[Cryptography] Cheap forensic recorder

Phillip Hallam-Baker phill at hallambaker.com
Sun Mar 1 09:43:25 EST 2015


On Sun, Mar 1, 2015 at 9:02 AM, Emin Gün Sirer <el33th4x0r at gmail.com> wrote:

> On Sun, Mar 1, 2015 at 8:52 AM, Phillip Hallam-Baker <
> phill at hallambaker.com> wrote:
>>
>> If I am using a Raspberry Pi with a clean O/S install from a source I
>> have checked the thumbprint of, I have a lot more control than is possible
>> using a TPM.
>>
>> The TPM is really designed to solve a different set of problems to do
>> with running the system for a long period of time.
>>
>
> The TPM (and similar technologies) gives you attestation to binary images,
> which in turn ensures that the images you think you're running are indeed
> the images your CPU is executing.
>
> For instance, if the OS on which you prepared the Raspberry image was
> compromised, your tools could be storing an adulterated OS image and
> reporting a different hash, and you'd be none the wiser. Reading Ken
> Thompson's "Trusting Trust" paper might be a good idea for anyone involved
> in systems that stand up to forensic scrutiny. Your current setup is not
> very secure: the TCB is very large because you transitively trust countless
> systems; the integrity of your findings depends on the provenance and
> integrity of every single system that went into preparing the final boot
> image. The TPM, and similar hardware measures, can enable you to perform an
> end-to-end check, rooted in the hardware root of trust provided by the
> hardware.
>

This is rhetoric, not argument.

Yes, I have read the Thompson paper and like much of the UNIX security work
I find an obsession with issues of mostly academic importance.

I remember back when folk were doing all the work on cryptographic
elections in the 1990s and the concern was to protect confidentiality.
People really didn't get my assertion that what I was interested in was the
ability to audit the election.

The concern here is to be able to provide the exact same environment to
opposing counsel so they can examine it.


A TPM really does not help very much because it is a sealed box that the
whole security of the system depends on and I can't audit it. I certainly
can't expect to explain it to counsel.

It is really easy to throw the 'transitive trust' problem, the TPM is just
as vulnerable.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150301/c5842cc9/attachment.html>


More information about the cryptography mailing list