Results 1 to 12 of 12
  1.    #1  
    The end of anonymity? Article
  2. #2  
    This will never work. Virtualization is all the rage at the moment, and as computer power increase so does our capabilities to virtualize things. It wont be long before TCM chips also get virtualized.

    Think of virtual machines as the ultimate tabbed browser. Each tab would be a new virtual machine with its own TCM. It may be nearly impossible to fake a TCM chip, but if each of us have a 100 TCM chips and virtual machines which we use for different websites, the same way we have many ID's for different sites, the initiative will fall flat on its face.

    This is beside all the other flaws of course, such as your machine being remotely hacked and controlled by others. It wont provide much protection from the real nefarious things that happen on the internet.

    Surur
  3. #3  
    Trusted computing is necessarily hardware-based, and so it will never be "virtualized."

    I think it's inevitable that hardware tokens will become part of the security model for financial transactions and secure access to systems. But consumers aren't going to be forced to use it across the board anytime soon. Any business that tries will just lose customers. On the other hand, employees will have no choice.

    And anonymity is not directly threatened by trusted computing, for most consumers. Even if everyone were to begin using it, you could still keep your online activity separate from your true identity. It's when there's a crime that the veil can be broken. The real value of trusted computing, in this case, is that it would enable accountability in an environment where there is none today.
  4. #4  
    Since when can hardware not be emulated?

    Surur
  5. #5  
    The security principle behind hardware-based tokens is that they cannot be copied or spoofed.
  6. #6  
    Quote Originally Posted by samkim View Post
    The security principle behind hardware-based tokens is that they cannot be copied or spoofed.
    Not being able to spoof a SPECIFIC TCM does not mean you cant spoof A TCM. Having 100 virtual TCM chips (pdf) not tied to any hardware will be as good as TCM not existing at all.

    We present the design and implementation of a system that enables trusted computing for an unlimited number of virtual machines on a single hardware platform. To this end, we virtualized the Trusted Platform Module
    (TPM). As a result, the TPM’s secure storage and cryptographic functions are available to operating systems and
    applications running in virtual machines. Our new facility supports higher-level services for establishing trust in
    virtualized environments, for example remote attestation of software integrity.

    We implemented the full TPM specification in software and added functions to create and destroy virtual
    TPM instances. We integrated our software TPM into a hypervisor environment to make TPM functions available
    to virtual machines. Our virtual TPM supports suspend and resume operations, as well as migration of a
    virtual TPM instance with its respective virtual machine across platforms
    . We present four designs for certificate
    chains to link the virtual TPM to a hardware TPM, with security vs. efficiency trade-offs based on threat models.
    Finally, we demonstrate a working system by layering an existing integrity measurement application on top of our
    virtual TPM facility.
    One can imagine a movie bought while in such a virtual machine being widely distributed while still IN the virtual machine, in fact distributed WITH the virtual machine to 10000's of people.

    As that old saying goes: The secret is sincerity. Once you can fake it you can do anything.

    Surur
    Last edited by surur; 02/13/2007 at 02:50 PM.
  7. #7  
    Quote Originally Posted by surur View Post
    Not being able to spoof a SPECIFIC TCM does not mean you cant spoof A TCM. Having 100 virtual TCM chips (pdf) not tied to any hardware will be as good as TCM not existing at all.
    Trusted computing depends on having a secure chain of digital certificates from the "root" to the client. The paper describes a scenario where you would break that chain with virtualized platforms and still operate applications that depend on TCM. But you would do this only if you control the whole chain. For example, inside a corporation, you would build both the app and the virtualization platform. Virtualization is not an inherent capability in the TCM model.

    If you have an application that depends on TCM, it's entirely your decision on whether to forego the requirement of hardware-based tokens. If you do that, you'd better be sure that your system is otherwise sufficiently secure.


    from the paper:
    ...the virtual TPMmigration process must offer more security guarantees for the virtual TPMinstance state than is usually provided for an operating system image that is being transferred. The virtual TPM migration process must guarantee that any vTPM instance state in transit is not subject to modification, duplication, or other compromise...



    One can imagine a movie bought while in such a virtual machine being widely distributed while still IN the virtual machine, in fact distributed WITH the virtual machine to 10000's of people.
    For this to happen, the movie industry has to choose to allow this to happen. I'm confident they won't enable mass copying when they design the system.
  8. #8  
    Tying the virtual TCM to the real TCM is entirely their choice, because they are the "good guys". If you look at the elaborate procedures they go through to make sure the receiving VM is trusted when they migrate it its clear that its to preserve trust, but its not really needed.

    Its clear to me the whole process can be transparent, and barring each TCM being signed before being released to consumers, can be emulated in software below the level of the OS perfectly fine. Even if it needed to be signed with a master key first to certify the TCM as trusted, with the huge number of motherboard makers and chip makers these keys will invariably be leaked.

    Remember, in principle any universal Turing machine can emulate any other Turing machine. There is no way for certain that a TCM chip can know if its really hardware or just an emulation. TCM chips are really just another version of security through obscurity, hiding the keys in hardware instead of in software. Look at what happened to the Blu ray and HD DVD encryption - completely hacked.

    Surur
    Last edited by surur; 02/13/2007 at 03:57 PM.
  9. #9  
    Quote Originally Posted by surur View Post
    Tying the virtual TCM to the real TCM is entirely their choice, because they are the "good guys". If you look at the elaborate procedures they go through to make sure the receiving VM is trusted when they migrate it its clear that its to preserve trust, but its not really needed.
    Who is they?

    Its clear to me the whole process can be transparent, and barring each TCM being signed before being released to consumers, can be emulated in software below the level of the OS perfectly fine. Even if it needed to be signed with a master key first to certify the TCM as trusted, with the huge number of motherboard makers and chip makers these keys will invariably be leaked.

    Remember, in principle any universal Turing machine can emulate any other Turing machine. There is no way for certain that a TCM chip can know if its really hardware or just an emulation. TCM chips are really just another version of security through obscurity, hiding the keys in hardware instead of in software. Look at what happened to the Blu ray and HD DVD encryption - completely hacked.

    Surur

    1. Every hardware token does need to be certified.

    2. A trusted computing app would verify that the digital certificate was signed by the proper root key. No virtual environment would be able to spoof that without the root key having been leaked.

    3. Chip makers will guard their root keys as if their businesses depend on it, because they do. If the key is leaked and hardware tokens are forged, then the entire line of hardware tokens (at least those signed by that key) becomes worthless. And the potential liability for such a security breach is immeasurably large.

    4. Motherboard makers are irrelevant.

    5. The term, "security through obscurity," technically doesn't apply here. The concept is that by keeping the method of your security a secret, you're more secure. But with trusted computing, the methods are open for all to see.
  10. #10  
    There are already 6 companies making TCM chips. If TCM is to be in all 500 000 000 mobile computing devices sold per year there is going to have to be many more companies. Leaks will happen (as they have in the past). Even having the keys hidden in hardware, baring a stupid leak like the HDDVD and CCS thing, is no guarantee. Hackers are pretty determined, and have been known to use electron microscopes.

    Surur
  11. #11  
    Doing a bit more reading, it appears that TPM depends on a third party keeping track of all the 2048 bit random keys in each module. There is provision for this key to be discovered, and then this key would be invalidated. This relies on devices being in communication with a certification authority. This seems to be a rather fragile system. This whole thing isn't going to work very well for car stereos for example.

    Surur
  12. #12  
    Quote Originally Posted by surur View Post
    There are already 6 companies making TCM chips. If TCM is to be in all 500 000 000 mobile computing devices sold per year there is going to have to be many more companies. Leaks will happen (as they have in the past). Even having the keys hidden in hardware, baring a stupid leak like the HDDVD and CCS thing, is no guarantee. Hackers are pretty determined, and have been known to use electron microscopes.

    Surur
    To be clear, the critical keys are not distributed. A root key is used to "sign" a digital certificate, and that digital certificate is stored in the chip along with the unique key associated with the chip. It's virtually impossible to derive the root key from the information on that chip. You would need the root key to forge a digital certificate and spoof the chip.

    The public key encryption system was designed to withstand attacks not just from ordinary hackers, but from organized crime and entire nations who may throw billions of dollars at cracking the system. This isn't about protecting movies; the underlying technology is meant to secure multi-million dollar transactions. (There will probably be many distinct systems, but they'll have the same fundamental design.)

    As for leaks, it's not impossible, but I wouldn't count on it. As I said, there's a lot at stake; the root keys would be guarded more closely than pretty much anything you can imagine. There are many ways to implement it, but one secure way involves constructing a virtual key from many parts, each of which is held by a different entity or person.

    And each certificate authority would have a unique key, so if one is compromised, the damage is localized, and the rest of the world can go on.


    Quote Originally Posted by surur View Post
    Doing a bit more reading, it appears that TPM depends on a third party keeping track of all the 2048 bit random keys in each module. There is provision for this key to be discovered, and then this key would be invalidated. This relies on devices being in communication with a certification authority. This seems to be a rather fragile system. This whole thing isn't going to work very well for car stereos for example.
    It's similar to the credit card model, where a store checks with a central database for authorization. It's not clear how often any given app would check-in. I imagine in cases of relatively low value, the app would never check for revocation. But over time (decades), the connectedness of devices will rise, and the cost of checking in will go down.

Posting Permissions