Overcoming the potential downside of TCPA
lynn.wheeler at firstdata.com
lynn.wheeler at firstdata.com
Wed Aug 14 18:36:31 EDT 2002
Just because some cars have anti-theft devices that can be defeated in
seconds .... doesn't make all auto anti-theft devices useless.
so you have currently have an environment that has no protection and
everything is totally wide open.
lets say a hardware chip that currently has no tamper resistance and a
whole infrastructure is put in place based on having security based on a
hardware chip. Hypothetically it eliminates allt the non-physical attacks.
however there are still vulnerabilities involving physical attacks on the
hardware components.
Would that be beneficial? Would it be helpful to eliminate all network and
electronic attacks leaving only physical attacks?
One of the issues is that some amount of the population actually has some
sensitivity for dealing with physical attacks. Part of the current problem
is many people don't have any experience dealing with electronic and
non-physical attacks. I would consider the elimination of all electronic
and network attacks as an interesting prospect.
So what does the world currently do about physical attacks.
Some organizations .... if they physical own the device and trying to
protect against outside attacks .... might put the device under armed
guards.
If it is DRM, where the chip is, in effect, acting as a proxy agent on
somebody else's behalf then there is issue about protection about physical
attacks by the person in possesion of the device. Tamper-resistance just
ups the cost of a succesful attack. One could hypothesis the value of
something that is always in excess of the protection measures. .... i.e.
security proportional to the risk; aka ... regardless of the protection
measures there could always be some hypothetical value making it worth the
cost of mounting an attack.
The hypothetical DRM risk is possibly 90 percent of the infrastructure (not
single, here & there isolated copying .... copying being done everywhere).
Would some TCPA possibly both increase the percent of authorized copies and
reduce the unauthorized copies (i.e. a method to reduce unauthorized copies
to zero is by not publishing the works at all). The issue isn't absolutely
ruling out unauthorized copies .... the issue is increasing the percent of
authorized copies.
So hypothetically, the environment has reduced all the vulnerabilities and
attacks to attacks just on the physical chip. It is possible that market
forces could react to such an environment and opportunity. One
opportunity might be higher priced PCs that have chips evaluated at
EAL7-high with loads of tamper-resistance along with certain works are only
available on machines having the higher evaluated chips.
random mutterings about parameterized risk management:
http://www.garlic.com/~lynn/99.html#235 Attacks on a PKI
http://www.garlic.com/~lynn/99.html#238 Attacks on a PKI
http://www.garlic.com/~lynn/aadsm2.htm#stall EU digital signature
initiative stalled
http://www.garlic.com/~lynn/aadsm2.htm#strawm3 AADS Strawman
http://www.garlic.com/~lynn/aadsm3.htm#cstech3 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm3.htm#cstech4 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm3.htm#cstech5 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm3.htm#cstech9 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm3.htm#kiss2 Common misconceptions, was Re:
KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION
:draft-ietf-pkix-scvp-00.txt))
http://www.garlic.com/~lynn/aadsmore.htm#bioinfo2 QC Bio-info leak?
http://www.garlic.com/~lynn/aadsmore.htm#bioinfo3 QC Bio-info leak?
http://www.garlic.com/~lynn/aadsmore.htm#biosigs biometrics and electronic
signatures
http://www.garlic.com/~lynn/aepay3.htm#x959risk1 Risk Management in AA /
draft X9.59
http://www.garlic.com/~lynn/aepay6.htm#x959b X9.59 Electronic Payment
standard issue
http://www.garlic.com/~lynn/2000.html#46 question about PKI...
http://www.garlic.com/~lynn/2000.html#57 RealNames hacked. Firewall issues.
bear at sonic.net on 8/14/2002 9:19 am wrote:
The problem with this idea is that TCPA is useless. For all the *useful*
things you are thinking of, you need TCPA plus an approved key. The only
way you are going to get an approved key is inside a tamper-resistant chunk
of hardware. If you should manage to extract the key, then yes, you'll be
able to create that CD. But the idea is that you, the hardware owner, are
not authorized to extract the information contained in your own hardware.
I find the idea of "owning" something without having the legal right to
open it up and look inside legally dubious at best, but I'm no lawyer....
The idea is that you shouldn't get anywhere without hardware hacking. The
people doing this have decided hardware hacks are acceptable risks because
they only want to protect cheap data -- movies, songs, commercial software,
whatever. They are sticking to stuff that's not expensive enough to
justify
hardware hacks.
However, if this infrastructure does in fact become trusted and somebody
tries to use it to protect more valuable data, God help them. They'll get
their asses handed to them on a platter.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list