[Cryptography] Cheap forensic recorder
phill at hallambaker.com
Wed Mar 4 11:47:40 EST 2015
On Wed, Mar 4, 2015 at 11:03 AM, Arnold Reinhold <agr at me.com> wrote:
> On Mar 2, 2015, at 10:33 PM, Emin Gün Sirer <el33th4x0r at gmail.com> wrote:
> > >On Mon, Mar 2, 2015 at 10:29 PM, Arnold Reinhold <agr at me.com> wrote:
> > >More generally, I think the way to approach “nothing up my sleeves”
> hardware is to move down in complexity, not up. I’d like to see a series of
> small security devices based on minimalist processors. We’ve talked about
> HRNGs in the past. How about a small device that did nothing but compute
> the hash of the contents of an SD card?
> > Ironically, you're describing a TPM platform.
> Perhaps in terms of functionality, but not in terms of trust model. TPMs,
> as I understand them, are opaque black boxes. We have to trust the
> manufacturers for their content. That works fine in a wide swath of
> corporate security applications, where policy must be asserted and
> maintained over many machines and users. But I don’t see how TPMs help
> individual practitioners who seek complete control of their computing
My machine works exactly the same regardless of whether the module is
plugged in or not. So how is it protecting me? Like firewalls, I worry that
TPMs risk becoming a +5 amulet of protection against the undead rather than
being understood as a tool that has a very specific purpose.
Some might say the Thompson “Trusting Trust” paper makes that goal
> unattainable, but I’m not convinced. Thompson assumed a fixed target that
> code hidden in the compiler attacks.
Thompson was provoking an argument. He never argued that the problems were
impossible to solve.
Security is risk control, not risk elimination. What I am looking to do
here is to see if we can work out to apply parts of what we applied when
setting up the original VeriSign PKI to a wider field. The VeriSign
approach is documented in the CPS so I am not divulging proprietary
information and in any case Symantec came to CABForum to share the same
with the CA world in general.
In particular, I like the use of ceremonies to formalize process.
[Something Carl Ellison has also said a lot of useful stuff on]
I want to look for ways to make collection of digital forensic evidence as
airtight as possible without introducing unreasonable expense or requiring
exceptional expertise or special hardware.
The reason I am starting with a Raspberry Pi 2 is that it is a very simple
device with minimal moving parts that boots from removable media. But if a
case involved a specific brand of computer such as Windows or Mac, I would
want to have a protocol and a ceremony that covers that eventuality as
well. [Windows for Raspberry Pi is also very interesting of course].
Extending to Beaglebone and using devices of one type to cross check
another seems like an excellent move as well.
> In large systems it might even be possible to hide a large code blob that
> figures out what is going on and devises an attack. But by moving down in
> the complexity chain instead of up, it becomes harder to hide a smart evil
> code blob. Using a variety of microprocessor architectures and software
> sources, makes the Thompson attack even more difficult.
There are some very small and constrained builds for Raspberry Pi. Console
only O/S etc. Those would also be very interesting to look at.
> My approach is an ecosystem of simple devices made from inexpensive off
> the shelf components with wide availability and limited capabilities that
> solve specific problems, in this case just verifying the hash on an SD
> card. Each problem in the trust chain, e.g where does one get the known
> good hash value, can be dealt with separately.
> Maybe there is a different approach to “nothing up my sleeves" control of
> computing using TPMs. If so I’d be interested in hearing how it might work.
My understanding is that TPMs are limited to a very small set of functions
such as ensuring that private keys generated on the device can't be
exported or become visible to a program that might export them.
Also TPMs and trusted boot are two different things.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography