Inside nearly every notebook or desktop PC built within the past three years resides a hardware module that often goes unused in protecting data.
The Trusted Platform Module can’t solve every security quandary, but it can certainly improve the ability to protect data when coupled with data encryption and other security applications, says Steve Hanna, distinguished engineer at Juniper Networks.
TPM is a cryptographic module that’s permanently attached to the processor. Its advantage is that it provides strong isolation from observation or alteration when storing and protecting information assets about the platform it resides on.
Its hardware architecture is similar to other cryptographic devices, such as smart cards, but it does have a couple of unique differences:
- Platform configuration registers — 24 per module that hold integrity measurements for the hardware and software — squirrel away measurements and logs to provide information about the platform.
- The Attestation Identity Key, a fixed-function key, can attest to a system’s internal status data based on the values stored in the registers. The key can create and sign other keys in the TPM — for network access control and for virtual private networks, for instance. That means there’s never any exposure of keys outside the TPM infrastructure.
“I like to think of TPM as a smart card built into the motherboard,” says Hanna, a speaker at the recent CSI 2008 security conference.
The benefit of using a tool such as TPM is that it’s product-neutral, say David O’Berry, IT director for South Carolina Probation, Parole and Pardons Department. That makes it possible to better unify security in an environment. “Security as a whole is fragmented and driven by the product cycle,” he says. “We need to better reutilize what we have to create a less piecemeal approach.”
But to make use of TPM, Hanna points out, IT must turn on the module and deploy software that acknowledges it. “By itself, it doesn’t do anything functional. It requires software to activate functionality,” he explains.
With Microsoft Windows Vista and XP, however, there’s no need to install agent software: Those operating systems have features to conduct authentication and health checks on a client automatically when the BIOS boots. And with Vista, using the TPM makes full-disk encryption a more airtight security approach, Hanna says.
Using BitLocker without TPM “is like having a fabulous security option in your car and then leaving the keys in the ignition,” he says. Because of the potential to hack the authentication keys, the National Security Agency recommends that agencies encrypt with BitLocker and then store keys in the TPM.
250 Million: TPMs shipped
SOURCE: Trusted Computing Group
But what about devices that aren’t running Vista or Service Pack 3 XP?
Support for legacy and other portable and peripheral devices is in demand for anything that has an IP address and can get on the network, says Hanna. Think Voice over IP phones, digital cameras and printers. Most manufacturers provide some way to do a basic health check of these platforms, he says, even if they do not support user authentication.
Trusted storage is another good option for mobile PC users, Hanna says. “I’m a big fan of fully encrypted hard drives — like those from Seagate.” Others are coming on the market now. It’s an easy way to get end-user security, he points out: No matter where a notebook is left, the data remains encrypted.
There are also ways to use TPM with two-factor identification. For biometrics, IT needs to validate that the software is using the TPM, he says.
Deploying tools that can better secure data in transit and when sharing across organizations is definitely an issue for agencies. Consider the Marine Corps. According to its CIO, Brig. Gen. George Allen, trusted security is a fundamental concern when deploying Marines. “Everything we do is at rest, I cannot do data on the move. I can do voice on the move. Some data, but it’s really small,” he says. “We’re working on this.”
For interacting with allies’ systems and for giving them access to Corps systems, the service uses many different gate guards. Sharing with coalition partners takes a long time to set up use privileges rules and sharing parameters, he says. “We need an easier way to do that.”