 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News -
Security:
Atmel Announces Trusted Computing
Group 1.2 Security Processor
Atmel Corp introduced its AT97SC3202 -- Trusted Platform Module (TPM) to
support Trusted Computing Group (TCG) Standard 1.2. The new security processor
is a single-chip security subsystem that protects the end user's privacy by
providing tamper-proof storage and management of the user's identity,
passwords and encryption keys. Atmel is the world leader in the TPM security
processor market with 95 percent market share and has sold over 5 million (TCG
1.1-compliant) TPMs since 1998.
In order to shorten time to market, Atmel's TPM version 1.2 development
boards
are currently being shipped to key chip-set and operating systems
manufacturers, who are working to achieve early hardware compliance with final
TPM 1.2 system level software specifications timed for later this year. When
installed in a personal computer, the AT97S3202 can help to prevent Internet
fraud, identity theft, email-born viruses like the recent MyDoom, and spoofing
or phishing scams such as those perpetrated on Best Buy and PayPal customers,
last summer. The TPM also records and stores measurements of the state of the
system at boot up that can be used to help detect viruses or worms that affect
the boot-up process. The TPM thwarts hackers by restricting access to data
(e.g., passwords) to specific stages of the boot process.
Device Architecture -- Atmel's AT97SC3202 TPM supports all TCG 1.2
enhancements and provides a complete, turnkey hardware security solution that
integrates a high-performance, low-power, RISC processor; 2048-bit RSA sign
crypto-accelerator; hardware SHA-1 hash engine; a true random number
generator; 32 platform configuration registers (PCRs); a secure EEPROM, SRAM,
timer, real-time clock, LPC interface to Intel and AMD processors, two-wire
serial interface for embedded applications; and tamper prevention circuitry
that detects any attempts to read the chip's contents. Other tamper proof
features include metal shield layers above the active circuitry, encrypted
internal busses, high-security test procedures, and defenses against timing
and power supply attacks.
Atmel's TPMs include drivers for Linux and for Windows 98, 2000, XP, and NT
4.0 operating systems, as well as MAD and MPD BIOS drivers.
TCG 1.1 -- TCG 1.1 specification features of Atmel's first generation TPM,
AT97SC3201 include: 1) on-chip asymmetrical key pair generation (up to 2048
bit key length) using a hardware random number generator, public key
signature, and decryption to enable secure storage of data and digital
secrets; 2) storage of hashes (unique numbers calculated from pre-runtime
configuration information) that enable verifiable attestation of the machine
configuration when booted and prevent data from being accessed unless the
machine is in a pre-specified state; 3) an endorsement key that can be used to
establish secure, anonymous identity keys that can be trusted to have been
generated and stored on a real TPM; and 4) initialisation and management
functions that allow the owner to turn TPM functionality on and off, reset the
chip, and take ownership of its functions. These features are supported by the
new TCG 1.2 processor as well.
TCG 1.2 Enhancements -- Atmel's new AT97SC3202 security processor supports
all
TCG 1.2 enhancements, including transport sessions, a real-time clock,
locality, save and restore context, direct anonymous attestation, nonvolatile
store and delegation, as described below.
Transport sessions allow the user to certify that the AT97SC3202 has
executed
certain commands (encryption, decryption, key generation, etc.), and to
encrypt commands that are sent to the device. Transport sessions might be
useful, for instance, to let the IT department know that the user has backed
up his/her keys or properly configured the TPM on a notebook.
The on-chip real-time clock allows the date and time to be included as part
of
a digital signature. The feature is applicable to electronically transmitted
contracts, warranties, purchase agreements, or any document that is
time-sensitive.
Locality supports advanced security capabilities of specially designed
microprocessors and/or system chips.
Save and restore context allows the AT97SC3202's execution thread to be
interrupted for the execution of another thread, and then resumed. Version 1.1
TPMs must complete execution of any authorisation session before starting
another. Save and restore context allows the most important processes to
preempt less time-sensitive processes and improve performance.
Direct anonymous attestation (DAA) allows the TPM to create Internet ID
cards,
called certificates that are used for digital signatures. Currently
certificates must be purchased from third parties, such as Verisign. This
feature protects the user's privacy.
Nonvolatile store allows sensitive data that is currently stored on the
system
hard drive to be stored on the TPM chip, ensuring that this data is available
during boot-up and protecting it from hard disk erasures.
Delegation allows the owner of the TPM to selectively permit other entities
to
perform specified functions on the TPM that would otherwise require the
presence of the owner. For example, generating an identity key. It also
permits users to temporarily give a third party the ability to use any key, to
generate a digital signature, for example.
|