Trusted Computing

Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group.[1] The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of confidential computing.[2] With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by computer hardware and software.[1] Enforcing this behavior is achieved by loading the hardware with a unique encryption key that is inaccessible to the rest of the system and the owner.

TC is controversial as the hardware is not only secured for its owner, but also against its owner, leading opponents of the technology like free software activist Richard Stallman to deride it as "treacherous computing",[3][4] and certain scholarly articles to use scare quotes when referring to the technology.[5][6]

Trusted Computing proponents such as International Data Corporation,[7] the Enterprise Strategy Group[8] and Endpoint Technologies Associates[9] state that the technology will make computers safer, less prone to viruses and malware, and thus more reliable from an end-user perspective. They also state that Trusted Computing will allow computers and servers to offer improved computer security over that which is currently available. Opponents often state that this technology will be used primarily to enforce digital rights management policies (imposed restrictions to the owner) and not to increase computer security.[3][10]: 23 

Chip manufacturers Intel and AMD, hardware manufacturers such as HP and Dell, and operating system providers such as Microsoft include Trusted Computing in their products if enabled.[11][12] The U.S. Army requires that every new PC it purchases comes with a Trusted Platform Module (TPM).[13][14] As of July 3, 2007, so does virtually the entire United States Department of Defense.[15]

  1. ^ a b Chris Mitchell (2005). Trusted Computing. IET. ISBN 978-0-86341-525-8.
  2. ^ "What is the Confidential Computing Consortium?". Confidential Computing Consortium. Retrieved 20 May 2022.
  3. ^ a b Stallman, Richard. "Can You Trust Your Computer?". gnu.org. Retrieved 12 August 2013.
  4. ^ scl-paullauria (2017-01-23). "Trust me, I'm a computer". Society for Computers & Law. Retrieved 2024-04-03.
  5. ^ Anderson, Ross (November 15, 2004). Camp, L. Jean; Lewis, Stephen (eds.). Cryptography and Competition Policy - Issues with 'Trusted Computing', in Economics of Information Security. Vol. 12. Springer US. pp. 35–52. doi:10.1007/1-4020-8090-5_3 – via Springer Link.
  6. ^ "F. Stajano, "Security for whom? The shifting security assumptions of pervasive computing", Lecture notes in computer science, vol. 2609, pp. 16-27, 2003" (PDF).
  7. ^ Rau, Shane (February 2006). "The Trusted Computing Platform Emerges as Industry's First Comprehensive Approach to IT Security" (PDF). IDC Executive Brief. International Data Corporation. Retrieved 2007-02-07.
  8. ^ Oltsik, Jon (January 2006). "Trusted Enterprise Security: How the Trusted Computing Group (TCG) Will Advance Enterprise Security" (PDF). White Paper. Enterprise Strategy Group. Retrieved 2007-02-07.
  9. ^ Kay, Roger L. (2006). "How to Implement Trusted Computing: A Guide to Tighter Enterprise Security" (PDF). Endpoint Technologies Associates. Retrieved 2007-02-07.
  10. ^ Cite error: The named reference Anderson was invoked but never defined (see the help page).
  11. ^ "Enhancing IT Security with Trusted Computing Group standards" (PDF). Dell Power Solutions. November 2006. p. 14. Retrieved 2006-02-07. TPMs [Trusted Platform Modules] from various semiconductor vendors are included on enterprise desktop and notebook systems from Dell and other vendors
  12. ^ "Trusted Platform Module Services in Windows Vista". Windows Hardware Development Central. Microsoft. 2005-04-25. Archived from the original on 2007-05-15. Retrieved 2007-02-07. Windows Vista provides a set of services for applications that use TPM technologies.
  13. ^ Lemos, Robert (2006-07-28). "U.S. Army requires trusted computing". Security Focus. Retrieved 2007-02-07.
  14. ^ "Army CIO/G-6 500-day plan" (PDF). U.S. Army. October 2006. Retrieved 2007-02-07. Strategic goal n. 3, 'deliver a joint netcentric information that enables warfighter decision superiority'
  15. ^ encryption of unclassified data Archived 2007-09-27 at the Wayback Machine