Slashdot Mirror
Army to Require Trusted Platform Module in PCs
Overtone writes "Federal Computer Week is reporting that the U.S. Army will require hardware-based security via the Trusted Platform Module standard in all new PCs. They are a large enough volume buyer that this might kick start an adoption loop."
Army requires TMP so that it can circumvent single-vendor prohibition and be Intel(R) only.
The question still remains whether the user himself can trust the trusted computing platform.
If your government or seller or whatever doesn't trust you, doesn't even try in the least, how the hell are you supposed to trust him? The most logical path would be to fully distrust him. And therefore to distrust and refuse trusted computing platform.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
Is TCG creating specifications for just one operating system or type of platform?
No. Specifications are operating system agnostic. Several members have Linux-based software stacks available. In addition to our work on the PC platform, we have a specification for Trusted Servers and are working to finalize specifications for other computing devices, including peripherals, mobile devices, storage and infrastructure.
We don't see the world as it is, we see it as we are.
-- Anais Nin
...I think of one of those dirty con guys that wants you to play three card monty or something. "Come on, it's not rigged....trust me." Yeah, sure buddy.
sup
Is TPM actually shipping in any product other than the Intel Macs?
If I am hanging from a rope over a cliff, I Trust the rope. I "Entrust it with my security" whether or not I find it worthy of that trust.
I cried real tears when Li Mu Bai died.
I work for the army and although i'm highly motivated, i sort of like this idea. Its a fun feature that i'm sure the good folks at intel could implement and force down our fun throats. The idea is all new computers should be able to read the CAC ( http://www.defenselink.mil/news/Oct2000/n10102000_ 200010107.html ). If you note the date on the previously mentioned article, they have been issuing CAC cards since Moses went through boot camp.
Just recently the US Army website announced they will require CAC cards to login to their AKO ( http://www.us.army.mil ) webportal. after everyone finnished apeshitting, they ( well at least me and most of my collegues ) realized all you need this new-fangled card to do was to create a new 'sponsor'.
I work in MI and see lots of people use their card to log someone else in or use the built-in bypass feature. I don't know any of the tech details like i should, but i am sure of two things:
* Whatever the army does will be poorly implemented
* Trolling slashdot with a clearance makes me feel big
Am thinkink that someone with a lot of pull is ownink shares in TPM vendors.
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
If your government or seller or whatever doesn't trust you, doesn't even try in the least, how the hell are you supposed to trust him? The most logical path would be to fully distrust him.
Given how often and severely government suppliers and contractors like Halliburton, Bechtels-Parsons, etc engage in all manner of willful, obvious fraud- anyone in the government that trusts their supplier is most likely benefitting in some way from the fraud. I think the challenge wouldn't be to name all the suppliers/contrators that are accused/guilty of fraud, but rather to find those who AREN'T.
Hell, even companies like Boeing are in on the act, though I think the public has generally forgotten about the whole Boeing billing scandal, but investors haven't (though probably only because the settlement cost Boeing a good chunk of change.)
Used to be "war profiteer" would result in you being unable to show your face in public ever again; the shame of taking advantage of the nation's defenses, et al. Now, investors don't care as long as you don't hurt the bottom line getting caught, and the public soon forgets. Same thing with the WTC scene thefts (firefighters, police, FBI, and government officials all the way up to Rumsfeld helped themselves to "mementos" or had people do it for them. Then there were the emergency services companies that shipped tons of relief supplies out of NYC and sold them for hundreds of thousands of dollars in profit.)
Please help metamoderate.
I personally abhor the notion of Trusted Computing on my personal computer, but if you're using a computer provided to you by the government or a corporation for the express purpose of working, it's their right to control what goes on on that computer. It's possible that this will help to stem the tide of malware (at least in corporate environments) by rejecting execution privledges, and allow IT staff to better enforce policies about what can and cannot be run on their computer. It would also help stop things like the Free USB Key Attack (formerly discussed on slashdot).
Of course, this could also make users feel like they are not trusted, and could even lead to overconfidence in the security of the system. Still I see it as a major plus, at least unless I get saddled with it at home.
If you buy a business-oriented motherboard from Intel, there is generally an option for a board with TPM. My 915GEVLK has the integrated video and audio and gigabit LAN I wanted, along with TPM which I can disable in BIOS. So long as it's not drastically raising the price of the board, there's nothing wrong with letting the end user have an extra chip or two that he can choose to use or not.
I'll be your candy shop of infinite deliciousity if you'll be my discotheque of endless rump-shaking.
All of Apple's Intel-based Macs have a TPM module, in order to restrict Mac OS X to running on genuine Apple hardware.
Does this decision pave the way for Apple to become a preferred supplier as shortly their entire model lineup will feature TPM modules with a relatively secure operating system?
Specialist Mac support for creative pros, Melbourne
This is a worrying scenario. Apart from the minor issue that external users will not want to pay for the dongles and that the internal customer is seeing his IT bill spiral, Trusted Computing seems to be heading to a Mexican standoff situation as follows:
Device 1: Permit me to inspect your system by downloading and running this program.
Device 2: Only after YOU have allowed me to verify your credentials by uploading and running this program.
Device 1: No, it is I who am deciding whether you are to be trusted!
Device 2: No, it is I who am deciding that!
Device 1: Anyway, my content is digitally signed by Microsoft, and you must trust it.
Device 2: Microsoft? Not a hope in Hell. I require all downloads to be digitally signed by Steve Jobs in person with a DNA signature.
And so on. Quis custodiet ipsos custodes? And how long before an army unit gets wiped out because of a defective dongle?
Pining for the fjords
In principle then, FOSS operating systems should be able to use TPM to enhance the trust that their owners have in them, in contrast to the way in which MS systems will use it to enhance the trust that content providers have in the platform. It all comes down to the way it's used.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
It makes sense for the Army to require TCP. Stolen/lost laptops wouldn't immediately result in a security leak. But this can be achived cheaper, quicker and (and here comes the key point) with more control on the Army's side. Linux can encrypt documents just the same way TCP wants to offer, the difference lies in the open source concept: This inherently gives you the ability to check the security (provided you can read code, but I guess the Army can afford hiring someone who does) of your system.
TCP requires you to trust the person/group that made the security for you. You put yourself completely into the hands of the corporation(s) that create your TCP platform, and you are fully dependent on their ability to come up with a good protection scheme. Not to mention that you have to trust them, implicitly, that they do not want to spy on you and that they are better than their adversaries.
With TCP you hand over the responsibility for security. But you also hand over control. And it has the potential to lure you in a false sense of security which invariably leads to slacking. More than once I've seen a behaviour of neglect in a high security area (I've had my share of time in that field), with people relying so heavily on the technical implementations that they forgo the most basic security measures called for by common sense, because "Hell, what DO we have that security concept for, if I can't trust it fully?"
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
A country's armed forces ought to have the power to demand the full source code of every application running on their computers, and the resources to write all their own software wherever necessary. There is no shortage of Open Source applications they could use for starting points .....
Je fume. Tu fumes. Nous fûmes!
That's a total lie. Almost everything in that piece of propaganda masquerading as a FAQ is a lie.
If you want the truth about TC, try Seth Schoen of the EFF. He has a good summary in his recent blog entry:
BZZZT wrong... with a Linux based software stack, you should be able to sign your own code and thus ensure only code you've signed and code signed by others YOU trust can be run...
Signing your own code is not what he's talking about. Signed, and encrypted, code downloaded to run on your machine from elsewhere and how it is used is totally at the mercy of what vendors stipulate can be done with it. If they want an effective way of timebombing software because you haven't paid up then they have the framework to do that. If they want to break data protection laws and start communicating usage statistics and other sordid details, encrypted and safe from prying eyes, then they now have a means for doing that. It also means that it is almost certainly going to be nigh on impossible to switch to a competing vendor's products.
Some people seemingly have no idea what the trust in Trusted Computing actually means. What it means is that external people and organisations, particularly software vendors, content companies etc. have a way for them to trust my computer or equipment. Whether I can trust the computer or electronic equipment I own, and what software run on there actually does, is an entirely different matter. It's a fundamental shift in the idea of how computers work that will probably end in anarchy and chaos.
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
...you're interested I read a rather interesting article about trusted computing the other day ( http://www.gnu.org/philosophy/can-you-trust.html ). He makes some good points.
*''I can't believe it's not a hyperlink.''
The follow conversation heard during my college might help to answer(or not):
"Sir, what is a trusted system?"
"A system where we can't trust each other."
A brief silence...
"Then what would it be like in an untrusted system?"
"That we can trsut each other."
A long death silence...
OK, I'll give a car analogy. They suck, but are fun. My '85 Buick Elektra (I still miss him) was a Trusted Transportation Platform.
Well, I think a correct car analogy for Trusted Computing would be not YOUR car but your DADDY's car. You would trust your daddy to issue you the keys when you needed and your daddy would trust you not to damage the vehicle. Of course, any time there would be any conflict between you two ("dad, I swear to God that this scratch was here before!"), daddy would have the ultimate saying ("swear to anyone you want, kid, but you're gronded").
And you could only trust your dad won't abuse his power. TPM is the same provided that you trust Microsoft, Apple et al love you like your parents.
Hi all,
TCG/TCPM stuff, though not completely finished (the DAA mechanism that was introduced in v1.2 is a good example of how the TCG adapted to outside criticisms, and they're starting to work on v1.3) and surely not understood (the word "trust" is a huge factor in that), is having the same effect as PKI a few years back. Except that nowadays times of ignorance and fear (in particular of the big companies behing the TCG) multiply this effect by thousands. "Trust" is more and more acting like the point of concentration of the security problems, its complexity being coupled with new emerging (and very innovative) threats.
First think of the TPM as a chip that provides standard cryptographic functions (RAS SHA-1, HMAC, AES), so instead of doing it in software anyone will be able to use hardware implementations. Furthermore there are facilities for key creation and management. With the special focus on this "security chip" (such chips already existed in various forms), the designers hope to improve drastically the level of security of modern computer science (95% of emails are spam, botnets of millions of computers, hackers make huge money out of their job, ransomware, etc. etc.).
Obviously this TECHNOLOGY (and please always keep this in mind: it's a tool, it is to be used by other applications, most importantly OSs, to improve security; apart from secure boot, that is not compulsory at the moment, there's no obligation to use the TPM even if it's here) is not perfect, it will evolve. It will have to CONVINCE, to get TRUST. As I'm saying to most of my Trusted Computing colleagues, I think that challenges set by the opponents of TCG are actually a means to improve the security of this technology (but beware of popularity-seeking criticisms, not all the criticisms are well-founded).
Read tha FAQ:
https://www.trustedcomputinggroup.org/faq/TPMFAQ/
They also created a language called Ada that was a replacement for Cobol. Everyone thought that the DoD requiring new programming in Ada would cause the replacement of COBOL programming Everywhere.
Where is Ada now?
eric
You're quite right of course. If the "resistance" in Iraq confined its attacks to America soldiers, they would be freedom fighters. In reality, attacks on American troops are rare. They mostly target other Iraqis who simply aren't the "right" type of Muslim. That barely even qualifies as terrorism; it's more along the lines of a slow, decentralized holocaust.
Imagine if the French resistance in WW2 had schismed into seperate Catholic and Protestant factions, and they'd spent all their time killing each other instead of collecting useful intelligence for the Allies. The people of Yugoslavia put aside enormous cultural difference, ceased all internal violence, and totally unified to form the largest and strongest resistance army that there has even been -- and ousted the Nazis themselves. Tito and company -- probably the best example of freedom fighters since the American war of independence. By way of contrast, consider China during WW2. If the Chinese had cooperated, Japan would have never been able to successfully invade let alone retain control once they were in. Chinese resistance failed because imperialists and Maoists were never able to put their own civil war on hold (although the Maoists apparently tried several times, which part of the reason that the people supported them after the war). It is just mind boggling how far the Iraqi extremists are from being anything other than a plague upon their homeland.
This would be a really worrying thing, but the fact is TPM has already won. It won the instant that Apple adopted TPM and the communities who were publicly worrying and complaining about Palladium and Trusted Computing for all those years went suddenly silent and shrugged the instant that nebulous notions like "freedom" came into conflict with solid, purdy white plastic.
Here is the thing: TPM's adoption was waiting not on an adoption cycle exactly, but an apathy cycle. TPM was never something that the consumer was supposed to approve of, want, or even really know was there. The adoption of TPM was mostly counting on the consumer not having any idea what they were buying, counting on the blinking 12:00 effect, counting on the idea that most consumers would not even know TPM was in their computer until the first time that they try to do something and the computer says "no".
TPM isn't there for the consumer. It's there to protect the computer from the consumers. It's there to allow software and content vendors to trust your computer, to trust your computer to ensure it will act in their interests and not yours. These vendors are the ones that TPM is being done for the benefit of, not the consumer. This means that in order for TPM to win, it isn't necessary for the consumer to "adopt" it. All that has to happen is for the consumer to fail to actively reject it when it is quietly dropped into the hardware they were going to buy anyway.
And that's already happening. So although the military would legitmately represent an adoption cycle-- the military, of course, has a legitimate and logical need to create networks within which the machinery is trusted and the user is absolutely not-- it doesn't really matter. The military isn't the kind of adoption TPM needs to reach enough critical mass that vendors can begin requiring it in new applications, I don't think-- it's not like military hardware is going to be used to run lots of games and DRMed consumer media, as far as I know. The worrying thing is TPM's level adoption in the consumer segment, since that's where it has potential to do actual harm. And that's already begun, and so far nothing is happening to stop it...
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
You're in the Army. You're in the field under fire. You have a hardened Army laptop. You are sending and receiving
vital messages back and forth with another unit directing fire around your position. Your laptop doesn't have any
software or files on it that are personal to you. Not your music. Not your games, etc. What is has is a trusted and
fool-proof means of getting and receiving messages that you can trust with your life and the lives of your unit.
Therefore, you trust the info on your Army issued laptop. You know that no foreign agent or enemy
can break in and send info to you or anyone else in the system, pretending to be someone you trust.
If your unit is overrun and you lose your laptop, anyone trying to use it without authentication or by hacking,
will cause the laptop to self-destruct.
It is the Army who owns the computer. They own the software. They own the system. They own the TMP.
What everyone has been trying to do here is to apply TMP to their onw personal consumer/business computer.
These are two separate and definitive worlds of computing operation. The only thing similar in our
world is trusting who the person is you are communicating with, as being who they say they are, and not
someone else pretending to be that person, in Chat or Email. But that is completely different (and minor)
level of trust than what the Army is looking for, isn't it?
"You already have zero privacy. Get over it."
No, there is a problem. In fact, it's a huge problem. The problem is, the users are NOT in the position to trust or distrust binaries!
Because Microsoft et. al. designed the system to be secure against the user, they made it a point to withold the private key so that all signing is done by them, not the user. Considering that the entire point of the GPL is to have the user in control, "Trusted" (or rather, Treacherous) Computing is fundamentally incompatible with the GPL!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Why isn't the user in the position to trust binaries? In a TPM-supporting Linux stack, the only people in control of the trust or distrust are the administrators of the system. The hardware doesn't block software, the software uses the hardware to authenticate it. The software can then block it based on the rules set up by the administrator.
WTF are you smoking? Between the legendary insecurity of Microsoft software and formats, and the fact that the formats are proprietary (meaning they will be expensive to archive and maintain), MS Office is the worst possible thing for the military to use!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
The army is stupid. It should mandate it's own standard for this using NSA approved hardware.
Sheesh
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
Yes it's true. After you make changes to the sourcecode of software and re-compile it, it's no longer 'Trusted'. BECAUSE THAT'S THE WHOLE POINT! ... but I didn't change anything. Perhaps I have a virus." It's again a way to verify that changes you didn't make, arn't being run. In that respect it grants the user more control over their computer, because it provides them with more information.
Back off of piracy and conspiricy issues. If I write 'FSM-wordprocessor' and get it signed, you and everyone else gets to trust that I & the signing agency have verified that the software is exactly as I intended it to be. Currently if Bob decides to create a virus, he can create one that rewrites one of my modules to do what it was originally intended to do, as well as whatever malicious thing he want's it to do. Currently there is no way for me to verify that when I run 'FSM-wordprocessor', I am running the original code, or the one with the virus. Trusted computing does that. That's why the military wants it. It fulfills a vital security role for them.
For the average user, it also fulfills a vital role. "Hey my OO2.0 pops up as not trusted
The only time trusted computing doesn't make sense, is when you are working in a development environment. In any live production environment, knowing that what you think you are running is what is actually running is a good thing. When you are doing development, obviously you can't get things certified each time you recompile it - hell on a bad day, that would be 30-40 recerts for a subroutine. What you need is degrees of trust.
If you want to tweek & recompile the kernel, go ahead & then hit it with a 'personal trust' cert. But don't hand it to me & say this is the greatest mod to the kernel ever & expect me to trust it. The problem is not with 'Trusted Computing' the problem is with implimentation. If there is only Trusted/UnTrusted, then there's an issue. If I can define who I trust and what I trust, then things are good. If I can only trust what somebody else tells me is trustworthy, then it's bad.
The problem is going to be when you take your personal signed kernel and try to run trusted software that is going to go looking for a 'High Order' cert. Let's face it, if my concern is securing data - state secrets or 'Boy Band of the Week vol 1' - I can't verify that the data is secure if you have changed the kernel, since you could be ghosting every buffer to a non-secure memory space. Now is that a problem? only if you are trying to use software that explicitly requires the OS to be certed. Most FOSS isn't going to care. The stuff that does is going to be related to securing other people's Data. IE. you won't be able to run 3rd Party Secure Data Relay Proxie v4 on an unCerted Kernel because the 1st & 2nd p
To say that "the army" is requiring all pcs to do anything is questionable at best. What this appears to apply to is the enterprise systems. That's maybe a couple hundred servers that fall into the command of Netcom. I see no mention of netcom having responsibility for things like desktops, agency by agency servers, etc. Never can tell though.
People who think they know everything really piss off those of us that actually do.
Amen!
A knife is not a bad thing. It is not a good thing. It is only a thing. Some will use it to threaten and mug, others will use it to dice tomatoes or perform surgery. It is only a thing.
A gun is not a bad thing. It is not a good thing. It is only a thing. Some will use it to stop invaders or obtain meat. Others will use it to hijack planes. It carries no inherent righteousness or villany.
A Trusted Computing Platform is not...
Come on people, separate the tool from the actions of saints and sinners so that we can make engineering trade-off based decisions instead of emotional ones.
"We think people rightly feel that once they buy something, it stays bought," --Suw Charman, Open Rights Grp