Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Trusted Computing and Digital RightsManagement Clearinghouse
Adam C. ChampionAdvisor: Dr. Bruce W. Weide
Department of Computer Science and Engineering
Introduction
Methodology
• Computer users facemany security threats
• TCG published TCstandards to combatthese threats
• These standards cangreatly improvecomputer security, butthere are many possibleabuses due to corporatezeal to protect IP
• This study has 4 parts:– Examine TC’s
impetuses: public-keycryptography, IP, DRM
– Define TC and explainits core technologies
– Examine TCimplementations incomputer hardware,operating systems,software, etc.
– Discuss effects on civilliberties and economy,offer suggestions forpolicymakers andconsumers
TC’s Impetuses
Public-KeyCryptography• Alice wants to send
Bob a messagewithout anyoneeavesdropping
• She encrypts themessage with Bob’spublic key, Bobdecrypts it with hisprivate key (Fig. 1)
IntellectualProperty Law• Focus: copyright (©)• 1976 Copyright Act:
gives © ownersexclusive right toperform, display,reproduce theirworks; “fair use”exemptions
• 1998 DMCA: banscircumvention of any©-protection systemfor any purpose, evena legal one!
• 1998 Copyright TermExtension Act: ©term lasts throughoutinventor’s life + 95 yrs.
DRM• Uses cryptography to
technologicallyenforce usage policyfor digital works
• Benign to pernicious
TC Definition• TCG defines trust as
“hardware and softwarebehave as intended”
• Trusted computing is acomputing paradigmthat uses hardware- andsoftware-based securitymechanisms to ensurethat hardware andsoftware act in accordwith the intentions of aparty who may not be theuser of a computer system.
TC’s Raisons d’Être• Ubiquitous security
threats: “malware,”“phishing,” etc.
• Robust DRMenforcement on PCs
TC Technologies• Endorsement Key:
Uniquely identifies TPM• Secure I/O: Ensures no
one can interceptcomputer’s input oroutput
• Memory Curtaining:Separates differentprograms’ memory fromeach other
• Sealed Storage: Securelystores data based onhardware and softwareconfiguration
• Remote Attestation:Detects “unauthorized”software changes andnotifies third party
Implementations
TC Software• Very little except
“endpoint security”products, BitLocker
TC Operating Systems• Windows Vista
– TC support withTPM, BitLocker
– Robust DRM– Harsh licensing
• Windows XP: no TC,limited DRM support,looser licensing
• Mac OS X: no TC,limited DRM support
• Linux: user-configurable TC,DRM support
TC Hardware• Intel vPro chips:
Trusted ExecutionTechnology (Fig. 2)
• Many computersshipped with TPMs
• Intel’s High-bandwidth DigitalContent Protectionencryption requiredby Hollywoodstudios to play high-definition content
Other Applications• Printers, servers, …• Microsoft Xbox 360
• Positive effects:– Protect data– Mitigate malware
• Possible abuses:– Vendor lock-in– Barriers to entry in
computer markets– Market failure– Loss of liberties (Vista)
Policy, ConsumerSuggestions• Policy suggestions:
– Amend DMCA toallow circumventionfor “fair use” purpose
– Set 14-year copyright• Consumer suggestions:
– Evaluate OS X, Linux– Use XP, not Vista– Educate populace– Vote with pocketbook
Conclusion
Acknowledgments
• TC can increasecomputer security
• But computer, contentindustries eroded fair usewith DMCA, abusedmarket power
• Must balance securityand freedom
This work was supported by an Under-graduate Research Scholarship. Opinionsexpressed are those of the author. Alltrademarks referenced herein are theproperty of their respective owners.
Glossary• TC: Trusted Computing
(defined in column 3)• TCG: Trusted Computing Group
consortium of IT and electronicscompanies implementing TC
• DRM: Digital Rights Managementtechnology that enforces usagepolicy for digital works
• IP: Intellectual Propertycomprises copyrights, trademarks,patents, trade secrets to encourageinnovation
• DMCA: Digital Millennium CopyrightAct
1998 law banning circumvention ofcopyright-protection technology
Effects on CivilLiberties, Economy