Introduction
Computer security involves not just technical solutions but also organizational policies, legal frameworks, and ethical considerations. This module covers broader security issues beyond pure technology.
Trusted Computing
Trusted Computing aims to create computing platforms that are more secure and trustworthy by providing hardware-based security mechanisms.
Key Concepts
- Root of Trust: Components that must behave correctly
- Chain of Trust: Each component verifies the next
- Trusted Platform Module (TPM): Hardware security chip
Goals of Trusted Computing
- Prevent unauthorized changes to system
- Verify system integrity
- Protect encryption keys
- Enable remote attestation
Chain of Trust: Each stage validates the next, starting from hardware TPM through the software stack. If one component is compromised, the trust chain breaks.
Trusted Platform Module (TPM)
TPM is a hardware-based security component that provides secure storage, cryptographic operations, and platform integrity measurement.
TPM Capabilities
- Secure Storage: Store keys and hashes
- Cryptographic Functions: RSA, SHA-1, HMAC
- Platform Integrity: Measure boot process
- Attestation: Prove platform state
TPM Uses
- Full disk encryption (BitLocker)
- Secure boot
- Password protection
- Digital rights management
Roots of Trust
Three fundamental components that must be trusted:
- Root of Trust for Measurement (RTM): Starts integrity measurement
- Root of Trust for Storage (RTS): Protects stored data
- Root of Trust for Reporting (RTR): Reports integrity measurements
Privacy Concerns
Security and privacy are closely related but different. Security protects systems and data, while privacy protects personal information.
Authentication vs Privacy
A fundamental tension exists:
- Digital signatures can reveal identity
- Authentication requires identity verification
- Privacy requires anonymity
Privacy-Preserving Solutions
- Pseudonymous identities: TPM supports multiple attestation identities
- Zero-knowledge proofs: Prove knowledge without revealing
- Privacy CAs: Different CAs certify different aspects
Privacy Issue: TPM attestation identities don't contain owner/user information, but correlation between identities is still possible without proper privacy protections.
Legal and Ethical Aspects
Computer Crime Laws
- Computer Fraud and Abuse Act (CFAA): US federal law
- GDPR: EU data protection
- Data Breach Notification Laws: Require reporting breaches
Ethical Hacking
- White Hat: Authorized security testing
- Black Hat: Unauthorized malicious hacking
- Grey Hat: Between white and black hat
Security Responsibilities
- Organizations must protect customer data
- Security professionals have ethical duties
- Responsible disclosure of vulnerabilities