Trusted computing and forensic investigations
by Stephen Mason
This article was published in Digital Investigation Volume 2 Number 2 189 - 192
Copyright in this article is vested in the author, Stephen Mason, and the author has asserted his right under the Copyright, Designs and Patents Act 1988 to be identified as Author of this Work.
The author grants you a licence to download and print copies of this article PROVIDED THAT you (a) retain the copyright notices contained at the beginning and end of the article in its entirety, (b) clearly identify this article as being written by the author in electronic and printed versions and (c) only use it for your private use.
(The author gratefully acknowledges the very helpful comments he has received from Dr Klaus Kursawe, ESAT-COSIC K.U. Leuven, Troy Larson, Senior Forensic Investigator, Microsoft Information Security and Dave Walker, Senior Security Consultant (Data Management), Client Solutions, Sun Microsystems UK. The author is responsible for the content of this article.)
The concept of ‘trusted computing’ has been developed to make computers trustworthy. However, the methods used to achieve this aim may cause problems to digital investigators in the future. The purpose of this short essay is to provide a brief outline of ‘trusted computing’, and to illustrate some of the problems that may occur in the future. This essay is speculative in nature. It was written at the request of the editor with the intention of raising awareness, rather than providing a definitive view of the problems that investigators and lawyers may face in the future. The reader is requested to treat the content as the opening of a debate, rather than a diligent discussion of the subject matter.
The Trusted Computing Group was set up with a view to pioneer the concept that a computer should work in accordance with an expectation. The Group aims to achieve this expectation by putting in place mechanisms to attest to the state of the software applications that run under an operating system and upon a hardware platform. (For a detailed explanation, the reader is directed to ‘TCG Specification Architecture Overview’ Revision 1.2 dated 28 April 2004, available in electronic format on the Trusted Computing Group web site).
Brief introduction to ‘trusted computing’
Two phrases are used to describe, albeit inaccurately, the concept developed by the Trusted Computing Group: ‘trusted computing’ and ‘trustworthy computing’. Ross Anderson suggests the phrase ‘controlled computing’ may be more appropriate. (Ross Anderson ‘Cryptography and Competition Policy – Issues with ‘Trusted Computing’’ paragraph 2.1 available in electronic format at http://www.cpppe.umd.edu/rhsmith3/ papers/Final_session1_anderson.pdf.)
Regardless of the descriptive term used, the architecture of ‘trusted computing’ places a reliance on the underlying components of the system, the methods by which the various components are manufactured, the creation of the various keys and methods of authentication, and the provisions relating to the security measures put in place to ensure the modules can be trusted.
Regardless of the name given to the idea, the aim is to increase the trust to be placed in the computer. The assumption is that a software process cannot provide reliable information unless it can be certain that the process itself works in accordance with a defined expectation. For instance, key logging software may be placed on a computer, either physically or by way of a malicious code sent over a network, as occurred in the case of attempted theft against the Sumitomo Bank in London during March 2005. Another example is that of a root kit that embeds itself into the operating system kernel in such a way that there is practically no way of detecting it. Depending on the nature of the code, it may then attempt to maintain its integrity by preventing the user from detecting it. Such malicious codes may then send data to an unknown third party when the computer is connected to a network. In all probability, such codes will undertake this activity without the authority of the computer owner. The presumption is that owners use a computer to carry out specific tasks, but it is not anticipated that the computer will carry out the instructions of an unknown third party at the same time. Where malicious code has been surreptitiously sidled into the computer by some means, the computer is not to be trusted, because the malevolent code causes the computer to work in a way that is not in accordance with the expectations of the owner.
Providing for computer security is a complex matter, partly because most computers are portable, which means the hardware is vulnerable, they are not physically secure, and they may not even be controlled by somebody who is to be trusted. The software is also open to attack, as is well known, especially as most users of computers run them as administrators. The concept of ‘trusted computing’ has been developed in an attempt to alleviate this problem. It uses cryptography in the form of digital signatures. Vendors may develop hardware components and software modules to the specifications set out by the Trusted Computing Group. (The web address of the Trusted Computing Alliance (http://www.trustedcomputing.org) re-directs the viewer to the Trusted Computing Group web site at https://www.trustedcomputinggroup.org/). In outline, the specification provides for a platform that is intended to be trusted. This platform is considered to be the foundation component that establishes a framework within which software can operate: essentially, in a trusted environment.
The functionality of the trusted platform may differ between vendors, but in essence, the aim is to prevent a malicious code manipulating the operating system without it being noticed, and to prevent malicious code from gaining access to certain keys. In the event an additional item of software is added that is not trusted, the operating system would be made aware of it and may prevent the computer from working. The concept of trusted software includes legitimate and malicious software. This is because the vendors of legitimate software may wish to prevent their software from being used unless the user has paid the requisite fee. A process called attestation achieves this. The process of attestation provides a signed ‘logfile’ of the boot sequence of the computer, so it can provide accurate information as to what was actually booted on the machine to the user or to an external third party.
Several issues arise from this model, some of which include:
1. How the cryptographic keys are created. In respect of the trusted platform module, the keys could be created within the module itself when it is powered up for the first time, or the keys could be included at the time the module is manufactured. Whichever method is used, a master key will need to be inserted when it is manufactured. This will enable the module’s unique keys to be signed with this key.
2. What entities create the keys.
3. The provisions for security.
4. The rules relating to the prevention of ‘back doors’ being put in place to circumvent the concept (or to enable security organizations to gain remote entry without being noticed).
5. How the keys are protected in the computer.
6. The methods used by third party vendors to gain access to verify their software.
7. How to determine when to trust the cryptographic keys.
8. How to determine when the keys have reached the end of their life, if they have a life span.
Bearing in mind the vast majority of computer users only have the vaguest awareness of the vulnerability of their computer, and their understanding of the architecture of a computer is misty to the point of incomprehensibility, the reader may readily note that the complexity of ‘trusted computing’ may well create more problems that it solves. The Trusted Computing Group do not help themselves, because the documents produced by the Group are not as accurate as they could be. For instance, the language used in the documents permit a variety of meanings to be imputed to the word ‘ownership’ that causes confusion, as the various types of ownership illustrate:
1. Ownership of stored data.
2. Ownership of stored executable code.
3. Ownership of the physical hardware.
To obfuscate the concept in this way is not helpful – to the idea nor to end users.
Investigating the ‘trusted computing’ environment
On first flush, a number of issues present themselves that both lawyers and digital forensic investigators will have to consider when undertaking an investigation within the ‘trusted computing’ environment. This brief discussion will not consider the different criteria that will need to be considered as between a criminal investigation and a civil examination of a computer or system, but the differences between the rights and duties that apply will obviously differ between the two.
It is possible, but not certain, that the ‘trusted computing’ environment may prevent or undermine the ability of a digital forensic investigator to make an exact bit for bit copy of the hard disk, or to create a bit for bit image of the original medium. Another issue that could cause difficulties in the process of investigating a crime centres on the attributes of the trusted platform. The trusted platform enables an owner of the computer to put highly effective cryptography into place to hide files and to prevent others from obtaining access to the files. Conversely, users have been able to achieve similar ends with the use of PGP and other cryptographic products, so this particular point may be less of a problem than suggested. Gangs intent on hiding and distributing abusive images of children tend to use such products in any event, which causes the authorities significantly more inconvenience when attempting to reveal the evidence. In such circumstances, it is doubtful that an order from a judge to the accused to deliver up the relevant passwords or keys will have the desired effect.
One development might be to introduce a presumption that the accused has something to hide if they fail to give up the passwords or keys, although the arguments against such an approach may be successful, depending on the approach taken by the judiciary in relation to issues of public policy and human rights. One point of view that might have some force is as follows: where a computer has been seized as the result of reasonable suspicion that evidence relevant to the investigation of a serious crime is stored in the memory, and files are found to have been encrypted, it may be considered proper to require the owner to reveal the relevant passwords or keys, failing which it can be assumed, in the absence of evidence to the contrary, that the owner was aware of the nature of the content of the files, and the content is capable of incriminating the owner. Criminals will invariably respond to such a presumption by changing the way they operate. It is conceivable that one response is to place evidence on the computer of a third party. However, this approach has its problems. Bearing in mind that one of the aims of ‘trusted computing’ is to detect changes to the operating system, protect keys and enable provable statements to be made on the status of the platform, hacking into the computer of a third party will be harder once ‘trusted computing’ becomes ubiquitous. In the interim, this is a realistic mode of operating, although it will take a smart criminal to fully remove traces of their activities.
The Trojan horse defence has already been used effectively in a number of cases in England and Wales (R v Schofield (Reading Crown Court, April 2003), R v Green (Exeter Crown Court, October 2003), and R v Caffrey (Southwark Crown Court, October 2003) for acquittals based on the Trojan horse defence), and bearing in mind that trusted third parties manage the privacy of the owner’s ‘trusted computing’ platform, superficially, it will be easy for the owner to allege that the trusted third party is to blame for any illicit data stored on the computer. In addition, owners of intellectual property, such as music companies, book publishers and film makers will all have the ability to test the trusted platform remotely. This in turn will enable the owner of a computer to allege the insertion of incriminating evidence by a variety of third parties, or the employees of third parties. However, it is conceivable that the ‘trusted computing’ infrastructure might help to undermine such a defence. For instance, the concept is designed to identify files that are running on the computer legitimately. The idea is to control which files run on the system. This means that malicious software and executable files that should not be present are more easily identified. Trusted sources may have access to systems, but it should be easier to track the source of a file by means of the file identification scheme that should link a file to its source.
It should be anticipated, however, to expect moles to be placed into such organizations with the express intention of ensuring illegal data or evidence of illegal activities are distributed across ‘safe’ networks to evade the legitimate interests of the state to prevent illegal activities from maturing. This is not a fanciful hypothesis, given the theft attempt from the Sumitomo Bank in 2005.
Concluding remarks
The aim of this short article is to alert readers to some of the issues that investigators and lawyers might face when dealing with ‘trusted computing’ environments. In writing this article and discussing the matter with subject experts, it has become clear to the author that lawyers and digital forensic investigators need to more fully understand the concept of ‘trusted computing’ to enable the successful investigation of computers that are so enabled. Where code and data in the ‘trusted computing’ environment is signed, rather than encrypted, the platform will probably be no more difficult to deal with than a regular platform. However, where the data is encrypted, rather than merely signed, it may be necessary to obtain keys from the manufacturer of a trusted platform module, and depending on the mechanism used to generate the keys, this may mean legislation should be introduced to require manufacturers to retain copies of each key in escrow. However, it should be noted that if the trusted platform module is used for keys that encrypt all data, the manufacturer of the module cannot open the key, because the storage root key is generated by the trusted platform module when it is with the user. This means the manufacturer will not have this key, and thus escrow will not be relevant in such circumstances. Given that a number of software and hardware products are already being sold, and that ‘trusted computing’ is beginning to be introduced, digital forensic investigators and lawyers will have to come to terms with the problems that it will produce sooner rather than later.
© Stephen Mason, 2005
http://www.stephenmason.eu
