TPM support (Trusted Platform Module)

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
Post Reply
surfsup
Registered User
Posts: 18
Joined: Thu Aug 21, 2008 6:15 pm

TPM support (Trusted Platform Module)

Post by surfsup »

Is there a plan to implement support for this?
User avatar
HGN
Former Team Member
Posts: 4706
Joined: Wed Dec 03, 2008 1:53 pm
Location: The Netherlands
Name: Alfred
Contact:

Re: TPM support (Trusted Platform Module)

Post by HGN »

I am not sure how this is related to phpBB and what kind of support you would be expecting.
surfsup
Registered User
Posts: 18
Joined: Thu Aug 21, 2008 6:15 pm

Re: TPM support (Trusted Platform Module)

Post by surfsup »

The TPM can be used to provide a non-repudiated root of trust for the person logging in or registering. Also since the TPM is bound to a machine to validate the trustworthiness of the MACHINE....hackers, oncea machine is identified can be placed in a quarantined database and the TPM root of trust can be used to prevent them from access. Once a machine is used for spam somewhere, it is added to the database. The spammers would then have to buy another PC costing them lots of $$. The global Phpbb database is updated for everyone and voila...spammers defeated.
MarkTheDaemon
Former Team Member
Posts: 2770
Joined: Thu Oct 20, 2005 2:42 am
Location: United Kingdom
Name: Mark Barnes

Re: TPM support (Trusted Platform Module)

Post by MarkTheDaemon »

Can the TPM be accessed by the user's browser? I thought it was at a much lower level than that, more designed to ensure that operating systems are not modified?

In the vast majority of cases you'd be sending the details across unencrypted as well, isn't this a security issue?

I know very little about how it works so I could be completely wrong.
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: TPM support (Trusted Platform Module)

Post by Techie-Micheal »

Supporting something like that over the internet would require installation of a fat client over a thin client, and I'm not sure how many users would be willing to do that to access a bulletin board when they could simply go somewhere else that doesn't have it enabled.

Punkbuster is an example of this. It is an anti-cheat system many games use. It sends a hardware hash to a centralized service with the intention of if that hardware hash is ever identified of belonging to a user that cheated, that user's computer would be useless when playing games. However, sadly, it is easily bypassed.
Last edited by Techie-Micheal on Tue Nov 20, 2012 5:33 am, edited 1 time in total.
Proven Offensive Security Expertise. OSCP - GXPN
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: TPM support (Trusted Platform Module)

Post by Techie-Micheal »

MarkTheDaemon wrote:In the vast majority of cases you'd be sending the details across unencrypted as well, isn't this a security issue?
This is a fair and accurate point, given probably the vast majority of bulletin board installations not using SSL. So the fat client would communicate with the centralized service with SSL, but then how would bulletin boards share the data with the centralized service? Over non-SSL? There are ways to ensure tampering does not occur, with having MAC'd datastreams, but even encryption of the datastreams means key management on top of whatever licensing scheme is used to allow communication between BB and server. It's cheaper to use SSL at that point.
Proven Offensive Security Expertise. OSCP - GXPN
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: TPM support (Trusted Platform Module)

Post by Techie-Micheal »

I don't mean to be rude, surfsup, or to shoot down your idea, but it's something that requires a lot of architecture and user buy-in.
Proven Offensive Security Expertise. OSCP - GXPN
surfsup
Registered User
Posts: 18
Joined: Thu Aug 21, 2008 6:15 pm

Re: TPM support (Trusted Platform Module)

Post by surfsup »

yes but it would eliminate 99% of the spam problems we have to deal with. Considering nearly all PCs ship with TPMs and now all phones will start shipping with either a hardware TPM or a virtual TPM, this should be added to the database capability.

The US government requires TPMs for all new mobile and PC purchases and they must be turned on. Android just issued an update turning on capability for a virtual TPM. The UK govt is turning on TPMs.

This is just a suggestion to seriously consider. Tied into a service like Wave Systems' "Knowd", this will tell admins whether a device is healthy, and trustworthy, which will allow admins to automatically know if a device accessing the forum is to be trusted or not. A pc used to spam sites with russian porn will be caught early on and rated very lowly, below the access threshold, preventing access and spam.

Thanks.
User avatar
Lumpy Burgertushie
Registered User
Posts: 68282
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: TPM support (Trusted Platform Module)

Post by Lumpy Burgertushie »

all sounds a little iffy to me.

the main point is that it is not necessary. if you don't let the spammers register in the first place and dont' allow guest posting you don't have a big spam problem.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
Danielx64
Registered User
Posts: 1369
Joined: Wed Nov 04, 2009 5:51 am
Location: In a server room in Australia
Name: Daniel
Contact:

Re: TPM support (Trusted Platform Module)

Post by Danielx64 »

And what about people who use public computers and one decide to - it up for everyone else?
Please note that I will not be porting any of my mods to phpBB 3.1. Sorry for the inconvenience this may cause.
Image
Post Reply

Return to “phpBB Discussion”