Trusted Computing Group - Trusted Platform Module (TPM) Summary Viiiiiiip
-
Upload
georgehany -
Category
Documents
-
view
212 -
download
0
Transcript of Trusted Computing Group - Trusted Platform Module (TPM) Summary Viiiiiiip
-
8/14/2019 Trusted Computing Group - Trusted Platform Module (TPM) Summary Viiiiiiip
1/2
Print
Share
Add to Briefcase
Trusted Platform Module (TPM) SummaryTrusted Platform Module (TPM) SummaryTrusted Platform Module (TPM) SummaryTrusted Platform Module (TPM) Summary
TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely
store artifacts used to authenticate the platform (your PC or laptop).
TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used toauthenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or
encryption keys. A TPM can also e used to store platform measurements that help ensure that the platformremains trustworthy. Authentication (ensurin! that the platform can pro"e that it is what it claims to e) andattestation (a process helpin! to pro"e that a platform is trustworthy and has not een reached) arenecessary steps to ensure safer computin! in all en"ironments.
Trusted modules can e used in computin! de"ices other than PCs, such as moile phones or networke#uipment.
Picture $% Components of a TPMPicture $% Components of a TPMPicture $% Components of a TPMPicture $% Components of a TPM
The nature of hardware&ased crypto!raphy ensures that the information stored in hardware is etter
protected from e'ternal software attacks. A "ariety of applications storin! secrets on a TPM can e
de"eloped. These applications make it much harder to access information on computin! de"ices without
proper authoriation (e.!., if the de"ice was stolen). f the confi!uration of the platform has chan!ed as a
result of unauthoried acti"ities, access to data and secrets can e denied and sealed off usin! these
applications.
*owe"er, it is important to understand that TPM cannot control the software that is runnin! on a PC. TPM canstore pre&run time confi!uration parameters, ut it is other applications that determine and implement
policies associated with this information.
Processes that need to secure secrets, such as di!ital si!nin!, can e made more secure with a TPM. And
mission critical applications re#uirin! !reater security, such as secure email or secure document
mana!ement, can offer a !reater le"el of protection when usin! a TPM. +or e'ample, if at oot time it is
determined that a PC is not trustworthy ecause of une'pected chan!es in confi!uration, access to hi!hly
secure applications can e locked until the issue is remedied (if a policy has een set up that re#uires such
action). ith a TPM, one can e more certain that artifacts necessary to si!n secure email messa!es ha"e not
een affected y software attacks. And, with the use of remote attestation, other platforms in the trusted
network can make a determination, to which e'tent they can trust information from another PC. Attestationor any other TPM functions do not transmit personal information of the user of the platform.
These capailities can impro"e security in many areas of computin!, includin! e&commerce, citien&
to&!o"ernment applications, online ankin!, confidential !o"ernment communications and many other
ted Computing Group - Trusted Platform Module (TPM) Summary http://www.trustedcomputinggroup.org/resources/trusted_platform_mod...
2 5/28/2013 9:27 AM
-
8/14/2019 Trusted Computing Group - Trusted Platform Module (TPM) Summary Viiiiiiip
2/2
*ome -e!al otices Contact /s Pri"acy Policy
0 12$3 Trusted Computin! 4roup. All 5i!hts 5eser"ed.
fields where !reater security is re#uired. *ardware&ased security can impro"e protection for 6P, wireless
networks, file encryption (as in Microsoft7s Bit-ocker) and password8P8credentials7 mana!ement. TPM
specification is 9S&a!nostic, and software stacks e'ist for se"eral 9peratin! Systems.
TPMs (current "ersion is $.1) use the followin! crypto!raphic al!orithms% 5SA, S*A$, and *MAC.
The Trusted Computin! 4roup (TC4) is an international de facto standards ody of appro'imately $12
companies en!a!ed in creatin! specifications that define PC TPMs, trusted modules for other de"ices,
trusted infrastructure re#uirements, APs and protocols necessary to operate a trusted en"ironment. After
specifications are completed, they are released to the technolo!y community and can e downloaded from
the TC4 e Site.
ithout standard security procedures and shared specifications, it is not possile for components of the
trusted en"ironment to interoperate, and trusted computin! applications cannot e implemented to work on
all platforms. A proprietary solution cannot ensure !loal interoperaility and is not capale of pro"idin! a
comparale le"el of assurance due to more limited access to crypto!raphic and security e'pertise and
reduced a"ailaility for a ri!orous re"iew process. +rom the point of "iew of crypto!raphy, for
interoperaility with the other elements of the platform, other platforms, and infrastructure, it is necessary
for trusted modules to e ale to use the same crypto!raphic al!orithms, Althou!h standard pulishedal!orithms may ha"e weaknesses, these al!orithms are thorou!hly tested and are !radually replaced or
impro"ed when "ulnerailities are disco"ered. This is not true in the case of proprietary al!orithms.
Accordin! to market research reports, o"er $22 million randed PCs and laptops with TPMs were sold in
122:. Ser"er produces are e!innin! to ship, and a "ariety of applications ased on TPM, such as secure
email or file encryption, ha"e een implemented usin! TC4 specifications. Trusted etwork Connect (TC)
products that use TC4 principles to enhance the security of communications are shippin!, too. ;raft
specifications for stora!e (for hard dri"es) and moile trusted modules (for moile telephones) ha"e een
released.
hite Paper A"ailale for ;ownload% Trusted Platfrom Module (TPM) Summary
ted Computing Group - Trusted Platform Module (TPM) Summary http://www.trustedcomputinggroup.org/resources/trusted_platform_mod...
2 5/28/2013 9:27 AM