Free Rootkit with Every New Intel Machine
David G. Koontz
david_koontz at xtra.co.nz
Fri Jun 29 21:05:43 EDT 2007
Looking for TPM enterprise adoption.
The current version of TPM was adopted in March o f 2006, which should
have limited TPM up take.
There's an article in Network World
http://www.networkworld.com/allstar/2006/092506-chip-security-papa-gino.html
from September 2006 talking about a restaurant chain being a pioneer in
the use of TPM, apparently a poster boy for Dell.
There's also
http://www.fcw.com/article95422-07-26-06-Web
July 26, 2006, talking about the Army mandating TPM in all their small
computers (PCs), a relatively large enterprise customer.
A 10-Q filed by Wave Systems in May provides providence for the numbers
quoted in NVLabs abstract on their TPM breaker:
http://sec.edgar-online.com/2007/05/10/0001104659-07-038339/Section9.asp
† Adoption of TPMs and Trusted Computing technology is also growing -
according to industry analyst, IDC, shipments of TPMs are expected to
grow from under 25 million units in 2005 to over 250 million units in
2010. More information is available from the IT Compliance Institute.
(looking at the IT Compliance Institute doesn't seem to help)
The IDC is the quoted source for TPM adoption, figuring prominently on
the trudedcomputingroup.org web site and articles derived from publicity.
There's an Executive Summary from IDC:
https://www.trustedcomputinggroup.org/news/Industry_Data/IDC_448_Web.pdf
Predicting TPM 75 percent penetration for world wide Desktop PCs in
2009, 85 percent for mobile computing, and 80 percent for servers.
The only other data point is for 2005, showing a couple of percent for
Desktop PC, three percent for Servers, and 37 percent for mobile PCs
There's a claim the Bitlocker in Vista provided the tipping point for
TPM uptake in:
http://www.investors.com/editorial/IBDArticles.asp?artsec=17&issue=20070306
The IDC reference is "Worldwide PC Interface and Technologies 2007-2010
Forecast" February 2007, Doc #205155, a Market Analysis
http://idc.com/getdoc.jsp?containerId=205155
At $4500, a bit steep for curiosity's sake.
TPM is the focus of a chapter or section on Security, as seen in the
table of contents
The Papa Gino's Restaurants example for Network World,is indeed a Dell
real world example, one of several mentioned:
https://www.trustedcomputinggroup.org/news/Industry_Data/Endpoint_Technologies_Associates_TCG_report_Jan_29_2007.pdf
The real world examples include a Japanese pharmaceutical company with
20,000 seats
Papa Gino's Pizzas
A US auto rental agency of indeterminate size using HP's security solution.
Three projects underway in Japan, the Japanese Ministry of Economy,
Trade and Industry funded security initiatives for:
Sendai Wellness Consortium (sounds like an HMO)
IBM's Tokyo Research Laboratory
Nagoya University Medical Center
The size of these aren't known, but should qualify as respectably sized
enterprises.
This paper is from Endpoint Technologies, again and intended to allay
naysayers of Trusted Computing adoption rates:
Some market watchers may feel that the entire Trusted Computing
movement, championed by the Trusted Computing Group (TCG) with its
Trusted Platform Module (TPM) and related security technologies, is just
a straw man and that it will be years before large numbers of companies
and even individuals adopt TPM based secure computing. For example, IDC
cites, in "Trusted Platform Module: Adoption Dynamics," August 30, 2006,
a complex system dynamics model that shows that only the PC hardware
OEMs and the smallest security vendors are fully engaged with the TPM,
and that Microsoft and the major security players remain at best tepid
in their support. Particularly, the authors cite a lack of user pull in
TPM deployment. They conclude that, although many TPM modules will ship
on client systems over the next few years, most will remain inactive.
[There's also anecdotal evidence IDC hasn't always had their cheery
outlook for TPM uptake.]
There are other developments mentioned in the paper:
The NSA uses TPM for encrypted disk drives
The US Army is mentioned herein requiring TPM on PCs
The Federal Deposit Insurance Corporation has recommended that their
member banks adopt TPM.
Also, Microsoft appears to have actually jumped on the TPM bandwagon,
supplying impetous over the tipping point:
http://www.pc.ibm.com/us/pdf/idc_compliance_whitepaper.pdf
February 2005, Validation of Hardware Security in PC Clients, sponsored
by IBM and Microsoft
TPM is pretty much required for PC biometric authentication (fingerprints)
There are a few more poster children marched out:
A large international pharmaceutical company (perhaps different from
above)
A Large Apparel Manufacturer, mentions Sarbannes-Oxley, and
fingerprint access.
We're being underwhelmed with hard numbers and numerous examples of
enterprise adoption.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list