Unattended reboots (was Re: The clouds are not random enough)

[lists at notatla.org.uk]

Arshad Noor <arshad.noor strongauth.com> wrote:

> to the keys, in order for the application to have access to the keys in
> the crypto hardware upon an unattended reboot, the PINs to the hardware
> must be accessible to the application.  If the application has automatic
> access to the PINs, then so does an attacker who manages to gain entry
> to the machine.

> If you (or anyone on this forum) know of technology that allows the
> application to gain access to the crypto-hardware after an unattended
> reboot - but can prevent an attacker from gaining access to those keys
> after compromising a legitimate ID on the machine - I'd welcome hearing
> about it.  TIA.

You could have a device that uses the keys only once for each time
it is powered on, and see that the intended process uses it early
in the boot process to answer the challenge of whatever it's
authenticating to.  This could be simulated in s/w using something
such as BSD securelevel or having a different sudoers file for
one part of the boot process.

Then you're going to want only cold reboots, and if your device doesn't
work when expected you'd wonder whether someone beat you to it.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com