DRM Based on Trusted Computing Chips

An anonymous reader writes "We've always know that Trusted Computing is really about DRM, but computer makers always denied it. Now that their Trusted Computing chips are standard on most new PCs, they've decided to come clean. According to Information Week, Lenovo has demonstrated a Thinkpad with built-in Microsoft and Adobe DRM that uses a Trusted Computing chip with a fingerprint sensor. Even worse: 'The system is also aimed at tracking who reads a document and when, because the chip can report back every access attempt. If you access the file, your fingerprint is recorded.'"

Decreasing functionality

[IgD]

When Windows 95 came out it was a major improvement in technology. Windows 95 was easy to use and resulted in improved performance. Compared to Win 3.11 you could multi-task apps very well. The jump from Win 98 - Win2K was also significant for the general stability of the OS. As time marches on there has been little innovations and improvement. It's curious that companies are marketing products with decreased functionality for users. It seems almost like a suicidal business plan. At some point you would think people are going to say no. It's almost like companies want to frustrate customers and accelerate the adoption of Linux.

What about the customer?

[Statecraftsman]

Wait a minute. I forgot. Or maybe I just never heard it explained right. Exactly how does this benefit the customer? How is nearly perfect DRM coupled with remote reporting of your access something consumers have asked for?

A while back processor serial numbers were added as a feature but I've yet to see a system where the ability to read the it was enabled. Trusted Computing is potentially 100x more intrusive so I don't think it's going far in cases where the user is the one who decides what system to purchase.

Re:Biased article?

>People who have truly sensitive information and need to be able to track who sees it.
People with truly sensitive information have other means of protecting them, and i
doubt they see putting them on laptops as the best means of securely storing them.
In the company i work, we have a system that uses encryption keys, those are stored in
a special safe in a guarded datacenter. Not on a laptop.

>This is technology aimed towards businesses
This system is aimed at the mass market, which means not at people who possess information that needs heavy protection. If this was a server platform targeted thing, it would be different, but even Intel has changed LaGrande from Itanium-based to client systems only.

>It's not targetted at warez-kiddies, movie downloaders or porn magnets. Sure, it will be used in that capacity sooner or later
You got that one dead right. Except that it will not come as a side effect, but as the intended means
of the original design. We'll wait and see, i predict this will take more rights away from you and
give more means of collecting data and controlling your actions on the devices you bought to the corporate world. And not only illegal actions that you mentioned will be sanctionized, but also
percieved illegal actions. Copying the CD you bought for listening in your car? Rip the CD to mp3 format for easier storage on your fileserver? Any other thing any other company with money enough
might object to? Any fucked up thing a marketing droid will come up with and which will be pushed to legal status by lawyers in court?

Do not just whisk this away. TPM/TCG will go a long way and you and all the other users out there
will suffer from it. So i for one like to see the bias in the article stay right there.

Re:Oh no, I can hear them cry

[KitFox]

like "now this piece of shit tells me that I am not allowed to watch my damn video again just because I got my Windows reinstalled!"

Don't act like it's news. Microsoft already changed it's license agreement. Now, for all you folks who like to upgrade your computers, a new motherboard means you need to buy a new copy of windows for a new license. Yep! Windows MAY NOT be transferred between different PC's and changing out the motherboard constitutes a new PC according to Microsoft now. In fact, according to a Technet Community Chat, replacing a DEFECTIVE Motherboard still requires a new license! As they said:
"Q: k guys, my question is .i have a system i sold, mainboard is to handle a 3.2 processor but originally sold it with 2.4 with promise of upgradeability to 3.2, though main board works fine with 2.4 it does not with 3.2, is this considered a failed mainboard
A: This is still considered an upgrade if the motherboard is changed. You might want to try using the latest BIOS for the motherboard. If it still doesn't support the 3.2 GHz CPU and you replace the motherboard then you'll have to sell them a new OS." - Microsoft Technet Community Chat

Quite a bit of fun, no?

What about virtual machines?

How would this sort of thing affect something like VMWare? If the O/S needs to be booted up on a trusted platform surely you won't be able to install it on a virtual machine. If the virtual machine can fool the O/S into thinking it's running on a trusted platform, doesn't that mean that you can get around the trusted component?

Re:getting out of computing?

[rbanffy]

We should not run. We should fight back.

Fortunately, we don't need firearms for this. We can stop using and recomending DRM capable hardware and we can halt software development for it. We must be very vocal in our opposition to this. We may may be few, but I am sure this audience is more influential than the average.

My suggestion...

[hummassa]

(it's what I'm doing)
start sticking with free software and hardware that supports and preferably sponsors free software. change vendors if your vendor goes treacherous-computing direction. import/smuggle hardware is tcpa is mandated by legislation, while writing a letter to your legislator saying that tcpa is a restriction on free trade and outright nazism. because it is.

Re:getting out of computing?

[jellomizer]

Or do both,

have all the techs who feel strongly about this get an MBA become managers, and make non DRM corporate/institutionional policy.
Why do you think PCs and not Apples are the primary system. It wasn't because of the Joe Smoe consumer. The Management back in the 80s compared PC and Apples and found that PCs (called IBMs and IBM compatibles at the time) were less restricting and allowed easier growth because a bunch of companies make different computers that all work the same. So that is why they went with PCs and not apples, or other platforms wether they were technically superior or not, was not a major issue. When businesses use or don't use a technology then people who want to work from home will use similar technology, then their kids will use it. And people who want the technology see other people using it or not using it and make their decision based off of that. Being the techs in the trenches who scream this is Bad stop. will rarely get up to the higher ups because they just figure you are just worried about having to pay for your pirated software, not any bigger picture. So except for saying how stupid management is and DRM is, do something about it Get into upper management and bring your views with you and work from the top down to fix the problems. If you don't want to do that then expect your voice not to be heard.

Re:Right but...Change is good

[poptones]

Someone else ALREADY decides. If a manufacturer does not make a piece of equipment, you do not run it - period. If a manufacturer does not offer a driver or specifications, in most cases you are locked into windows are a hack that incorporates bits of windows code. If a manufacturer only releases a game for playstation 3 and all you have is an xbox, you're screwed. How is this any different?

You run whatever software you want. If the terms someone makes you agree to say "we can isntall whatever the hell we want on your machine at any time" then the simple solution is you tell them to go fuck themselves.

It's sad to see so much ignorance and fear regarding this issue. There is no reason at all (except one - we refuse to have a voice in the technology) we cannot have open source software running on trusted platforms. By the time the platform even means anything we'll have multicore cpus that support ring 0 virtualization anyway, which means most of the way we think about operating systems will be obsolete. When you can have windows and linux and a dozen other operating systems all running in their own sandboxes and sharing screen realestate and exchanging data via encrypted pipes, who cares if someone wants you to run their own media platform in order to view their movies? If the movies are good enough you watch, if not you - again - tell them to go stuff themselves.

Let's call it "Cold War"?

[Opportunist]

Nobody trusts anyone in this game. Content providers don't trust their customers, since they could (Turing forbid!) copy their stuff. Customers don't trust their Hardware, since it doesn't belong to them anymore and doesn't do what they want anymore. And neither side will let its guard down for the other side would certainly use that edge immediately.

It's just Cold War again all over. The fun part is, that neither can exist without the other. The content manufacturers can't exist without their customers, because otherwise nobody will buy their stuff. The customer can't...

erh...

Wait a moment, there's a slight mistake in the equation.

I guess I know who'll win. :)

Re:Right but...Change is good

[Antique+Geekmeister]

You're missing a lot of details about this software. It's closed source, and a violation of the DMCA to reverse engineer it. That means writing an open source version of the encryption/decryption tools is going to be a nightmare.

Second, running it at the OS level instead of the hardware level of the built-in features of the Intel CPU's is going to really slow it down: that will probably hurt performance a lot of open source versions of the Trusted Computing tools, even if they're legally created.

Third, the next logical stage of Trusted Computing is hardware locking: motherboards that won't load unsigned boot loaders, or won't access DVD drives or hard drives without being authenticated with Trusted Computing licenses to be held by OS distributions or DVD drive and software vendors. This can be used to block open source operating systems from even booting, or to prevent Trusted Computing managed DVD drives from being able to read DVD's that have Trusted Computing signed DVD's in them without a Trusted Computing signed media player.

It's very nasty, and it's at the core of why Microsoft and Hollywood are collaborating so well in this project.

Re:Oh no, I can hear them cry

[Dwyan]

Indeed. This situation is likely to be what the GPLv3 is going to address. If you distribute an open source program for a treacherous machine under GPLv3, you not only have to provide the source code, but also a means of ensuring that the recompiled code is usable. Which means that if the binary needs to be signed by trusted keys, then you must also supply a set of trusted keys along with the code so that someone who modifies the code can use the result as well.

DRM taught me how to "Pirate"

[AlphaLop]

Over the last 2 years I have purchased 6 pieces of software for PC (All games) that refused to work on my computer because of DRM

I started researching on the newsgroups and learned that this can be caused by programs that create "Virtual Drives" and whatnot, none of which were installed on my computer at the time.

I had heard of them but never had the need to learn about them prior to this. Well, to make a long story short all I had to do was install Daemon and mount a fixed image in order to play my legally purchased software.

I don't have a problem with artists/publishers wanting to protect their intellectual property, but when it gets to the point that it is a burden for their lawful purchasers they really need to reevaluate what they are doing. I guess we will have to wait for the "Tech Savy" Generations to age enough to fill the political offices so they can enact legislation to fix all the damage done to the historical definition of "Fair Use".

Or maybe I am borderline retarded

Re:*THIS* is what FOSS is all about.

I call bullshit on this.

Ever seen the FOSS Linux TPM driver? http://sourceforge.net/projects/tpmdd
Perhaps you never read any of the research IBM has done regarding Linux and trusted computing? This should get you started: http://www.research.ibm.com/secure_systems_departm ent/projects/tcglinux/.

Re:Biased article?

Leave it slashdot readers to only see that which reinforces their own prior opinions on a subject.

Many of you may not realize it, but both Adobe Acrobat Reader and MS Word already support the features described here - ability to prevent access to documents, prevent editing, copying from, printing, etc. What looks to be "new" is the use of the finger print scanner instead of typing a password to unlock credentials. Ask a security expert - and they might say this is a good thing.

Clearly there are legitimate reasons for content owners to want to secure their documents with DRM ... think medical test results, attorney-client privileged communications, non-public information about corporate earnings, etc.

But everyone simply focuses on how evil the content publishers are when they want to protect music and video from people that want to use that content however they see fit - including sharing that content with their friends - or the rest of the world.

The issues should not be about the need for information privacy and protection - but rather the burdens that the DRM technologies impose on people that want or need access to such protected information.

Chief among these issues is vendor lock-in. Adobe and Microsoft would love to make their products the de facto standards for sharing such secured information. We are also seeing a similar competition for multimedia content with Apple, MS, Real, DivX, and others.

For these players, DRM is as much about a barrier to competition as it is about protecting content. Will you be able to play your iTunes acquired content on your new Microsoft Plays-for-Sure devices? Don't bet on it.

In an ideal world - there would be no need for DRM. And we would not need to lock our cars and houses. Just as the choice of whether to actually lock a house or a car is up to the owner ... the choice about whether to lock a document or a piece of multimedia content is up to the owner as well. We - as consumers - can decide whether such protection is worth living with by not buying it.

Re:Oh no, I can hear them cry

[mrchaotica]

Good thing they can't retroactively change earlier agreements.

Bad news, buddy -- with Treacherous Computing they've "fixed" that little "problem." And if you buy into it, you won't be able to do a damn thing about it except bend over, drop your pants, and say "thank you sir, may I have another!"

Re:A significant improvement in usability

[davecb]

No, the repository won't let you have the document because, although you can be authenticated, you're trying to move the document to an uncontrolled electronix device at a non-TEMPEST-shielded location.

You've acheived autheniation, and arguably need-to-know, but you've failed mandatory access control, trusted path, labelling and covert channel prevention.

You have nothing like the security of the repository, so you don't get the document.

--dave (former professional paranoid) c-b

Trusted Computing Rootkit - Cryptoviral Extortion

[NZheretic]

Trusted Computing DRM is the perfect plaform for Cryptoviral extortion : What is cryptoviral extortion?

4. What is cryptoviral extortion?

Cryptoviral extortion, which uses public key cryptography, is a denial of resources attack that was introduced in [YY96a]. It is a three-round protocol that is carried out by an attacker against a victim. The attack is carried out via a cryptovirus that uses a hybrid cryptosystem to encrypt host data while deleting or overwriting the original data in the process. The protocol is as follows:

(protocol setup phase) An asymmetric key pair is generated by the virus author on a smartcard and the public key is placed within the virus. The private key is designated as "non-exportable" so that even the virus author cannot obtain it's bit representation. Thus, the private key is generated, stored, and used on the smartcard. Ideally, the smartcard will implement two-factor security: something the virus author knows (a PIN number) and something the virus writer has (the smartcard that contains the private key). Also, the card will ideally be immune to differential power analysis, timing attacks, etc. to prevent the virus author from ever learning the bits of the private key. A standards-based approach can be used, e.g., the use of an approved FIPS 140-2 level 2 or higher device (e.g., when it is level 4 the private key will be destroyed if the casing is breached). In the U.S. the virus author cannot be forced to bear witness against himself or herself (Fifth Amendment) and so the PIN can remain confidential. The purpose of this setup phase is to limit the effectiveness of seizing and analyzing the smartcard under subpoena or warrant (competent evidence).

1) (virus author -> victim) The virus author deploys the cryptovirus. At a later time the virus activates on what could be tens or even hundreds of thousands of machines. The remainder of this description will cover the protocol for just one such machine. When the virus activates, it uses a true random bit generator (TRBG) to generate a symmetric key and initialization vector (IV) uniformly at random. It is essential that the TRBG produce truly random bits to prevent the symmetric key and IV from being guessed or otherwise determined by the victim at a later date. The virus then encrypts host data with this random symmetric key and IV (e.g., using cipher-block chaining (CBC) mode). The virus concatenates the IV with the symmetric key and then encrypts the resulting string using the public key of the virus author (e.g., using RSA-OAEP). The encrypted plaintext is then held ransom. The virus notifies the victim that the attack has occured (e.g., via a dialog box on the victim's screen) and states that the asymmetric ciphertext will be needed to restore the data. The virus author states his or her demands in return for the data. The virus author and victim can send asymmetrically encrypted messages to each other via a public bulletin board to try to preserve the attacker's anonymity. Alternatively, digital pseudonyms and mix-networks can be used.

2) (victim -> virus author) If the victim complies by paying the ransom and transmitting the asymmetric ciphertext to the virus author then the virus author decrypts the ciphertext using the private key that only the virus author has access to (the one on his or her smartcard). This reveals the symmetric key and IV that was used in the attack.

3) (virus author -> victim) The virus author sends the symmetric key and IV to the victim. These are then used to decrypt the data that was held ransom.

(security) The attack is ineffective if the data can be recovered from backups. Antiviral experts cannot retrieve the private decryption key by analyzing the virus since only the public key will be found. The importance of using hybrid encryption can be seen from the followi

Re:Right but...Change is good

[marcosdumay]

You mean that we can create more artificail scarcity, that will create more artificial markets where people trade more virtual goods. All that while adding near to zero worth on the real markets out there.

We really need to get out of those pyramids. Not create more.

Re:Right but...Change is good

[ScytheBlade1]

Yeah, I know. Which is the one amazingly depressing thing about it. It has so much potential for good, and yet... :(

Personally, I can just hope that it's the ream of click-through wizards that configure the TPM, not the TPM coming pre-configured that way. It sounds like it could work for linux, but, alas, the DMCA... sigh.

I'm just keeping my fingers crossed, that someone, somewhere, will find a way to make it work for better purposes.