Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Trusted Computing
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Trust=== In the widely used [[public-key cryptography]], creation of keys can be done on the local computer and the creator has complete control over who has access to it, and consequentially their own [[security policy|security policies]].<ref>[http://grouper.ieee.org/groups/1363/ "IEEE P1363: Standard Specifications For Public-Key Cryptography", Retrieved March 9, 2009.] {{Webarchive|url=https://web.archive.org/web/20141201024245/http://grouper.ieee.org/groups/1363/ |date=December 1, 2014 }}</ref> In some proposed encryption-decryption chips, a private/public key is permanently embedded into the hardware when it is manufactured,<ref>{{Cite web|url=https://doi.org/10.1145/945445.945464|title=Terra: a virtual machine-based platform for trusted computing|first1=Tal|last1=Garfinkel|first2=Ben|last2=Pfaff|first3=Jim|last3=Chow|first4=Mendel|last4=Rosenblum|first5=Dan|last5=Boneh|date=October 19, 2003|publisher=Association for Computing Machinery|pages=193β206|via=ACM Digital Library|doi=10.1145/945445.945464|s2cid=156799 }}</ref> and hardware manufacturers would have the opportunity to record the key without leaving evidence of doing so. With this key it would be possible to have access to data encrypted with it, and to authenticate as it.<ref>These are the functions of the private key in [http://www.di-mgt.com.au/rsa_alg.html the RSA algorithm]</ref> It is trivial for a manufacturer to give a copy of this key to the government or the software manufacturers, as the platform must go through steps so that it works with authenticated software. Therefore, to trust anything that is authenticated by or encrypted by a TPM or a Trusted computer, an [[end user]] has to trust the company that made the chip, the company that designed the chip, the companies allowed to make software for the chip, and the ability and interest of those companies not to compromise the whole process.<ref>{{cite web |last1=Sullivan |first1=Nick |title=Deploying TLS 1.3: the great, the good and the bad (33c3) |url=https://www.youtube.com/watch?time_continue=1533&v=0opakLwtPWk |website=media.ccc.de |date=27 December 2016 |publisher=YouTube |access-date=30 July 2018}}</ref> A security breach breaking that chain of trust happened to a [[SIM card]] manufacturer [[Gemalto]], which in 2010 was infiltrated by US and British spies, resulting in compromised security of cellphone calls.<ref>{{Cite web |url = https://firstlook.org/theintercept/2015/02/19/great-sim-heist |title = The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle |date = 2015-02-19 |access-date = 2015-02-27 |website = firstlook.org}}</ref> It is also critical that one be able to trust that the hardware manufacturers and software developers properly implement trusted computing standards. Incorrect implementation could be hidden from users, and thus could undermine the integrity of the whole system without users being aware of the flaw.<ref name="schoen-promise-risk">[http://pascal.case.unibz.it/handle/2038/871 Seth Schoen, "Trusted Computing: Promise and Risk", ''COSPA Knowledge Base: Comparison, selection, & suitability of OSS'', April 11th, 2006.] {{Webarchive|url=https://web.archive.org/web/20090319043100/http://pascal.case.unibz.it/handle/2038/871 |date=2009-03-19 }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)