Collegian Venues - your weekend starts here
  Collegian Chronicles



Get a deal with Daily Collegian Coupon Corner
 
  The Digital Collegian - Published independently by students at Penn State
SCIHEALTH
[ Tuesday, Feb. 25, 2003 ]

Technology advancement could affect computer use
The Trusted Computing Alliance has created a new security standard that could restrict the use of certain programs.

By Marc Friedenberg email
Collegian Staff Writer

Controversial technologies developed by the Trusted Computing Platform Alliance (TCPA) may have a dramatic effect on the way Penn State students interact with their computers.

The alliance, formed by Compaq, Hewlett-Packard, IBM, Intel and Microsoft, provides trust and integrity for different components of the PC, said Andy Trotter, technical marketing manager for worldwide client security at IBM. TCPA provides a hardware basis for security, he said, which ensures that what is there is meant to be there and is running as intended.

Kathy Kimball, director of security operations and services for Information Technology Services, said Penn State has not yet determined how or even whether TCPA will be used on campus. "We're just watching events until something more concrete occurs and it works itself out," she said.

TCPA-compliant systems require a chip, commonly called Fritz, and a software driver in order for the security to function properly. The security standard can be used in a large number of devices, including PCs, PDAs, and cell phones.

Trotter said TCPA exists to answer questions such as, "How do you know that anti-virus update really came from Norton?" Currently, it is very difficult to verify who has written a piece of software, and hackers can use this to exploit computer systems, he said.

The TCPA has grown to include 190 companies, including nearly every major hardware and software company, Trotter said.

The security principles used in TCPA have been around for a long time, Trotter said. What makes it significant now is that the technologies are being put together into a TCPA specification that mirrors the evolution of the PC itself.

The technology works by securing all parts of the machine from the moment it is turned on and then monitoring applications and documents. Palladium, a related software technology, is Microsoft's attempt to secure the operating system running on the machine.

Trotter said that although TCPA is not an encryption engine, it does have other features that can allow only authorized users to access systems. Biometric systems, such as fingerprint and retina scanners, could take advantage of TCPA capabilities. IBM sells a chip that would allow biometrics to be used to add a digital signature to e-mail. Biometrics could also be used to log onto a system, unlock a screen saver, or store passwords for Web sites.

The core of the TCPA system is the Fritz chip.

Ross Anderson, a computer security expert at the University of Cambridge, said the Fritz chip monitors, reports and verifies TCPA-approved hardware and software when you turn on your machine. Once this process is complete, it reads data sent by content providers that allow media to be played.

The chip is named after Sen. Fritz Hollings of South Carolina, a staunch TCPA supporter.

Many students may already be familiar with a feature in Windows XP that uses a TCPA-like technique: If a computer's configuration is changed beyond a certain threshold, the machine must be re-registered with Microsoft.

There are already three million systems shipped in industries such as healthcare and pharmaceuticals, but that doesn't mean that TCPA is fully implemented there. Not all software applications are designed to use TCPA's capabilities.

The TCPA specification was first published in January 2001. Fritz chips have been available in IBM Thinkpads since last May. Palladium, the operating system security layer, has not yet been released.

Nobody doubts that TCPA is a weak technology.

"It is effective. TCPA can do the things it wants to do," said Peng Liu, assistant professor of information sciences and technology.

It is not impenetrable, however. Depending on how technically proficient a user is, it is possible go around the Fritz chip by installing another chip which sends messages to the processor. Expensive tools and hardware would be necessary to do this, Liu said.

Many computer experts and Penn State students feel that TCPA may violate users' civil liberties.

"People aren't going to put up with that kind of spyware and censorship, or anything else that limits their abilities to do what they previously did," said Brian Feldman (sophomore-nuclear and mechanical engineering).

Students don't want it unless they are forced. Sooner or later they may have to use a computer with Fritz Liu said, since they will only be able to download certain files if the chip is present.

Still, TCPA will be very transparent to most users, he said, meaning that in most situations they won't even realize the chip is there.

It is unlikely that computer companies will be able to utilize TCPA as a way to stifle competition since the specifications are freely available on the alliance's Web site, www.trustedpc.org. Liu said that although there will be different producers and different chips, they will all use the same standard.

Once Fritz chips are produced in volume, there will be no noticeable incremental cost to end-users, said Trotter of IBM. Eventually, it will be something you have to have, he added.

It is not possible to add a Fritz chip to a system that has already been purchased. Computers without chips will still be able to talk to those that do, Trotter said, although there will be a discrepancy in security between the two sides.

He said that the level of security TCPA provides can be determined by system users and administrators. For example, a university could create a security architecture that meets its needs and enforce it on campus. The chips are shipped in disabled mode and can only be turned on by end users.

Some aren't so confident about TCPA being a pro-consumer technology. Anderson fears that one day it may be used as a digital rights management (DRM) tool that would control the use of movies and music, although experts still debate this.

"Based on the architecture, I think the chip can really do digital rights management," Liu said. He gave the example of using TCPA to stop users from playing mp3s.

The industry maintains that the capabilities really aren't there to have DRM, Trotter said.

Other questions surround TCPA, including how it might be used by the government to access computers.

"It's a political issue. The chip knows you -- which applications you run, which documents you open, and which songs you listen to. It's a virtual monitor." Liu said that with minor modifications, the Fritz chip can be modified to send this information over the Internet.

The federal government is already embracing TCPA, Liu said, requiring it to be used in some departments to maintain confidentiality.

Consumers will soon learn lots more about TCPA. Trotter said IBM expects that it will be "adopted by all OEMs [original equipment manufacturers such as Dell and Gateway] in the near future."

Even with all of its capabilities, TCPA is not a computer security cure-all. "System vulnerabilities, denial of service attacks, and viruses will still be there. TCPA is more about control," Liu said.

 

Send an Opinion Letter to the Editor about this article.


   





     

TOP  HOME
News  Sports  Opinions  Arts  Venues  Special  Classifieds 
Blogs  About  Contact Us  Back Issues  Advertising 

Copyright © 2009 Collegian Inc.
Updated: Monday, August 23, 2004  10:10:32 AM  -4
Requested: Sunday, July 05, 2009  4:53:23 PM  -4
Created: Wednesday, May 07, 2008  6:40:56 PM  -4