“Trusted” Computing and Digital Rights Management
Said I trust you but I lied!
Recent reports available with news sites and also published in the Economic Times of India suggest that Microsoft [hereinafter referred to as MSFT] will be pushing through the Windows Rights Management Architecture & Services [WRMA & WRMS] by the 1st week of March, 2003. In the light of such an event, this article proposes to establish the fallacy of the Trusted Computing paradigm as made available in public document(s) from TCPA [trustedcomputing.org]
What is the TCPA ?
TCPA stands for the Trusted Computing Platform Alliance, an initiative led by Intel. Their stated goal is `a new computing platform for the next century that will provide for improved trust in the PC platform. TCPA is an industry working group formed at sometime in October 1999 with some heavyweight members like IBM, HP-Compaq, Intel and MSFT, to deliver a set of hardware and operating system security capabilities that customers can use to enhance the trust and security in their computing environments via the TCPA Main Specifications Revision 1.1 developed by the PC industry platform, operating system application, and technology vendors. The TCPA has developed a Main specification version 1.1 that will help simplify and accelerate the deployment, use, and manageability of security capabilities on computers. TCPA PC Specific Information Specification version 1.0 to assist in the PC specific implementation of trusted computing.
Core functional issues of the TCPA Specifications
There are two areas addressed in the v1.1 are
1. Traditional security feature building blocks such as persistent storage, platform authentication (signing of data), and H/W random number generation;
2. New capabilities such as platform integrity metrics (self-inspection of the BIOS, master boot record, and OS loader in the PC) and anonymous/multiple identities to better address privacy concerns in computing.
The TCPA has defined a general purpose Trusted Subsystem that can be incorporated into a platform, the first focus being the PC. Trusted Computing Requires Transactions and Computing Devices to be:
1. Trusted – acting in a recognized and attestable manner
2. Reliable – readily available for transactions and communications, as well as prepared to act against viruses and other intrusions
3. Safe – able to stop unwanted intervention or observation
4. Protected – sharing information with only those who are authorized
5. Private – providing users a way to manage their privacy
What does TCPA offer?
As per the stated aims, a TCPA-enabled system offers a low cost standardized means of embedding security functionality in a platform, which means that improved levels of security can become ubiquitous, hence enabling and encouraging the development and use of applications and services that use security. Another such benefit is improved control of access to data. Previously such access has depended upon authorization or authentication. After TCPA-enabling such access can also be linked to the state of the software in the platform. This enables the denial of access to data if ‘rogue software’, such as a virus, is introduced into a platform, because such introduction necessarily changes the software state of the platform. Other traditional features of the Subsystem, such as persistent storage and signing, are supposed to improve many applications and services such as Public Key Infrastructure (PKI) deployments and interactions, Web browsers using SSL, and email use of S-MIME among others.
Ubiquitous security in platforms encourages the development and use of security services. PKI related security processes, such as digital signature and key exchange, are protected through the secure TCPA subsystem. Access to data and secrets in a platform could be denied if the software environment in the platform is changed (by a virus, for example). Critical applications and capabilities such as secure email, secure web access, and local protection of data are thereby made much more secure when on a TCPA platform.
“The capabilities provided by a TCPA compliant platform will benefit both business and consumers and are being defined to be independent of a focus on specific market segments.”: a TCPA handout
What does TCPA actually mean ?
But in simple terms what does TCPA offer and/or do? TCPA and the consequent Digital Rights Management (DRM) provides a computing platform/environment where it makes it nearly impossible to tamper with the applications, and where these applications can communicate securely with the vendor. The obvious implication of such a scenario is digital rights management and new niche areas of monopolistic business opportunity. The WRMS & WRMA strategies as envisaged and implemented by MSFT only lend credence to the fact that TCPA & DRM would be a dual-purpose technology. Ostensibly meant to protect content production centers protect their intellectual property, it can also make the computer lock itself up at a software level if a level of ‘trust’ defined intrinsically is breached.
The Microsoft Content Security Business Unit in a preliminary whitepaper ideated on the concept of ‘Palladium’. The model was supposed to be:
“Palladium” is the codename for an evolutionary set of features for the Microsoft® Windows® operating system. When combined with a new breed of hardware and applications, these features will give individuals and groups of users greater data security, personal privacy, and system integrity. In addition, Palladium will offer enterprise customers significant new benefits for network security and content protection.
Although now available as the WRMS, the basic concept in the implementation and functionality of the system remains more or less the same. Integrating hardware and software platforms to incorporate and embed ‘trust’ in the computing environment. The mechanism of working of the concept is widely published and available on the Internet. A Google [www.google.com] search with strings that include ‘TCPA, Palladium, WRMS, DRM’ etc throws up relevant results. The TCPA website itself has a brochure that documents the proposed system. Ross Anderson has compiled a detailed FAQ that addresses among other things the implications of the system. A PCQuest[February 2003] feature article, available at www.pcquest.com also explains how Palladium works. It is noteworthy that MSFT have now rejected the proposed codename of Palladium and have packaged some features of the same within WRMS. How does Palladium work ?
Even though it will not be recognized as Palladium as such, the article uses the term in a generic way to indicate Trust-based Computing scenarios as envisaged by TCPA and MSFT.
Palladium is based on a “closed-sphere-of-trust” [that] binds data or a service to both a set of users (logon) and to a set of acceptable applications.
Functionally dependent upon the concept of a Trusted Operating Root (TOR), the TOR does not simply open the vault/application domain; the TOR will only open a particular vault, and only for a small list of applications, that have been authenticated at a prior level. Being based on the strategy of ‘enhancements’ to the existing OS platforms from MSFT, it acts as a sandbox for interaction between ‘trusted applications’ and the system so as to prevent information leakage and aggressive and intrusive trespass. Although some commentators seems to find a similarity with the model of the JavaVM , Palladium is related to it only by means of the sandbox-ing concept. The MSFT whitepaper itself mentions that current non-Palladium software applications will find such a feature of no use unless a “Trusted Agent.” Component is incorporated.
Even within the TCPA, it is of the belief that the Palladium system is more aimed at DRM than TCPA. And certainly with its overt emphasis on ‘rogue software’ and insistence of ‘security agents’, it is MSFT’s strategic business push towards enforcing digital rights.
So what does it mean for the OpenSource Initiative ?
The TCPA architecture as well as MSFT’s Palladium initiative places emphasis on ‘trusted software’. Proprietary software applications have for a long time managed to prevent easy access to content created using these applications, by changing the data format. Consider MS-Word’s proprietary data format and the ever continuing attempts to read data in such format. However, the emphasis on signed trusted software applications ensure that it might just be impossible to open such documents in a Palladium enabled setup. As of now, Palladium is an opt-in feature, but with other MSFT technologies it is not far off that to ensure proper functioning of the computer, Palladium would be mandatory to be turned on.
Ross Anderson’s FAQ sums it up when he outlines possible scenarios for abuse of the TCPA
One of the worries is censorship. TCPA was designed from the start to support the centralized revocation of pirate bits. Pirate software will be spotted and disabled by Fritz [the on-board chip] when you try to load it, but what about pirated songs or videos? And how could you transfer a song or video that you own from one PC to another, unless you can revoke it on the first machine? The proposed solution is that an application enabled for TCPA, such as a media player or word processor, will have its security policy administered remotely by a server, which will maintain a hot list of bad files. This will be downloaded from time to time and used to screen all files that the application opens. Files can be revoked by content, by the serial number of the application that created them, and by a number of other criteria. The proposed use for this is that if everyone in China uses the same copy of Office, you do not just stop this copy running on any machine that is TCPA-compliant; that would just motivate the Chinese to use normal PCs instead of TCPA PCs in order to escape revocation. So you also cause every TCPA-compliant PC in the world to refuse to read files that have been created using this pirate program.
This is bad enough, but the potential for abuse extends far beyond commercial bullying and economic warfare into political censorship. . . .
But now, TCPA and Palladium have placed at risk the priceless inheritance that Gutenberg left us. Electronic books, once published, will be vulnerable; the courts can order them to be unpublished and the TCPA infrastructure will do the dirty work. . . .
So after the Soviet Union’s attempts to register and control all typewriters and fax machines, TCPA attempts to register and control all computers. The implications for liberty, democracy and justice are worrying.”
Ross further opines that :
TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed. The GPL is designed to prevent the fruits of communal voluntary labour being hijacked by private companies for profit. Anyone can use and modify software distributed under this licence, but if you distribute a modified copy, you must make it available to the world, together with the source code so that other people can make subsequent modifications of their own.
You will still be free to make modifications to the modified code, but you won’tbe able to get a certificate that gets you into the TCPA system. Something similar happens with the linux supplied by Sony for the Playstation 2; the console’s copy protection mechanisms prevent you from running an altered binary, and from using a number of the hardware features. Even if a philanthropist does a not-for-profit secure GNU/linux, the resulting product would not really be a GPL version of a TCPA operating system, but a proprietary operating system that the philanthropist could give away free. (There is still the question of who would pay for the user certificates.)
People believed that the GPL made it impossible for a company to come along and steal code that was the result of community effort. This helped make people willing to give up their spare time to write free software for the communal benefit. But TCPA changes that. Once the majority of PCs on the market are TCPA-enabled, the GPL won’t work as intended. The benefit for Microsoft is not that this will destroy free software directly. The point is this: once people realise that even GPL’led software can be hijacked for commercial purposes, idealistic young programmers will be much less motivated to write free software.
Thus in conclusion, given that it aims at revoking the fundamental freedom – the freedom of expression and the freedom to impart knowledge, it is imperative that a concerted movement based on advocacy and awareness is created. A system that has within its power to upset the economic balance of many society as well as constricting the computing power to a chosen few, the TCPA and Palladium system does provide more power to abuse the immense possibilities thrown up by them.
Where is the notion of ‘trust’ if the computing platform decides for the enduser which application does not breach its level of security ?