INT: Today we're talking with Steven Sprague, one of the original founders of the Trusted Computing

Group, A nonprofit formed to develop open standards for hardware enabled trusted computing and security
technologies. Stephen is a longtime advocate of securing PC platforms via hardware chips. Hello, Steven.
Steven Sprague: Hello.
INT: How are you doing today?
Steven Sprague: I'm doing very well. Thank you for having me on.
INT: Hi, we're glad to have you. So briefly, what is the trusted platform module or TPM hardware security
сhip.
Steven Sprague: So the trusted platform module is a new hardware chip in your PC. It's now shipping in
most enterprise PC platforms, so business computers versus consumer computers. And it's a hardware chip
that stores securely credentials and keys that can be used for both protecting data and strong authentication
to the network. So this is a chip that will ultimately help us as users. Because it will eliminate the need for us
to have user ID and password to access all services.
INT: How is it going to remove the need for user ID's and passwords for a great deal of services?
Steven Sprague: So this is actually a technology that we as consumers are very familiar with in other
devices. If, for example, you imagine your cell phone every time you drive by a cell tower, you don't have to
log on to that cell tower.And that's done because inside the cell phone, there's a chip that manages the
identity of that phone to the network. What the trusted platform module provides is a similar type of
container, but that can be used really by any service provider to allow the machine to authenticate to the
network. So in the future, what will happen is you as a user authenticate to your machine, and then the
machine keeps track of the 2000 different places that you'd like to be a subscriber on the network. Weather
for free, where they're access to your e-mail or even for paid services.
INT: When I think of removing the need for user ID's and passwords clearly I guess there's an advantage for
the network that you're connecting to. But how does the chip make your laptop or computer that's
connecting to the network more secure?
Steven Sprague: Well, because what happens is a service provider like let's say my administrator for my e-
mail system can ask my computer to generate a unique secret key inside the trusted platform module. Now
the user could delete that key, but it's impossible for the user to migrate that key away from that single
trusted platform module to either another machine or for hacker software to steal that unique secret key from
that chip. And so in that way, when that computer connects to the e-mail server, it's able to establish that I
am the machine that has this secret key, and I can prove.With the trusted platform module, that that's that
unique machine and there's no way for malicious software to reach in and extract that identity information
from the computer. And I can have a different secret key for every different service I belong to. So it's not
about a single identity, it's about having many different identities to the different services that I have
relationships with.
INT: and what types of threats as far as I guess plain speaking, end result type of threats? Does this prevent
whether it's someone got my personal private information off my laptop, or someone took control of my
computer, or something like this? What's a list of things that this chip would help prevent that aren't
completely preventable without it today?
Steven Sprague: Well, So what a trusted platform module does is it eliminates the support or the the
reliance on a consumer known user ID and password. If you tell me your user ID and password to your visa
account, I can log on from any computer.Anywhere in the world, if that visa account has done a key
exchange with a trusted platform module, then I know that Steven Sprague is a user has provided a PIN
number to release the use of that trusted platform module to log me on to my visa account. So you would
have to know two things, my pin number and you'd have to have physical possession of my machine and it's
the reliance on those two different factors of authentication that make for a very strong authentication
session and having this as a standard capability in every new PC means that ultimately a bank or you know
an enterprise can rely on the fact that ultimately every user will have this same capability so they can build
one system that will support universal strong authentication across all machines in the network.
INT: And how close are we getting toward that goal of having this type of chip on literally every PC is is
there any kind of? Timeline where we might expect it to be on most PC's that are produced and shipped in
the United States or in the world, or any type of numbers like that or or predictions.
Steven Sprague: So IDC has done some reports and forecasts. Last year, the PC industry shipped about 50
million laptops and desktops with trusted platform modules. Volumes are expected to be around 100 million
units this year and I think we'll see the beginning of adoption in the consumer market in 2008. So we're
really probably two years away still from every single new computer having a trusted platform module. But
in 2007, it's every new business computer.
INT: And who are the major names we know, public and private, that are organizationally behind this
platform and pushing for it?
Steven Sprague: So this is a technology that has been standardized by quite a few companies. There are
about 150 companies that are part of the Trusted computing group and they include all the major names.
Microsoft, Intel, Dell, Seagate, a number of the other very large brand companies, but the technology has
now been adopted by all of the major PC manufacturers. So all the business machines built by Lenovo, Dell,
HP, Acer, Fujitsu, Toshiba, etc have trusted platform modules, if not across all of their business machines.
They're very close to being across all of their business Machines.
INT: and what else can you tell me about the chips efficacy on network access control end of things?
Steven Sprague: We actually just demonstrated with both Microsoft and Juniper the use of the trusted
platform module as part of network access control solutions. Network Access Control is not only identifying
the machine to the network, but also. Looking inside the machine to make sure that the software applications
that are on a connected computer are healthy. For example, have I run my antivirus in the last 24 hours? Has
someone changed the critical application. And the trusted platform module is used to store and sign the
measurements that are taken on the clients machine. And those measurements are then used to make policy
decisions for example if the machine has not had any antivirus run in the last 24 hours then it is not allowed
on the local computer will have to go run antivirus before it is allowed. The trusted platform module really
plays two roles there one is strong machine authentication how do I know which machines are connected
and providing Integrity on these measurements that are made. So that I can ensure that the health certificate
that's generated cannot be altered before it's reported to the network? So in essence, I can't replay a health
certificate, so it brings the security to the ---- solutions or network access control solutions.

INT: What emerging security threats, if any, are there that the chip may not help to prevent?

Steven Sprague: So a trusted platform module is a passive device, not an active device. So it doesn't, for
example, reach out and interrogate my machine. It stores the measurements for another software application
that interrogates my machine. So a trusted platform module is not useful in the form of did my machine get a
virus? However, it is very useful in that if antivirus software runs, can I prove that antivirus software
actually ran? So it is a component in the overall security solution. It doesn't fix all the problems. However, if
you look at a network and realize that only, for example, wave computers are on the wave network, then that
has a dramatic reduction of the threats that come into my network. Because in order to gain access to my
servers, you'd have to first steal one of my machines. Usually an employee will notice if the machine's gone
missing for any length of time.
Steven Sprague: Mm hmm. And I'm curious, one of the biggest threats that's gotten coverage in the last year
has been rootkits. And one of the problems with that has been its ability to hide the fact that it has made
changes to the system so that a lot of removal tools might not even be able to detect the problem, let alone
remove it. Is there some way that chip can aid in preventing or detecting the kind of changes that a rootkit or
similar malware would affect?

Steven Sprague: So in most cases, the answer is yes. A trusted platform module is because it's part of the
motherboard and it's part of the hardware image of the machine. It is capable of measuring the original bios
state so that I can what's called bootstrap a machine. I can check the bios before the computer boots, make
sure that it hasn't been altered. Then I can go through and continue a series of verifications as the machine
boots through its process so that ultimately the pre operating system environment in a computer can hand to.
To the operating system a good image. And this plays a very important role in ensuring that ----- haven't
altered the system. I will say that setting up those policies is something that still is quite complex in the
network. So the trusted platform module plays an important role in that. But I would say it's very early stage
in your ability to deploy that broadly within the enterprise for the purposes of detecting ----. Certainly the
ability to do that will become more capable as Vista rolls out and as some of the aspects of Windows 2008
server rollout, the parts necessary to do the previous verification are built into Vista today.

INT: So what are some unique applications that are actually going on in the market today with this chip?

Steven Sprague: So there are a number of things that I can do with the trusted platform module right out of
the box. For example, wave supplies, the software that ships on all of the Doll machines. There's similar
software that ships on Lenovo and HP machines. Those tools provide all of the capabilities necessary to do
strong authentication, either for remote access through a virtual private network or VPN, as well as any
interaction with an 8 to 1 type security infrastructure. In general, if an enterprise is using certificates in any
part of their network, those certificates can very easily be altered to leverage the trusted platform module to
hold the keys and all the software necessary to do that. Ships in the box. And so really, with a few lines of
code, I can take someone who's doing a certificate based virtual private network using Cisco VPN
Concentrators and use the trusted platform module to hold the key and really dramatically improve the
security of the network because the keys just became very tamper resistant within the device. So that whole
authentication area is a very important area. I think the other thing that would be interesting to touch on here
is that as part of the trusted computing group, we have a storage working group which is focused on actually
the security as part of disk drives and other storage devices. And that effort's been very broadly led by
Seagate, and they've actually just produced their first full disk encrypting hard drive, which does a very
effective job of data protection. In the case of I lost my laptop, how do I fully protect the data on the hard
drive? So you actually, with the trusted computing group solutions, have effective solutions for strong
authentication, both of the user and of the machine, as well as very effective solutions in data protection. So
you now can establish a standards based deployment of security within the enterprise.

INT: What challenges remain to cheap enabled security?

Steven Sprague: Well, I think the biggest challenge right now in this market is the awareness that the vast
majority of new PCs you're buying have trusted platform modules in them. So first step is awareness.
Second step is turning on the trusted platform module. So in many aspects, I would say the biggest challenge
we have today is that when we walk into an enterprise who says, Great, I have all these trusted platform
modules, how do I turn them on? You actually really want to take ownership of the trusted platform module
and give it enterprise keys before you give the PC to the end user. And that's been a interesting challenge in
just understanding that the PC plays an important role in access control and data protection as opposed to it's
just a generic device. And in many cases most corporations do more work about issuing you a badge to get
in the company than they do in issuing you a PC. And many of the things that go on in badging, Who are
you? Are you an employee? What's your employee number? Go down to the little room on Wednesday
between one and five and get your photo taken. Many of those types of protocols are going to be necessary
around the actual deployment of a laptop. Is this a corporate laptop? Has it been authorized to be on the
network? Who is responsible for it? Those things become part of issuing a new machine. So there are some
challenges in the deploying of this technology, but it really is very compatible with the existing
infrastructure corporations have and a very effective solution at enhancing the security at a low price.
INT: Okay. Thank you for speaking with us today, Stephen. If you would like to learn more about the TPM
hardware security chip serve to w w w dot trusted computing group dot org.