|HP business PC TCG product implementation
Q . What are TCG, TPM, and HP ProtectTools Embedded Security?
A . TCG refers to the Trusted Computing Group, an industry-wide security standards group. TPM refers to the Trusted Platform Module, a security chip developed from TCG specifications. HP ProtectTools Embedded Security refers to the HP-branded TPM on HP business PCs.
Q . What is the availability of TCG specification be on HP client products?
A . HP ProtectTools Embedded Security is available on the HP Compaq business desktop d530 and HP Compaq business notebook nc6000 and nc8000. Value desktop and notebook families will not be available with a ProtectTools Embedded Security option.
Q . How is the HP ProtectTools Embedded Security and Embedded Security Manager made available to customers?
A . Embedded Security was made available as a CTO option on all new HP Compaq business desktop d530 series computers in the second quarter of 2003 and 3Q03 for select HP Compaq business notebooks. Hardware is configured at the factory upon order. Software is either pre-installed or available from the Web as a download, depending on your specific desktop or notebook model. The TPM plugs into a connector on the system board.
Q . In what scenarios might the Trusted Platform Module (TPM) be used?
A . Several usage scenarios are possible:
- Multiple users on a single system needing to encrypt files and folders for their own access
- The TPM can help protect root keys for decrypting encryption keys and certificates in silicon rather than breakable software and registries and allow users to restrict access to data stored on a shared client device.
- Help ensure network access to trusted clients - the network can authenticate a TPM-enabled device and allow access only to those systems with IT-approved configurations adhering to corporate security policy.
- Need to secure email communication - the network can authenticate the device and help ensure a secure communications pipeline, and in addition, the TPM can work with PKI to authenticate trusted authorship of emails and documents.
Q . What TCG specification is supported by HP? When can we expect to see products that support it?
A . Existing TCG specifications, including the TCG 1.1 spec, protection profiles, and PC specific specification, is supported on select HP business PCs. TSS (TCG Software Stack) and TPM 1.2 specifications are anticipated as the first new specifications created by TCG in the second half of this year. Products that support the existing TCG specs are available today. Products that use the next anticipated TCG specification, TCG 1.2, in 2004 / 2005, depending on exactly when the specification is finalized, as well as other factors. Future TCG specifications are expected to be backward compatible to TPM 1.1
Q . What comprises HP ProtectTools Embedded Security?
A . Two components - hardware and software.
The software piece is branded HP ProtectTools Embedded Security Manager, and controls basic operation of security chip (such as enabling and ownership), and provides user-friendly file and folder encryption integrated with the OS.
The hardware component is branded HP ProtectTools Embedded Security, and is compliant with the TCG 1.1 standard. The chip is supplied by Infineon Technologies, and each is unique and bound to a particular system. The v1.2 chip specifications are expected to be backward compatible to v1.1.
Q . To which extent are the keys and other protected data in the TPM physically protected? Can a skilled technician in a well-equipped laboratory read them, as on an ordinary Smart Card (electron microscopy, light refraction)?
A . The TPM protection profile requires some physical protection on the TPM. It does not specify the mechanism in which the manufacturer needs to design. The TPM manufacturers are familiar with creating security chips. We anticipate that some TPMs will have stronger physical protections than other mechanisms. The market will determine what is appropriate.
Q . How does HP ProtectTools Embedded Security provide better or more security than security features available on native Microsoft® Window® 2000 and XP operating systems?
A . ProtectTools Embedded Security provides enhanced security as the Embedded Security chip creates a unique Storage Root Key (SRK), stored in silicon with 2048-bit encryption, which is very difficult to compromise. The SRK, in turn, encrypts and decrypts all other encryption keys and digital certificates stored on the Hard Drive. Conversely, through the basic OS security, passwords/keys are stored directly on the hard drive, which can be relatively easily compromised by loading a new OS or removing the drive.
A feature comparison of native Windows 2000 and XP security versus ProtectTools Embedded Security quickly illustrates the added features of the HP solution: Windows 2000/XP native security features -
HP ProtectTools Embedded Security features -
- File and folder encryption
- Encrypted email
- System login
- Enhanced native Windows 2000 and Windows XP file and folder encryption
- Seamlessly enhances email encryption and authentication built-in to native Communication packages (Outlook, Outlook Express, Lotus Notes, Eudora, PGP)
- Lays a foundation for additional applications to control which machines connect to the corporate network
- Helps reduce hacking and subsequent system attacks, denial of service and network attacks
- Strengthens wireless user authentication and data protection & integrity, limiting spoofing threats
- Use as "embedded" smart card, eliminating more expensive smartcard/token id deployments
- Means to authenticate that system user is communicating with, is the system they believe it to be
- Strong means of verifying transmitted data was received and not compromised
- Enhances other security products such as Smart Cards, fingerprint IDs, etc.
Q . What OS does HP ProtectTools Embedded Security support?
A . Microsoft Windows 2000 and XP.
Q . What are the basic enabling software applications of the Embedded Security Manager?
A . Software includes the following:
- MS CAPI support
- BIOS support
- TPM device driver
- PKCS#11 support
Q . What, if any, features are built into HP ProtectTools Embedded Security to help customers manage its functionality?
A . ProtectTools Embedded Security provides robust local management features to this end, which is included as part of the standard ProtectTools Embedded Security Manager delivered with the machine. This local management utility includes:
- Ownership, PIN management, key backup/migration
- Tight integration with Windows security policy infrastructure
- Windows Control Panel applet with system tray, iconic, representation
- Certificate management - view certificates/keys bound to the TPM
- Embedded Security management functions accessible through established manageability protocols (i.e. DMI, SNMP, WEBEM, etc.)
Q . What value does TCPA add to existing Public Key Infrastructure (PKI)?
A . While there are existing technologies to allow hardware protection of a private key (e.g., Smart Cards), these keys are not associated with the platform. If a key is to be used by the platform itself to provide attestation and protect secrets and identities, it needs hardware protection such as provided by the TPM. Protection provided by software alone does not offer the same private key protection as provided by a platform with a TPM, with trusted platforms requiring certificates signed by a Certificate Authority (CA) at several levels. A system administrator for example can identify the platforms that are connected or trying to access his network.
Q . Does the ProtectTools Embedded Security Manager complement or overlap Smart Card security solutions?
A . Both, depending on customers' security needs and policies. For some customers with current or future Smart Card deployments, the Embedded Security Manager provides an additional, complementary authentication factor - the Smart Card providing user authentication and the Embedded Security Manager providing device authentication. However, some customers may choose to use the Embedded Security Chip, and the secure storage feature it provides, to take the place of Smart Card functions.
Q . What is attestation?
A . Attestation is a core feature of Trusted Computing in which a platform communicates (or attests to) its state of operation. An example of attestation would be a system that measures a platforms current anti-virus definition file and stores that measurement on the TPM. When the platform wishes to prove what virus definition file is in use, the platform would attest to measurement of the AV def file by performing a digital signature of the measurement and sending the signed message to the entity requiring information regarding the AV def file.
Q . Why does a unique identifier have to be on the platform?
A . It is not possible to provide attestation without some form of identity associated with that attestation. The unique identifier provides this identity and is the basis for attestation.
However, because of our concern for privacy, the TCG has specified TCG technology in such a way that this unique identifier is never directly used - only indirectly, and aliased through the use of certificates issued by the owner's selected Trusted Third Party (TTP). The unique identifier is designed for use only to create a certificate request for an aliased ID from the TTP. The owner of the platform has control over the exposure and use of both the unique identifier and all aliased IDs held by the TPM.
There are two ways the owner controls this, as provided for in the TPM specification: The first is through the use of authentication. All uses of the TPM and the aliased ID's associated with it require authentication, which the owner controls. Second, the owner may disable the use of the TPM through the use of commands, physical "switches," or both. Remote enabling without the owner's permission is protected against by a requirement of physical presence (which means you have to be at the PC yourself) to "gate" these commands.
Q . What kinds of protections are in place to protect my personal information?
A . Any personally identifiable information (PII) contained within the aliased ID is entered at the discretion of the platform user. It may contain as little or as much PII as allowed or required by the application the user chooses to use. A platform user may disable the TPM at any time for a particular login session. This helps enforce the user's right to privacy.
Q . Can any of this be used to track my personal information on the Web?
A . At the heart of TCG privacy technology is the use of multiple aliased IDs. This increases the difficulty of someone conducting traffic analysis used to "track" network usage and subvert privacy.
Q . Are the unique keys in a TPM generated, and the public keys recorded by a Trusted Third Party (TTP), at the time of manufacture? If not, could a piece of software generate a key pair, pretend to be a TPM, and have the public key certified?
A . The unique key in the TPM, known as the endorsement key (EK), is generated during manufacturing. To validate that the EK comes from a valid TPM the manufacturer creates an endorsement credential that states that the EK in question comes from a valid TPM. So while anyone could create a SW EK and claim it comes from a valid TPM they would not have a valid endorsement credential to accompany that claim. This implies that those who rely on an EK validate that it comes from a valid TPM.
Q . Does ProtectTools Embedded Security enhance third-party security solutions?
A . Yes, other security solutions are able to take advantage of the ProtectTools Embedded Security through the use of industry-standard interfaces such as Microsoft CAPI and PKCS11. ProtectTools Embedded Security has also been certified under the RSA Secured Partner program - embedded security provides enhanced security when using the RSA SecurID software token for multi-factor authentication.
Q . What happens if the PC is re-imaged?
A . Effectively all keys/secrets stored through the TPM are lost and the user needs to recover those keys. HP ProtectTools Embedded Security Manager provides a recovery mechanism for restoring keys on the same platform (re-imaged).