background image

D10.2 Midterm Standardisation Report

(M18) April 2007

Project number

IST-027635

Project acronym

Open_TC

Project title

Open Trusted Computing

Deliverable type

Report 

Deliverable reference number

IST-027635/D10.2/V1.0 Final

Deliverable title

Midterm Standardisation Report

WP contributing to the deliverable

WP10

Due date

Arpil 2007 (M18)

Actual submission date

June 14, 2007

Responsible Organisation

IFX

Authors

Hans Brandl

Abstract

Participating in the standardisation work of
the Trusted Computing Group (TCG) and also
other related standardisation organisations is
a main activity for the distribution and public
dissemination of the project results; 
OpenTC has therefore started
standardisation work already from the
beginning of the project to become familiar
with the procedures and targets and find out
which information can be easily adapted to
standards.
Main standardisation activities during the
first 18 month concerned the TCG, JAVA,
MPEG, ETSI, OMA as described in this report.

Keywords

Standardisation, TCG, JAVA,OMA, ETSI, DRM,
MPEG

Dissemination level

Public 

Revision

V1.0 Final

Instrument

IP

Start date of the
project

1

st

 November 2005

Thematic Priority

IST

Duration

42 months

background image

Midterm Standardisation Report

V1.0 Final

If you need further information, please visit our website 

www.opentc.net

 or contact

the coordinator:

Technikon Forschungs-und Planungsgesellschaft mbH
Richard-Wagner-Strasse 7, 9500 Villach, AUSTRIA
Tel.+43 4242 23355 –0
Fax. +43 4242 23355 –77
Email 

coordination@opentc.net

The information in this document is provided “as is”, and no guarantee

or warranty is given that the information is fit for any particular purpose.

The user thereof uses the information at its sole risk and liability.

Open_TC D10.2

2/8

background image

Midterm Standardisation Report

V1.0 Final

Table of Contents

1  Introduction...............................................................................................................4
2  Standardisation work and contribution within the Trusted Computing Group............4

2.1 Trusted Computing standardisation contributions in more detail:..........................5

3  Digital Rights management related standardisation activities...................................6

3.1 MPEG Participation.................................................................................................6

4  ETSI-Standardisation..................................................................................................7
5  Mobile phone standards.............................................................................................7
6  List of Abbreviations .................................................................................................8

Open_TC D10.2

3/8

background image

Midterm Standardisation Report

V1.0 Final

Introduction

Standardisation is one of the key elements for the success of the OpenTC project,
because it is the key element for the further use and exploitation of the project
outcome. OpenTC will elaborate proposals of standards and will donate them to
relevant standardisation bodies. A strong cooperation during the project and beyond
the project time frame with the standardisation bodies is therefore necessary. The
intermediate results, gained throughout the project duration, are processed and fed
into the competent standardization bodies by the respective consortium members.
The consortium already has relations to various bodies like 3GPP, OMA, MPEG, JAVA
and TCG. Due to the activities of the TCG board members and other standardization
bodies members a tight relation to other industry developments can be ensured.
Three areas of standardisation have been identified and are targeted by the project:

TC orientated like within the TCG-Group

Infrastructure oriented, like protocols and interfaces for integrating TC into today’s
IT and security world

Application oriented for the enhancement of existing application fields with trust
and for the generation of new applications

OpenTC members participated in the TCG work groups for transfer of information and
announced and informed the group about the establishing of the OpenTC project and
the targets of the projects.
One technical main activity was the provision of the current activities concerning main
work at TPM and TSS standardisation for the work within WP03. The WP03 with the
basic TSS stack package was already planned and contains also elements (like the
inclusion of SOAP interface technology) together with the newest TCG standardisation
discussions.

Standardisation work and contribution within the Trusted

Computing Group

The Trusted Computing Group (TCG)

 

is the internationally accepted standardization

board which sets all relevant issues on the basic layers of our targeted activities.
Open_TC is the complementary of the TCG for building a trusted system based on
open source. It is therefore important to continuously exchange standardisation and
background information between the TCG and Open_TC. Open_TC partners are regular
members of the TCG (e.g. HP, IBM) or just joining the TCG liaison programme.
Therefore the consortium has direct access to exchange ideas and information
between the TCG and the Open_TC project. 

Memberships:

The 

industrial project members

 (HP, IBM, AMD and IFX) where already at the start

of the project regular members of the TCG and even also members of the board of
directors of the TCG.  The TCG board of directors member of IFX is also active within
OpenTC and leader of  WP03. So we have a very short connection between OpenTC
and the TCG on the technical as well as the organisational and political level.

Open_TC D10.2

4/8

background image

Midterm Standardisation Report

V1.0 Final

TCG Liaison Program

This special program of the TCG allows academic institutions, industry standards
bodies, government agencies and special interest groups with a stake in computing
security to participate in TCG Work Groups. Members in this program are anticipated
to help TCG to stay current with research, standards and concerns of other important
institutions involved in security. Liaison program members can participate in all work
groups of the TCG and influence and get first hand results from the standardisation
work. 
During the first half year of the project IAIK and POLITO joined the liaison program,
RUB will join in short time; other OpenTC members are planning to follow.

2.1 Trusted Computing standardisation contributions in more detail:

a. At the beginning of the work within OpenTC it was clear that the Trusted

Software Stack (TSS) standard of the TCG (the interface between the Trusted
Platform Module (TPM) which is the elementary hardware security module and
the host software and operating system)had to be fully renewed out of new
findings, development of the state of the art and influences from other
standards. The work within WP3, namely the development of  the new TSS was
therefore done in full cooperation with the current standardisation work of the
TSS working group within the TCG. The nearly stable results of the
standardisation work where immediately implemented within Workpackage
WP3.2 TSS development and on the other hand the results and implementation
feedback from WP3.1 influenced the practical formulation of the new TSS
standard in a very large manner. At the end of this development phase (M18,
which is now) we had realised a final implementation of the new TSS standard
version, which reflects as a reference implementation of the new TSS standard,
which is just now published as the new valid standard.

b. Contributions to additional language interfaces of the TSS:

- For the adaptation of the TSS to different host systems it is useful to
implement adaptation layers to existing accepted standards. Currently the
existing version contains interfacing description to the Microsoft proprietary
CAPI (crypto application interface) and the open PKCS#11 standard (also
cryptographic). As there was at the beginning of the project an existing Linux
open, general PKCS#11 implementation, Polito took over the task to realise a
specific adaptation of PKCS#11 to the requirements of trusted computing. Also
to the TSS stack (as it is structurally located at the top of the TSS stack). By this
work this implementation was also created as a reference for TSS extension in
Linux and brought it in into the public standard implementation repository.

- As the JAVA language system is now widely accepted and used within the
community and within WP4 and WP5 of the OpenTC project, and there existed
no implementation of a trusted JAVA, IAIK started work on definition and
example implementation of JAVA as an additional application interface of the
TSS. IAIK got worldwide first implementation experience for implementing a
JAVA Wrapper for TSS (which was until now used within OpenTC as functionally
management implementation of trusted OS within WP5). As this implementation
now is already working, IAIK has started to bring these results not only into the
TCG as a contribution, but also to the JAVA forum as an extension of the current

Open_TC D10.2

5/8

background image

Midterm Standardisation Report

V1.0 Final

JAVA standard.

c. Work on the Direct Anonymous Attestation (DAA) protocol.

The DAA is a new approach for digital authentication between network
instances which extends existing standard certificate based methods (like the
well known digital public key certificate measures). DAA is an own and
recognized entity that interacts with the TPM to install a set of DAA-credentials
in the TPM. The DAA issuer provides certification that the holder of such DAA-
credentials meets some criteria defined by the Issuer. In many cases the Issuer
will be the platform manufacturer, but other entities can become issuers. As
TCG standards contain the first practical use of this DAA methods and this
technology is very new with minimal practical experience about implementation
worldwide analysis and feedback about DAA was made in WP5 mainly by IBM
and results were brought back to the TCG standardisation work.

Digital Rights management related standardisation activities

Digital rights implementations of TCG mechanism are expected to be one of the main
application and use fields of trusted computing solutions in the future. There is also a
large expected economical impact for the management and trading of media content
but also of securing the conditional access to and processing organisational (industrial,
governmental) and private data. 
Due to some political and societal discussions, this wide field of possible use of tech-
nology was until now never been analysed and worked on in detail. As TUM/LDV has a
broad background in working on such DRM oriented standard they made large contri-
butions to the use of TC technology for protecting media rights. 

Media coding standards including security features (MPEG-4 and MPEG-21 REL, RDD,
IPMP), which facilitate the development of interoperable DRM is a topic covered by
Technical University Munich (LDV).

3.1 MPEG Participation

The LDV participated in the MPEG standardisation work to promote the Open Release
MAF and especially in two main standardisation meetings:

76

th

 MPEG Meeting – Montreux

The 76

th

 MPEG Meeting took place from 03.04.2006 till 07.04.2006 in Montreux. During

this meeting the proposal for the Open Release MAF was raised for the first time. The
contributed document describes Use Cases and the preliminary requirements for the
proposal. Additionally a prototype of the system was presented, which shows the basic
concept and the usage of the DRM System. The Proposal reached the status “Under
Consideration”.

Open_TC D10.2

6/8

background image

Midterm Standardisation Report

V1.0 Final

77

th

 MPEG Meeting – Klagenfurt

Between 17 and 21 July 2006 was the 77

th

 Meeting, which was held in Klagenfurt. The

LDV presented a document containing enhanced Use Cases and Requirements for the
Open Release MAF. There was a discussion about the underlying REL Structure, which
was proposed by other partners. It was agreed, that these issues should be clarified till
the next meeting.

Summary

The Standardization efforts in the MPEG group led to specifying a lightweight DRM sys-
tem based on MPEG-21 standards and the joint development of a creative commons li-
cence scheme for such a system. Known as OpenRelase MAF, the development efforts
of this standard contributes for the application of MPEG-21 tools in the final DRM sys-
tem such as REL(Rights Expression Languge), RDD(Rights Data Dictionary), MPEG-21
file-format, EV (event reporting) and the support of Creative Commons licensing in a
DRM system.

ETSI-Standardisation

POLITO is member in the Technical Committee Electronic Signatures and
Infrastructures (TC-ESI) of ETSI and contributed TCG results to the field of signing
applications and worked also within the corresponding national body in Italy
(UNI/UNINFO).

Mobile phone standards

OMA. 3GPl

: IFX is a member of the Open Mobile Association (OMA) and 3GP

organisation, which defines most of the issues of the mobile phone world. That also
includes the security requirements of mobile phones and implementation standards
e.g. for DRM. 
IFX contributed actively to the detailed definition of the OMA trust layer, regarding
implementation experience and results from the OpenTC project, which is mainly the
interfacing of the OMA function to a lower basic trust function layer as it is defined by
the TCG standard.

Open_TC D10.2

7/8

background image

Midterm Standardisation Report

V1.0 Final

List of Abbreviations 

DAA

Direct Anonymous Attestation protocol. Digital authentication
between network instances based on zero knowledge algorithm.

DRM

Digital rights management

ETSI

European Telecommunications Standards Institute

 

JAVA

Object oriented programming technology and language

MAV

Multi Access Video

MPEG

Moving pictures Expert group, Standardisation groups for Video and
Audio Coding

OMA

Open mobile Association

TCG

Trusted computing Group

TSS

Trusted Software stack (API between TPM and host system)

TPM

Trusted Platform Module , TCG standards security chip

3GP

3rd Generation Partnership Project , worldwide cooperation of
standardisation gremia for mobiles, esp. for UMTS and GERAN (GSM)

Open_TC D10.2

8/8