[Cryptography] Cheap forensic recorder

[Natanael]

Den 28 feb 2015 20:17 skrev "Emin Gün Sirer" <el33th4x0r at gmail.com>:
>
> Unless the hardware+platform are attested to via a TPM or similar
technology, everything else is (well-intentioned) theater.

That's essentially what TrustZone is, except it isn't under exclusive
control of the CPU manufacturer. If allows for the device designer and/or
end user to specify what runs in the trusted environment.

Burn in a public key for the TrustZone signing verification (the USB Armory
has a write-once memory for a public key) belonging to an independent
entity both parties in court trusts, and have them sign an OS that uses the
secure boot features and OS protection and logging controlled by the code
inside the TrustZone. Then the device will only be able to boot that
particular OS in an untampered state (assuming no security holes!). The key
can be single use, i.e. only used to sign one OS image and then deleted.

For higher security and trustworthiness, I assume you could even use
threshold signatures such that you rely on non-collusion between two
entities each picked by one side in the court. If this is possible depends
on how the details of the signature verification and the public key
implementation in the device, but since one group has managed to implement
transparent ECDSA secp256k1 threshold signatures (the threshold signatures
are indistinguishable from normal signatures) I assume it will be possible
here too. So if everybody can agree on a trustworthy OS configuration to
run on the device, this would at least be plausible.

That last part is the real open question. How to you agree on a trusted
configuration? But that's not directly relevant to the original question of
how to achieve it in the first place, though.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150228/0cd1390c/attachment.html>