| |
|
The Fritz-chip and everything that has to do with it has been extensively opposed by many people. Fritz might be used to secure the program from the user, and not the other way around. It might also be used to enhance the monopoly of the largest computer companies, as Fritz could be made to make it impossible to reverse engineer the files that certain programs use, and thus sealing off competitors. Some people goes as far as saying that this is the end of alternatives. See [1].
The Fritz-chip is meant to be mounted at the motherboard in the first phase. It is supposed to merge with the CPU later on.
TC is a acronym used by IBM, Microsoft and the Free Software Foundation. IBM translates TC to Trusted Computing, Microsoft calls it Trustworthy Computing and the Free Software Foundation calls it Treacherous Computing. TC is the acronym used by the TCPA to describe the NGSCB-platform.
The initial version of TC had Fritz supervising the boot process, so that the PC ended up in a predictable state, with known hardware and software. The current version has Fritz as a passive monitoring component that stores the hash of the machine state on start-up. This hash is computed using details of the hardware (audio card, video card, etc.) and the software (O/S, drivers, etc.). If the machine ends up in the approved state, Fritz will make available to the operating system the cryptographic keys needed to decrypt trusted applications and data. If it ends up in the wrong state, the hash will be wrong and Fritz won't release the right key. The machine may still be able to run non-trusted applications and access non-trusted data, but protected material will be unavailable.
The Longhorn operating system from Microsoft is probably going to support Fritz. The "specialized software" that will enable compability with Fritz is code-named Nexus. In Longhorn, Nexus will be the last of the authorized software in the chain of trust. Nexus will then let other programs get access to the secure enviroment that Fritz enables. Such programs will be called "Nexus Aware". Such programs will be nearly impossible to debug or modify. Nexus is going to be open source, so that people can trust that Microsoft doesn't have any backdoors in the software. Some say that the only reason why Microsoft had decided to make Nexus open source is because most countries' laws say it has to be.
There is also a project to make Linux compatible with Fritz.
Chain of Trust
When the computer starts, Fritz will wake up and check if BIOS is unmodified since the last time. If it is, it will transfer control to it. If it is not, it will probably warn the user before it disables itself. BIOS then loads the bootloader, and asks Fritz to check if it is unchanged since last time. The bootloader then loads the operating system, and asks Fritz to check if it is unchanged, and so on. Fritz simply makes it possible to build a chain of trust. It is important to note that the user probably will be able to configure Fritz, so that she can update or change the operating system, or even disable Fritz entirely.
To do all this, Fritz makes use of SHA-1, HMAC, and a variant of the RSA-algorithm.
The last software that is loaded is probably some "specialized software" that will handle all of the four methods to enforce copyright, as noted above.
With this kind of technology, it will be possible to hide from other programs what one of the programs is showing on the screen, for example. That means that artwork, movies, soundtracks, and other such things might become impossible to illegally copy. Not even the owner of the computer might be able to break the protection of such art.
This will make it impossible to debug or modify software while it runs. It will, however, not protect software from being cracked into. Software that makes use of Protected Memory will simply just act as a black box. No-one will be able to peer into it to see how it works. Some people believe that this will make spyware more frequent.
This could be used to make sure that only certain programs are allowed to communicate with some program. For example, a client could be forced to identify itself to prove that it was sold by the same company that wrote the server software. This could be useful for electronic banking and online shopping. It could also endanger the free competition among software vendors. For example, some webserver might just allow some specific browser to connect to it, thus forcing people into buying that browser.
The keys are taken care of by the "specialized software". If this software is secure (i.e. authorized by Fritz) it should be impossible to get the keys it manages.
Because the cryptokeys are also hidden by cryptographic means, with the help from the Fritz-chip, it will be almost impossible to decrypt data that is stored in a Sealed Storage. The only way to do this should be by brute force, unless the "special software" or Fritz has some security leak.
As Fritz will use SHA-1 hash-numbers to enforce its security, it also relies that SHA-1 and public key-cryptography is impossible to crack. If quantum computers are ever built, they would be able to crack Fritz.
One way to crack Fritz might be to create an emulator that works just like an ordinary PC but with a compromized Fritz-circuit. Bochs could probably be modified to include Frtiz, for example. This way, the owner of the computer might be able to ignore the security and crack into the chain of trust that Fritz enables. It is uncertain if this is possible to do. Such software should probably be illegal to possess inside the U.S., because of the Digital Millennium Copyright Act.Secure Input and Output
Secure input and output devices ensure that user data comes from and goes to authorized locations without being intercepted. When used with the appropiate "specialized software", they help to protect against programs that record keystrokes or enable a remote user or program to act as a legitimate local user.
The information that travels from peripherals and the authorized programs in the computer is being encrypted. This of course requires that the peripherals support this kind of encryption.Protected Memory
With appropriate "specialized software" it is possible to provide certain programs with strong process isolation. This is done by, for example, setting aside a specific portion of the available RAM on the computer and blocking any program that is running in the user space memory from accessing that address space. Process isolation helps to ensure that the protected memory is not modified or observed by any non-authorized program. Even the kernel of the operating system could be blocked off from accessing a protected program running in protected memory.
The protected memory is also protected from DMA-devices reading or writing to its memory. To enable DMA support, the program has to free some portion of its memory from being protected, and then feeding it to the DMA.Attestation
With the help of Fritz, software can by cryptographic means prove that they are who they say they are.Sealed Storage
Fritz, in combination with "specialized software", makes it possible for programs to encrypt their data and hide the keys before storing the data to some storage, like a hard disk, floppy or CD-ROM.The security of Fritz
The trusted programs relies on Fritz and the "specialized software" to be non-compromized. The security of the system fails if one, or both, of them has some sort of backdoor installed. If, for example, NSA has knowledge about this backdoor, they will be able to crack into the compromised computer with ease. There are conspiracy theories about this, and the fact that the inventor of Fritz did actually work for NSA when he invented the chip adds to the suspicious favour.