Not What You Meant? There are 16 definitions for TSS. Also try: TCG.

Trusted Computing Group

About 4 pages (1,309 words)

Know this topic well? Help others and get FREE products!

The Trusted Computing Group (TCG), successor to the Trusted Computing Platform Alliance (TCPA), is an initiative started by AMD, Hewlett-Packard, IBM, Infineon, Intel, Microsoft, and Sun Microsystems to implement Trusted Computing. Many others followed.

1 Overview
2 Related projects
3 Criticisms
4 TCG Founders
5 Contributors
6 See also
7 References
8 External links

Overview

TCG's original major goal was the development of a Trusted Platform Module (TPM), a semiconductor intellectual property core or integrated circuit that conforms to the trusted platform module specification put forward by the Trusted Computing Group and is to be included with computers to enable trusted computing features. TCG-compliant functionality has since been integrated directly into certain mass-market chipsets. TCG also recently released the first version of their Trusted Network Connect (TNC) protocol specification, based on the principles of AAA, but adding the ability to authorize network clients on the basis of hardware configuration, BIOS, kernel version, and which updates that have been applied to the OS and anti-virus software, etc. [1]. As of December 2006, almost one hundred and fifty enterprises are members of TCG or follow its specifications. Seagate has also developed a Full Disk encryption drive which can use the ability of the TPM to secure the key within the hardware chip. A common misconception regarding TPM-enabled computers is that it would require all software to have a license from the TCG or some other central body. In reality, the owner of a TPM-enabled system has complete control over what software does and doesn't run on their system. This does include the possibility that a system owner would choose to run a version of an operating system that refuses to load unsigned or unlicensed software, but those restrictions would have to be enforced by the operating system and not by the TCG technology. What a TPM does provide in this case is the capability for the OS to lock software to specific machine configurations, meaning that "hacked" versions of the OS designed to get around these restrictions would not work. While there is legitimate concern that OS vendors could use these capabilities to restrict what software would load under their OS (hurting small software companies or open source/shareware/freeware providers, and causing vendor lock-in for some data formats), no OS vendor has yet suggested that this is planned. Furthermore, since restrictions would be a function of the operating system, TPMs could in no way restrict alternative operating systems from running, including free or open source operating systems. There are several projects which are experimenting with TPM support in free operating systems - examples of such projects include a TPM device driver for Linux [2], an open source implementation of the TCG's Trusted Software Stack called TrouSerS [3], a Java interface to TPM capabilities called TPM/J [4], and a TPM-supporting version of the Grub bootloader called TrustedGrub [5].

Related projects

Chipmakers have developed varying implementations that integrate the TPM functions into a normal chipset. Intel's is called trusted execution technology . AMD's is called Secure Virtual Machine (SVM) [6]. Transmeta's is called Transmeta Security eXtensions (TSX). IBM uses two names, Embedded Security Subsystem and ThinkVantage Technology. Winbond Corporation uses SafeKeeper. Phoenix Technologies' BIOS for it is called Core Managed Environment (cME). Fujitsu calls it FirstWare Vault. Hewlett Packard calls it ProtectTools. Microsoft's initiative is called Next Generation Secure Computing Base (formerly Palladium). Owing to significant difficulties in creating a working implementation that third-party developers were interested in using, NGSCB was not included with Microsoft's newest major operating system release, Windows Vista. Instead, Vista ships with a few technologies that can make use of a TPM chip, such as BitLocker Drive Encryption, and a new version of the Microsoft Cryptography API. [7]

Criticisms

The group has faced widescale opposition from the free software community on the grounds that the technology they are developing has a negative impact on the users' privacy and can create customer lock-in, especially if it is used to create DRM applications. It has received criticism from the GNU/Linux and FreeBSD communities, as well as the software development community in general. Significant backlash amongst the Trusted Computing Group was present during Richard Stallman's speech at the Hackers on Planet Earth conference in July 2006, in New York. Richard Stallman and the Free Software Foundation have also criticized the group publicly in other speeches. The criticism calls Trusted Computing "Treacherous Computing" instead and warns that vendors can lock out software that is not officially signed by specific vendors, rendering it unusable. Privacy concerns with the TCG revolve around the fact that each TPM has a unique keypair, called the "endorsement key", that identifies the platform. In initial versions of the TPM (version 1.1), the TCG addressed privacy concerns by suggesting the use of a "Privacy CA" that could certify pseudonymous machine credentials. By having separate credentials for interacting with different parties, actions could not be linked, and so some level of privacy is provided. However, this requires trust in the Privacy CA, who could still link pseudonyms to the common, identifying machine credential. Since this left unresolved privacy concerns, version 1.2 of the TPM specification introduced "Direct anonymous attestation": a protocol based on the idea of a zero-knowledge proof which allows a TPM user to receive a certification in such a way that the Privacy CA would not be able to link requests to a single user or platform, while still being able to identify rogue TPMs.