Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)

Stefan Lucks lucks at th.informatik.uni-mannheim.de
Mon Dec 15 12:33:47 EST 2003 

On Sun, 14 Dec 2003, Jerrold Leichter wrote:

> Which brings up the interesting question:  Just why are the reactions to
> TCPA so strong?  Is it because MS - who no one wants to trust - is
> involved?  Is it just the pervasiveness:  Not everyone has a smart card,
> but if TCPA wins out, everyone will have this lump inside of their
> machine.

There are two differences between TCPA-hardware and a smart card.

The first difference is obvious. You can plug in and later remove a smart
card at your will, at the point of your choice. Thus, for homebanking with
bank X, you may use a smart card, for homebaning with bank Y you
disconnect the smart card for X and use another one, and before online
gambling you make sure that none of your banking smart cards is connected
to your PC. With TCPA, you have much less control over the kind of stuff
you are using.

This is quite an advantage of smart cards.

The second point is perhaps less obvious, but may be more important.
Usually, *your* PC hard- and software is supposed to to protect *your*
assets and satisfy *your* security requirements. The "trusted" hardware
add-on in TCPA is supposed to protect an *outsider's* assets and satisfy
the *outsider's* security needs -- from you.

A TCPA-"enhanced" PC is thus the servant of two masters -- your servant
and the outsider's. Since your hardware connects to the outsider directly,
you can never be sure whether it works *against* you by giving the
outsider more information about you than it should (from your point if
view).

There is nothing wrong with the idea of a trusted kernel, but "trusted"
means that some entity is supposed to "trust" the kernel (what else?). If
two entities, who do not completely trust each other, are supposed to both
"trust" such a kernel, something very very fishy is going on.


Can we do better?

More than ten years ago, Chaum and Pedersen presented a great idea how to
do such things without potentially compromising your security. Bringing
their ideas into the context of TCPA, things should look like in the
following picture

   +---------------+         +---------+         +---------------+
   | Outside World | <-----> | Your PC | <-----> | TCPA-Observer |
   +---------------+         +---------+         +---------------+

So you can trust "your PC" (possibly with a trusted kernel ... trusted by
you). And an outsider can trust the observer.

The point is, the outside world does not directly talk to the observer!

Chaum and Pedersen (and some more recent authors) defined protocols to
satisfy the outsider's security needs without giving the outsider any
chance to learn more about you and the data stored in your PC than you
want her to learn.

TCPA mixes "Your PC" and the "observer" into one "trusted kernel" and is
thus open to abuse.

Reference:

  D. Chaum and T. Pedersen. Wallet databases with observers.
  In Crypto '92, LNCS 740, pp. 89-105.



-- 
Stefan Lucks      Th. Informatik, Univ. Mannheim, 68131 Mannheim, Germany
            e-mail: lucks at th.informatik.uni-mannheim.de
            home: http://th.informatik.uni-mannheim.de/people/lucks/
------  I  love  the  smell  of  Cryptanalysis  in  the  morning!  ------

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list