Ross's TCPA paper

Hadmut Danisch hadmut at danisch.de
Thu Jul 4 16:54:11 EDT 2002


On Wed, Jul 03, 2002 at 10:54:43PM -0700, Bill Stewart wrote:
> At 12:59 AM 06/27/2002 -0700, Lucky Green wrote:
> >I fully agree that the TCPA's efforts offer potentially beneficial
> >effects. Assuming the TPM has not been compromised, the TPM should
> >enable to detect if interested parties have replaced you NIC with the
> >rarer, but not unheard of, variant that ships out the contents of your
> >operating RAM via DMA and IP padding outside the abilities of your OS to
> >detect.
> 
> It can?  I thought that DMA was there to let you avoid
> bothering the CPU.  The Alternate NIC card would need to have a
> CPU of its own to do a good job of this, but that's not hard.

I don't think so. As far as I understood, the 
bus system (PCI,...) will be encrypted as well. You'll have
to use a NIC which is certified and can decrypt the information
on the bus. Obviously, you won't get a certification for such
an network card.


But this implies other problems:

You won't be able to enter a simple shell script through the
keyboard. If so, you could simple print protected files as
a hexdump or use the screen (or maybe the sound device or any
LED) as a serial interface.

Since you could use the keyboard to enter a non-certified
program, the keyboard is to be considered as a nontrusted
device. This means that you either

* have to use a certified keyboard which doesn't let 
  you enter bad programs

* don't have a keyboard at all

* or are not able to use shell scripts (at least not in
  trusted context). This means a 
  strict separation between certified software and data.
  
  If Microsoft was able to do so, we wouldn't have 
  worms.



Hadmut




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list