When I read David Berlind's latest vistulations on Microsoft's Vista TPM strategy for features such as Secure Startup and full volume encryption, I was shocked by Microsoft's comments. Apparently, Vista will not permit the use of external smartcards and mandate the use of TPM version 1.2b module which is currently still vaporware. Here is Microsoft's exact quote:
We are looking at scenarios that allow the recovery key to be stored on a removable storage device for Windows Vista. However, Smartcard storage of tokens for full volume encryption isn’t in the plan for Windows Vista.
Aside from the fact that any new technology that mandates a whole new motherboard is virtually dead-on-arrival for the first few years, I might have a bigger problem with the security aspect of this strategy. More specifically, I have concerns about the part that says "allow the recovery key to be stored on a removable storage device for Windows Vista". Any cryptographic module (essentially what a TPM is) that permits a private key export function would have to be immediately suspect unless extreme precautions are taken. To put this in simple terms, if you can "backup" your TPM to a removable storage device, what is there to prevent a little social engineering and a well planted backdoor to also "backup" your TPM so that some devious hacker can replicate it remotely? Smartcards and Smartcard USB dongles are secure because they can't be easily replicated without physically stealing the device. There isn't suppose to be a private key export function that can be exploited in the first place. Smartcards are secure because their private keys never leave the device.
I can certainly understand the need for a recovery key, but this is better handled through a secondary decryption key that is handled by the corporate IT department or a trusted 3rd party that provides key recovery services. Microsoft's current EFS technology already has an established recovery method that can easily be managed in a corporate environment. I've personally deployed EFS recovery agents on corporate networks and the technology works well. The biggest shortcoming with EFS is that it does not support hardware cryptographic modules such as smartcards or smartcard USB dongles.
Using the external USB smartcard dongle or maybe even a Bluetooth wireless smartcard device would seem to make the most sense from an upgradeability and security standpoint and I've commented on this technology extensively in the past. I've even seen smartcard devices that have biometric fingerprint sensors or pin entry keys to further enhance their security. Vista would then be able to designate multiple smartcard devices as the encryption/decryption engine without the need to export the private key to an unsecured storage device. This would also allow the end-user to put away a few "spare" smartcards if they ever lose their primary smartcard. The lost smartcard could simply be revoked in Vista and the user would just need to pull out one of the spares. Other consumers might just add a trusted third party's digital certificate as the emergency recovery agent for a small subscription fee so they don't need to worry about managing their own spares. I just don't see the wisdom in Microsoft's current strategy of going to a non-existent TPM that must be embedded into future motherboards which have to then back up their sensitive private keys to a dumb and insecure removable storage device.
Here is my bottom line:
- I'm not against the use of TPMs in Vista because TPMs have the potential to facilitate widespread use of hardware based strong authentication and encryption. Microsoft should simply drop the idea of a TPM key export function if they don't want this "feature" to become a butt of security jokes when hackers start stealing TPM keys.
- To add upgradeability, flexibility, and spare key functionality to Vista, simply add standardized smartcard support. These smartcards can come in badge, USB, or wireless Bluetooth form for maximum flexibility depending on the user's preferences. Smartcard USB dongles that are certified for Microsoft CryptoAPI compatibility are already on the market today for as little as $60. Microsoft should simply take advantage of them to deliver a robust and secure next generation operating system.