[13009] in cryptography@c2.net mail archive
Trusted Computing Group trying to be TCPA follow-on [eetimes]
daemon@ATHENA.MIT.EDU (Bill Stewart)
Thu Apr 10 11:09:35 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Wed, 09 Apr 2003 11:38:36 -0700
To: cypherpunks@lne.com, cryptography@wasabisystems.com
From: Bill Stewart <bill.stewart@pobox.com>
New group aims to secure PCs, PDAs, cell phones
By Rick Merritt, EE Times
April 8, 2003 (2:20 p.m. EST)
URL: http://www.eetimes.com/story/OEG20030408S0046
SAN MATEO, Calif. =97 Fifteen companies announced Tuesday [April 8] they=
have=20
formed the Trusted Computing Group, an industry initiative to define and=20
promote a specification for security in PCs, servers, PDAs and cellphones.
The group essentially reboots the efforts of the now-disbanded PC-centric=20
Trusted Computing Platform Alliance (TCPA), this time including=20
participation from Nokia and consumer electronics companies such as Sony=20
and Philips.
The Trusted Computing Group (TCG) expects to release a specification for PC=
=20
security before the end of the year. A spec for cell phones, however, could=
=20
be as much as two years away.
Founding members of the TCG are carryovers from the earlier 190-member TCPA=
=20
effort. They include AMD, Hewlett-Packard, IBM, Intel and Microsoft.=20
Contributing members include Atmel, Infineon, National Semiconductor,=20
Nokia, Philips, Phoenix Technologies, Sony, ST Microelectronics, VeriSign=20
and Wave Systems.
The TCPA defined a trusted platform module (TPM), a basic device with=20
encryption and secure memory capabilities to oversee PC security. However=20
the TPM 1.1 chips now shipping from companies such as Atmel, Infineon and=20
National Semiconductor have not been widely adopted to date and do not=20
conform to concepts for a secure PC execution mode recently defined by=20
Microsoft under a program it called Palladium.
The TCG is defining a specification for a 1.2 version TPM and a software=20
stack that will work with the Palladium architecture Microsoft developed in=
=20
collaboration with Intel Corp. and Advanced Micro Devices. Microsoft will=20
detail this approach publicly for the first time at the Windows Hardware=20
Engineering Conference in May.
Microsoft's implementation, which it now calls the Next Generation Secure=20
Computing Base (NGSCB), will require new logic in several PC components=20
including processors, chip sets, graphics processors and I/O devices.=20
Indeed, the concept for a secure operating mode is so broad Microsoft will=
=20
devote an entire track at WinHEC =97 about 18 hours of content =97 to=20
describing it.
Microsoft has not said, however, when it will ship software that complies=20
with NGSCB. Industry watchers expect that code will appear late next year=20
or early in 2005 in the next major version of Windows, dubbed Longhorn.
The security scheme will work in conjunction with processor functions Intel=
=20
Corp. calls Le Grande Technology and has embedded in its next-generation=20
Pentium processor dubbed Prescott, expected to ship later this year. AMD=20
will also support the PC security concepts in its processors though it has=
=20
not indicated when.
The TPM 1.2 modules will include a new session encryption interface and=20
secure state counters that prevent replay security attacks, said Stephen=20
Heil, a technical evangelist for security at Microsoft. The TCG has=20
separate working groups defining those modules, a security software stack=20
and particular needs for both servers and PDAs. The TCG is about to launch=
=20
a working group to define a specification for secure cellphones, an effort=
=20
that could take 18 to 24 months. Nokia is expected to be a key contributor=
=20
to that group in addition to other members still being recruited by the TCG.
=93I would expect to see our membership broaden to include many of the=20
players required for that effort,=94 said Geoffrey Strongin, a security=20
specialist at AMD.
Jim Ward, chair of TCG and a security specialist with IBM, said the group=20
would like to create other specifications for platforms such as set-top=20
boxes and video game consoles though no active efforts are currently=20
underway. =93We are looking to develop a broad specification that can be=
used=20
by a broad set of products,=94 he said.
=93The industry is coming together,=94 said John Hull, director of marketing=
=20
for advanced PC products at National Semiconductor.
=93We are thoroughly convinced that the future of the PC rests on three=
legs:=20
networking, security and manageability. You will have to have all three to=
=20
play in PCs going forward,=94 he added.
Hull said he expects TPM module makers will update their products to comply=
=20
with the new security spec when Prescott processors roll out this fall.=20
Further in the future, the modules could be integrated into existing PC=20
components such as SuperI/O parts that provide legacy support for serial,=20
parallel, keyboard and floppy controllers.
=93IBM is about the only company in production with systems using the=20
[standalone] TPM 1.1 devices as far as I know,=94 said Hull.
Ward said IBM has shipped millions of TPM devices in its PC systems. An HP=
=20
spokesman said the company has not yet shipped systems with the modules=20
which typically cost about $5.
=93We have to increase the rate of adoption. That's why integration with=20
Super I/O makes a lot of sense. We think this will be a checkbox item going=
=20
forward,=94 Hull added.
As a legally incorporated group, the TCG will enforce reasonable and=20
non-discriminatory licensing of any intellectual property in the spec and=20
define a mechanism to certify compliance to it. The group is also expected=
=20
to take a more pro-active approach than its predecessor to addressing=20
controversial issues about privacy and digital rights raised by the PC=20
security effort.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
