D14.3: Study on the Suitability of Trusted Computing to support Privacy in Business Processes: Future of IDentity in the Information Society

You are here: Resources > FIDIS Deliverables > Privacy and legal-social content > D14.3: Study on the Suitability of Trusted Computing to support Privacy in Business Processes >

Resources

Identity Use Cases & Scenarios.
FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
  - D13.1: Identity and impact of privacy enhancing technologie.
  - D13.1 Addendum: Identity and impact of privacy enhancing technologies.
  - D13.3: Study on ID number policies.
  - D13.6 Privacy modelling and identity.
  - D13.7: Workshop Privacy.
  - D14.1: Workshop on Privacy in Business Processes.
  - D14.2: Study on Privacy in Business Processes by Identity Management.
  - D14.3: Study on the Suitability of Trusted Computing to support Privacy in Business Processes.
  - D14.4: Workshop on “From Data Economy to Secure.
  - D16.3: Towards requirements for privacy-friendly identity management in eGovernment.
- Mobility and Identity.
- Other.
IDIS Journal.
FIDIS Interactive.
Press & Events.
In-House Journal.
Booklets
Identity in a Networked World.
Identity R/Evolution.

Title:
ARCHITECTURE OF TRUSTED COMPUTING BY THE TCG

Architecture of Trusted Computing by the TCG

The main components of the TCG proposal are the hardware component Trusted Platform Module (TPM), a kind of (protected) pre-BIOS called the Core Root of Trust for Measurement (CRTM), and a supporting software called TCG Software Stack (TSS) which performs various functions like communicating with the rest of the platform or with other platforms.

The TPM Specification is the main part of the TCG Specifications. It defines all platform independent aspects and functions that must be provided by a trusted platform. All system specific aspects have been sourced out to system specific documents like the PC Specific Specification.

The TPM provides an RSA key generation algorithm, cryptographic functions like RSA encryption and decryption, a secure random number generator (RNG), non-volatile tamper-resistant storage, and the hash function SHA-13.

The TCG Specification does not prescribe that TPM devices have to be implemented in hardware but to provide the degree of security arrogated by the TCG Specifications with a purely software implementation may be an infeasible task. Thus most TPM implementations are in hardware.

Hardware TPM devices can be compared to integrated smartcards containing a CPU, some memory, and special applications. The assumption is that the chip is tamper-evident and mounted on (or integrated in) the motherboard such that removal is evident to visual inspection. The main chip contains a special security controller with some internal, non-volatile ROM for the firmware, non-volatile EEPROM for the data and RAM. Furthermore, it contains a cryptographic engine for accelerating RSA encryption and decryption processes, a hash accelerator and a random number generator that is needed to generate secure cryptographic keys. The shows the main components of the chip.

Figure Architecture of the TPM.

A TPM contains a Root of Trust of Storage (RTS) which protects data and keys entrusted to the TPM. The RTS manages a small amount of volatile storage inside the TPM device that is used to hold currently used keys (key slots). Unused keys may be encrypted with a storage key and moved off the TPM chip, e.g., to a hard disk drive. The storage key might be encrypted with another storage key which leads to a key hierarchy with the Storage Root Key (SRK) being the root. The key slots of the TPM are managed by a trusted service outside the TPM which is called Key Cache Manager (KCM).

15 / 39