Trusted Computing aims to reduce the vulnerability of computers to attacks by incorporating tamper-resistant processors to protect cryptographic keys, to securely boot operating systems, and to prevent programs from reading or writing each other’s memory. Many of today's personal computers are shipped with Trusted Computing chips that implement the specifications of the Trusted Computing Group (TCG). However, these specifications raise serious privacy concerns. U-Prove can overcome these concerns while improving the security benefits of Trusted Computing for both users and organizations:
- Private remote attestation: A TCG feature called "remote attestation" allows a remote party to verify that it is communicating with a device that contains a Trusted Computing chip. The TCG specifications provide two methods to
verify the presence of a Trusted Computing chip without disclosing tracing information. One method relies on an all-trusted third party (the "Privacy Certification Authority"). The other method ("direct anonymous attestation") has the Trusted Computing chip perform a complex zero-knowledge cryptographic proof; however, it requires users to trust that their Trusted Computing chips generate random numbers that are unknown to designated third parties, a claim that cannot be verified. With U-Prove, direct remote attestation can take place without users having to trust the functioning of their Trusted Computing chips in any way, even in the face of active collusions between chip manufacturers and attestation verifiers; individuals need merely trust the software run by their own CPUs (which may be freely obtained and can be inspected by anyone).
- Efficient binding of identity assertions: With U-Prove, an unlimited number of identity assertions can be securely "bound" (over an open network) to a Trusted Computing chip that already resides in a user's computer. Trusted Computing chips can enforce any security policies (whether of their users, assertion issuers, or other parties) throughout the lifecycle of the identity assertions. The chips cannot leak unwanted information to the outside world and cannot learn the information in the identity assertions (unless it is provided to them by their users). No cryptographic exponentiations need be performed by Trusted Computing chips: with U-Prove, an 8-bit chip can protect literally billions of identity assertions. This efficiency benefit also
greatly minimizes the risk of side-channel attacks such as electromagnetic analysis and differential power analysis.