Rant of the Week (ROTW): Trusted vs. Trustworthy

A common theme in computer security is "trust" -- and the implication that trust is equal to security is prevalent in quite a bit of literature and propaganda.  Although Wikipedia isn't the greatest source, it does provide some insight into popular beliefs, and makes for a good vehicle for this discussion.  Consider the article on the Trusted Platform Module, which starts with:

In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security Device"

So what? Follow the links, and we get a little closer to some understanding:

A secure cryptoprocessor is a dedicated computer on a chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance.

And there is the key: tamper resistance. Security is a much-bandied word in the computing field, but the notion that just because something is trusted it is secure is ridiculous. But there is also a subtle distinction between tamper resistance and tamper proof. My view is that you need to be tamper proof to be secure in the physical attack model, and tamper resistance just gets you security against amateur hackers.  Unfortunately, it is prohibitively expensive to manufacture tamper proof electronics, and even worse is that tamper proofing the system only gives you physical security--you still need a trustworthy system underneath the tamper proof layer.  That said, the TPM provides a very good approach to building security, but it is not perfect.

Assuming the TPM is trustworthy, one useful application of the TPM is to get a trusted boot, which provides a good basis for building secure systems.  However, without tamper proofing the TPM, there is no guarantee that a sophisticated attacker won't be able to circumvent the security mechanisms.  An example of this is the Reset attack, demonstrated against an early version of the TPM specification.  These types of attacks show that even if the module is "trusted", it can still be manipulated to violate the security benefits of its use.  This applies even if the module is trustworthy, because these attacks manipulate the system interface to the module itself, which could also be a threat with a tamper proof system.

Some technical but approachable blog articles have been written over at the Invisible Things lab that address trusted technology and trusted boot, with an eye to the practical:

• ITL: Attacking Intel TXT
• ITL: Microsoft Bitlocker and Trusted Boot

The moral of the story is that trusted does not imply trustworthy, and that security is more complicated than trust alone.