[Cryptography] Cheap forensic recorder

Arnold Reinhold agr at me.com
Wed Mar 4 11:03:46 EST 2015 

On Mar 2, 2015, at 10:33 PM, Emin Gün Sirer <el33th4x0r at gmail.com> wrote:

> >On Mon, Mar 2, 2015 at 10:29 PM, Arnold Reinhold <agr at me.com> wrote:
> >More generally, I think the way to approach “nothing up my sleeves” hardware is to move down in complexity, not up. I’d like to see a series of small security devices based on minimalist processors. We’ve talked about HRNGs in the past. How about a small device that did nothing but compute the hash of the contents of an SD card?
> 
> Ironically, you're describing a TPM platform.
> 

Perhaps in terms of functionality, but not in terms of trust model. TPMs, as I understand them, are opaque black boxes. We have to trust the manufacturers for their content. That works fine in a wide swath of corporate security applications, where policy must be asserted and maintained over many machines and users. But I don’t see how TPMs help individual practitioners who seek complete control of their computing environment. Some might say the Thompson “Trusting Trust” paper makes that goal unattainable, but I’m not convinced. Thompson assumed a fixed target that code hidden in the compiler attacks. In large systems it might even be possible to hide a large code blob that figures out what is going on and devises an attack. But by moving down in the complexity chain instead of up, it becomes harder to hide a smart evil code blob. Using a variety of microprocessor architectures and software sources, makes the Thompson attack even more difficult.

My approach is an ecosystem of simple devices made from inexpensive off the shelf components with wide availability and limited capabilities that solve specific problems, in this case just verifying the hash on an SD card. Each problem in the trust chain, e.g where does one get the known good hash value, can be dealt with separately. 

Maybe there is a different approach to “nothing up my sleeves" control of computing using TPMs. If so I’d be interested in hearing how it might work.

Arnold Reinhold

More information about the cryptography mailing list