remote-attestation is not required (Re: The bank fraud blame game)

Hal Finney hal at finney.org
Tue Jul 3 11:09:28 EDT 2007


Adam Back <adam at cypherspace.org> writes:
> I do not believe the mentioned conflict exists.  The aim of these
> calculator-like devices is to make sure that no malware, virus etc can
> create unauthorized transactions.  The user should still be able to
> debug, and inspect the software in the calculator-like device, or
> virtual software compartment, just that installation of software or
> upgrades into that area should be under direct explicit user control.
> (eg with BIOS jumper required to even make any software change!)
>
> The ring -1 and loss-of-control aspects of TPM are different, they are
> saying that you are not really root on your own machine anymore!  In
> the sense that if you do load under a debugger the remote party can
> tell this and refuse to talk with you.

I agree with Adam that the unique and defining aspect of TPM technology
is this property that users can prove their machine state without being
able to lie about it (modulo hardware attacks etc).  This can easily work
to the user's detriment - lying is often useful - but could sometimes
be to the user's advantage as well - being able to provably tell the
truth is useful too.

In the case of bank security, the question is whether there is any
point in trying to keep users from being able to falsify information
about their system configuration and software status.  Generally, the
user has no incentive to do so.  The question is whether attackers could
somehow exploit the ability of users to make undetected changes to their
"secure computing base" via social engineering and similar hacks.

In the case of the calculator-like device, for example, if it is fully
reprogrammable by the user, is there a risk that he could be fooled
into hooking it up to his computer in that mode and letting attackers
change its workings?  Or in the case of a TPM-like chip with an owner
override, could he be manipulated into using the override so as to make
fake banking software look real?

Such questions have two sides to them: the case of a user who does
get fooled into taking these actions and is harmed by them; and the
case of a user who merely pretends to have gotten tricked like this
in order to escape liability for transactions he truly did originate.
Defending against the latter class of frauds may give the bank incentive
to prefer systems where users cannot override their security, so as to
reduce the chance of false repudiations.

Looking at the system as a whole, then, there may indeed be a case for
financial security systems that cannot be overridden by end users.
If such measures reduce the overall costs of fraud in the system,
then users do benefit at least indirectly from giving up this degree
of control.  Sometimes in life, paradoxically, you do better by being
able to give up certain options, in a verifiable way.  TPM technology's
benefits to the user would arise from such paradoxical situations.

Hal Finney

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list