[Cryptography] Cheap forensic recorder
Emin Gün Sirer
el33th4x0r at gmail.com
Sun Mar 1 09:02:25 EST 2015
On Sun, Mar 1, 2015 at 8:52 AM, Phillip Hallam-Baker <phill at hallambaker.com>
wrote:
>
> If I am using a Raspberry Pi with a clean O/S install from a source I have
> checked the thumbprint of, I have a lot more control than is possible using
> a TPM.
>
> The TPM is really designed to solve a different set of problems to do with
> running the system for a long period of time.
>
The TPM (and similar technologies) gives you attestation to binary images,
which in turn ensures that the images you think you're running are indeed
the images your CPU is executing.
For instance, if the OS on which you prepared the Raspberry image was
compromised, your tools could be storing an adulterated OS image and
reporting a different hash, and you'd be none the wiser. Reading Ken
Thompson's "Trusting Trust" paper might be a good idea for anyone involved
in systems that stand up to forensic scrutiny. Your current setup is not
very secure: the TCB is very large because you transitively trust countless
systems; the integrity of your findings depends on the provenance and
integrity of every single system that went into preparing the final boot
image. The TPM, and similar hardware measures, can enable you to perform an
end-to-end check, rooted in the hardware root of trust provided by the
hardware.
- egs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150301/1c0592dd/attachment.html>
More information about the cryptography
mailing list