is "secure" hardware worth it? (Was: Re: fyi: bear/enforcer open-source TCPA project)

[Sean Smith]

Just to clarify... 

I'm NOT saying that any particular piece of "secure" hardware can never be
broken.   Steve Weingart (the hw security guy for the 4758) used to insist that
there was no such thing as "tamper-proof." On the HW level, all you can do is
talk about what defenses you tried, what attacks you anticipated, and what
tests you tried.

What I am saying is that using "secure coprocessors"---defined loosely, to
encompass this entire family of tokens---can be a useful tool.  Whether one
should use this tool in any given context depends on the context. Are there
better alternatives that don't require the assumption of physical security?
How much flexibility and efficiency do you sacrifice if you go with one of
these alternatives? How dedicated is the adversary?  What happens if a few
boxes get opened?  How much money do you want pay for a device?

Some cases in point: it's not too hard to find folks who've chosen
a fairly weak point on the physical security/cost tradeoff, but still
somehow manage to make a profit.  

Of course his all still leaves unaddressed the fun research questions of how to
build effective coprocessors, and how to design and build applications that
successfully exploit this security foundation.  (Which is some of what I've
been looking into the last few years.)


--Sean

-- 
Sean W. Smith, Ph.D.                         sws at cs.dartmouth.edu   
http://www.cs.dartmouth.edu/~sws/       (has ssl link to pgp key)
Department of Computer Science, Dartmouth College, Hanover NH USA




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com