[Cryptography] VW/EPA tests as crypto protocols ?
Chris Tonkinson
chris at tonkinson.com
Thu Sep 24 13:11:25 EDT 2015
On 09/24/2015 12:09 PM, Henry Baker wrote:
> Various types of SW obfuscation will make finding such cheats/defeats
> difficult to find -- e.g., Apple's "goto FAIL" ;-) ;-) bug -- and
> providing enough incentives for all this white hat code inspection
> work will be difficult.
This is the core issue. We have long accepted that nothing can be
trusted if you don't have source. With the source, of course you have no
_absolute_ guarantees, but without it you don't even have a starting
point. I can't see how adding crypto to an otherwise untrusted system
moves the needle.
Seems to me like the only shot is the manufacturer providing source to
the testing agency, who can then build and install the firmware on
"trusted" (whatever that means) hardware (i.e. sans 3rd party DCO/JIT
interference). Behavioral observation then becomes a perfectly viable
means of analysis (whether on the dyno or on a road test) because you
have a statistical control group.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150924/c089879b/attachment.sig>
More information about the cryptography
mailing list