Foreword
In less than twenty years, computers have evolved from central information processing systems to PCs on every desk and in every home that are connected to the Internet. Functionality and convenience of these systems have been progressing steadily. Mobility has now been added as an essential feature: we carry laptops, PDAs and cell phones and we are on-line everywhere. There is no doubt that this trend will continue towards ubiquitous intelligent devices.
In this context, we are witnessing a change of our society towards e-commerce, e-business and e-government and towards an increasing dependence on information systems. However, this development also brings new vulnerabilities and risks. While there are very few reliable statistics, all experts agree that direct and indirect costs of on-line crimes such as break-ins, defacing of web sites, spreading of viruses and Trojan horses, and denial of service attacks are substantial. Moreover, the impact of a concerted and deliberate attack on our digital society by highly motivated opponents is a serious concern.
Research in information security has brought innovative solutions, such as cryptographic algorithms and protocols, firewalls, anti-virus software, intrusion detection systems and sandboxes for mobile code. These technologies allow the establishment of digital identities, creation of secure channels, detection of (known) viruses and increasing computer networks' security. Most of these security technologies are becoming widespread, yet keeping information systems secure becomes ever more difficult. This can be deduced from the growing number of CERT incidents reported: from less than 1000 in 1992 to 10,000 in 1999 and more than 50,000 in 2002. The number of reported security alerts does not grow spectacularly, but neither does it decrease (typically it increases by several per month).
The answer to this paradox lies in the fact that the end-systems are becoming increasingly complex, and securing complex systems is very hard. As an example, the number of software bugs typically grows with the code size, and many software bugs have security implications. Moreover, even if we could build secure computer systems they would be significantly more expensive and much harder to use. These elements can explain why secure computer systems have very limited market penetration, even among security experts.
It is well known that the most effective way to secure complex systems consists in defining a simple trusted subsystem that is in charge of the core security functionality. Smart cards have played this role to some extent, but only in a limited number of applications such as retail banking and mobile communications. In order for such a subsystem to be cost effective, it needs to be simple and generic. This allows its reuse for a variety of environments and applications. However, little progress had been made in this area so far because of the “chicken-and-egg” problem: applications are waiting for the secure subsystem and vice versa. Moreover, specifying such a generic system is a non-trivial technical task.
The Trusted Computing Platform Alliance (TCPA) initiative has succeeded in breaking this deadlock by bringing together the key industry players in January 1999. They set the very ambitious goal of specifying such a subsystem, that is, of specifying a Trusted Platform containing a low-cost Trusted Platform Module (TPM). Version 1.0 of the TCPA specifications has been released in February 2001. It provides the basic building blocks to design secure applications and services and offers the following functionality to users: protected storage of data, preventing access to data by inappropriate software and identification of and establishing trust in platforms. The first TPMs have been demonstrated in April 2002. The next step will be for platform OEMs to integrate these TPMs into their platforms, and for OS vendors to provide support for this functionality.
The TCPA specifications have taken a very pragmatic approach. Even when the goal was to develop a simple subsystem, the number of issues that have been addressed is impressive. To mention just a few of these: initialization of the system, backup and recovery, and the protection of the privacy of the end-users.
There is no doubt that TCPA has created an exciting development with high potential. While TCPA trusted platforms are not secure platforms, they are the first step towards secure platforms. Future developments in platform security, network security, and e-services will be built on concepts introduced by TCPA. Researchers and developers in the area of security are now presented with the challenge of making further progress in this direction.
This book offers an excellent introduction to the TPCA technology. It is written by a team of experts who are intimately familiar with the details of the TCPA specifications. They have succeeded in presenting the technology from different perspectives, in order to make it accessible to readers with different backgrounds. This book explains how the TCPA specifications can be used by organizations, but also provides detailed technical information to developers and security experts. It clarifies why certain design choices were made and it does not avoid the delicate question of what “trust” exactly is. This book is a “must read” for anyone who is concerned with the security of our future information systems.
Bart Preneel
Katholieke Universiteit Leuven, Belgium
June 2002
Bart Preneel is a professor at the Electrical Engineering Department of the Katholieke Universiteit Leuven in Belgium, and is also a visiting professor at the Ruhr-Universitaet Bochum in Germany and at the University of Ghent in Belgium. His main research interests are cryptology and information security.
He has authored and co-authored more than 100 scientific publications and is inventor of one patent. He is vice president of the IACR (International Association for Cryptologic Research) and chairman of the Leuven Security Excellence Consortium. He is a member of the TCPA Board of Advisors and of the Editorial Boards of the Journal of Cryptology and of the ACM Transactions on Information Security.