Trusted Computing is perhaps one of the most misunderstood (willfully misunderstood, to be frank about it) emergent technologies for computer security. The misunderstanding starts from Wikipedia’s entries on Trusted Computing, and continues through hundreds of articles and blogs. There are, of course, valid objections on the basis of that it is a closed chip, and although it could be implemented using Open Source software who is to say that there are no hidden backdoors in the implementation. However, a similar argument can be made for just about any computer system available, so if you can get past that mental block, here are five great reasons to get excited about Trusted Computing.1. Trusted Computing-based Full Disk Encryption
There are a number of free (TrueCrypt being the most well-known) and paid-for software-only solutions to realising full disk encryption, but recently there has been a lot made of the Evil Maid attack, where a PC left alone in a hotel room is booted off an external drive in order to steal the password. However, Joanna Rutkowska from Invisible Things Labs has described how Microsoft’s BitLocker full disk encryption solution may be easily enhanced so that the user can easily see that their computer has been hacked. If this Evil Maid attack is not a major concern, the Trusted Computing Group has defined the Opal specification that implements full disk encryption on the drive hardware, circumventing any performance concerns that software solutions have. There is no good reason why the next drive you buy should not support the Opal specification.2. Unified secure login to your favourite sites
The OpenID initiative has produced a method to log into many sites with a single password while keeping that password managed in one central location. This is a great initiative, but for wider adoption, and for adoption by entities such as banks that have higher security requirements, and for adoption by users themselves who have higher security requirements, Wave Systems have taken this one step further by protecting these passwords with a Trusted Platform Module, so that the servers on the other end can be assured who the user really is as the password is backed with the guaranteed identity from the TPM, and the user can be assured that access to the services can only be made from the computer with the TPM installed.3. Network assurance
This feature is a great one for corporates, perhaps more for the administrator than the employee, however. The TNC, Trusted Network Connect, has a whole bunch of protocols defined around IF-MAP, Interface For Metadata Access Protocol, that allows clients to be queried as to their state, and for other network devices to talk amongst themselves about the state of the network. Although designed for the corporate network, in a home environment it could for instance detect someone hacking your networked toaster and close down sufficient services to stop your toaster frying the rest of your house.4. Digital Rights Management
Oh look, I said the bogey word, DRM, that sends opponents of Trusted Computing into fit of indignation. However, the fact of the matter is that media companies want to deliver content over the network to you, but don’t want you doing what you want with it, as they’ve spent a good deal of money making the content. Trusted Computing and the Trusted Platform Module in your network-connected set-top box, and you have a system that has the potential to fulfil the “better than free” mantra, like iTunes has done for music.5. Mobile phone security
Currently, some cell phones like the BlackBerry have excellent security, ones like the iPhone claim they have, and yet more have little or none. However, Trusted Computing defines the Mobile Trusted Module, a security chip (or some software running in a highly-trusted and secure mode performing the same function) that adds the same features as the TPM plus a few extras suitable to the music world. Now, the mobile operator can have rock-solid DRM for their ring-tones (yes, you may roll your eyes too at that comment!), but more importantly your mobile banking can be as secure, if not more secure, than PC banking. The National Security Agency of the US is even rumoured to be looking at this for who knows what…So, there are five great reasons to get exciting about Trusted Computing. In some of the cases above it may not seem like your friend, but Trusted Computing is certainly not your enemy, unless of course you are a hacker! The people working on these Trusted Computing standards are very talented guys and few if any of them, not even the Microsoft guys I know, are out to get you and lock you into their products. Indeed, the TPM specification bends over backwards to maintain your privacy at the expense of functionality!