Posts Tagged ‘trusted computing’
Ross Anderson and the no1984 association, were some of the first who talked about the trusted computing and its implications:
Multinational companies are aggregating in a single corporation to make the world of computing market. Their policy will entail the disappearance of small software companies that can not pay the licensing imposed by the consortium, and the disappearance of independent programmers for a similar reason, the disappearance of free software: the licensing system does not allow open source programmers to progress if not for a small minority. Although this system has been designed by men to control other people by the use of machines, it is still subject to sabotage, but will still heavier class division between those who make a household use of PCs and those who know how to go further.
Disclosure of information will be limited accordingly: those who find ways to overcome barriers of the consortium, held the secrets for themself, and a whole new generation of thirst for knowledge won’t find the main source for it, the network as we know it.
Since permitted operations HAVE BEEN choiced by manufacturers of hardware and software, it is so denied the social and individual freedom. The possibility that remotely, or outside, your PC can be monitored by multinational companies for the sole purpose of obtaining information relevant to their market and the freedom that they have to disable their products on every single machine, make them able to control us.
By joining the Palladium system or as it’ll be called in future… everyone will sign with his name and surname his consent to CONTROL and MONITORING by the consortium, which will become an unstoppable power, which only a small number of people will fight against.
The current control policy for the prevention of exchange of information on likely terrorist attacks made such corporations able to look freely among our documents without our consent.
The policy of global monitoring of all electronic equipment, makes every day 5 countries in the world able to know in near real time what each of us is doing. Echelon, the global surveillance system designed by the UKUSA network and kept standing by the secret services of member countries and the American National Security Agency, records what we say over the phone, the number of our credit card, where we are, what enter and exit from our cell, what enters and exits from our PCs. And Echelon is unfortunately a reality that was well known to the European Union thanks to STOA report, which I invite you to read as found in the network or in our future post.
Who among you think that this is just a joke or a paranoia of conspiracy, and that we are talking about scenes from movies, should think again soon: the impact of social and economic monitoring policy and global control have heavy repercussions.
The mere fact that such information network will be available only on authorized sites by the consortium, select kind of information from other! Control the information is the purpose of monitoring: giving to the individual what he wants or what he thinks to want, by controlling him 24 hours on 24 from his cell, his PC, which sends e-mail or receiving. As Ross Anderson wisely noted, the train has already started: now it is up to us not to allow it reaches its destination.
Who of you think that this isn’t a start, here is a list of those who, at December 2007, are regularly enrolled in the consortium that will control the global marketplace, making scenarios from movies such as’ Resident Evil ‘, ‘Enemy of the state’ or ‘Johnny Menmonic’:
* Intel Corporation
* Lenovo Holdings Limited
* Sun Microsystems, Inc.
* American Megatrends, Inc.
* Aruba Networks
* AuthenTec, Inc.
* Broadcom Corporation
* Certicom Corp.
* Citrix Systems, Inc
* Dell, Inc.
* DPHI, Inc.
* Emulex Design and Manufacturing
* Ericsson Mobile Platforms AB
* Extreme Networks
* France Telecom Group
* Freescale Semiconductor
* Fujitsu Limited
* Fujitsu Siemens Computers
* Gemalto NV
* General Dynamics C4 Systems
* Giesecke & Devrient
* Green Hills Software, Inc.
* HID Global
* Hitachi, Ltd.
* Huawei Technologies Co., Ltd.
* Identity Engines
* Insyde Software Corp.
* InterDigital Communications, LLC
* ITE Tech Inc.
* Juniper Networks, Inc.
* Lancope, Inc.
* Lexar Media, Inc.
* Lexmark International
* Lockheed Martin
* LSI Logic
* Marvell Semiconductor, Inc.
* Matsushita Electric Industrial Co. Ltd (Panasonic)
* McAfee, Inc.
* Mirage Networks
* Motorola Inc.
* Neoscale Systems
* Nokia Siemens Networks GmbH & Co. KG
* NTRU Cryptosystems, Inc.
* NXP Semiconductors
* Oxford Semiconductor
* Renesas Technology Corp.
* Ricoh Company LTD
* RSA, The Security Division of EMC
* Samsung Electronics Co.
* SanDisk Corporation
* Seagate Technology
* SECUDE IT Security GmbH
* Sharp Electronics Corporation
* Sony Corporation
* Spansion LLC
* StepNexus, Inc
* Symbian Ltd
* Toshiba Corporation
* Trapeze Networks, Inc.
* UPEK, Inc.
* Utimaco Safeware AG
* VeriSign, Inc.
* VMware, Inc.
* Vodafone Group Services LTD
* Wave Systems
* Western Digital
* Winbond Electronics Corporation
* Apani Networks
* AUCONET GmbH
* Avenda Systems
* Bioscrypt Inc.
* Bit9, Inc.
* BlueCat Networks
* BlueRidge Networks
* BlueRISC, Inc.
* Bradford Networks
* Colubris Networks
* ConSentry Networks
* CPR Tools, Inc.
* Cranite Systems
* Credant Technologies
* Cryptomathic Ltd.
* CryptoMill Technologies
* Dartmouth College
* Enterasys Networks
* Feature Integration Technology, Inc.
* FireScope Inc.
* ForeScout Technologies
* Fortinet Inc.
* Hangzhou Synochip Technology Co., Ltd.
* High Density Devices
* ICT Economic Impact, Ltd.
* IDEX ASA
* Insight International Corp
* Link-A-Media Devices
* Mazu Networks
* O2 Micro
* PatchLink Corporation
* Q1 Labs
* Safend LTD.
* Shavlik Technologies, LLC
* SignaCert, Inc.
* SII Network Systems Inc.
* Sirrix AG Security Technologies
* SkyRecon Systems
* Softex, Inc.
* Stonewood Electronics Ltd.
* The Boeing Company
* Trust Bearer Labs
* Trust Digital
* Universal Data Protection Corporation
* Valicore Technologies, Inc.
* ViaSat, Inc.
* Vormetric Inc.
As many of you may note, the most illustrious names of the computing market, mobile telephony, appliances, are included in this official list who leads to a single large institution: the TCG consortium, driven by illustrious promoter as AMD, Hewlett-Packard , IBM, Intel Corporation, Microsoft, Sun Microsystems, Inc..
It is unbelievable that the enemies of the past, such as AMD and Intel, HP and IBM, Microsoft and Sun, come together to give life to this ambitious project. If rivals corporations of yesterday, today are allies to control TOGETHER the market, something big is moving, something that begun and can not be stopped. The TCG now seems as much a candidate to become a SINGLE controller. The power of technology is much bigger than any other, even for a nuclear state such as the United States, and that power will be totally in the hands of American companies.
The economic and political power that the United States will have after the realization of the Palladium project will be indescribable: as always noticed Ross Anderson, the world afraid that the PC is switched off from the outside at the mercy of the controllers’, instead of nuclear missiles.
The future is briefly described in our posts about this topic, for the insiders and not, I hope as clearly as possible. These pages are the reality of tomorrow: talk about this information if you think it’s your convenience, so that everyone knows towards he are going now. Here there is not promotion of any boycott: we promote only the awakening of computer people social conscience to fight against manipulation and global control to keep its rights and especially its FREEDOM.
Before you buy a product of the corporations listed above, ask yourself if it has been designed to be used by you or to use you: check the web to collect information about what you’re buying.
Technology, day after day, gives us the opportunity to have tools and appliances able to interoperate, managed by a central monitor like PCs at home or phone linked to the net by satellite, that we keep in the pocket of the jacket.
Most of these tools are automatic and handle themself as far as possible and leave to human beings just the opportunity to choose between a few options, those that manufacturers considered appropriate to leave.
By many years the marketplace of dekstop and mobile is moving in this direction, with the development of DRM. The voice of DRM from Wikipedia:
“Digital rights management (DRM) is an umbrella term that refers to access control technologies used by publishers and copyright holders to limit usage of digital media or devices. It may also refer to restrictions associated with specific instances of digital works or devices. To some extent, DRM overlaps with copy protection, but DRM is usually applied to creative media (music, films, etc.) whereas copy protection typically refers to software.
The use of digital rights management has been controversial. Advocates argue it is necessary for copyright holders to prevent unauthorized duplication of their work to ensure continued revenue streams. Opponents, such as The Free Software Foundation, maintain that the use of the word “rights” is misleading and suggest that people instead use the term digital restrictions management. Their position is essentially that copyright holders are attempting to restrict use of copyrighted material in ways not included in the statutory, common law, or Constitutional grant of exclusive commercial use to them. The Electronic Frontier Foundation, and other opponents, also consider DRM schemes to be anti-competitive practices.”
DRM supporters (Microsoft..??) claim:
1. A computerized method for a digital rights management operating system comprising:
- assuming a trusted identity;
- executing a trusted application;
- loading rights-managed data into memory for access by the trusted application; and
- protecting the rights-managed data from access by an untrusted program while the trusted application is executing.
2. The computerized method of claim 1, wherein protecting the rights-managed data comprises:
- refusing to load the untrusted program into memory.
3. The computerized method of claim 1, wherein protecting the rights-managed data comprises:
- removing the rights-managed data from memory before loading the untrusted program.
4. The computerized method of claim 3, further comprising:
- terminating the execution of the trusted program.
5. The computerized method of claim 3, further comprising:
- renouncing the trusted identity before loading the untrusted program when the untrusted program executes at the operating system level.
6. The computerized method of claim 1, wherein protecting the rights-managed data comprises:
- securing the rights-managed data written to a page file by the digital rights management operating system.
7. The computerized method of claim 6, wherein securing the rights-managed data written to a page file comprises:
- prohibiting raw access to the page file while the trusted application is executing.
8. The computerized method of claim 6, wherein securing the rights-managed data written to a page file comprises:
- erasing the page file before allowing raw access to the page file.
9. The computerized method of claim 8, further comprising:
- terminating the execution of the trusted application.
10. The computerized method of claim 6, wherein securing the rights-managed data written to a page file comprises:
- encrypting the rights-managed data prior to writing it to the page file.
11. The computerized method of claim 1, further comprising:
- protecting the trusted application from modification by an untrusted process while the trusted application is executing.
12. The computerized method of claim 11, wherein protecting the trusted application comprises:
- refusing to attach the untrusted process to the trusted application.
13. The computerized method of claim 11, wherein protecting the trusted application comprises:
- preventing the untrusted process from accessing memory allocated to the trusted application.
14. The computerized method of claim 1, further comprising:
- restricting a user to a subset of available functions for manipulating the rights-managed data.
15. The computerized method of claim 1, further comprising:
- restricting a user to a subset of functions available for modifying the trusted application during execution.
16. The computerized method of claim 1 wherein the elements are performed in the order recited.
17. A computer system comprising:
- a processing unit;
- a system memory coupled to the processing unit through a system bus;
- a computer-readable medium coupled to the processing unit through a system bus; and
- a digital rights management operating system executed from the computer-readable medium by the processing unit, wherein the digital rights management operating system causes the processor to create a trusted identity for the digital rights management operating system.
18. The computer system of claim 17, further comprising:
- a trusted application executed from the computer-readable medium by the processing unit, wherein the trusted application causes the processor to load rights-managed data into the system memory, and
- wherein the digital rights management operating system further causes the processor to protect the rights-managed data while the trusted application is executing.
19. The computer system of claim 18, wherein the digital rights management operating system further causes the processor to write the rights-managed data into a page file on the computer-readable medium and causes the processor to secure the rights-managed data on the page file from access by an untrusted program.
20. The computer system of claim 19, wherein the digital rights management operating system further causes the processor to erase the rights-managed data from the page file before allowing access to the page file by the untrusted program.
21. The computer system of claim 18, wherein digital rights management operating system further causes the processor to revoke the trusted identity and terminate the trusted application prior to loading an untrusted program.
22. A computer-readable medium having computer-executable instructions for a digital rights management operating system stored thereon comprising:
- obtaining, from a computer processor, a first value for a monotonic counter;
- presenting, to a trusted time server, the first value for the monotonic counter;
- receiving, from the trusted time server, a certificate binding the first value of the monotonic counter to a time on the trusted time server;
- obtaining, from the processor, a second value for the monotonic counter before loading a trusted component;
- calculating, using the certificate and the second value, a trusted current time;
- comparing a time stamp on a trusted component with the trusted current time; and
- determining whether to load the trusted component based on the comparison.
23. The computer-readable medium of claim 22, wherein obtaining and presenting the first value of the monotonic counter occurs on a pre-determined schedule.
24. The computer-readable medium of claim 22, wherein the time stamp comprises a date and time at which the trusted component becomes invalid and the trusted component is loaded when the trusted current time is less than the time stamp.
Here you can read all the article. In “FIELD OF THE INVENTION” they say explicitly that “This invention relates generally to computer operating systems, and more particularly to booting and identifying an operating system that enforces digital rights“. It follows:
“… For a client, digital form allows more sophisticated content, while online delivery improves timeliness and convenience. For a publisher, digital content also reduces delivery costs. Unfortunately, these worthwhile attributes are often outweighed in the minds of publishers by the corresponding disadvantage that online information delivery makes it relatively easy to obtain pristine digital content and to pirate the content at the expense and harm of the publisher.
Piracy of digital content, especially online digital content, is not yet a great problem. … Books and audio recordings are available now, and as bandwidths increase, video content will start to appear. With the increase in value of online digital content, the attractiveness of organized and casual theft increases.
The unusual property of digital content is that the publisher (or reseller) gives or sells the content to a client, but continues to restrict rights to use the content even after the content is under the sole physical control of the client. For instance, a publisher will typically retain copyright to a work so that the client cannot reproduce or publish the work without permission. A publisher could also adjust pricing according to whether the client is allowed to make a persistent copy, or is just allowed to view the content online as it is delivered. These scenarios reveal a peculiar arrangement. The user that possesses the digital bits often does not have full rights to their use; instead, the provider retains at least some of the rights. In a very real sense, the legitimate user of a computer can be an adversary of the data or content provider. “Digital rights management” is therefore fast becoming a central requirement if online commerce is to continue its rapid growth. Content providers and the computer industry must quickly provide technologies and protocols for ensuring that digital content is properly handled in accordance with the rights granted by the publisher. If measures are not taken, traditional content providers may be put out of business by widespread theft, or, more likely, will refuse altogether to deliver content online…”.
In short, DRMOS protects CopyRight data protected from unauthorized programs such as data is in memory. To ensure such protection the DRMOS refuses to load into memory programs untrusted and trusted applications are running, or remove any data from memory and each trusted application before loading the untrusted one. If the untrusted application concerned acts at the level of the operating system, such as a debugger (basic tool used by crackers to the discovery of bugs or security systems that protect applications), the next reboot the DRMOS surrenders trusted identity that it created with the processor.
To prevent not allowed access to the data page in the file, they are encrypted or eliminated before loading untrusted applications or the DRMOS prohibits raw access to it.
Furthermore, there is also a trusted system clock that will deny to manipulate time restrictions of shareware software trusted.
You won’t be able to use several functions to manage and manipulate your PC and the data that flow from it in any way and by any means.
These patents show that is already in place for some time, the establishment of a cooperative system hardware and software can reduce your home or your laptop or any other computer-based object run by the operating system, to a simple blender.
While Intel steered clear of mentioning the new DRM technology at its Australian launch of the new products, Intel’s Australian technical manager Graham Tucker publicly confirmed Microsoft-flavored DRM technology will be a feature of Pentium D and 945: “[The] 945g [chipset] supports DRM, it helps implement Microsoft’s DRM … but it supports DRM looking forward,” Tucker said, adding the DRM technology would not be able to be applied retrospectively to media or files that did not interoperate with the new technology.
In other words, what happens if they build hardware that only supports DRM? We would not have the opportunity to choose, because any other hardware is incompatible with the DRM software and vice versa.
The end user will have a limited number of operations that can run and these are choiced by the big companies in the global marketplace.
Even now it should not be so incredible if we have a PC in which it was chosen for us what we can or can not use: I am not referring to hacking, in fact it is a problem that proprietary software, music and movies, protected by CopyRight are continually subject to manipulation in order to distribute copies illegally.
So DRM technology, the TCPA and anything mentioned in this post represent in my opinion a good way to combat piracy. However, the intention behind this method is wrong and should be emphasized.
It’s just that less experienced users, those who merely use computers only for connecting to the internet, to use the MS Office package in their office or home, know how they are going to accept the policy of the new system the Trusted Computing Group (TCG).
This post contains informations required by the other ones about this topic.
From Wikipedia’s voice about TCG:
“The Trusted Computing Group (TCG), successor to the Trusted Computing Platform Alliance (TCPA), is an initiative started by AMD, Hewlett-Packard, IBM, Infineon, Intel, Microsoft, and Sun Microsystems to implement Trusted Computing. Many others followed.
TCG’s original major goal was the development of a Trusted Platform Module (TPM), a semiconductor intellectual property core or integrated circuit that conforms to the trusted platform module specification put forward by the Trusted Computing Group and is to be included with computers to enable trusted computing features. TCG-compliant functionality has since been integrated directly into certain mass-market chipsets.
TCG also recently released the first version of their Trusted Network Connect (TNC) protocol specification, based on the principles of AAA, but adding the ability to authorize network clients on the basis of hardware configuration, BIOS, kernel version, and which updates that have been applied to the OS and anti-virus software, etc. As of December 2006, almost one hundred fifty enterprises are members of TCG or follow its specifications.
Seagate has also developed a Full Disk encryption drive which can use the ability of the TPM to secure the key within the hardware chip.
A common misconception regarding TPM-enabled computers is that it would require all software to have a license from the TCG or some other central body. In reality, the owner of a TPM-enabled system has complete control over what software does and doesn’t run on their system. This does include the possibility that a system owner would choose to run a version of an operating system that refuses to load unsigned or unlicensed software, but those restrictions would have to be enforced by the operating system and not by the TCG technology. What a TPM does provide in this case is the capability for the OS to lock software to specific machine configurations, meaning that “hacked” versions of the OS designed to get around these restrictions would not work. While there is legitimate concern that OS vendors could use these capabilities to restrict what software would load under their OS (hurting small software companies or open source/shareware/freeware providers, and causing vendor lock-in for some data formats), no OS vendor has yet suggested that this is planned. Furthermore, since restrictions would be a function of the operating system, TPMs could in no way restrict alternative operating systems from running, including free or open source operating systems. There are several projects which are experimenting with TPM support in free operating systems – examples of such projects include a TPM device driver for Linux, an open source implementation of the TCG’s Trusted Software Stack called TrouSerS, a Java interface to TPM capabilities called TPM/J, and a TPM-supporting version of the Grub bootloader called TrustedGrub.”