A personal computer (PC) usage model that is gaining popularity is for users to carry their data and applications on portable storage media (such as USB flash drives, or keys, or USB hard drives) and access their data or run their applications on several different PCs. A common usage model occurs when a user downloads files and/or applications from an office computer onto a flash drive and then transports the flash drive to a home computer, and vice versa. Business travel and field work are other very common uses for this type of data handling. Several portable devices such as music and media players, PDAs, digital cameras, game consoles, and cellular phones include large amounts of storage. Such devices may appear as portable storage devices when connected to a host computer, for example through a USB cable. Therefore users may carry data and programs on such devices and use the host computer to access the data or execute the programs resident on the portable device. These devices may be used for their primary purpose, e.g., listening to music, when they are not connected to a host computer.
Sometimes users store their sensitive content on the portable storage media in encrypted form, using password protection, to prevent the data from being compromised if the storage media is lost. In some cases, biometrics, such as finger prints, are employed to protect the encrypted data on the portable storage media. It is also possible to have different levels of encryption to protect data that has different levels of confidentiality.
While the security mechanisms mentioned above help protect the user's data if the media is lost, these mechanisms do not protect the user's data from viruses, or other malicious software that may be present on the foreign PCs used to access the data. When the user plugs in his media into a foreign PC and provides one or more decryption credentials (passwords or biometrics), the data is potentially accessible to malicious software that may be present on that PC.
The user needs a way to validate the PC that he is about to use, and verify that it is not compromised by malicious software before proceeding to use the machine in a more full-fledged manner, for example presenting his decryption credentials on the PC to enable access to his sensitive data. This is somewhat similar to the problem of securely booting a regular PC platform, i.e., making sure all the software started on a PC during the boot process is valid. Over the past several years, major players in the PC industry have agreed on generic hardware/software architecture (e.g., the Trust Computing Group or TCG Specification) designed to support important security capabilities (secure boot included) on the most popular computing architectures (PCs, PDAs, cell phones).
Unfortunately, when booting from external storage devices, TCG compliant PCs cannot be easily configured to verify the integrity of the host platform before asking for the user credentials, which are later used to decrypt user data on the portable storage medium. This is because TCG was designed with the assumption that TPM (Trusted Platform Module) is used to verify the integrity of a boot sequence that was previously performed on the platform; while booting from an external storage device brings together in a boot sequence software components that have never worked together before. For basically the same reason, not even the TPM 1.2 capabilities, including DRTM (Dynamic Root of Trust Measurement), can be used in the case of booting from an external device. In addition, TPM-equipped PCs are not yet widely available. As a result, there is a need for a different approach to verifying a PC platform when booting from an external device.