TC use cases I: The army botnet
What will you do if the army calls your computer to duty? This scenario is now possible under the trusted computing framework.
Everybody knows about distributed projects like SETI@HOME, and perhaps you have also heard about the failed Lycos anti-spam screensaver. Criminals use botnets to create on-demand distributed DOS attacks. Could the same distributed computing paradigm be exploited by the government for military purposes?
Cyberwarfare has received increased attention lately. An article by James Mulvenon proposed the search for a cyberconflict agenda, and many argued on possible scenarios in the event of a cyberwar. Those issues are not solely based on futuristic settings: the news hyped recently the case of the “chinese cyberspies”, and how their actions threatened national security.
If we assume that computational power and bandwidth will be key factors in future conflicts, a valid question is whether the military will request for civilian help, a kind of (voluntary or obligatory) “military duty” for civilian computers. The cycles and bandwidth provided by civilians could be used for breaking cryptographic enemy keys using distributed computation, launching attacks against chosen strategic targets (enemy sites, etc) or automated web-crawling to gather intelligence or to hunt for specific enemy sites.
Of course, while activities like SETI@HOME doesn’t require a great level of confidence on the trustworthiness of the user, military activities do require a high level of trust in the machine. The machines need, as a minimum, to be correctly identified, and tested to be resistant to subversion. The information sent and received from the machine may be confidential, even by the machine owner. This was not possible under the current framework, but current research shows that Trusted Computing could provide this level of assurance.
The Terra project, for example, used virtual machines coupled with trusted computing to claim a high level of assurance on distributed applications, showing a “cheat-proof” quake as proof of concept. Research at IBM proposed a scheme (using a secure processor and memory) for fine grained attestation for sensitive applications. Adding confidentiality to those schemes using the internal keys of the TPM will not be difficult.
I am aware that the use of non-military computers by the government will raise lots of questions from the legal and policy standpoints. I am not an authority on the subject, but maybe Stefan could comment on the feasibility of such a scenario. In this article I only wnated to point out that TC technology allows the creation of such a botnet for the army.
Only hope you don’t get an email at work saying “The Secretary of the Army has asked me to express his deep regret that your laptop Fujitsu 8010d S/N 344455 was destroyed in action this morning on an heroic attack to the axis of evil’s central servers”