[Cryptography] Untrusted Turtles all the way down

Jerry Leichter leichter at lrw.com
Fri Apr 10 07:18:51 EDT 2015 

On Apr 9, 2015, at 4:17 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
> I've been working with computers for 54 years, and have watched an amazing & unending series of "virtualization" steps.
> 
> Basically, for every "Moore's Law" step, we gain an additional level of emulation; in Turing Machine terminology, each Moore's Law step adds only a small fixed constant amount of tape to store the new instruction set interpreter.
Where exactly do you see this?  At the hardware level, we went to microprogrammed machines a *long* time ago; then went back to RISC; then went to something in between (x86 is kind of JIT-compiling-to-RISC).  At the software level, interpreters go way back, and again we keep hoping back and forth.  Java started as a pure interpreter, but all real implementations these days are compiled - it's just that the compilation is "late".  Javascript was interpreted for a long time, but it's being (late-)compiled these days, too.

> However, each such additional step adds to the threat surface, so from a security perspective things are getting monotonically worse.
I don't really see any necessary relationship between style of execution and attack surface either.  There might be more code, but less of it might be attackable - e.g., attacking a the byte code of a program with a typed, assertion-checking interpreter is much more difficult than attacking the native executable code of some traditional RISC, where type punning and free modification of addresses is a given.

> How come, therefore, the security "solution" always presented is to pile yet another "trusted" turtle to the stack (e.g., SMM, Trustzone, your favorite ***trust*** word here), in hopes that this will _increase_ security ?
Because the only way anyone has proposed to construct a secure system is to channel all the attacks onto smaller and smaller components?  Then you can concentrate all your protective efforts there.

Would you build a safe entirely out of plywood and then try to figure out how to keep attackers with Sawzalls away?  Or you use thick steel, forcing attackers to go after the lock?

SMM isn't a level of interpretation - it's a response to people wanting their chips to do "more", like use less power, or shut down gracefully when overheating, or (one early use) emulate PS/2 peripherals when only USB mice and keyboards are connected.  Sure, you could hard-wire this stuff - at much greater cost.  Trustzone can be abused, but without something like it, how do you store secrets in hardware that can resist attacks on the hardware itself - or even on the OS, the level you seem to think should be the only one in there?

> E.g., "UEFI" now looks more like "goofy" in retrospect, because we've added yet another hole to hide in.
UEFI's purpose was neither to be an interpreter for the running system, nor in and of itself to provide security.  Do you have reason to believe UEFI systems are inherently less secure than the BIOS-based systems it they designed to replace?

Look, I agree entirely that complexity is the enemy of security.  But complexity is also the necessary concomitant of solving complex problems - and the problems we are asking the our computers to solve are much more complex than those we attacked years ago.  An IBM 360 had no microphone, so could not possibly listen in to conversations in the machine room - not that it would likely have heard much of interest over the fan noise, the disk motors, and all the other stuff!  On the other hand, it couldn't run Skype or respond to voice commands either.  Its interactions with the world were extremely limited.

Oh, and IBM 360's were hacked, too.

The *only* way anyone has ever proposed to provide trust in such systems is exactly to channel the trust down to smaller and smaller pieces, hoping that you can eventually get down to something small and simple enough that it *deserves* trust.  Yes, that gives an attacker one spot - the lock on the safe door - to attack.  But that's much better than all that plywood.

Bruce Schneier has reported that the NSA's definition of a "trusted party" is "someone who can break your security".  Sounds odd, but it's exactly right.

                                                        -- Jerry

More information about the cryptography mailing list