example: secure computing kernel needed

Paul A.S. Ward pasward at ccng.uwaterloo.ca
Thu Dec 11 19:25:51 EST 2003 

I'm not sure why no one has considered the PC banking problem to be a
justification for secure computing.  Specifically, how does a user know
their computer has not been tampered with when they wish to use it for
banking access.

Paul

John S. Denker wrote:

> Previous discussions of secure computing technology have
> been in some cases sidetracked and obscured by extraneous
> notions such as
>  -- Microsoft is involved, therefore it must be evil.
>  -- The purpose of secure computing is DRM, which is
>     intrinsically evil ... computers must be able to
>     copy anything anytime.
>
> Now, in contrast, here is an application that begs for
> a secure computing kernel, but has nothing to do with
> microsoft and nothing to do with copyrights.
>
> Scenario:  You are teaching chemistry in a non-anglophone
> country.  You are giving an exam to see how well the
> students know the periodic table.
>  -- You want to allow students to use their TI-83 calculators
>     for *calculating* things.
>  -- You want to allow the language-localization package.
>  -- You want to disallow the app that stores the entire
>     periodic table, and all other apps not explicitly
>     approved.
>
> The hardware manufacturer (TI) offers a little program
> that purports to address this problem
>   http://education.ti.com/us/product/apps/83p/testguard.html
> but it appears to be entirely non-cryptologic and therefore
> easily spoofed.
>
> I leave it as an exercise for the reader to design a
> calculator with a secure kernel that is capable of
> certifying something to the effect that "no apps and
> no data tables (except for ones with the following
> hashes) have been accessible during the last N hours."
>
> Note that I am *not* proposing reducing the functionality
> of the calculator in any way.  Rather I am proposing a
> purely additional capability, namely the just-mentioned
> certification capability.
>
> I hope this example will advance the discussion of secure
> computing.  Like almost any powerful technology, we need
> to discuss
>  -- the technology *and*
>  -- the uses to which it will be put
> ... but we should not confuse the two.
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to 
> majordomo at metzdowd.com



-- 
----------------------------------------------------------------------------
Paul A.S. Ward, Assistant Professor  Email: pasward at ccng.uwaterloo.ca
University of Waterloo                      pasward at computer.org
Department of Computer Engineering   Tel: +1 (519) 888-4567 ext.3127
Waterloo, Ontario                    Fax: +1 (519) 746-3077
Canada N2L 3G1                       URL: http://www.ccng.uwaterloo.ca/~pasward



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list