Crypto to defend chip IP: snake oil or good idea?
Thor Lancelot Simon
tls at rek.tjls.com
Fri Jul 28 19:16:59 EDT 2006
On Fri, Jul 28, 2006 at 03:52:55PM -0600, Anne & Lynn Wheeler wrote:
> Thor Lancelot Simon wrote:
> >I don't get it. How is there "no increase in vulnerability and threat"
> >if a manufacturer of counterfeit / copy chips can simply read the already
> >generated private key out of a legitimate chip (because it's not protected
> >by a tamperproof module, and the "significant post-fab security handling"
> >has been eliminated) and make as many chips with that private key as he
> >may care to?
> >
> >Why should I believe it's any harder to steal the private key than to
> >steal a "static serial number"?
>
> so for more drift ... given another example of issues with static
> data authentication operations is that static serial numbers are
> normally considered particularly secret ... and partially as a result
> ... they tend to have a fairly regular pattern ... frequently even
> sequential. there is high probability that having captured a single
> static serial number ... you could possibly correctly guess another
> million or so static serial numbers w/o a lot of additional effort. This
> enables the possibly trivial initial effort to capture the first serial
> number to be further amortized over an additional million static serial
> numbers ... in effect, in the same effort it has taken to steal a single
> static serial number ... a million static serial numbers have
> effectively been stolen.
The simple, cost-effective solution, then, would seem to be to generate
"static serial numbers" like cipher keys -- with sufficient randomness
and length that their sequence cannot be predicted. I still do not see
the advantage (except to Certicom, who would doubtless like to charge a
bunch of money for their "20-40k gate crypto code") of using asymmetric
cryptography in this application.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list