Upload
thomas-mayden
View
219
Download
2
Tags:
Embed Size (px)
Citation preview
trusted computing: implementing virtual identity
Dave Birch.Director, Consult Hyperion.
Introduction
Trusted computingTCPA & PalladiumReal requirements?
ArchitecturesSmart cards?
Trust issuesStructuresBusiness Models
trusted computing: implementing virtual identity
Why Now? TCPA & Palladium
Renewed interest in trusted computing Linked with general security trends
Marketplace Hardware manufacturers Software producers Service providers Infrastructure builders
Big Brother? Safe for kids, or Mind control lasers?
© Steve Jackson Games.
trusted computing: implementing virtual identity
Trusted Computing: Nothing New
Defence backgroundHardware focus
Financial servicesProprietary, expensive
Mass marketGSM as a case study
trusted computing: implementing virtual identity
Trusted Computing: Hard Options
Software limitations obvious
Internet providing new driversViruses, hacking etcReal e–business, e–government limited
“Tamper–resistance” criticalAnd must be the coreRealistic with falling hardware costs
trusted computing: implementing virtual identity
Trusted Computing: The Key Issue
The “root” of trustKeys and certificates
A trusted environment“Standard” use of keys and certificates
ControlWho’s in charge?
trusted computing: implementing virtual identity
Trust Architectures: General Solutions
Trusted kernel with tamper–resistant hardwarePlatform–dependent capabilities
Trusted platform providing services
1. CPU 2. SCP
3. Motherboard
RAM etc Devicesetc
4. eg,Keyboard
5. eg,Screen
trusted computing: implementing virtual identity
Trust Architectures: How do they Help?
The Internet exampleSecure e–mail, secure web browsingAnti–virus countermeasuresReduce loss/theft impact
Link to higher–level security services
What else could they do?The dark side!
trusted computing: implementing virtual identity
Trust Architectures: Early Experiences
Central and wholesale bankingPC–based tamper–resistanceManagement, insurance, legal
Telecomms & media Smart card–based tamper–resistanceSpecial–purpose devices (eg, GSM, Pay TV)
Public sectorHigh assurance levels for national IDRisk analysis
trusted computing: implementing virtual identity
Trust Issues: Structures & Mechanisms
Focus on mass market
Maximise use of existing infrastructurePCs, the Internet etc
Add tamper–resistanceWhy not use a smart card?
Implement mechanisms for useUse SSLv3, S/MIME etc
trusted computing: implementing virtual identity
Trust Issues: Business Models
Separate tamper–resistance from deviceThe GSM SIM experience
Separate trust from tamper–resistanceAllow users to manage their own keys and certificates
Make trust competitiveAnd a standard commercial offering
Co–Opt existing infrastructureEverything from PCs to EMV cards, Bluetooth phones to
set–top boxes
trusted computing: implementing virtual identity
Trusted Computing: Conclusions
An idea whose time has come?TCPA, Palladium and others to follow
Opt for flexible architectureFocus on real needs firstAllow the marketplace to evolve it
Start working on new business modelsMulti–application smart cards a good place to begin
experiments and pilots
trusted computing: implementing virtual identity
Mail [email protected] www.chyp.com
Digital Money Forum www.digitalmoneyforum.com
Digital Identity Forum www.digitalidforum.com
For Further Information