In a discussion chaired Derek Brink, VP and research fellow from the Aberdeen Group, the panel provided a brief crash course on the concept of ‘trusted computing’ and examined reasons why industry has been slow to adopt the TCG’s hardware-based security standards.
There is the perception that the computing ecosystem is not a trusted one, Brink commented from the outset, and then turned to fellow panelist Michael Willet, a storage security specialist from TCG member Samsung, to explain precisely what a trusted computing ecosystem entails.
“Trust is a feeling you have…a feeling you have to have engendered in you, that leads to the expectation of a certain behavior”, Willett said. When viewed in terms of computing, he added that the device behaves as it was designed to do, and thereby engenders the user to trust that system.
The TCG, an industry consortium, defines trust for computing systems as a “kernel – an enclave – of trust in the system that is built in hardware, or in some cases highly assisted by hardware”, Willett remarked. “There is a general sense that hardware can be better controlled than software”.
Hardware is not impervious to vulnerability, he admitted. “You can find untrustworthy hardware, but in general – in designing it to behave as expected – I have more confidence in hardware than I do in software”, Willett asserted.
Andy Musliner, chief technology and innovation officer with fellow TCG member DMI, agreed with Willett’s assessment, and reviewed some of the practical, real-word problems that TCG standards attempt to address.
“The reason trusted computing starts in hardware is because software is inherently vulnerable”, he observed, insisting that moving the mechanisms to the hardware level is the first step to a more trusted computing environment. “Hardware”, he continued, “is more trustworthy because it takes a heck of a lot more time and money to build”.
Deploying things like trusted platform modules (TPMs) – a security chip already embedded into millions of devices – allows you to get under the software and establish a root of trust, Musliner explained. Items like security credentials can then be protected by hardware, rather than software, which prevent them from being remotely stolen by unauthorized parties. In addition to the authentication benefits of TPMs, they allow organizations to identify the devices accessing their networks, “which can close a gigantic hole that’s in our security today”, he said.
Musliner added that once a device has been identified as trusted, a piece of hardware embedded with TPMs allows an organization to have granular access control over it. “You can also start establishing trust levels in the software that gets loaded on the device” – what he described as a “transitive chain of trust” that starts from the hardware and works its way up to the software level.
A Hard Sell
The byproduct of trusted computing is that, in the end, it should seem to the end-user as a seamless assurance. But as Aberdeen’s Derek Brink acknowledged, when it comes to the idea of trusted computing, “most enterprises do not buy technology based on a vision”, but rather seek to address a specific case use.
“The TCG very much depends on security standards that [provide] openness, interoperability, and are vetted in the real world”, Willett said. “All of these are intended to enhance that feeling of trust”. The group’s standards, he noted, are also meant to promote usability features, including ease of use, transparency, a lower cost of deployment, and more robust security.
Brink then asked, at more than a decade old, when can we expect to see the TCG’s standards achieve more widespread adoption, or even full-scale deployment?
“We are at the top of the peak where everything starts rolling down the hill”, Musliner predicted. The reason why they have taken so long to deploy, he surmised, “is because trusted computing is based on hardware, and it takes a long time for hardware to change”, reinforcing a previous point. Software can be re-written very quickly, he added, but adopting trusted computing standards – even if they are accepted principles – will take years for the hardware manufacturers to implement. It’s the reason why Microsoft, an early proponent of TCG standards, did not deploy TPMs as part of its ‘Secure Boot’ process until the release of its Windows 8 operating system.
“As we get platforms in place – especially in the form of mobile devices – that will begin the ball rolling downhill”, Musliner concluded.
Perhaps the most interesting observation came from Willett, who contemplated why TCG standards have taken so long to be accepted and deployed by hardware manufacturers. “The essence of the problem is that the very principles of trusted computing fight against the marketing. If you have technology that is transparent, easy to use, has no performance impact, is built in and not built on, and is invisible”, then it becomes a hard sell for marketing departments at these manufacturers.
“To market it you want people to be able to appreciate it”, Willetts said of the security benefits. “But it’s not visible to the average consumer.”