Welcome to the 13th edition of the JW Secure Informer, our bi-monthly newsletter. This is an opportunity to share what’s on our radar, specifically with respect to enterprise network security, but also regarding IT and business more generally.
The Informer is intended to be useful content and good for a quick read. So if it’s just clutter in your inbox, we’ve failed, and I hope you’ll let us know.
What is it about networked computers that allow them to be so easily hacked? A weakness that is frequently exploited by malware writers involves the conversion of web content, attractively displayed for the casual user, into a set of instructions that undermines the browser.
Why is it easy for our computer tools to be repurposed against us? John von Neumann invented general purpose computers by putting both data and code on the same memory bus. This was an advance over earlier designs but it opened the door for malware: malicious code can be inserted into an area of the computer memory used for data storage and the computer can then be fooled into running that malware. From the moment that a document becomes an unwanted source of computer instructions, all data that is accessible by the computer is also accessible by the malware.
Generally, blocking malware from execution has proven to be difficult to achieve. However, this article will explain one method that uses a hardware-protected part of the computer to hold secret cryptographic material that can tell us when the computer has been successfully contaminated by malware.
Many PCs are fitted with a Trusted Platform Module (TPM) that enables a cryptographic statement to be made about the security disposition of the computer. That statement can be transmitted to a remote server (“remote attestation”) in order to assure that the computer can be relied on to faithfully keep secrets such as our identity or credit card numbers. The value of remote attestation is hard to overstate since it blocks much of the value that malware writers earn for their efforts. If users quickly learn that their computers have been compromised, and they are blocked from performing valuable transactions until the computer is fixed, the window of opportunity for the malware writer to take advantage of the compromised computer will narrow.
This brings us back to a question that we have asked before in this column: how can security be made usable enough that users will consider it to be an ally rather than an annoying obstacle? In the case of the TPM, two new developments are converging. In most cases the owners of those computers neither have the time, expertise, nor desire to get the same security level that is enjoyed by employees in large, security-minded enterprises. But soon the Trusted Computer Group will be publishing a new standard implementation of a TPM on a thin hardware layer like the ARM Trust Zone which has been shipping in smart phones for several years. At the same time we expect to see the release of Windows 8 on ARM and X86 architectures with a requirement for TPM support. These two coming events will bring the possibility of simplified provisioning of the TPM even for consumer services.
JW Secure has been building support systems for TPM use with data protection for several years and now is working on a simplified method that will allow users to pick up a computer at their local superstore and securely provision it anywhere. Let us build a deployment system for your employees, partners, and customers that will allow you to reduce fraud and maintain compliance.
The following sites describe more about the capabilities of the TPM, its use, and the increasing number of devices supporting it.