Science Fair Project Encyclopedia
The Fritz-chip is a nickname for the hardware component of a software-execution monitoring system. It is sometimes meant derisively by those opposed to digital rights management (DRM) in a trusted computing context. It was named after former United States Senator Ernest "Fritz" Hollings, who sponsored several pieces of legislation aimed at protecting the interests of intellectual property (ie, copyright and software license) holders in the digital age, including one (the CBDTPA) that might mandate the inclusion of such a chip in every computer.
As envisioned, Fritz is a secure cryptoprocessor which implements a trusted computing scheme within computers and computing devices, including personal computers. It is under active development and is claimed to enable a secure environment . The Fritz-chip is meant to make it much harder to illegally copy copyrighted content and, perhaps, to use unlicensed software. The trusted computing schemes discussed (including the Fritz-chip as the hardware portion) will do this through using several security mechanisms, all of which are dependent on cryptography.
The Fritz-chip, and the legislation related to it, has been strenuously opposed by many. The free software and fair use advocacy movements have been particular sources of opposition. They expect that widely installed (or even legally required) Fritz-chips would be used to limit user access to, and use of, programs and content, even legally acquired and used programs and content. In particular, it might also be used to enhance monopolistic control of both content and market share, as a Fritz-chip could be made to make it impossible to reverse engineer files programs use, and thus preventing interoperability with other, competing programs.
The Fritz-chip is meant to be mounted on the motherboard in the first deployment phase, and to subsequently become an integral part of the CPU chip.
TC is an acronym used by IBM, Microsoft and the Free Software Foundation. IBM translates TC to Trusted Computing, Microsoft calls it Trustworthy Computing and the Free Software Foundation calls it Treacherous Computing. TC is the acronym used by the TCPA to describe the NGSCB-platform.
The initial version of TC had Fritz supervising the boot process, so that the PC ended up in a predictable state, with known hardware and software. The current version has Fritz as a passive monitoring component that stores the hash of the machine state on start-up. This hash is computed using details of the hardware (audio card, video card, etc.) and the software (OS, drivers, etc.). If the machine ends up in the 'approved' state, Fritz would make available to the operating system the cryptographic keys needed to decrypt trusted applications and data. If it ends up in the 'wrong' state, the hash will be wrong and Fritz would not release the right key. The machine may still be able to run non-trusted applications and access non-trusted data, but protected material will be unavailable and hence unusable.
The Longhorn operating system from Microsoft will probably support Fritz. Beta releases as of May 2004 included a version of the software. Longhorn is said to be scheduled for 2006 release. The "specialized software" that will (if included) enable compatibility with Fritz-chip hardware is code-named Nexus. In Longhorn, Nexus will be the last of the authorized software in the chain of trust. Nexus will then let other programs get access to the secure environment that Fritz enables. Such programs will be called "Nexus Aware". Such programs will be nearly impossible to debug or modify. Nexus is intended to be open source, so that people can trust that Microsoft doesn't have any backdoors in the software. Some say that the only reason for Microsoft deciding to make Nexus open source is that most countries' laws require it to be. In May 2004, Microsoft announced that Longhorn will not include the Nexus API, but that they had invested a considerable amount in the technology, and it will be included in future releases of Windows.
There is also a project to make Linux compatible with Fritz.
Chain of trust
When the computer starts, the Fritz-chip hardware wakes up and checks that the BIOS has not been modified since the last boot. If it has not, Fritz will transfer control to it. If it has, Fritz will (probably) warn the user before it disables itself. The BIOS then loads the bootloader, and asks Fritz to check if that is unchanged since last time. The bootloader then loads the operating system, and asks Fritz to check if that has been modified, and so on. Thus, the Fritz-chip makes it possible to build a chain of trust. It is important to note that the user will (probably) be able to configure Fritz-chip operation, so that they can update or change the operating system, or even disable Fritz entirely.
The last software loaded will probably be some "specialized software" that will handle assorted methods to enforce copyright, as noted above.
Secure input and output
Secure input and output devices are intended to ensure that user data comes from and goes to authorized locations without being intercepted. When used with the appropriate "specialized software", they will be meant to protect against programs that record keystrokes or enable a remote user or program to act as a legitimate local user. The information that travels from peripherals and the authorized programs in the computer will be encrypted. This of course requires that the peripherals (or some outside the Fritz-chip controlled computer) support this kind of encryption.
With this technology, it will be possible to hide from other programs what one of the programs is showing on the screen, for example. That means that artwork, movies, soundtracks, and other such things might become more difficult to illegally or impermissibly copy. Not even the owner of the computer might be able to break the protection of such art.
- See also: analog hole.
With appropriate "specialized software" it will probably be possible to provide certain programs with strong process isolation. This would be done by, for example, setting aside a specific portion of the available RAM on the computer and blocking any program that is running in the user space memory from accessing that address space. Process isolation helps to ensure that the protected memory is not modified nor observed by any non-authorized program. It is possible that even the kernel of the operating system could be blocked off from accessing a protected program running in protected memory. The protected memory will most likely also be protected from DMA-devices reading or writing into it. This will complicate DMA operations at a fundamental level and will require significant modification in the way programs request OS I/O support, and in hardware operation.
In many cases, this will make it impossible in practice to debug or modify software while it runs. It will, however, not prevent software from being 'cracked' maliciously. Software making use of Protected Memory will simply act as a black box. No-one will be able to peer into it to see how it works. Some people expect that this will make spyware more frequent.
With the help of Fritz, program operation can be controlled by cryptographic means to 'prove' they are what they 'claim' they are.
This could be used to make sure that only certain programs are allowed to communicate with some program. For example, a client could be forced to authenticate itself (as having been sold by the same company that wrote the server software) prior to being permitted to run or exchange data. This could be useful for electronic banking and online shopping. It could also endanger competition among software vendors. For example, webserver software might allow only some specific browser to connect to it, thus forcing people to buy that browser.
Fritz, in combination with "specialized software", could make it possible for programs to encrypt their data and hide the access keys before storing the data to some storage, like a hard disk, floppy or CD-ROM.
The keys would, presumably, be handled by the "specialized software". If this software is 'secure' (i.e. authorized by Fritz) it may become impossible to access those keys (and so the data) except as allowed by the permission mechanisms it manages.
Because the cryptokeys would be also hidden by cryptographic means, with the help from the Fritz-chip, it will be effectively impossible to read (or write) data that is stored in a Sealed Storage in the case of difficulty or a change in business relationship. Failing to continue to license software Foo would result in a loss of access to your data being handled by Foo.
The security of Fritz
The TC system works on the assumption that Fritz and the "specialized software" are uncompromised. The security of the system fails if one, or both, of them is poorly implemented, is poorly designed, or is successfully attacked. For instance, if a virus or Trojan horse or any sort of backdoor is installed, security may be entirely lost without notice to the user. If, for example, the NSA had knowledge of such a backdoor, they might be able to compromise a computer remotely, run untrusted software in the protected memory area, or read from sealed storage. The fact that one of the chief inventors of the Fritz-chip was working for the NSA at the time has prompted suspicion, and even conspiracy theories about this.
One way to crack a Fritz-chip might be to create an emulator that works just like an ordinary PC but with an emulated (and compromised) Fritz-chip. Bochs could be modified to include Fritz, for example. This way, the owner of the computer might be able to ignore the security and crack into the chain of trust that Fritz enables. At this time, it is uncertain if this will be possible to do. Such software would probably be illegal to possess, and almost certainly to use, inside the USA under the terms of the Digital Millennium Copyright Act. There are similar statutes or regulations in other jurisdictions, so the same criminal (or civil) prohibitions might apply elsewhere as well.
- Trusted computing
- Next-Generation Secure Computing Base
- Palladium operating system
- Trusted Computing Group, the company which develops the secure cryptoprocessor
The contents of this article is licensed from www.wikipedia.org under the GNU Free Documentation License. Click here to see the transparent copy and copyright details