The advent of eCommerce and eGovernment as well as the rapid expansion of world-wide connectivity asks for IT systems that guarantee a variety of security properties (authenticity, integrity, privacy, anonymity, availability) to protect security-critical information and data.
Additionally, today's distributed applications involve different parties (companies, end-users, content providers) with possibly conflicting interests and (security) requirements. Hence, it is desirable to guarantee any requirement in a reasonable and pragmatic way. Most of the currently used IT systems lack elementary security properties, such as integrity checks (secure booting) or the generation of secure cryptographic keys (through appropriate random number generators). Thus, the existing threats block the realization of useful applications and business models.
Cryptographic and security research communities have provided a variety of tools to achieve these security goals. However, all these solutions are based on the assumption that the underlying computing platform is secure, which is not the case since existing computing platforms, in particular common operating systems, lack mechanisms to support and to enforce adequate security policies that can easily be maintained by non-experts. Beside architectural security problems and the inherent vulnerabilities resulting from high complexity, common computing platforms require careful and attentive system administration skills, and are still unable to effectively protect individuals from executing malicious code. This can be seen when looking at the huge number of exploits and security updates as well as the high number of attacks through viruses, worms and Trojan horses. These problems concern Windows-based as well as Linux-based operating systems.
This situation brings about the need for developing a new generation of secure computing platforms that can provide multilateral security. The EMSCB Project aims to develop an open source and multilaterally secure computing platform that is capable of enforcing security policies of different parties in a distributed environment.
The EMSCB project which is partly funded by the German Federal Ministry of Economics and Technology aims at developing a trustworthy computing platform with open standards that solves many security problems of conventional platforms. The platform deploys hardware functionalities provided by Trusted Computing. The main architecture consists of a security kernel on a micro kernel and an efficient migration of existing operating systems.
In the sense of multilateral security, the EMSCB platform allows the enforcement of security policies of different parties, i.e., end-users as well as industry. Consequently, the platform enables the realisation of various innovative business models, particularly in the area of Digital Rights Management, while averting the potential risks of Trusted Computing platforms concerning privacy issues.
Therefore, an EMSCB platform has many positive economical and political advantages, such as:
- Improved security
- Reduced complexity
- Efficient and effective evaluation
- Portability on different hardware platforms
Avoiding potential misuse of Trusted Computing technology
Beneath the technical coordination of the project and the continuous development of trustworthy platforms based on Trusted Computing- and TURAYA technology, Rohde & Schwarz Cybersecurity GmbH and further project partners have developed and published the following demonstrators:
TURAYA.VPN: A secure VPN client, which protects the required cryptographic key material against malicious usage.
TURAYA.Crypt: A secure harddisk encryption module, which protects the confidentiality of the required cryptographic key, even if a user gains system rights.
TURAYA.FairDRM: A secure Content Viewer, which takes the security requirements of Content Providers as well as security and privacy concerns of users into consideration.
TURAYA.ERM: In cooperation with SAP, Rohde & Schwarz Cybersecurity GmbH has developed a demonstrator for an Enterprise Rights Management (ERM) system to enforce access control rights in a distributed network.
The source code of the EMSCB platform will be published under an open source license.