Trusted Computing Blog

What will you do if the army calls your computer to duty? This scenario is now possible under the trusted computing framework.

Everybody knows about distributed projects like SETI@HOME, and perhaps you have also heard about the failed Lycos anti-spam screensaver. Criminals use botnets to create on-demand distributed DOS attacks. Could the same distributed computing paradigm be exploited by the government for military purposes?

Cyberwarfare has received increased attention lately. An article by James Mulvenon proposed the search for a cyberconflict agenda, and many argued on possible scenarios in the event of a cyberwar. Those issues are not solely based on futuristic settings: the news hyped recently the case of the “chinese cyberspies”, and how their actions threatened national security.

If we assume that computational power and bandwidth will be key factors in future conflicts, a valid question is whether the military will request for civilian help, a kind of (voluntary or obligatory) “military duty” for civilian computers. The cycles and bandwidth provided by civilians could be used for breaking cryptographic enemy keys using distributed computation, launching attacks against chosen strategic targets (enemy sites, etc) or automated web-crawling to gather intelligence or to hunt for specific enemy sites.

Of course, while activities like SETI@HOME doesn’t require a great level of confidence on the trustworthiness of the user, military activities do require a high level of trust in the machine. The machines need, as a minimum, to be correctly identified, and tested to be resistant to subversion. The information sent and received from the machine may be confidential, even by the machine owner. This was not possible under the current framework, but current research shows that Trusted Computing could provide this level of assurance.

The Terra project, for example, used virtual machines coupled with trusted computing to claim a high level of assurance on distributed applications, showing a “cheat-proof” quake as proof of concept. Research at IBM proposed a scheme (using a secure processor and memory) for fine grained attestation for sensitive applications. Adding confidentiality to those schemes using the internal keys of the TPM will not be difficult.

I am aware that the use of non-military computers by the government will raise lots of questions from the legal and policy standpoints. I am not an authority on the subject, but maybe Stefan could comment on the feasibility of such a scenario. In this article I only wnated to point out that TC technology allows the creation of such a botnet for the army.

Only hope you don’t get an email at work saying “The Secretary of the Army has asked me to express his deep regret that your laptop Fujitsu 8010d S/N 344455 was destroyed in action this morning on an heroic attack to the axis of evil’s central servers”

The Trusted Computing Group released open standards, and the open source community has responded by releasing a set of tools implementing the standards. I will describe here those efforts. If you know any others, please let me know.

In the event you don’t happen to have the chip needed for trusted computing (Trusted Platform Module), or you are afraid of enabling it after reading the scare tales, you can still build software and test the different applications of trusted computing using Mario Strasser’s emulator. The emulator is in the form of a kernel module, and implements most of the functionalities described on the standard. If you don’t want a TPM any more, just rmmod the module.

If you already have the chip, the drivers are already on the Kernel since version 2.6.13. To my knowledge, Atmel and Infineon chips are supported. If you have older versions of the kernel, only Atmel chips are supported, but you can still download the drivers form here. I have succesfully used the driver on a Fujitsu E8010d laptop.

To access the chip from the application layer you need a software stack, called the Trusted Software Stack. IBM has already implemented the stack and libraries to create Trusted Computing compliant software for Linux. As defined by the standard, a software daemon (tcsd) is the single point used to access the drivers. The project is called Trousers, and it works well with the emulator (latest version on the subversion repository).

There is, however, not a stable project to implement the trust chain in the Linux OS and bootloader. Trusted Grub, TCGlinux (no sources readily available) and BEAR (no longer mantained) are some of these efforts, but none seems to provide a clear documentation on how to do that. While VISTA is supposed to provide support for the trust chain, I am unsure if the Linux community will follow suit and implement this capabilities on the mainstream Kernel. At least I know there is some efoort from the Gentoo distributions, with trusted gentoo

If you want to create your own TCG testbed (TPM, Drivers and TSS,), read my follow up article on putting it all together