trusted computing: implementing virtual identity

Dave Birch.Director, Consult Hyperion.

dave@chyp.com

Introduction

Trusted computingTCPA & PalladiumReal requirements?

ArchitecturesSmart cards?

Trust issuesStructuresBusiness Models

trusted computing: implementing virtual identity

Why Now? TCPA & Palladium

Renewed interest in trusted computing Linked with general security trends

Marketplace Hardware manufacturers Software producers Service providers Infrastructure builders

Big Brother? Safe for kids, or Mind control lasers?

© Steve Jackson Games.

trusted computing: implementing virtual identity

Trusted Computing: Nothing New

Defence backgroundHardware focus

Financial servicesProprietary, expensive

Mass marketGSM as a case study

trusted computing: implementing virtual identity

Trusted Computing: Hard Options

Software limitations obvious

Internet providing new driversViruses, hacking etcReal e–business, e–government limited

“Tamper–resistance” criticalAnd must be the coreRealistic with falling hardware costs

trusted computing: implementing virtual identity

Trusted Computing: The Key Issue

The “root” of trustKeys and certificates

A trusted environment“Standard” use of keys and certificates

ControlWho’s in charge?

trusted computing: implementing virtual identity

Trust Architectures: General Solutions

Trusted kernel with tamper–resistant hardwarePlatform–dependent capabilities

Trusted platform providing services

1. CPU 2. SCP

3. Motherboard

RAM etc Devicesetc

4. eg,Keyboard

5. eg,Screen

trusted computing: implementing virtual identity

Trust Architectures: How do they Help?

The Internet exampleSecure e–mail, secure web browsingAnti–virus countermeasuresReduce loss/theft impact

Link to higher–level security services

What else could they do?The dark side!

trusted computing: implementing virtual identity

Trust Architectures: Early Experiences

Central and wholesale bankingPC–based tamper–resistanceManagement, insurance, legal

Telecomms & media Smart card–based tamper–resistanceSpecial–purpose devices (eg, GSM, Pay TV)

Public sectorHigh assurance levels for national IDRisk analysis

trusted computing: implementing virtual identity

Trust Issues: Structures & Mechanisms

Focus on mass market

Maximise use of existing infrastructurePCs, the Internet etc

Add tamper–resistanceWhy not use a smart card?

Implement mechanisms for useUse SSLv3, S/MIME etc

trusted computing: implementing virtual identity

Trust Issues: Business Models

Separate tamper–resistance from deviceThe GSM SIM experience

Separate trust from tamper–resistanceAllow users to manage their own keys and certificates

Make trust competitiveAnd a standard commercial offering

Co–Opt existing infrastructureEverything from PCs to EMV cards, Bluetooth phones to

set–top boxes

trusted computing: implementing virtual identity

Trusted Computing: Conclusions

An idea whose time has come?TCPA, Palladium and others to follow

Opt for flexible architectureFocus on real needs firstAllow the marketplace to evolve it

Start working on new business modelsMulti–application smart cards a good place to begin

experiments and pilots

trusted computing: implementing virtual identity

Mail info@chyp.comWeb www.chyp.com

Digital Money Forum www.digitalmoneyforum.com

Digital Identity Forum www.digitalidforum.com

For Further Information