on my workbox. How could that be wrong?
Another issue I've thought about is - how can anyone be so sure it won't be cracked? People seem to be tinking that hardware enabled "security" (DRM, whatever) will finally give watertight security. Yet, to my knowledge, both PlayStations and XBOX'es has tried that trick - to no avail. (In the sense that those wanting to subvert the protection mechanisms seems perfectly able to do so).
Ohwell, just my thoughts atleast. If I have misunderstood anything, feel free to correct me :)
A lot of these examples are really creepy, and one point keeps coming up: making sure someone on the other side is running "legitimate" versions of software that are known to be unmodified. I just don't think that's a legitimate thing to care about. Specific software fingerprints shouldn't matter; interfaces should. Insisting on specific software instead of standardized interfaces, holds back innovation and flexibility. It's almost like the very point of "trusted computing" is to help create and sustain software monoculture. I think that's disgusting, and I know it's destructive to progress.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Why then and not now? It's basically the same thing.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
I would say relax. TC(Trusted Computing) will actually be a great thing for open source. When people start paying full price for all their "warez", they will start to find that the wish list is bigger than the piggy bank. This technology will enable a great many things, and it does not have to be used (AFAIK). It will also be great for OSS development. It helps to know that the correct TC is being used to submit the code. It will make John Q Public feel safer.
I am no expert on the ramifications of TC, but I do *much* work with companies that want to use the online world, and most of them limit their services due to the issues that TC will solve. Even in OSS, we have to make money. It is how the world goes 'round, puts food on the table. TC will make it easier in some ways to make money. It will also make it easier for the small guy to make money.
That said, there are serious potential abuses of this technology, and I am still hesitant to boldly go forward. It will probably go forward without me if I do not though, so, all things being as they are, I need to learn how to use it and give it to my clients. They will want it. They have been wanting something like it for a while now.
InnerWeb
Freud might say that Intelligent Design is religion's ID.
Oh, so that's what "trust" is all about? It's all about being able to trust ME?
So my PC needs to be locked so I don't cheat in multiplayer games, steal from banks online, or modify my programs...? But why would I do that in the first place? Next thing they'll do is take away the knives from my kitchen to make sure I don't kill anyone?
"Trusted computing" is all about remote hosts trusting YOU. The only way in which this can happen is by making sure YOU won't be able to behave as you want. Those who are pushing this initiative forward are doing so because they want to control what you do, they want to be able to certify what you can do with your PC. While it may be a good thing to try to make online games, online gambling, online banking and others as secure as possible, personal freedom shouldn't be limited in such ways!
It's all a big paradox, because on one hand you get Microsoft releasing an OS that no-one trusts on a security level, while on the other hand they (and others) want to tell you how to use your computer to make sure you can be trusted?
I don't know if you feel the same way, but those examples that would make "trusted computing" such an interesting idea make me feel like a cybercriminal of some sort.
Diego Rey
diegoT
A shotgun is a good use for any hardware made with Palladium.
.net the public would understand. Yep thats right its mostly a marketing word. (I shutter to call it that)
Anyways something more serious. They (Palladium) are trying to implement something that should be totally in software not hardware. Its kinda like throwing hardware at virus's (which is what They are really doing)
Like almost everything microsoft does They are pretty bland about their technolgies. For example can anyone give me a concise answer on
Lets go through what Palladium does.
1 "Critical data is in the user's control"
Wow so thats what drm is all about.. I would of never known.. Seriously Why are they trying to implement part of drm in hardware.. Its not a portable device and even then. Lets get back on topic.. Users are already in control of files. Is it that the gui is confusing to users? Well whats to say that this new drm gui won't be either. I think this is more a case a gui design.
2 'Programs and computers can prove they are the other computer/program'
Seems to me that we can do that too in software.. SSH verifies the other computer when you connect. It's called keeping the private key private..
3 Something about allowing certain users access to certain documents..
We have this too. Its called permissions and useing pgp to send files..
Well I am going to stop there.
I am way past my original post.
I will not support any manufactor that will suppport Palladium, I will go with apple before that happens.
All and all this concept Microsoft is trying to do is overkill, if they only wrote secure code (they are doing better then in the past) they wouldn't need to take such drastic moves.
Uh, I dont get spam. Any spam. At all. I have been spam-free for nearly two years without any sort of filter. It's not hard, just dont give out your email in public. You dont give your home adress and phone number to everyone and their mother do you?
I also dont get any popups, I use Mozilla though its more for the tabbed browsing than the ad blocking.
There is no negative side to my internet experience, and even if there was, I would rather rely on myself to fix my own problems than trust Billy G and his buffoons.
My Righteous Leader RMS says DRM is Digital Restrictions Management.
J'aime mieux les méchants que les imbéciles, parce qu'ils se reposent. -- Alexandre Dumas
If trusted computing depends on authentication via hardware, won't this function become less and less useful as computing becomes distributed across more devices and individuals are less tethered to specific machines? Or would we all carry a little TC device that plugs in to various 'toolbox' hardware? Any thougts?
Multi-player Games
So, putting in all these "security" features in the consumer's PC is supposed to stop cheating? Far from it. Instead, it does two things:
There are better ways. (PDF, sorry.) It's also interesting to see other papers and such that reference this paper.
PHEM - party like it's 1997-2003!
Parent post stolen from here.
you insensitive clods!!! large corporations are only trying to help us!!! now shut up and take your pill, they're watching us
It is good to see a few more articles that look at possible uses of Trusted Computing as opposed to just stating that MS is evil. I feel Trusted Computing is a natural evolution of PC design. The PC architecture has traditionally been developed (like almost everything else that old) without any security in mind. Without security in hardware on a PC, there is definite limits to how secure of systems you can build on top of it.. htm
I looked at the NGSCB plans in detail. Most of the things that people complain or fear about in NGSCB or Trusted Computing are not justified by the architecture. It is well designed, does not remove any privledges from the owner, does not lower privacy, but does enable new levels of security to be built into a PC based system. Without initiatives like NGSCB and Trusted Computing, some system will have to be built in proprietary hardware designs (with security in hardware, and additional cost).
I would like to see the Linux community use Trusted Computing features also. I fear if Linux does not act on this oppurtunity, MS will gain some advantage in the server market by offeringmore secure services based on Trusted Computing which Linux does not.
More details on NGSCB and Trusted Computing can be found at http://www.marzenka.com/technology/security/NGSCB
As a record store owner, I have to say I am very pleased at the ideas of trusted computing and "DRM". I don't know a lot about computers, but I do know that following the advent of CD burning and file sharing, my sales have dropped nearly 40%. To make ends meet, I have to moonlight at a phosphorous processing plant; my health has deteriorated rapidly as a result. My wife has been forced to sell soiled panties on eBay, and my son just got his arm lopped off working in a lumber mill. So while this idea of sharing all digitial content for free may sound very noble to you rich computer people, it does great harm to us "lower class" citizens. Something like DRM is the only ray of hope I have in an otherwise bleak existence.
Just my $0.02
The fallacy in this article is the assumption that NGSCB is perfectly secure and unbeatable. This isn't the case, and in fact there are reasons to believe that at least some of its functions are theoretically impossible.
NGSCB can be broken; you'll just have to go through a lot of trouble to do so (scrape off chip packaging and decode its internals without triggering intrusion detectors, etc.). This is sufficient to stop casual copyright infringement, or to keep your workers at check. But one ought to doubt if the expense of breaking NGSCB isn't worthwhile for online gambling, elections or other applications where the incentives are very high.
Here was my favorite part of the article.
>>Trusted Computing will totally change the security situation for financial transactions. For the first
>>time, personal computers will be suitable platforms for financial operations. Compared to the
>>security provided by TC, today's computers are defenseless against attacks, and it would be foolish
>>to perform online banking transactions of any significant amount of money.
Right, so I count three points here:
1) TC is going to solve all the problems with online commerce.
2) Today's computers are relatively defenseless.
3) Doing online banking at present is foolish.
Okay, I'll bite. First, I'd dispute the first conclusion, just because *no* technology solves problems of trust outright. I actually work for a major financial institution, and I help manage and maintain our online banking system. So I know, without doubt, that the majority of security problems in today's world are about 10% technology-related, and about 90% people-related - from people doing foolish things with passwords, to not checking the status of accounts when your relationships turn sour, that's what causes the vast majority of security issues with banking, online or no. So no, TC would *not* revolutionize online financial transactions.
I'd dispute conclusion #2 too. Maybe TC computers would be more secure - but to say that today's are "relatively defenseless" ignores not only the reality of today's online environment (that eCommerce works pretty darn well), but also ignores point #1 (that most problems aren't tech-related anyway).
As for number 3 - you can guess what my opinion of that is. Thbbbbpppbpbttt.
Whatta crock.
Don't we already have solutions to all these issues? Isn't it already possible with software? There are already public/private keys for communication, certificate authorities, etc.
If someone doesn't want to use it, why should they be forced into it through their hardware? Why don't the companies that would like authentication just use the current methods?
Example: Blizzard wants to check that their code is unmodified? Create a certificate, sign their code, and check the signature.
Is it just me, or does the hardware solution seem extremely contrived - much more difficult to implement (besides reinventing the wheel), as well as forcing the consumer into DRM... Oh well, at least Gentoo works on PowerPCs...
I [may] disapprove of what you say, but I will defend to the death your right to say it.
To 'paraphrase' Field Of Dreams
In a nutshell, that's what the issue of Trusted Computing all boils down to anyway, right?
Who controls the power of duplication inherint in a personal computer?
The owner/user of that computer?
Or the hardware/software makers at the behest of the media cartels/corporate conglomerates/Federal government?
Stock up on non-DRM hardware/software now and refuse to buy DRM/Trusted Computing encumbered hardware/software.
That way, you will be voting against Trusted Computing using the only language they care about: your money.
for some uses.
I say this is bullshit. I won't accept an oppressive system, neither for good nor for bad deeds. I will not give in to smallish benefits that come with a hefty impact on freedom and usability.
No cheater, no hacker, no worm, no virus, no nothing can annoy me that far that I will give up the rights to a computer I fully paid and own. I know what the real aim of the TCG is and I won't accept anything from them. No bargains, no rebates or extras on Palladium-Computers, no benefits from their restriction. They may succeed in feeding this freedom vs. security exchange to the American public in "real" politics, but they need a much much bigger threat than cheaters to convince the IT world and they will never convince me.
No matter if I use Linux or Windows, I'll have a virus scanner, a PFW or a real FW and the latest patches ready. I make backups of my important files and make provisions to protect the less important ones as good as possible.
I won't trade the malice of an anonymous hacker against the greed of a multinational corporation. A lone hacker has financial/technical limits or even a conscience on how much havoc he can cause. A corporation the size of Microsoft has neither.
The end does not justify the means. I will not accept any personal gains on fascist system and its technical derivatives. Period.
Intel(or AMD) creates a digital cert for the company.
Intel or AMD produces a hardware module for a PC.
Intel places a digital cert in that module, and signs it with the companies key.
You download the latest copy of emule.
You start it up, and connect to the network.
You querry one of the servers, or a peer and ask to start a connection.
That client asks you for an attestation of the version of emule you are running.
Your software passes that request to the TC Module (with your permission).
You module goes out, calculates a hash concerning the version of emule you are running, and then signs it with it's specific digital sig.
your client returns the attestation to the server or other client that asked for your info.
that client then checks to see if the signature you submited is valid (is it signed by Intel/AMD?). If it is, it checks a website for a list of all of the good hashs for the current emule executables.
The client doesn't need to know what your cert is, only that your sig is backed by one of the 'master' hardware sigs.
i very much appreciate the author's insights. but just as AARG! noticed the EFF report's shortcomings, so his/her analysis is also lacking at least one important perspective. what AARG!'s analysis fails to duly acknowledge is the idea that trusted computing supplies Microsoft (replace "Microsoft" with the existing powerful entity of your choice) with a tool to maintain their power over others.
if Microsoft can enable *wide-spread* lock-in prior to alternatives sufficiently establishing themselves, alternatives may never appear. and if they do appear they may never become a true alternative due to Microsoft's ability to control the environment in which any alternative exists.
we live in a society that allows the existence of monopoly corporations with more rights than people. this allows environments to be created where choice is even harder to come by. customer lock-in means not only limiting/eliminating choice, it also means making it too painful to choose freedom.
Microsoft will continue to attempt to lock-in customers by manipulating the environment so there is less choice. they may or may not succeed to one degree or another. trusted computing gives Microsoft a new tool (in addition to their immense leverage over the computing industry, their political power, their financial resources, and their existing monopoly position) in establishing an environment where choice effectively does not exist.
in my mind this is a much more glaring omission than the technical misunderstandings of the EFF report. what's obvious is that the EFF is interested in being a watchdog for freedom, whereas AARG! seems to assume freedom will just happen.
again, trusted computing gives corporations another tool that allows them to consolidate their power, increase their control, and create environments where alternatives exist only in name.
i choose freedom, and will do all i can to rollback the expansion of corporate rights to pre-1886 levels.
P.S.
AARG!, if you read this i'd love to hear your reply (publicly as i don't use the email address attached to this account) to this concern. btw, is there a way to get a message to you?
"Attestation is crucial for this application by allowing the voting server to make sure that the user's voting software has not been altered on the disk."
Since he refers to it as the "user's" voting software, I must assume this would be for home users, not some central polling location. If it's at the user's premises, it shouldn't matter if the user's software has been tampered with. A simple cryptographic hash can be used to ensure that the vote was not tampered with en-route.
"Trusted Computing will solve this problem by allowing the server to make sure that the game client software is clean and unmodified."
First off, many "cheats" don't modify the existing client at all. Instead, they act as wrappers to drivers, or even hack the driver itself. Plus, how can you be sure that the computer doing the checking is really a computer at all? I've written a patch for bochs that lets me tag a specific set of bytecode, and have bochs execute another set entirely. This system would pass any sort of memory check just fine, but none the less can easily be used to cheat.
"Without such a technology, cheating is only going to get worse, demoralizing players and driving them from the games."
Actually, Trusted Computing games would be even less likely to sell. Look at the distribution of games now: how many [non-console] games come out on CD vs DVD? How long have DVD drives been out? The long and short of the matter is that game designers are out to appeal to as broad an audience as possible. The people most likely to modify the game and keep it interesting (mods are a large part of why people still buy half-life one) are the people most likely to be turned off by TC anyway.
"Using remote attestation, player software could confirm that the casino was using a certified and validated software package for its game play calculations, one known to be free of bias and to give the player an honest chance."
And then the casino simply proxies the connection and modifies the output to tell you you lose anyway. Different type of cheating, only now since it's "Trusted", it's even harder to catch.
"Secure I/O prevents the financial application from being spoofed by false or malicious inputs, and protects the privacy of the user by insuring that other software cannot see the information that the financial application is presenting on the screen."
One need only look at email viruses and scams. People are already dumb enough to do it on their own anyway. Trusted computing just means that the bank can finally shift the blame to the consumers instead of the bank (possibly even when it's really not the consumer's fault). Whether you consider this a good thing or bad is a matter of opinion.
"Trusted Computing can alleviate this problem by allowing the formation of a new kind of VPN, one which will only allow trusted applications through the firewall."
How many attacks come through a VPN? Not many. Plus, the ones that do can simply attack the services offered (buffer overflows, race conditions, etc.) This is another case of "it's trusted, so it must be ok" thinking. Remember, trust is something that can compromise your security.
"P2P software can limit the amount of data available to the end user of the machine, so that he does not see which other computers in the network his data comes from".
Ok, even if the software disables netstat, there's nothing it can do about ettercap, or even a hub and a decent network sniffer. Even if the software were flawless, all the **AA would have to do is start a download, and start logging network traffic. Plus as an added bonus, the P2P clients can now refuse to run without or connect to spyware-free clients.
"The step of reading messages, decrypting and mixing them, can be fully protected within the TC security boundary. No longer will the operators of remailers be aware of how their machines are
Contact Me (got tired of viruses emailing me).