Ross's TCPA paper

Lucky Green shamrock at cypherpunks.to
Fri Jul 5 01:54:34 EDT 2002 

Hadmut Danisch wrote:
> On Wed, Jul 03, 2002 at 10:54:43PM -0700, Bill Stewart wrote:
> > At 12:59 AM 06/27/2002 -0700, Lucky Green wrote:
> > >I fully agree that the TCPA's efforts offer potentially beneficial 
> > >effects. Assuming the TPM has not been compromised, the TPM should 
> > >enable to detect if interested parties have replaced you 
> NIC with the 
> > >rarer, but not unheard of, variant that ships out the contents of 
> > >your operating RAM via DMA and IP padding outside the abilities of 
> > >your OS to detect.
> > 
> > It can?  I thought that DMA was there to let you avoid 
> bothering the 
> > CPU.  The Alternate NIC card would need to have a CPU of 
> its own to do 
> > a good job of this, but that's not hard.
> 
> I don't think so. As far as I understood, the 
> bus system (PCI,...) will be encrypted as well. You'll have
> to use a NIC which is certified and can decrypt the 
> information on the bus. Obviously, you won't get a 
> certification for such an network card.

You won't and Bill won't. But those who employ such NIC's will have no
difficulty obtaining certification.

> But this implies other problems:
> 
> You won't be able to enter a simple shell script through the 
> keyboard. If so, you could simple print protected files as a 
> hexdump or use the screen (or maybe the sound device or any
> LED) as a serial interface.
> 
> Since you could use the keyboard to enter a non-certified 
> program, the keyboard is to be considered as a nontrusted 
> device. This means that you either
> 
> * have to use a certified keyboard which doesn't let 
>   you enter bad programs
> 
> * don't have a keyboard at all
> 
> * or are not able to use shell scripts (at least not in
>   trusted context). This means a 
>   strict separation between certified software and data.

Sure you can use shell scripts. Though I don't understand how a shell
script will help you in obtaining a dump of the protected data since
your script has insufficient privileges to read the data. Nor can you
give the shell script those privileges since you don't have supervisor
mode access to the CPU. How does your shell script plan to get past the
memory protection?

What am I missing?
--Lucky


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list