Trusted Computing Advisory Paper Page ͳ Advisory Paper for Trusted Computing Technology Zarinah Mohaideen Mohd Faizal Mubarak Zaid Ahmad zarinah.mohaideen@mimos.my , faizal.mubarak@mimos.my , zaid.ahmad@mimos.my Cyberspace Security Centre, MIMOS Bhd 1. Objective The purpose of this advisory paper is to create the knowledge and awareness, especially for organizations that are related to Critical National Information Infrastructure (CNII), on how Trusted Computing (TC) technologies can be used for security purpose. It is part of the action plan for Policy Thrust 3 (PT3) – Cyber Security Technology Framework under National Cyber Security Policy (NCSP). Security risks exist in situations where we have various types of users, tools, systems and connectivity options that must be addressed for robust solutions. This advisory paper aims to provide adequate knowledge about the deployment of TC technology to users. 2. Target Audience End-users who wish to have a trusted computing platform. 3. The Potential Usage of TC Technology There are a lot of computing areas that can be explored to enable the use of TC so that our cyber world would become more secured and trusted. Some areas where the application of TC is most appropriate are those that need protection and tight security such as military computer networks, government secret agency, and also banking information. Even though, Personal Computer (PC) or laptops consumers require not so tight security but protections are still needed because nowadays all important records and data are stored in personal computers. Trusted Computing will allow communication channels between two or multiple parties to be established in a more secured environment [1]. For instance, it will provide a safer storage for passwords, PIN numbers, banking accounts information, and the stored data can be protected against any attacks and data spoofing. Another potential usage is in an environment involving a combination of both TC and Digital Right Management (DRM). The DRM technologies provide protection for intellectual property right [2] and it also enforce rules set by rightful holders on the use of digital content. The combination of DRM and TC would strengthen and enhance the control process and usage of digital content. The implementation of Trusted Platform Module (TPM) that is defined in Trusted Computing Group (TCG) specification will directly enhance any TC based systems. This is done through the combination of Public Key Infrastructure (PKI) together with TPM technologies that will create more secure communications channels between two established connections. Since TPM is a temper-proof hardware and embedded inside the motherboard or network card, it is difficult to break in the TPM. The following sections explain briefly about the TPM and how it can be deployed to secure user’s processes.