Hardware Security?

This is a post series on cyber crime. For more posts click here or the cybercrime tag below.

I recently found this post from George Gilder on an installed security chip that’s probably already in your computer.

All this is happening while the nation spends close to $50 billion on “computer security” as computer users fumble daily for passwords, usernames, PINs, and reset buttons. The DoD alone commands 65,000 IT professionals with a budget of $12.5 billion, most of which is spent on ineffective post-hack software security systems.

How are companies and consumers supposed to feel confident in their cyber-defense systems when security giants themselves fall victim to attacks? For example, Symantec, whose software identified just one of the 45 New York Times attacks, suffered a raid on its own Norton Utility source code assets. And its major rival McAfee inadvertently launched a devastating attack of its own, depriving millions of its customers of network access.

This pattern of ever-increasing expenditures with ever-deteriorating results bespeaks a failed technological paradigm and calls for a new approach to the problem. Fortunately such a new approach is readily available.

Acting through the Trusted Computing Group, some 130 computer industry companies, led by Microsoft, Intel, IBM, HP, Dell have adopted and demonstrated an ingenious and promising remedy for many of these vulnerabilities. Integrated into the innermost domains of the computer system and not removable by the user, it is called the Trusted Platform Module (TPM).

Moving crucial security operations into a hardware “vault” chip, unreachable by outside software, the TPM makes possible the establishment of a “root of trust” upon which security can be built. A secure cryptographic processor, it commands non-volatile memory that keeps its contents when the power goes out. Containing a true random number generator based in the physics of the chip rather than an algorithmic source, the TPM supplies the foundation for cryptographic “keys” that identify the computer to outsiders.

The TPM also commands a program counter that logs an indelible record of computer operations that cannot be overridden or saturated, no matter how long it is bombarded. The chip is architected so that no commands it is issued can ever induce it to relinquish its private cryptographic key, which uniquely identifies and authenticates the machine.

Most crucially, the TPM can perform the vital function of pre-boot hardware platform attestation, enabling the machine to report reliably on its own condition and identity. This means that together with implementation software, it can compare a mathematical “hash” of the existing hardware settings and hard drive contents with the previously stored “image,” flagging changes or malware and prohibiting boot-up until they are scrutinized and addressed. The TPM guarantees that the computer is a known device, booting into a trusted known state. Thus, it is a machine that can be safely linked to other networks and tap into valuable or sensitive services.

The Trusted Platform Module observes seven principles of security that are defied in practice, offering an entirely new paradigm — and a path to an improved computer architecture.

  1. People cannot be made secure. They are subject to trickery and seduction, impulse and inattention. Only devices can be secured.
  2. No secure system can rely on passwords.
  3. No security system works if it is not used. Thus these systems must improve the user’s experience and enhance the device’s performance, driving their adoption.
  4. The fewer interfaces a security system introduces, the better.
  5. The canonical security sequence is to authenticate the device, then link the user to it through a biometric method (such as fingerprints, face, or iris scans).
  6. Websites should admit only known devices – an approach known as “whitelisting.”
  7. Computer security is too important to be entrusted to computer security companies. It is an effect of computer architecture and is impaired by most patches and post-hack security programs.

Virtually all new business-class personal computers — some 600 million so far — now bear TPMs welded onto their motherboards. Samsung, Wave Systems, and others are now extending the technology to mobile devices such as tablets, network computers, and smartphones. Microsoft is spearheading the movement by mandating TPMs as a prerequisite for its new operating system, Windows 8.

However, despite the increasing consensus of its computer experts, the government has failed to assure the security of its own assets. Even in a war against relatively primitive forces in Afghanistan, the Pentagon has suffered several unpublicized computer hacks that remain vulnerable in ways that resourceful use of TPMs could rectify.

As a result of these stultifying confusions, almost no one has turned on the TPMs. In nearly all of the some 600 million computers that have them, the TPMs merely occupy space on the motherboards. Sleeping sentinels, their default mode is dormancy, since they are worthless without software to invoke their services and manage them.

Security is an indispensable part of computer architecture and design that must be incorporated from the bottom up. It cannot be sloughed off onto the users or relegated to an after-the-fact strategy based on retroactive bandaids and placebos.

http://www.discovery.org/a/21561

Now I’m not sure exactly how this works.

https://en.wikipedia.org/wiki/Trusted_Platform_Module

https://technet.microsoft.com/en-us/library/cc754524(v=ws.11).aspx

Apparently the Trusted Platform modules encrypts everything on all the drive in your computer.  And operates at the BIOS level.  It also seems like it’s turned off by default.  It’s apparently designed to work with an operating system utility called Bitlocker which secures the device if it’s stolen.

https://en.wikipedia.org/wiki/BitLocker

Great, but none of this seems to deal with being able to lock away individual drive and folders from invasive applications.  The problem is that malware and ransomware act from within the devices.   So The real issue is still controlling access from within the device or network.

The week in ransomware.

http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-7-2016-hades-locker-decryptors-globe-cerber-and-more/

Advertisements

One comment

  1. penneyvanderbilt · October 23

    Reblogged this on KCJones.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s