TPCPs Gain New Appreciation as IT Security Solution
Contemporary information technology isn’t adequate to secure the valuable information these systems are entrusted to manage, as recent security breaches at US corporations and government agencies demonstrate. There are two reasons for this. First, public and private networks, based on Ethernet and the TCP/IP protocol, weren’t designed to protect information, but to make it easy to share information. Second, the architecture of the modern IT infrastructure was established long before cybercrime became the global nemesis that it is today, and therefore the issues of security and trust weren’t well understood or taken into account.
Before widespread adoption of the Internet, there was no means to generally interact with both public and private data centers throughout the world. Combine this global accessibility with the ability to provide remote access over the Internet, rather than just publish information as the Web was intended, and you have the makings of an information security disaster.
Tamperproof computing platforms, or TPCPs, can help address the principal failings of contemporary IT, primarily the lack of means for adequately protecting encryption keys and for maintaining sustainable “chains of trust,” rooted in a known trusted entity for software running on tamperproof hardware. Some have concluded from the lack of existence of such systems that TPCPs aren’t feasible. While this may have been true in the past, the advent of hyperscale semiconductor integration and system-on-a-chip technologies now enable construction of TPCPs. Today, it is possible to build TPCPs based on tamperproof hardware and to create software capable of exploiting sustainable chains of trust.
From its inception in 1999, the Trusted Computing Platform Alliance and its successor the Trusted Computing Group focused on consumer devices and personal computers, Internet security’s Achilles heel at the time. A Trusted Network Connect subgroup was added in 2004, and a Trusted Platform Module (TPM) specification for servers first became available in 2005, more than a decade after the Internet was taking hold. But it wasn’t until 2009 that the TPM was recognized as an international standard by ISO and the TNC changed its focus to “pervasive security,” encompassing the broader IT infrastructure. All of this can be summed up simply as too little, too late. The problem of data center security was already rampant by then, although largely unpublicized and not in the public eye.
Whatever the reasons for the painfully slow evolution of the Trusted Computing Group, it’s clear in retrospect that the need for TPCPs was neither well understood nor fully appreciated until recently. This historical happenstance can be best described as a case of benign neglect, as it’s now evident that the Internet has become a global playground for cybercriminals, and any computing platform connected to it risks potentially massive organized criminal cyberattacks.
Perhaps the biggest oversight has been failure to recognize that, to be completely trustworthy, a dynamically-changing computing platform necessarily requires that all hardware and software permitted to run be reliably identified, authenticated and verified at all times. Indeed, the analogy between computer “viruses” and physiological pathogens suggests that nothing less than the equivalent of an autonomous “immune system” which can distinguish in real time between “what is me?” (i.e., hardware and software that has been identified, authenticated, and verified) and “what is not me?” (i.e., hardware and software that has not been identified, authenticated, and verified) is required to sustain a TPCP.
Once this fact is recognized and acknowledged it becomes indelibly clear that, to be completely trustworthy, all software permitted to run on a TPCP must be secured by an auditable and sustainable chain of trust secured by tamperproof hardware and that this, in turn, requires constant real-time surveillance of, and control over, all hardware and software in the system. Only once this has been achieved will truly tamperproof computing exist.
David L. R. Stein and Christopher M. Piedmonte are cofounders of Suvola Corporation, a company providing a full stack of secure and trusted Debian LINUX platform software for tamperproof hyperscale computing technology from Freescale Semiconductor and IBM.