Re: [OT] Trusted hardware

[Jonathan S. Shapiro]

On Mon, 2005-10-10 at 18:36 +0200, Ludovic Courtès wrote: 
> "Jonathan S. Shapiro" <address@hidden> writes:
> 
> > This is correct -- except that I don't think this is an oxymoron. We're
> > working on doing that very thing. Please continue to be skeptical until
> > (and after) we can demonstrate it.
> 
> I have mostly two griefs against so-called "trusted hardware":
> 
> 1.  I see no reason why I should /fully trust/ the vendor of that hardware
>     just because they say it's "trusted"; again, that's a "single point
>     of trust", and "trusted hardware" is about imposing this trust
>     relationship;

I share the same queasy feeling that you seem to have.

But if you don't trust the hardware vendor, you shouldn't be running on
their processor either...

Curiously enough, I think there is more reason for confidence in the
secure boot hardware than the processor, for three reasons:

1. The boot hardware is actually pretty simple.
2. We have seen long-term success by the CA's in guarding the root keys
3. We have known for years about supervisor-mode holes in all of the
   current commodity processors.

The question I have is whether we can build software that makes the
secure boot hardware useful.

> 2.  technically, there is no such thing as "tamper-proof hardware"
>     (which is implied by "trusted hardware"), IMO.

I agree. Actually, we *can* encrypt the disk beyond the practical limits
of feasible decrypt. The attack that we are concerned with at this point
is the passive bus snooping PCI card (or something qualitatively
similar, such as a bus probe).

At this point we are looking at a threat model where we can form a
reasonable estimation of risk. Except in really rare circumstances, the
benefits of stealing your data just don't justify the work involved.
Beyond that, we are now dealing with "hard" attacks rather than "soft"
attacks. The nice thing about this is that we are back in the domain
where insurance works, because the independence assumption once again
holds -- we can build an actuarial model concerning the percentage of
the user population that will agree to install hacking hardware in their
machines, and the percentage is low enough to insure against. This is
not true for soft attacks.

> As for smart cards, they are mostly "tamper-proof" because
> researchers finding how to "crack" them are put to jail (there was a
> famous case years ago in France, but I can't remember the name of the
> guy).

In the US, this seems to have died down. For now.

>   I also remember a talk by Jean-Jacques Quisquater about the use
> of electro-magnetic analysis as a means to crack smart cards (he's also
> advocating counter-measures on the other hand).

Sure, but its not a scalable attack. You need about $15k of gear and
physical access to the card and a fair amount of time. In the smart card
case, most of the attacks so far also have obvious counters.

I don't think we will ever build perfect security. Actually, I don't
know *anybody* who should be taken seriously who thinks this. I *am*
hopeful that we can get to the point of low-cost insurability, and I do
think this would be a step forward.

shap