Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:30 PM

A Tipping Point For The Trusted Platform Module?

To achieve widespread adoption, TPM must overcome challenges to encryption key management.

While a Trusted Platform Module chip could be applied to DRM, it's far from the most common use-case of the technology today. More important in the TPM ecosystem are the other possibilities it affords. The Trusted Computing Group encompasses a variety of platforms, including working groups dedicated to Authentication, Mobile, Software Stack, Storage, Trusted Network Connect, and Virtualized Platform.

The most widespread use of TPM today is Microsoft's BitLocker drive encryption technology. BitLocker can operate with or without the TPM hardware, though the recommended and most secure method of operation requires a 1.2 TPM chip, and it's able to offer significantly more security than non-TPM modes of operation. That's because the keys are secured in the hardware rather than in software, making them harder to tamper with or steal.

Also teaming up with TPM for data encryption are hard drives capable of handling data encryption and decryption internally, such as Seagate Momentus FDE.2 drives. This is one of the few full-disk encryption architectures that would not be vulnerable to the recently publicized "cold-boot" attacks that are able to extract the contents of a computer's memory after it's been powered off and seek out encryption keys.

While disk encryption is a popular use for the TPM chip, it may be the user and machine identification features that steal the show in the long run. With support for multifactor authentication features such as an additional PIN or biometric authentication, TPM can serve as the one-stop shop not only for authenticating a user to a machine, but also as an authentication mechanism for Web applications and business applications that would benefit from strong cryptographic authentication.

The Web is one reason the Trusted Computing Group repurposed itself from the original goals of Trusted Computing Platform Alliance back in 2003. Instead of creating a platform for trusted PC computing, it wanted to be able to integrate the same techniques across a wide variety of uses and platforms.

Of course, integrating TPM into the authentication process for a Web application negates one of the values of Web apps in the first place--they're accessible from any Internet-enabled PC.

This problem may be solved by cell phones, which could act as a soft token to authenticate users. For example, if a user wants to access an online banking application from a strange machine, the bank can send a one-time password to the user's phone. The user would enter this password into the banking app. Meanwhile, the entire process is secured against tampering by TPM's hardware-enabled trusted connection from the server to the PC being used.

Trustworthy computing was supposed to usher in a new era of secure computing, but it got off to a rocky start. Despite that, the latest iteration of hardware-enabled trust promises secure identification, authentication, and encryption, with even more possibilities for the future.

The Trusted Computing Group (successor to the Trusted Computing Platform Alliance) developed and maintains the TPM Specification and is made up of a variety of both software and hardware companies. The current list of core companies includes AMD, HP, IBM, Infineon, Intel, Lenovo, Microsoft, and Sun, though well over 100 other vendors are involved.

TCG has done the right thing, starting ahead of consumer demand and developing an open solution to a problem most customers didn't know they had. A TPM chip enhances a variety of existing security functions with a secure root of trust. The downside is key management complexities, which limit the number of organizations taking advantage of the technology.
Imagine a software-as-a-service vendor able to leverage a secure hardware token in mobile devices for user authentication. The additional layer would provide a level of security analogous to a secure hardware token with a cost approaching the more inexpensive software token. This assumes, of course, that the SaaS vendor was able to develop a manageable process for enrolling the customer's mobile devices into its encryption infrastructure.

This leads directly into the weak spot for TPM--key management. Managing the keys protected by a TPM chip is almost identical to any other encryption platform. Not only must those TPM-generated keys support the usual enterprise key management features--such as enrollment and revocation, and key recovery in case of lost PINs--but there are issues unique to TPM, such as maintaining system state when upgrading, as changes may upset the ability of the module to produce a valid key for an encrypted system.

Some standalone software tools already are available for IT to manage the Trusted Platform Module. For example, Microsoft offers some free TPM management tools. And a large number of OEMs that manufacture PCs and laptops ship Wave Systems' Embassy Trust Suite, which is capable of providing a variety of services to maintain the module itself. However, more powerful management capabilities might require an upgrade to one of Wave's enterprise-level products.

Even without an enterprise management platform, however, some organizations may be able to take advantage of the number of TPM chips deployed in their environment right now. The Trusted Computing Group Web site offers a series of white papers on using TPM with existing enterprise systems such as wireless networks, VPNs, and network access control.

While it's important to consider the extra management effort involved, it's definitely worth examining what you can use for free with the built-in tools along with the module.

Continue to the sidebar:
TPM: A Matter Of Trust

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
Ericka Chickowski, Contributing Writer,  12/2/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-09
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
PUBLISHED: 2019-12-09
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.