Secure Network-based Client Computing 

The IT industry is addressing two complementary aspects of securing client computers on 'distrusted' networks.We compare two relevant technologies: smart cards, which address user security (or who can access network 



resources), and the TPM (Trusted Platform Module), which addresses machine security. 

User security



Methods used to establish the identity of a user are what we refer to as User Security. The method used can be a user name and password or a smart card in combination with biometric methods. Because of their versatility, smart cards are increasingly being issued to employees of large companies and organizations.

Smart cards are multifunctional. They can be used to log on the corporate network or gain entry to a building that is secured with badge readers at exterior doors. To logon to the network, the employee inserts the smart card into a smart-card reader that may be attached to or integrated into

the computer, or embedded in the computer keyboard. The reader exchanges data with an authentication server (such as a RADIUS server) to complete the authentication handshake. The network infrastructure

then enforces resource access based on the authenticated identity that has been established.

Machine security



In contrast to user security, machine security refers to measures designed to

authenticate the computer system, rather than the user. For example, the following

two scenarios require some level of machine security.

IP security: The IPSec (IP Security) protocol used on IP networks can be configured to require a networked computer to authenticate its identity to the network. The computer uses a digital certificate to establish its identity to an authentication server before the computer attempts to use any network-available resources. In this way, network administrators can allow only supported client machines to access network resources.

File encryption on local drive: Computer credentials can be used to encrypt files stored on the local hard drive, locking the files to a particular machine. The machine's credentials are required to unlock the files and access their content. Such scenarios require that the local system be able to generate and store the secret encryption keys used to encrypt and decrypt data, digitally sign documents, and authenticate systems. The problem with the current PC platform is that there is no standardized way to securely store keys so that the keys cannot be discovered if the system is stolen or otherwise compromised. TPM is an emerging technology that is designed to address this weakness in current platforms.

Trusted Platform Module



TPM or the Trusted Platform Module is an initial step toward the goal of standardizing a more secure 'trusted PC platform.' It can be thought of as a smart card that is embedded on the system board and acts as a smart card for the machine.



The TPM is based on specifications developed by the TCG (Trusted Computing Group). Its members include Microsoft, Intel, Dell, HP and IBM. Current TPM implementations are based on the TCG 1.1 specification. TPM implementations based on the next-generation version, TCG 1.2, are expected in 2005.

TPM has two components. The first is a secure microcontroller with cryptographic capabilities that is very similar to the microcontrollers in smart cards. The second is a proprietary software interface between the functions of the microcontroller and security-aware applications.

The TPM provides the following cryptographic capabilities: hashing, random number generation, asymmetric key generation and asymmetric encryption/decryption. Each TPM has a unique root key that is initialized during the silicon manufacturing process. However, before a TPM can be enabled, its owner must be established. The end user establishes ownership of the computer system and its TPM via BIOS set-up commands. These commands cannot be issued remotely. Instead, the TCG specification requires that the end user issues the commands at the local computer system. A 'trust bond' is established and the TPM can be used by TPM-aware software for security purposes. When coupled with software that can take advantage of its features, the TPM provides security that can be stronger than that contained in the system BIOS, OS or non-TPM applications. Security implementations that rely on the TPM must also include 'key escrow' services to securely back up and manage the unique keys associated with the TPM on each computer system. In this way, if something happens to the system, its full TPM-enabled identity can be restored. Key escrow services are provided by PKI (Public Key Infrastructure) systems that manage asymmetric key exchanges. 

NOTE: Smart cards are best suited for user credential storage. The TPM (Trusted Platform Module) is best suited for host credential storage.

Smart Cards versus TPMs



It can be seen that smart card-based user authentication and TPM-based machine authentication are complementary, rather than competing technologies. Refer to the table below for more appropriate uses of smart cards and

TPMs.

Future secure computing platform



The TPM is only one piece of an industry vision of a future secure computing platform. Ideally, this platform cannot be compromised or accessed by unauthorized users or machines. The platform provides robust user authentication and protects data stored on the local drive. This vision implies secure software and built-in security hardware. The future secure computing platform must encompass more than the secure generation and storage of encryption keys provided by the TPM. A complete standard solution must also encompass the client OS, CPU and chipset, and methods to secure client system I/O devices such as keyboards, displays and mouse devices. A number of initiatives are under way to begin addressing these components.

Next Generation Secure Computing Base



The NGSCB (Next Generation Secure Computing Base) is the future Microsoft secure OS component of this vision. NGSCB consists of a set of software components that are currently scheduled for release beginning with the Microsoft's Longhorn. NGSCB allows an application to be run in a trusted environment called 'Nexus mode.' The application runs in protected virtual memory space that is separate from other applications. Data stored to the hard drive is encrypted and I/O data (keyboard, monitor and so on) is also encrypted. NGSCB is expected to leverage the next-generation TPM hardware, based on the TCG 1.2 specification. It may also require modified CPU, video, keyboard and USB hardware.

Secure CPU and chipset

The Intel LaGrande technology (LT) will provide hardware support for the parallel, protected execution environments that are integral to the NGSCB architecture. According to Intel, LT consists of a processor, chipset, keyboard and mouse I/O and graphics subsystem enhancements that provide the following capabilities:

• Protected and isolated execution environments with dedicated resources managed by the processor, chipset and OS kernel. These protected environments run parallel to standard execution environments.
• Support for a hardware-based mechanism like TPM to provide sealed storage of encryption keys and other secret data. 
• Protected communication between applications and USB keyboard and mouse devices.
• Protected communications between applications and display output.
• Attestation services, which provide authentication of software applications.

The figure above depicts a sample future Intel LaGrande platform architecture that includes the TPM and supports the

NGSCB. 

Conclusion



The industry is making progress toward a robust, standards-based machine-authentication security solution that includes comprehensive TPM functionality, native OS support, and PKI infrastructure on the network. It is unclear when all elements will be in place for end-to-end solutions to be

routinely deployed. Meanwhile, a TPM-based solution to provide baseline machine authentication may be appropriate in environments like defence and medical industries where platform security is extremely important. In addition to the TPM module, this solution must include mature TPM-aware software and supporting server infrastructure, including PKI. This machine authentication must be accompanied by a robust and mature-user authentication method. Native TPM support in MS OSs won't be available until the NGSCB is

released, beginning with Longhorn. NGSCB will not support the current TPM 1.1. 

James Johnston, Director for Client CoC, Dell Asia

User authentication methods

User authentication methods are commonly described as:

• 'What you know'-requires the user to remember the password or PIN (Personal Identification Number)
• 'What you have'-requires the user to carry a 'token' such as a smart card
• 'What you are'-identifies user based on fingerprint, iris scan and so on 

Multifactor authentication combines more than one authentication method to provide increased security. Typical multifactor approaches combine 'what you have' with 'what you know' or 'what you are'. For example, a token device such as a smart card ('what you have') is usually combined with a user password or PIN ('what you know'). In this way, if the smart card is lost, it cannot be used without knowing the password.