My colleague Seth Schoen has finished his long-awaited, brilliant white-paper on Trusted Computing. Seth has been briefed as an outside technical analyst by all the companies working of Trusted Computing architecture, and has had his paper vetted by some of the leading security experts in the field. This is the most exhaustive, well-reasoned, balanced analysis of Trusted Computing you can read today. Don't miss it.
Remote attestation is the most significant and the most revolutionary of the four major feature groups described by Microsoft. Broadly, it aims to allow "unauthorized" changes to software to be detected. If an attacker has replaced one of your applications, or a part of your operating system with a maliciously altered version, you should be able to tell. Because the attestation is "remote", others with whom you interact should be able to tell, too. Thus, they can avoid sending sensitive data to a compromised system. If your computer should be broken into, other computers can refrain from sending private information to it, at least until it has been fixed.
While remote attestation is obviously useful, the current TCG approach to attestation is flawed. TCG attestation conspicuously fails to distinguish between applications that protect computer owners against attack and applications that protect a computer against its owner. In effect, the computer's owner is sometimes treated as just another attacker or adversary who must be prevented from breaking in and altering the computer's software.
