TRUSTED PLATFORMS: THE ROOT OF SECURITY

ROGER L. KAY

Endpoint Technologies Associates, Inc., Wayland, Massachusetts

1 INTRODUCTION

The ancient adage admonishes that a chain is only as strong as its weakest link, but this maxim might as well have been coined for computer security. A chain of trust is only as trustworthy as its most vulnerable node or layer. The computing industry has long understood this principle and has even generated adequate technological solutions. Two challenges remain unmet, however: standardization and adoption. Toward the end of the Millennium, IBM and its partners in the development of trusted architectures realized that no solution would work unless it was adopted universally. The industry embraced the principle of standardized security, even before 9/11, but all the more ardently since. Hardware manufacturers and software platform developers agreed that hardware-based security was necessary as the root of trust, and the industry embodied the basic standard in hardware circuitry, essentially a silicon chip. This circuitry ships with an ever growing proportion of personal computers, smart phones, and particularly embedded devices, but has not been put into use widely, particularly in its broader manifestation among devices across a network. Although the circuitry is in the computer, it remains inactive for the most part. Usage, such as it is, is mainly restricted to user-to-platform authentication and password management. Thus, the pace of implementation ...