http://www.jesusmolina.com/TCGblog Trusted Computing Group reserach discussion Mon, 08 May 2006 17:33:44 +0000 http://backend.userland.com/rss092 en Several TNC implementation were presente @ InterOp (Las Vegas). The TNC is a multilayered standard which can be implemented on top of other technologies, including IEEE 802.1x and SSL, but currently only bindings exits for tunneled EAP methods. TNC provides interfaces for integrity data collection, verification, transportation and policy enforcement. Press coverage of the event can be found here ... http://www.jesusmolina.com/TCGblog/archives/12 A TPM compliance study at the HGI institute for IT-security (Ruhr-University Bochum) show that some of the studied TPMs are not fully compliant with the TCG standard, due to some bugs. The study is interesting, but somewhat misleading in certain aspects. As an example, AES, DES and 3-DES are not required ... http://www.jesusmolina.com/TCGblog/archives/11 Efforts to standarize Endorsement Key (EK) certfication between infineon and Verisign: Press Release http://www.jesusmolina.com/TCGblog/archives/10 What will you do if the army calls your computer to duty? This scenario is now possible under the trusted computing framework. Everybody knows about distributed projects like SETI@HOME, and perhaps you have also heard about the failed Lycos anti-spam screensaver. Criminals use botnets to create on-demand distributed DOS attacks. Could ... http://www.jesusmolina.com/TCGblog/archives/9 The Trusted Computing Group released open standards, and the open source community has responded by releasing a set of tools implementing the standards. I will describe here those efforts. If you know any others, please let me know. In the event you don’t happen to have the chip needed for trusted ... http://www.jesusmolina.com/TCGblog/archives/8 What is the deal with Virtualization and Trusted Computing? Why is Intel so interested? In this entry I will discuss why those technologies could shape the future of computing. To understand the why, first we need to understand the problem with the “killer” application of TC, which is attestation. Attestation basically ... http://www.jesusmolina.com/TCGblog/archives/7 BIND was presented at the last IEEE security symposium by IBM research. BIND tackles the problem of attestation, but instead of attesting a whole machine, they suggest to attest the executing process in memory. To avoid dealing with the inherent problem of insecure paths and insecure execution, the work assumes ... http://www.jesusmolina.com/TCGblog/archives/6 Trusted Computing is arriving slowly but with firm steps to all computers. Trusted Platform Modules (TPM) are now embedded in many computers, and is expected that by 2008 most systems will be shipped with a TCG complient TPM. While TPM 1.1, the current version shipped with many computers, is nothing ... http://www.jesusmolina.com/TCGblog/archives/4