Free Rootkit with Every New Intel Machine

David G. Koontz david_koontz at xtra.co.nz
Fri Jun 29 21:05:43 EDT 2007 

Looking for TPM enterprise adoption.

The current version of TPM was adopted in March o f 2006, which should
have limited TPM up take.

There's an article in Network World
http://www.networkworld.com/allstar/2006/092506-chip-security-papa-gino.html

from September 2006 talking about a restaurant chain being a pioneer in
the use of TPM, apparently a poster boy for Dell.

There's also

http://www.fcw.com/article95422-07-26-06-Web

July 26, 2006, talking about the Army mandating TPM in all their small
computers (PCs), a relatively large enterprise customer.

A 10-Q filed by Wave Systems in May provides providence for the numbers
quoted in NVLabs abstract on their TPM breaker:

http://sec.edgar-online.com/2007/05/10/0001104659-07-038339/Section9.asp

† Adoption of TPMs and Trusted Computing technology is also growing -
according to industry analyst, IDC, shipments of TPMs are expected to
grow from under 25 million units in 2005 to over 250 million units in
2010. More information is available from the IT Compliance Institute.

(looking at the IT Compliance Institute doesn't seem to help)

The IDC is the quoted source for TPM adoption, figuring prominently on
the trudedcomputingroup.org web site and articles derived from publicity.

There's an Executive Summary from IDC:

https://www.trustedcomputinggroup.org/news/Industry_Data/IDC_448_Web.pdf

Predicting TPM 75 percent penetration for world wide Desktop PCs in
2009, 85 percent for mobile computing, and 80 percent for servers.
The only other data point is for 2005, showing a couple of percent for
Desktop PC, three percent for Servers, and 37 percent for mobile PCs

There's a claim the Bitlocker in Vista provided the tipping point for
TPM uptake in:

http://www.investors.com/editorial/IBDArticles.asp?artsec=17&issue=20070306

The IDC reference is "Worldwide PC Interface and Technologies 2007-2010
Forecast"  February 2007, Doc #205155, a Market Analysis

http://idc.com/getdoc.jsp?containerId=205155

At $4500, a bit steep for curiosity's sake.

TPM is the focus of a chapter or section on Security, as seen in the
table of contents

The Papa Gino's Restaurants example for Network World,is indeed a Dell
real world example, one of several mentioned:

https://www.trustedcomputinggroup.org/news/Industry_Data/Endpoint_Technologies_Associates_TCG_report_Jan_29_2007.pdf

The real world examples include a Japanese pharmaceutical company with
20,000 seats

Papa Gino's Pizzas

A US auto rental agency of indeterminate size using HP's security solution.

Three projects underway in Japan, the Japanese Ministry of Economy,
Trade and Industry  funded security initiatives for:

      Sendai Wellness Consortium  (sounds like an HMO)
      IBM's Tokyo Research Laboratory
      Nagoya University Medical Center

The size of these aren't known, but should qualify as respectably sized
enterprises.

This paper is from Endpoint Technologies, again and intended to allay
naysayers of Trusted Computing adoption rates:

Some market watchers may feel that the entire Trusted Computing
movement, championed by the Trusted Computing Group (TCG) with its
Trusted Platform Module (TPM) and related security technologies, is just
a straw man and that it will be years before large numbers of companies
and even individuals adopt TPM based secure computing. For example, IDC
cites, in "Trusted Platform Module: Adoption Dynamics," August 30, 2006,
a complex system dynamics model that shows that only the PC hardware
OEMs and the smallest security vendors are fully engaged with the TPM,
and that Microsoft and the major security players remain at best tepid
in their support. Particularly, the authors cite a lack of user pull in
TPM deployment. They conclude that, although many TPM modules will ship
on client systems over the next few years, most will remain inactive.


[There's also anecdotal evidence IDC hasn't always had their cheery
outlook for TPM uptake.]

There are other developments mentioned in the paper:

   The NSA uses TPM for encrypted disk drives

   The US Army is mentioned herein requiring TPM on PCs

   The Federal Deposit Insurance Corporation has recommended that their
   member banks adopt TPM.

 Also, Microsoft appears to have actually jumped on the TPM bandwagon,
supplying impetous over the tipping point:

http://www.pc.ibm.com/us/pdf/idc_compliance_whitepaper.pdf
February 2005, Validation of Hardware Security in PC Clients, sponsored
by IBM and Microsoft

TPM is pretty much required for PC biometric authentication (fingerprints)

  There are a few more poster children marched out:

  A large international pharmaceutical company (perhaps different from

     above)

  A Large Apparel Manufacturer, mentions Sarbannes-Oxley, and
    fingerprint access.


We're being underwhelmed with hard numbers and numerous examples of
enterprise adoption.












---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list