Slashdot Mirror

← Back to Stories (view on slashdot.org)

DRM Based on Trusted Computing Chips

Posted by ryuzaki0 on from the never-saw-it-coming dept.

An anonymous reader writes "We've always know that Trusted Computing is really about DRM, but computer makers always denied it. Now that their Trusted Computing chips are standard on most new PCs, they've decided to come clean. According to Information Week, Lenovo has demonstrated a Thinkpad with built-in Microsoft and Adobe DRM that uses a Trusted Computing chip with a fingerprint sensor. Even worse: 'The system is also aimed at tracking who reads a document and when, because the chip can report back every access attempt. If you access the file, your fingerprint is recorded.'"

12 of 484 comments (clear)

  1. Does your PC have Trusted Computing? by iso_bars · · Score: 5, Informative

    You can find a list of known Trusted Platform Module (TPM) manufacturers and implementations from the TPM Matrix

  2. RMS's Nightmare is Coming by edward.virtually@pob · · Score: 5, Informative

    He warned us long ago. Of course, even now the masses will fail to be alarmed. "It's only a demo." Etc. "Boil 'em slow, they'll never know." Oh well.

  3. Re:Oh no, I can hear them cry by exKingZog · · Score: 5, Informative

    That only applies to OEM copies of Windows, not boxed. Still sucks, I know.

    --
    "If he were a plant, people would roll him up and smoke him."
  4. Re:A significant improvement in usability by segedunum · · Score: 3, Informative

    You could do that now with current, older hardware. The business, company or organisation using this technology to identify their employees would not be in control of it. The hardware and software companies will be, as well as anyone else they're in league with.

  5. And by themusicgod1 · · Score: 2, Informative

    Exactly how would you do this? Everything will be done on computers in the future, taxes, job applications, schooling, you name it.

    If we don't create alternatives now(and not in 10-25 years), the Trusted Computing Group will p3wn us.

    For those keeping score there's only one key peice missing:
    a law requiring the use of this DRM, or making illegal non DRM stuff, for the trusted computing group to win.

    --
    GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
  6. Re:Biased article? by Anonymous Coward · · Score: 1, Informative

    Slowly, carefully, but it's inevitable. Few years from now we won't even know how it happened.

    Look at your PC today... it's the last generation of personal computer that you will own. Future PCs will be nothing but set-top boxes for content, and the transmission/playing/reading of that content will be brokered by the corporations who control the millions of crippled machines they've sold: Microsoft/IBM/Dell/Intel/Apple.

    Why bother waiting for Sony to sell you a CD with malware on it that will take over you machine... these PC effectively come rootkitted straight from the manufacturer, and it can't be removed because it's built into the hardware.

  7. Re:Right but...Change is good by jackb_guppy · · Score: 4, Informative
    You must also agree with the police chief.

    Change is not always good. Why do I want to pay for equipment that I will not own?

    These "TRUSTED" machines are untrust worthly. You will not be able to control what runs on them. Some one else will decide if you can use your own equipment. Just like the lies with HDTV and HMDI. It is about setting up toll booths deep in your own pockets.

  8. There is much truth in what you say by lokedhs · · Score: 4, Informative
    I know it was a joke, but if had had mod points I'd given you +1 insightful on that one.

    The problem with fingerprints is that it's inherently a very insecure way of authentication for two reasons:

    Firstly, you can't change it if it leaks out. A password or a credit card number can be easily changed and the damage minimised in case of an information leak. Doing this with a fingerprint is much harder.

    Secondly, the fingerprint is very hard to keep secret. Your body has this annoying ability to leave copies of your identification token all over the place, very easy for anyone to pick up. If you were worried about the ability to scan proximity tags (RFID), then you should be really scared about the use of fingerprints as authentication tokens.

    If you don't believe me how easy it is to pick up, read this about how to make a copy of ones fingerprint using common household items.

  9. bullshit indeed by n3k5 · · Score: 2, Informative
    The moving can be done now. Take a course in algebra and a simple one in encryption.
    So you think knowledge of elementary algebra and the very basics of encryption enables you to design secure systems. Your are wrong, it does not. Your childish scheme opens up more questions than it answers: How do A and B know that they are communicating with the correct server, how does the server know it is communicating with the true A and B? If all they have to do to get a decryption key is ask the server, how does the server know that they aren't storing the decrypted data forever, how does the server know they stop using it after the data has officially moved on to another 'place'? Of course these issues can be fixed, but you didn't even mention them in passing. It doesn't seem that you're really in a position to say
    A system like this is extremely hard to hack
    Now for the best part:
    and the routines to decrypt are themselves encrypted
    Any secret data you need for decryption is just (part of) the key. Designing your system so sloppily that executable code is part of the key is bad practice. I'm not implying you're so stupid to suggest that the actual algorithm used for decryption should be secret; as an amateur cryptologer you know of course that this is way insecure and makes you prone to be hacked in no time. But still, executing any code that is input by users is a rather bad idea.
    --
    but what do i know, i'm just a model.
  10. the right to read by zacronos · · Score: 2, Informative

    Wow, and I thought The Right to Read was a little too tinfoil-hat for me with the tracking who reads a document part.

    Guess that shows how naive I am. This is really scary.

  11. yes, let them take control.. by js_sebastian · · Score: 2, Informative

    ..we can always run our free OS of choice, which leaves us in control.

    Then websites will start requiring TC based remote attestation to work (which totally breaks any expectation of anonymity you may have had, and won't work unless you are using their closed OS of choice). And then one day the BIOS will decide that your free OS is not allowed to load anymore, and you'll be screwed.

  12. Re:What about virtual machines? by Alsee · · Score: 3, Informative

    How would this sort of thing affect something like VMWare?

    Exellent question.

    The Trust chip spys on exactly what software you run. It watches and logs every piece of software right from the BIOS to the bootloader to the operating system, and then it logs either certain applications or all applications you have run since bootup.

    The Trust chip securely reports on the exact identity of the software. If you attempt to make even the slightest change in the BIOS or Operating System or anywhere else, the Chip logs that difference.

    So the answer is that it is impossible for VMWare to work. VMWare cannot emulate the Trust chip because it does not know the unique crypto key locked inside of the Trust chip, and it cannot emulate the Trust chip by using a substitute key because you cannot forge the Trusted Computing Group's cryptographic signature to activate that key. So the VMWare only has two choices:

    (1) VMWare BLOCKS the Trust chip - meaning the software does not work.

    (2) VMWare BREAKS the emulation mode and passes I/O directly into and out of the Trust chip without filtering, without modification. The trust chip then "knows" and reports that VMWare is running and that the system is virtualized and again the software does not work.

    Trusted Computing defeats/kills virtualization software like VMWare. The very point of Trusted Computing is to prohibit virtualization and to deny people control over their own computers.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.