What is Trusted Computing?
Trusted Computing is a broad term that refers to technologies and proposals that aims to make computing more secure through hardware enhancements and associated software modifications. It can be broken down into four different categories:
- Memory Curtaining: Provides full isolation of sensitive areas of memories, and keeps memory from being read or written to inappropriately. This has the potential to ensure cryptographic keys are isolated and protected from the operating system.
- Secure Input / Output: Addresses threats from spyware and programs that capture the contents of a display. For example secure I/O could prevent a keylogger from intercepting keystrokes on a banking website.
- Sealed Storage: Protects private information and enables computers to securely store critical data, such as encryption keys. If an attacker stole a server the data would remain encrypted and inaccessible
- Remote Attestation: Allows changes to a user’s computer to be detected by authorized parties, through the generation of encrypted certificates. If a computer or server is deemed compromised, then security personnel can take action.
Several major hardware manufacturers and software vendors, collectively known as the Trusted Computing Group (TCG), are cooperating in this venture and have come up with specific plans to implement Trusted Computing specifications.
What is the Trusted Computing Group (TCG)?
Back in 1999, the Trusted Computing Platform Alliance (TCPA) was created, which was essentially a consortium of different technology companies that wanted to promote trust and security in computing platforms. The alliance was composed of some of the largest names in tech, including Hewlett-Packard, Microsoft, Intel, and IBM, and reached over 70 members within its first month up and running.
The TCPA developed a set of Trusted Computing Platform Specifications, which were intended to provide the industry with a clear direction that facilitates trust in computing platforms and environments. These specifications required systems to implement certain mechanisms and processes to ensure computing systems were secure.
Following the TCPA, the Trusted Computing Group (TCG) was formed in 2003, with an added emphasis on mobile security. The TCG still exists to this day, and is focused on developing and promoting specifications for the protection of computer resources from threats posed by malicious entities, without infringing on the rights of end users.
What is a Trusted Platform Module (TPM)?
One of the TCG’s most notable efforts was the development of a Trusted Platform Module (TPM). A trusted platform module is a technology designed to provide hardware-based security functions. A TPM chip is a secure crypto processor designed specifically to carry out cryptographic operations directly inside the CPU. The chip includes multiple physical security mechanisms to make it tamper-resistant to software applications.
Security is only as strong as the layers below it since security in any layer of the compute stack could potentially be circumvented by a breach at an underlying layer. This drives the need for security solutions at the lowest layers possible, down to the silicon components of the hardware. At this level reside the OS and drivers, which could be compromised.
How is StorMagic Getting Involved with Trusted Computing?
StorMagic is currently utilizing Trusted Computing with its encryption key management solution, SvKMS. We’ve introduced compatibility with TPMs to provide an alternative, trusted source for protecting the keys created and managed in SvKMS.
Similar to a hardware security module (HSM), the TPM acts as a root-of-trust for protecting keys, and the key protection functionality is enabled directly through the SvKMS User Interface (UI). The main benefit of this approach is that it gives customers peace of mind, knowing that their data and keys are safe and protected within a trusted environment.
For StorMagic, the opportunity to build a story around Trusted Computing has started with TPMs and will evolve to a holistic approach of using trusted elements within hardware as an advanced key protection mechanism. This includes secure elements like Intel’s Software Guard Extensions (SGX), AMD’s Secure Encrypted Virtualization (SEV), and Apple’s Secure Enclave.
Trusted Computing proponents, such as International Data Corporation, the Enterprise Strategy Group, and Endpoint Technologies Associates, believe that TPMs will make computers safer, less prone to viruses and malware, and thus, more reliable from an end-user perspective. They also claim that Trusted Computing will allow computers and servers to offer improved computer security over that which is currently available.
For additional information about how SvKMS enables Trusted Computing, visit the Trusted Computing feature page on our website. You can also download a copy of our latest white paper, “Building Secure Environments Through Trusted Computing,” to learn more about securing data through Trusted Computing systems.