A Talk by Mr. Usama Tharwat Elhagari in Seminar In Info. Sec. Class (MCS 2070)

Assalamualaikum...This is the 4th talk and this time by Mr. Usama Tharwat Elhagari. He is from Egypt and he is doing his research in Trusted Computing. This talk was held on 2nd and 3rd March 2011. Mr. Usama shared his knowledge about Trusted Computing Background. According to him, today's systems are very vulnerable to a range of attacks. Protecting IT Systems through software-only mechanisms cannot solve alone all the security problems. Operating System (OS) and application software are very complex and removing all software vulnerabilities is almost an impossible task. The number of attacks on software, OS and applications are higher as compared with attacks on hardware. Users become more mobile, physical theft become more concern. He then stated that some security problems are unsolvable without a bootstrap to protected hardware. He then added, software-only security application cannot protect the hardware platform against attacks on its integrity or modification of the security software. Then he brief us some information about Trusted Computing Platform Alliance (TCPA). The TCPA was established in the year 1999, the promoters (main players) are Compaq, IBM, Intel, HP and Microsoft that consist of more than 200 members. He then talked about the TCG Mission Statement. The TCG is Trusted Computing Group. The TCG Mission Statement is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, industry standards for trusted computing building blocks and software interfaces across multiple platforms.

He then told us about the definition of TRUST. Trust means different things to different people. In trusted computing, we use it in the sense of behavioral reputation : something is trusted if it behaves in the expected manner for a particular purpose (Mitchell, 2005). He then added, trust with better definition is an entity can be trusted if it always behaves in the expected manner for the intended purpose. An entity is a platform or an applications or service running on a platform. An example of platform are PC, PDA, smart phone and etc. The trusted computing is of great significance for building secure computing systems based on new architecture in both hardware and software (Kallath, 2005). TC is an industry initiatives intended to protect data in computer platform from software attack and that includes protecting servers, desktops, laptops, PDAs, mobile phones and computer peripherals (Mitchell, 2005). He then explain about the Trusted Platform (TP). TP is a computing platform that has a trusted component, probably in the form of built in hardware, which it uses to create a foundation of trust for software processes (Pearson, 2002). Then he explain something about the Chain of Trust. The chain of trust expands from component to component. The chains of trust generic are receive control, measure next entity and pass control to entity. The Root of Trust is hardware or software mechanism that one implicitly trusts (Gunupudi, 2008, Siani Pearson, 2005, Stravvoulakis et. al. 2010). Root of trust misbehavior is not detectable and affects on all the chain of transitive trust. Then he explain in detail about the Fundamental Features of Trusted Platform. The fundamental consists of three criteria which are Protected Capabilities, Integrity Measurement and Storage and Integrity Reporting. He then added about the TCG's Specifications, issued different spec for enabling trust in different platforms such as desktops and laptops. He then explained about the roots of trust, secure storage, attestation, TPM key types, example of key usage and TPM components.