Crypto to defend chip IP: snake oil or good idea?

Anne & Lynn Wheeler lynn at garlic.com
Fri Jul 28 14:22:23 EDT 2006 

Thor Lancelot Simon wrote:
> So, you sign the public key the chip generated, and inject the _signed_
> key back into the chip, then package and ship it.  This is how the SDK
> for IBM's crypto processors determines that it is talking to the genuine
> IBM product.  It is a good idea, and it also leaves the chip set up for
> you with a preloaded master secret (its private key) for encrypting other
> keys for reuse in insecure environments, which is really handy.
> 
> But do we really think that general-purpose CPUs or DSPs are going to
> be packaged in the kind of enclosure IBM uses to protect the private keys
> inside its cryptographic modules?

so one analogy to explore is somebody claims pin/passwords 
authentication infrastructures have the exact same vulnerabilities (no 
more and no less) as private key digital signature authentication. that 
evesdropping attacks on digital signatures represents the exact same 
vulnerability as evesdropping on pin/passwords.

to further explore this analogy ... the registration of a public key as 
part of digital signature infrastructure represents the same exact 
vulnerability as pin/password registration .... i.e. that anybody having 
access to the public key registration file can take the public key and 
perform a fraudulent authentication ... because just like in 
pin/password authentication paradigm ... the public key is used for both 
originating the authentication as well as verifying the authentication.

for some additional assertions in this analogy ... that would imply that 
an attacker only needs to learn the public key in order to perform a 
successful attack and doesn't actually require access to the private key 
at all (assuming an assertion that a serialno/pin/password 
authentication paradigm has the same exact vulnerabilities and threats
as public/private key digital signature authentication paradigm).

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list