Who can you trust?

Trusted Computing is an initiative subscribed to by technology suppliers such as Intel, AMD, Microsoft and IBM to build affordable security into PCs and servers at the processor level. The aim is to make computers more secure by, for example, only allowing authorised programs to be run, or encrypting data in hardware so that it cannot be read or altered by unauthorised people.

Trusted Computing uses hardware components (the chip and chipsets) and software components (the operating system and applications) to secure computing activities. It has four main features:

Attestation lets other computers know that the computer is the machine it claims to be, and is running the software it claims to be running

Sealed storage allows the user to encrypt information so it can only be accessed by a "trustworthy" application

Process isolation prevents one application from affecting another

Secure input and output allows keystrokes to be encrypted and decrypted. This ensures that no malicious software can record, steal or modify keystrokes.

Microsoft's security software technology, formerly code-named Palladium, is possibly the best-known Trusted Computing initiative. It was renamed Next-Generation Secure Computing Base (NGSCB) in January 2003, but the concept remains the same. It is being developed by Microsoft's programmers for inclusion in the forthcoming Longhorn version of the Windows operating system.

NGSCB is a set of software features in the operating system that combine with specific secure hardware and applications to give users greater data security, privacy, system integrity, network security and content protection, says Microsoft.

NGSCB comes under the umbrella of Microsoft's Trustworthy Computing initiative, outlined by company chairman Bill Gates at the start of 2002. Microsoft saw that internet-based transactions were on the increase, and wanted to offer a system that would encourage users to trust their computers, as well as the internet, with their personal data, and also with financial, legal and other transactions.

Peter Biddle, product unit manager in Microsoft's security business unit, says, "NGSCB enables you to be sure that there are no viruses or spyware running on your computer and that the computer you are communicating with cannot interfere with your communications. It opens the door to all kinds of secure transactions that are not possible today."

According to Bryan Willman, a Microsoft Windows architect working on NGSCB, the technology has many uses. "Suppose you run a pharmacy company. When you test a new drug, of course it is bad if someone has an adverse reaction to the drug, but it is much worse if someone tampers with that data so that your results are skewed.

"That means it is critical that all test data is entered accurately and no one tampers with it. NGSCB ensures that those files cannot be breached or modified in any way," he says.

Another example of how Trusted Computing could be used is where a patient, doctor and pharmacist are communicating about the patient's medical condition and they want to be sure that the information they exchange is confidential and true, says Willman.

"Today you probably would not want to do that online from your home computer because there is no way to know for sure how safe your information is. With NGSCB you use [one secure partition], and no matter what is happening [in another partition], you can be sure that the data passed between you and your doctor and your pharmacist has not been tampered with."

Biddle says Microsoft expects its first customers to be enterprises, for which the protection of intellectual property is vitally important. "A lot of companies have information they need to keep secret: medical data, personnel and legal records, drug formulas, business plans. Worrying about protecting these types of information keeps people awake at night," he says.

Another use of the technology is to protect customers, says Willman. Using the trusted system, with its secure hardware and application elements, the customer can securely transmit personal data to a company, such as banking information. The company can be sure it has been sent legitimate information, and the customer can be sure the information will only be used for the purpose it was sent for, because the software will specify that, says Willman.

Bruce Schneier, founder and chief technology officer of Counterpane Internet Security, says NGSCB technology provides protection against two broad classes of attacks: automatic software attacks such as viruses, Trojans and network-mounted exploits; and local software-based attacks such as using debuggers to open the system up.

Despite this, Palladium/NGSCB received plenty of bad press concerning privacy in 2002. This was based on documents obtained under the US Freedom of Information Act from the National Institute of Standards and Technology, which described Palladium's applications for digital rights management (DRM). The technology embeds "unique machine identifiers," and therefore raises the risk that user behaviour could be subject to traffic analysis. The other function of DRM was to potentially give commercial software and content suppliers control over a user's PC to retain control of licences and prevent piracy.

"The technology lends itself to digital rights control, and people thought that was the primary function of Palladium, so it got a lot of bad press. But it did a lot more than DRM," says Stuart Okin, associate partner at professional services company Accenture and former Microsoft UK security chief.

Schneier says, "There are security features that tie programs and data to the CPU and to the user, and encrypt them for privacy. Palladium is inexorably tied up with DRM. Your computer will have several partitions, each of which will be able to read and write its own data.

"There is nothing in Palladium that prevents someone else from setting up a partition on your computer and putting stuff there that you cannot get at. Microsoft has repeatedly said that it is not going to mandate DRM, or try to control DRM systems, but clearly Palladium was designed with DRM in mind."

Microsoft declined to comment on whether the technology still retains a focus on DRM, but a spokesman said, "NGSCB is evolving, but at this point we do not have an update on NGSCB to share. We intend to maintain our focus on security while delivering a broader set of benefits in terms of utility and flexibility. Microsoft continues to actively work through many of the technical details and we expect to be able to provide more details in the near future."

In November 2003, at the European RSA Conference, Microsoft demonstrated an early prototype of NGSCB, running on a prototype of Intel's chip-level LaGrande technology (LT), and showed features to help protect data against a series of sophisticated software attacks. NGSCB is scheduled to be included as part of Windows Longhorn, which is expected mid-2006.

On the hardware side, NGSCB is believed to work with both Intel's LT, as well as the Trusted Computing Group's Trusted Platform Module specification for chip-level security products.

Intel has been developing LT for years as part of its Safer Computing Initiative, but says it is not expected to be available in business desktops and mobiles for another two or three years.

Intel chief executive Paul Otellini says LT is designed to deliver "protected execution, protected memory and protected storage" using hardware. It protects against software-based attacks, and supports the creation of the parallel protected environments supported by Microsoft's NGSCB technology.

Whereas LT protects the environment within the computer system, the Trusted Computing Group's Trusted Platform Module authenticates the system to the outside world, and is available now.

The TCG is a group of 95 organisations, and is promoted by AMD, Hewlett-Packard, IBM, Intel, Microsoft, Sony and Sun Microsystems. It was formed in 2003 to develop and support open industry standards for trusted computing across multiple platforms.

IBM has been shipping laptops with the Trusted Platform Module in it since 2003, and last October IBM introduced a Thinkpad notebook with an embedded chip security system and a fingerprint reader. The reader is built into the wrist-rest of some Thinkpad T42 models, so users can swipe their finger across a horizontal sensor to log on to systems, applications, databases and even websites. Passwords and log-ins are encrypted with the security chip.

Since 2003, open standards organisation the Trusted Computing Group has developed several technology building blocks and common interfaces for manufacturers to use in their products. The Trusted Platform Module is one of these building blocks: a microcontroller that stores digital security keys, passwords and digital certificates, and is typically fixed to the motherboard of a PC.

Using open standards, it can potentially be used in any computing device that requires these functions. It can ensure that information stored within hardware is secure from external software attack and physical theft. According to the Trusted Computing Group, critical applications and capabilities such as secure e-mail, secure web access, and local protection of data can be made more secure using its platform.

The Trusted Platform Module's security works by using public and private key encryption on the chip to enable highly secure storage of files and other digital secrets. It is currently at version 1.2.

Fred Cohen, principal analyst at Burton Group, says chip-based encryption and security is good for firms that want to encrypt or secure their data at the hardware level. "The Trusted Computing Group has shipped more than 20 million computer systems with these capabilities. It is a standards-based approach that has the support of most of the larger players in the computing industry."

Okin says IBM and other manufacturers have produced computers that use Trusted Platform Module version 1.1, but that these are limited in their functions by a lack of operating system support.

"The problem is that beyond the basic hardware and Rom protection the operating systems do not use it at the moment. Where it will become exciting is with the next generation, where the operating systems and applications become more aware, and use these new security standards. But it depends on operating systems such as Longhorn, and whether Unix and Linux are taking on the standard."