- Trust: A Complex Notion
- How Can Platforms Be Said To Be "Trusted"?
- So How Can You Trust the Computer in Front of You?
- Summary: Trust and Trusted Platforms
So How Can You Trust the Computer in Front of You?
As well as a system authenticating a user, it's sometimes necessary for a user to authenticate a system. Let's imagine that you're using a system other than your own, in a frequent flyer lounge at the airport, for instance, or at another desk. The work you're doing on that computer is confidential, but you're faced with using a machine that runs unknown software and that could possibly be set up to take information and send it to someone else or store it for misuse. You need to ensure that the computer can be trusted to behave in the manner you expect for the particular use you want to make of it. In addition, you need to know that when you're told this is the case, it's not malicious software giving you a message that's merely pretending to be trustworthy!
To solve this problem, a smart card can be used to make it easy and non-intrusive for you to establish that you can trust the use of a computing platform for a particular purpose. The smart card will carry out the challenge of the Trusted Platform on your behalf. You therefore only need to trust that your smart card will behave as expectedsomething that we've already become used to with banking cards. A smart card can be programmed with secret information that only you knowfor example, a drawing that your child made. You put the smart card close to the computer's smart card reader, or into a smart card reader with a contact card. If it picks up the drawing and displays it onscreen, you know that the computer is safe because it has been interrogated and checked by the smart card on your behalf. This secret image can't be reused indefinitely, and needs to be changed periodically in case it's compromised.
Another way for the smart card to communicate the result of the Trusted Platform challenge to you would be to implicitly deny access to functions of the smart card (in other words, the smart card would deny authentication information required for access to a specific service, on the basis that integrity verification of the platform has failed).
As an alternative, a portable security challenger with a proper user interface could be used to enhance your confidence in Trusted Platforms. The portable challenger could be a mobile phone, personal digital assistant (PDS), smart card reader, biometrics reader, or other device. The portable challenger would challenge the local platform to obtain integrity metrics, as described above, and communicate its findings to you through its own user interface.
These ideas are not discussed at all in the TCPA specification, and they can be applied to a wide range of scenarios, including using terminals in public places to carry out confidential business.
Once you're convinced that it's safe to use a platform, you can safely present your authentication information to the platform, knowing that it won't be stolen or subverted. This authentication information can take the form of simple passwords or biometrics.
Once authenticated, you can use the platform to digitally sign data with increased confidence. You can use Trusted Platforms to give you greater confidence that the document you believe you're signing is actually the document you're signing, which is particularly important as digital signatures gain in legal status. For example, your smart card could be programmed to refuse to sign data created by the platform unless the smart card trusts the platform. Or, using a specially modified Trusted Platform where the TCPA chip is integrated into the display circuitry, your special secret image that's stored on your smart card could be used as a background or border to an image that represents the data to be signed, and so you can be sure that you're signing a digest (compressed version) of what actually appears marked by this image on the computer screen.