Trusted Computing Group - Trusted Platform Module (TPM) Summary

http://www.trustedcomputinggroup.org/resources/trusted_platform_mod...

Print Share

Trusted Platform Module (TPM) Summary

Add to Briefcase TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or encryption keys. A TPM can also e used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensurin! that the platform can pro"e that it is what it claims to e) and attestation (a process helpin! to pro"e that a platform is trustworthy and has not een reached) are necessary steps to ensure safer computin! in all en"ironments. Trusted modules can e used in computin! de"ices other than PCs, such as mo ile phones or network e#uipment. Picture $% Components of a TPM

The nature of hardware& ased crypto!raphy ensures that the information stored in hardware is etter protected from e'ternal software attacks. A "ariety of applications storin! secrets on a TPM can e de"eloped. These applications make it much harder to access information on computin! de"ices without proper authori(ation (e.!., if the de"ice was stolen). )f the confi!uration of the platform has chan!ed as a result of unauthori(ed acti"ities, access to data and secrets can e denied and sealed off usin! these applications. *owe"er, it is important to understand that TPM cannot control the software that is runnin! on a PC. TPM can store pre&run time confi!uration parameters, ut it is other applications that determine and implement policies associated with this information. Processes that need to secure secrets, such as di!ital si!nin!, can e made more secure with a TPM. And mission critical applications re#uirin! !reater security, such as secure email or secure document mana!ement, can offer a !reater le"el of protection when usin! a TPM. +or e'ample, if at oot time it is determined that a PC is not trustworthy ecause of une'pected chan!es in confi!uration, access to hi!hly secure applications can e locked until the issue is remedied (if a policy has een set up that re#uires such action). ,ith a TPM, one can e more certain that artifacts necessary to si!n secure email messa!es ha"e not een affected y software attacks. And, with the use of remote attestation, other platforms in the trusted network can make a determination, to which e'tent they can trust information from another PC. Attestation or any other TPM functions do not transmit personal information of the user of the platform. These capa ilities can impro"e security in many areas of computin!, includin! e&commerce, citi(en& to&!o"ernment applications, online ankin!, confidential !o"ernment communications and many other

1 of 2

5/28/2013 9:27 AM

Trusted Computing Group - Trusted Platform Module (TPM) Summary

http://www.trustedcomputinggroup.org/resources/trusted_platform_mod...

fields where !reater security is re#uired. *ardware& ased security can impro"e protection for 6P., wireless networks, file encryption (as in Microsoft7s Bit-ocker) and password8P).8credentials7 mana!ement. TPM specification is 9S&a!nostic, and software stacks e'ist for se"eral 9peratin! Systems. TPMs (current "ersion is $.1) use the followin! crypto!raphic al!orithms% 5SA, S*A$, and *MAC. The Trusted Computin! 4roup (TC4) is an international de facto standards ody of appro'imately $12 companies en!a!ed in creatin! specifications that define PC TPMs, trusted modules for other de"ices, trusted infrastructure re#uirements, AP)s and protocols necessary to operate a trusted en"ironment. After specifications are completed, they are released to the technolo!y community and can e downloaded from the TC4 ,e Site. ,ithout standard security procedures and shared specifications, it is not possi le for components of the trusted en"ironment to interoperate, and trusted computin! applications cannot e implemented to work on all platforms. A proprietary solution cannot ensure !lo al interopera ility and is not capa le of pro"idin! a compara le le"el of assurance due to more limited access to crypto!raphic and security e'pertise and reduced a"aila ility for a ri!orous re"iew process. +rom the point of "iew of crypto!raphy, for interopera ility with the other elements of the platform, other platforms, and infrastructure, it is necessary for trusted modules to e a le to use the same crypto!raphic al!orithms, Althou!h standard pu lished al!orithms may ha"e weaknesses, these al!orithms are thorou!hly tested and are !radually replaced or impro"ed when "ulnera ilities are disco"ered. This is not true in the case of proprietary al!orithms. Accordin! to market research reports, o"er $22 million randed PCs and laptops with TPMs were sold in 122:. Ser"er produces are e!innin! to ship, and a "ariety of applications ased on TPM, such as secure email or file encryption, ha"e een implemented usin! TC4 specifications. Trusted .etwork Connect (T.C) products that use TC4 principles to enhance the security of communications are shippin!, too. ;raft specifications for stora!e (for hard dri"es) and mo ile trusted modules (for mo ile telephones) ha"e een released. ,hite Paper A"aila le for ;ownload% Trusted Platfrom Module (TPM) Summary *ome -e!al .otices Contact /s Pri"acy Policy 0 12$3 Trusted Computin! 4roup. All 5i!hts 5eser"ed.

2 of 2

5/28/2013 9:27 AM