Digital Investigation (2005) 2, 189e192

www.elsevier.com/locate/diin

Trusted computing and forensic investigations

Stephen Mason*

Abstract The concept of ‘trusted computing’ has been developed to makecomputers trustworthy. However, the methods used to achieve this aim may causeproblems to digital investigators in the future. The purpose of this short essay is toprovide a brief outline of ‘trusted computing’, and to illustrate some of theproblems that may occur in the future. This essay is speculative in nature. It waswritten at the request of the editor with the intention of raising awareness, ratherthan providing a definitive view of the problems that investigators and lawyers mayface in the future. The reader is requested to treat the content as the opening ofa debate, rather than a diligent discussion of the subject matter.

The Trusted Computing Group was set up with a view to pioneer the concept thata computer should work in accordance with an expectation. The Group aims toachieve this expectation by putting in place mechanisms to attest to the state ofthe software applications that run under an operating system and upon a hardwareplatform (for a detailed explanation, the reader is directed to ‘TCG SpecificationArchitecture Overview’ Revision 1.2 dated 28 April 2004, available in electronic formaton the Trusted Computing Group web site e https://www.trustedcomputinggroup.org/home).ª 2005 Stephen Mason. Published by Elsevier Ltd. All rights reserved.

Brief introduction to ‘trustedcomputing’

Two phrases are used to describe, albeit inaccurately,the concept developed by the Trusted ComputingGroup: ‘trusted computing’ and ‘trustworthy com-puting’. Ross Anderson suggests the phrase ‘con-trolled computing’ may be more appropriate.1

* Tel.: C44 1462 701098; mobile: C44 79 61 88 53 44.E-mail address: stephenmason@stephenmason.co.uk

1 Ross Anderson ‘Cryptography and Competition Policy e

Issues with ‘Trusted Computing’’ paragraph 2.1 available inelectronic format at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session1_anderson.pdf.

1742-2876/$ - see front matter ª 2005 Stephen Mason. Publisheddoi:10.1016/j.diin.2005.08.002

Regardless of the descriptive term used, thearchitecture of ‘trusted computing’ places a relianceon the underlying components of the system, themethods by which the various components aremanufactured, the creation of the various keys andmethods of authentication, and the provisions re-lating to the security measures put in place to ensurethe modules can be trusted.

Regardless of the name given to the idea, theaim is to increase the trust to be placed in thecomputer. The assumption is that a software pro-cess cannot provide reliable information unless itcan be certain that the process itself works inaccordance with a defined expectation. For in-stance, key logging software may be placed on

by Elsevier Ltd. All rights reserved.

190 S. Mason

a computer, either physically or by way of a maliciouscode sent over a network, as occurred in the case ofattempted theft against the Sumitomo Bank inLondon during March 2005. Another example is thatof a root kit that embeds itself into the operatingsystem kernel in such a way that there is practicallyno way of detecting it. Depending on the nature ofthe code, it may then attempt to maintain itsintegrity by preventing the user from detecting it.Such malicious codes may then send data to anunknown third party when the computer is con-nected to a network. In all probability, such codeswill undertake this activity without the authority ofthe computer owner. The presumption is that own-ers use a computer to carry out specific tasks, but itis not anticipated that the computer will carry outthe instructions of an unknown third party at thesame time. Where malicious code has been surrep-titiously sidled into the computer by some means,the computer is not to be trusted, because themalevolent code causes the computer to work ina way that is not in accordance with the expect-ations of the owner.

Providing for computer security is a complexmatter, partly because most computers are porta-ble, which means the hardware is vulnerable, theyare not physically secure, and they may not even becontrolled by somebody who is to be trusted. Thesoftware is also open to attack, as is well known,especially as most users of computers run them asadministrators. The concept of ‘trusted computing’has been developed in an attempt to alleviate thisproblem. It uses cryptography in the form of digitalsignatures. Vendors may develop hardware compo-nents and software modules to the specificationsset out by the Trusted Computing Group.2 In outline,the specification provides for a platform that isintended to be trusted. This platform is consideredto be the foundation component that establishesa framework within which software can operate:essentially, in a trusted environment.

The functionality of the trusted platform maydiffer between vendors, but in essence, the aim isto prevent a malicious code manipulating theoperating system without it being noticed, and toprevent malicious code from gaining access tocertain keys. In the event an additional item ofsoftware is added that is not trusted, the operatingsystem would be made aware of it and mayprevent the computer from working. The conceptof trusted software includes legitimate and mali-

2 The web address of the Trusted Computing Alliance(http://www.trustedcomputing.org) re-directs the viewer tothe Trusted Computing Group web site at https://www.trustedcomputinggroup.org/.

cious software. This is because the vendors oflegitimate software may wish to prevent theirsoftware from being used unless the user has paidthe requisite fee. A process called attestationachieves this. The process of attestation providesa signed ‘logfile’ of the boot sequence of thecomputer, so it can provide accurate informationas to what was actually booted on the machine tothe user or to an external third party.

Several issues arise from this model, some ofwhich include:

� How the cryptographic keys are created. Inrespect of the trusted platform module, thekeys could be created within the module itselfwhen it is powered up for the first time, or thekeys could be included at the time the moduleis manufactured. Whichever method is used,a master key will need to be inserted when it ismanufactured. This will enable the module’sunique keys to be signed with this key.

� What entities create the keys.� The provisions for security.� The rules relating to the prevention of ‘back

doors’ being put in place to circumvent theconcept (or to enable security organizations togain remote entry without being noticed).

� How the keys are protected in the computer.� The methods used by third party vendors to

gain access to verify their software.� How to determine when to trust the crypto-

graphic keys.� How to determine when the keys have reached

the end of their life, if they have a life span.

Bearing in mind the vast majority of computerusers only have the vaguest awareness of thevulnerability of their computer, and their under-standing of the architecture of a computer is mistyto the point of incomprehensibility, the readermay readily note that the complexity of ‘trustedcomputing’ may well create more problems that itsolves. The Trusted Computing Group do not helpthemselves, because the documents produced bythe Group are not as accurate as they could be. Forinstance, the language used in the documentspermit a variety of meanings to be imputed tothe word ‘ownership’ that causes confusion, as thevarious types of ownership illustrate:

� Ownership of stored data.� Ownership of stored executable code.� Ownership of the physical hardware.

To obfuscate the concept in this way is nothelpful e to the idea nor to end users.

Trusted computing and forensic investigations 191

Investigating the ‘trusted computing’environment

On first flush, a number of issues present them-selves that both lawyers and digital forensicinvestigators will have to consider when undertak-ing an investigation within the ‘trusted computing’environment. This brief discussion will not considerthe different criteria that will need to be consid-ered as between a criminal investigation and a civilexamination of a computer or system, but thedifferences between the rights and duties thatapply will obviously differ between the two.

It is possible, but not certain, that the ‘trustedcomputing’ environment may prevent or underminethe ability of a digital forensic investigator to makean exact bit for bit copy of the hard disk, or to createa bit for bit image of the original medium. Anotherissue that could cause difficulties in the process ofinvestigating crime centres on the attributes of thetrusted platform. The trusted platform enables anowner of the computer to put highly effectivecryptography into place to hide files and to preventothers from obtaining access to the files. Conversely,users have been able to achieve similar ends withthe use of PGP and other cryptographic products, sothis particular point may be less of a problem thansuggested. Gangs intent on hiding and distributingabusive images of children tend to use such productsin any event, which causes the authorities signifi-cantly more inconvenience when attempting toreveal the evidence. In such circumstances, it isdoubtful that an order from a judge to the accusedto deliver up the relevant passwords or keys willhave the desired effect.

One development might be to introduce a pre-sumption that the accused has something to hide ifthey fail to give up the passwords or keys, althoughthe arguments against such an approach may besuccessful, depending on the approach taken bythe judiciary in relation to issues of public policyand human rights. One point of view that mighthave some force is as follows: where a computerhas been seized as the result of reasonablesuspicion that evidence relevant to the investiga-tion of a serious crime is stored in the memory, andfiles are found to have been encrypted, it may beconsidered proper to require the owner to revealthe relevant passwords or keys, failing which it canbe assumed, in the absence of evidence to thecontrary, that the owner was aware of the natureof the content of the files, and the content iscapable of incriminating the owner. Criminals willinvariably respond to such a presumption bychanging the way they operate. It is conceivable

that one response is to place evidence on thecomputer of a third party. However, this approachhas its problems. Bearing in mind that one of theaims of ‘trusted computing’ is to detect changes tothe operating system, protect keys and enableprovable statements to be made on the status ofthe platform, hacking into the computer of a thirdparty will be harder once ‘trusted computing’becomes ubiquitous. In the interim, this is a realisticmode of operating, although it will take a smartcriminal to fully remove traces of their activities.

The Trojan horse defence has already been usedeffectively in a number of cases in England andWales,3 and bearing in mind that trusted thirdparties manage the privacy of the owner’s ‘trustedcomputing’ platform, superficially, it will be easyfor the owner to allege that the trusted third partyis to blame for any illicit data stored on thecomputer. In addition, owners of intellectual prop-erty, such as music companies, book publishers andfilm makers will all have the ability to test thetrusted platform remotely. This in turn will enablethe owner of a computer to allege the insertion ofincriminating evidence by a variety of third parties,or the employees of third parties. However, it isconceivable that the ‘trusted computing’ infra-structure might help to undermine such a defence.For instance, the concept is designed to identifyfiles that are running on the computer legitimately.The idea is to control which files run on the system.This means that malicious software and executablefiles that should not be present are more easilyidentified. Trusted sources may have access tosystems, but it should be easier to track the sourceof a file by means of the file identification schemethat should link a file to its source.

It should be anticipated, however, to expectmoles to be placed into such organizations with theexpress intention of ensuring illegal data or evi-dence of illegal activities are distributed across‘safe’ networks to evade the legitimate interests ofthe state to prevent illegal activities from matur-ing. This is not a fanciful hypothesis, given the theftattempt from the Sumitomo Bank in 2005.

Concluding remarks

The aim of this short article is to alert readers tosome of the issues that investigators and lawyersmight face when dealing with ‘trusted computing’

3 R v Schofield (Reading Crown Court, April 2003), R v Green(Exeter Crown Court, October 2003), and R v Caffrey (South-wark Crown Court, October 2003) for acquittals based on theTrojan horse defence.

192 S. Mason

environments. In writing this article and discussingthe matter with subject experts, it has becomeclear to the author that lawyers and digitalforensic investigators need to more fully under-stand the concept of ‘trusted computing’ to en-able the successful investigation of computers thatare so enabled. Where code and data in the‘trusted computing’ environment are signed, ratherthan encrypted, the platform will probably be nomore difficult to deal with than a regular platform.However, where the data are encrypted, ratherthan merely signed, it may be necessary to obtainkeys from the manufacturer of a trusted platformmodule, and depending on the mechanism used togenerate the keys, this may mean legislationshould be introduced to require manufacturers toretain copies of each key in escrow. However, itshould be noted that if the trusted platformmodule is used for keys that encrypt all data, themanufacturer of the module cannot open the key,because the storage root key is generated by thetrusted platform module when it is with the user.This means the manufacturer will not have thiskey, and thus escrow will not be relevant in such

circumstances. Given that a number of softwareand hardware products are already being sold, andthat ‘trusted computing’ is beginning to be in-troduced, digital forensic investigators and law-yers will have to come to terms with the problemsthat it will produce sooner rather than later.

Acknowledgement

The author gratefully acknowledges the very help-ful comments he has received from Dr KlausKursawe, ESAT-COSIC K.U. Leuven, Troy Larson,Senior Forensic Investigator, Microsoft InformationSecurity and Dave Walker, Senior Security Consul-tant (Data Management), Client Solutions, SunMicrosystems UK. The author is responsible forthe content of this article.

Stephen Mason is a barrister and the author of ElectronicSignatures in Law (LexisNexis Butterworths, 2003), Networkedcommunications and compliance with the law (xpl publishing,5th edn, 2005), and general editor of the e-Signature LawJournal.