Computer attacks of all sorts are commonplace in today’s interconnected, globalized society. A computer worm, written and released in one part of the world, can now traverse cyberspace in mere minutes creating havoc and untold financial hardship and loss. To effectively combat such threats and other novel and sophisticated assaults, our network defenses must be equipped to thwart such attacks. Yet, our software-dominated defenses are woefully inadequate (Bellovin, 2001). The Trusted Computing Group (TCG) has embarked on a mission to use an open standards-based interoperability framework utilizing both hardware and software implementations to defend against computer attacks. Specifically, the TCG uses a trusted hardware called the trusted platform module (TPM) in conjunction with TPM-enhanced software to provide better protection against such attacks. While millions of TPMs have been shipped with more expected annually, adoption of trusted computing technology enabled by the devices has been slow, despite escalating security infractions. This chapter will detail a brief history of trusted computing (TC), the goals of the TCG, and the workings of trusted platforms. The chapter will also look into how the TPM enables roots of trust to afford improved trust and security.
Viruses, unauthorized access, loss of data due to laptop theft, and other computer attacks are common and escalating occurrences in today’s open computing platforms. As a result of these invasions, users and companies worldwide have suffered untold losses and negative publicity, and incurred tremendous costs (CSI/FBI, 2004; Deloitte, 2004; CSI/FBI, 2005; Deloitte, 2005; CSI/FBI, 2006; Deloitte, 2006; CSI 2007; Deloitte, 2007). Until recently, the Information Technology (IT) industry’s predominant approach to solving security problems was to develop more software-based solutions, even though “most security problems are caused by buggy software” (Bellovin, 2001, p. 131). Because the industry ignored the benefits that hardware implementation could bring (Neumann, 2003), the rampant computer attacks continued unabated.
In response, a group of leading technology companies including IBM, Microsoft, Hewlett Packard (HP), Intel and others formed the Trusted Computing Group (TCG). TCG is working to improve trust and security in today’s open computing platforms by utilizing both hardware and software based solutions. They favor vendor neutral, open standards based interoperability frameworks that operate across multiple platforms. TCG is incorporating hardware with a trusted platform module (TPM). This low-cost hardware device has several built-in features that will improve security and trust in today’s networked platforms. Beginning in 2006, 50 million TPM-equipped computers were shipped around the world, and TCG is aiming for even wider deployment across all computing platforms with an additional 250 million TPMs to be shipped by 2010 (TCG, 2005). Through this new framework, TCG hopes to enable all computing services to be performed in a more secure and reliable manner.
Even though millions of these TPMs have been embedded in today’s enterprise laptops and desktops, widespread adoption of this technology remains slow. What is hindering TPM adoption? Will TCG’s vision for improved computer security be realized so that the global community can operate more freely and safely in cyberspace? Can critical information, information systems, and networks be reliably and robustly protected? This chapter will address these questions by examining the concept of trust and the history of trusted computing, and providing an overview of the nature and functionality of trusted computing, trusted platforms, trusted platform module and related issues.