Stanford Center for Internet and Society

On March 28, 2005, I will give a talk on the legal and policy implications of trusted computing at the Center for Internet and Society at Stanford Law School. More information can be found here.

In October 2004, Seth Schoen from the EFF published comments on a still-unpublished draft by the TCG Best Practices Committee called "Design, Implementation, and Usage Principles". And although the TCG paper is not publicly available, the 23 pages of EFF comments are well worth reading.I just want to comment on two issues raised by the EFF:

• On pages 4-5, the comments correctly point out the problem that a principle according to which TCG should avoid the introduction of artificial barriers to interoperability is weak as there is no consensus about what an "artificial" barrier is. In general, I agree that most (if not all) "Best Practices" and legal approaches based on terms such as "artifical", "unduly", "reasonable", "unjustified" enable companies to hide their real preferences behind nice words (the U.S. Microsoft consent decree can also be criticized for this, see here under #4). However, what I miss a little bit in the EFF comments is the remark that, probably, no perfect solution to the remote attestation problem exist. From my understanding, all technical solutions that have been proposed so far have their own problems: they either limit the functionality of a TC platform, are too costly to implement, work only for a certain subset of computer software etc. As long as no perfect solution exists, the real challenge is to compare to pros and cons of all technical, legal and business practice solutions and to decide which, given that there is no perfect solution, is the second-best way to go. I haven't seen a lot of work done on this comparison.
  

Ahmad-Reza Sadeghi and Christian Stüble have recently published a
paper that builds, in some regards, upon an earlier paper by Klaus Kursawe and Christian Stüble. In this new paper, the authors want to achieve something similar as Vivek Haldar et. al. in their paper on semantic remote attestation: enabling remote attestation without revealing the detailed system configuration to the remote challenger.However, the solutions Ahmad-Reza Sadeghi and Christian Stüble offer differ from the semantic remote attestation proposal: they propose various "property-based" attestation mechanisms which translate demanded properties into concrete platform configurations and vice versa. To achieve this goal, they propose to use trusted third parties, certificates, group signatures, zero-knowledge proofs and commitments in various hardware- or software-based combinations. (They also update the earlier proposal by Klaus Kursawe and Christian Stüble on page 8.) While this is complex stuff, it still seems that the property-based remote attestation proposal can be implemented more easily and for a wider scale of applications than the semantic remote attestation proposal.

So I am slowly catching up with the TC debate (more to come soon). Last May, Vivek Haldar gave a very interesting presentation at the 3rd USENIX Virtual Machine Research & Technology Symposium. In the related paper, he and his co-authors propose an approach which they call "semantic remote attestation". The high-level idea is to have a remote attestation mechanism that is not based on the identity of a particular software program, but on its behavior. In the end, the goal of remote attestation is (or should) not be to know what particular software program is running on a remote platform, but whether the program behaves in malicious ways or not. In order to separate program behavior attestation from program identity attestation, the authors introduce a trusted virtual machine that can attest various properties of a local software program to a remote challenger without necessarily revealing the identity of the software program.

Over the last few months, I have been very busy with other projects, and so I couldn't follow the TC discussions very closely. But I hope this will change over the next few weeks. I have already added some more citations to the list of TC-related literature below. Until I have more time to comment on these issues, I just wanted to mention some interesting developments that occurred over the last few months:

• Seth Schoen has proposed to use "hard-to-verify signatures" to overcome some of the policy problems related to remote attestation. This proposal may have its own drawbacks, but it is definitely interesting to read the discussions over at Seth's blog (here, here, here and here) as well as the comments by Unlimited Freedom over here and the discussion thread on the cryptography mailing list.
  

Together with Professor Pamela Samuelson from Berkeley and some colleagues from Germany and the U.K., I am currently co-organizing a large conference on digital rights management, alternative compensation systems, and trusted computing. The bi-lingual conference will be held in Berlin, Germany, on January 13 & 14, 2005. For the trusted computing panel, we have speakers such as Graeme Proudler (Chair, Technical Committee, TCG), Thomas Rosteck (Infineon), Ahmad-Rez-Sadeghi (University of Bochum) and Seth Schoen (EFF). More information (including registration information) may be found over

After some public and non-public hearings held last year in Germany, the German government, more particular the German ministries of the Interior and of Economics, has released some "comments" on TCG and NGSCB. While a German version has been floating around for some time, I have now found an English version over here. The document is rather interesting to read, as it includes both technology- and policy-related demands to TCG and NGSCB.Of course, you cannot expect an official Government position paper to go into every detail and call for extreme changes in the trusted computing architecture. Furthermore, some of the comments are of a rather general nature. Yet, others are interesting. The paper covers both TCG and NGSCB, although the NGSCB section is much shorter. As the exact future of NGSCB is currently unclear , I will focus on the comments the German government makes on TCG:

After first rumors have appeared that Microsoft is cancelling NGSCB, the official story currently seams to be that Microsoft is reworking substantial parts of NGSCB. Microsoft has moved all its official NGSCB information into an archive. For some information on how the story developed, see here. As no one seems to know any details, let's wait until Microsoft releases some more bits of information.

An anonymous blogger has posted a very interesting list of potential areas where TC might be helpful. While I agree with most of the text, I just want to raise an additional issue:Most of the examples the blogger lists are examples where TC is used to increase trust in communications networks. If you look at what kind of partners have to trust each other in a communications network, there are basically three categories:

1. A service provider wants to trust individual users of his service.
2. A service provider wants to trust other service providers.
3. An individual user wants to trust a service provider.

In the blogger's list, online elections, multi-player games, financial transactions, and VPNs, e.g., are examples for category 1. Anonymous remailers are examples for category 2. Online gambling and online shopping privacy are examples for category 3.

I am sorry for all the comment spam that floods my (and other) blogs. However, this problem will be solved in a few weeks with an update of Movable Type at the CIS. I am deleting some of the most embarrassing spam, but I don't have the time to do this for all of the spam. So stay tuned and look forward to a comment-spam-free blog world.