 Okay, I'm not very used to this Electronical devices so hopefully I can finish my Presentation my name is Gorkyam Chetin. I work for Institute of Electronics and Cryptology of Turkey In my talk I will be speaking about open to the project which is an EU project in six frame program In six frame program it has started two and a half years ago and still ongoing and there are some outcomes of the project so First what is trusted computing? It's a technology developed and maintained by Trusted Computing Group If you want to know more information about Trusted Computing Group then just go to www.trustedcomputinggroup.com With Trusted Computing we can say that the computer behaves in a very specific way And this behavior can be controlled by hardware and software So if you have for example a master key you can control the hardware but with the master key you can also get your own keys and signatures from the device that is specified by Trusted Computing Group So that particular device I will be talking about is TPM which is called Trusted Platform Module It has been in support has been in Linux kernel for quite some time since 2.6.13 So you will probably have enabled this in your own kernel but enabling it doesn't mean that you have TPM applications Or you are running an application which is bound to TPM You should enable it by default because it's not enabled by default in BIOS So because the specifications says you to do so There are some capabilities of Trusted Platform Module These capabilities can be reached by or via dev TPM or some specific applications or APIs So these are the list of basic capabilities It has a non-volatile memory for holding your own keys It has platform configuration registers, 24 registers Each can hold up to 160 bits of data There is a clock and a counter in it It has a random number generator It can do asymmetric key generation particularly RSA It can also do asymmetric crypto generation Since it is a very small chip by the definition by the specification it is temper resistant So by hardware or software methods you cannot just extract any information or any key signature out of it There are specifications freely available in TrustedComputerGroup.com So if you want to get started with it you may want to start reading 1600 pages of specifications But don't do it first, I will be telling you some applications that you want to download and try There are some vendors namely Infineon, SD, Microelectronics and Atmol which produce TPM chips Probably in one of your devices, I mean laptops or desktops, you have this chip Just check it in BIOS, for example HP sells pre-configured laptops with TPM chips on them So as I said it is a very small chip, a very basic hardware installed on your main board But it is not an enforcer, it is not an active chip, it is a passive chip It doesn't run any applications and it doesn't contain any code that you can run It makes no decisions, it only makes reporting, it only makes some kind of measurement So there are some very wrong information on the internet that TPM can run some kind of application It can do some memory curting, etc, etc, these are all wrong So what can we use TPM for? For example you connect to a bank, the bank sends you a signature And you can measure the signature against the platform configuration registers that I previously told you If for example these two measurements are the same then you can say that you just trust the bank and then go on with loading the web page Since TPM is basically a measurement device, you can measure the applications and if the measurement is not equal to good state of the system Then you can say that this application contains some kind of malware and you can just decide not to run it A typical trusted boot you can see on the screen, it is in fact a trusted chain and at the top of it you can see the chain of root At the root of trust you have a BIOS First of all the BIOS measures the ROM and if the ROM measurement is equal to a set of previous measurements then it goes on loading The same holds with for example the GRUB loader, the GRUB also measures the applications for example the Linux kernel And then if it finds that that measurement is equal to a previous measurement then it can load the kernel Same can be done for any application, any application can measure another application and if the measurement is good I mean if you can find a good state of a measurement then you can go on with loading other applications So this is called a trusted chain OpenTC project will be demonstrating its first big demo DVD and live DVD during the trust 2008 conference in Villach in Austria So if you want to download the demo DVD and just click on www trust 2008.eu it contains some of those applications written here So if you want to make a start with what trusted OpenTC applications are just download it and run it There are not many applications in fact regarding trusted computing I have written some of them here, the ones in bold in fact are the ones that you would like to download first and run For example Trousers is not a full feature trusted software stick but it helps you to build your own applications If you don't have a TPM on your hardware then a TPM emulator will help you to emulate a TPM and run TSS, I mean Trousers on it A trusted graph in fact takes a measurement of your kernel and it measures against the previous measured kernels And if it finds that the two measurements are the same then it goes on loading OK Gwadek 2008 is an advertisement just insert into my presentation, it will be held in Istanbul, Turkey If you have seen Istanbul before you will know that it's a really wonderful city, it connects east and west It will be between 7 and 12th of July 2008 this time, not later And the call for papers and public relations work will be on internet at www.gwadek.org This is the university where the Gwadek will take place, it's the University of Bahçişir It is 50 meters away from the wonderful sea So these are some photos, it's a very animated city, it's full of fun So it's a shame if you miss Gwadek 2008 This is a shot from a Mayhane, you step in alive and well but God knows what happens next OK my presentation is a part of OpenTC project and if you want more information about the OpenTrusted Compute project then just go to www.openTC.net Thank you very much for listening