RE: Dell to Add Security Chip to PCs
Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over. Peter Trei Tyler Durden
ANyone familiar with computer architectures and chips able to answer this question:
That "chip"...is it likely to be an ASIC or is there already such a thing as a security network processor? (ie, a cheaper network processor that only handles security apps, etc...)
-TD
From: "R.A. Hettinga" <rah@shipwright.com> HOUSTON -- Dell Inc. today is expected to add its support to an industry effort to beef up desktop and notebook PC security by installing a dedicated chip that adds security and privacy-specific features, according to people familiar with its plans.
Dell will disclose plans to add the security features known as the Trusted Computing Module on all its personal computers. Its support comes in the wake of similar endorsements by PC industry giants Advanced Micro Devices Inc., Hewlett-Packard Co., Intel Corp. and International Business Machines Corp. The technology has been promoted by an industry organization called the Trusted Computing Group.
--- "Trei, Peter" <ptrei@rsasecurity.com> wrote:
Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over.
Well we all know that having complete control over one's own computer is far too dangerous. Obviously, it would be best if computers, operating systems, and application software had proprietary back-doors that would enable the secret police to arbitrarily monitor the all goes on in the suspicious and dark recesses of memory and the CPU. Hell, I trust the secret police to use such capabilities for moral and legitimate purposes only, and as we all know the people who become secret police are of the best and brightest stock of humanity and will allways act in the best interests of mankind. Corruption and fraud among such elites will be impossible, particularly if current standards of law and morality continue to be applied with the consistency we are now accustomed to. Personally, I have no fear that you, the members of this group, who I am barely qualified to address online, and who represent some of the best people the Internet has to offer, would not be the ones best suited to control the computing infrastructure of the Earth's people. And in that vein, I offer the following job tip as a token of my confidence. In today's Globe and Mail newspaper there is an advertisment from the CSE (Communications Security Establishment, for those who are not familiar with the lesser known TLA's) in which they relate that they are soliciting new team members: "We are the Communications Security Establishment, a member agency of Canada's security and intelligence team. CSE acquires and provides forign signals intelligence and provides advice, guidance and services to help insure the protection of Government of Canada electronic information. CSE also provides assistance to federal law enforcement and security agencies. We offer a stimulating work environment, state-of-the- art technology, competative salaries, and an opportunity to make a difference. ENGINEERS - hardware design - wireless - computers and network security - test and verification - project management ANALYSTS - intelligence - linguistic (Asian, Middle Eastern and European languages) - systems - financial - human resources - policy - network COMPUTER SCIENCE SPECIALISTS - LAN/WAN administration (UNIX/WINDOWS) - programmer analysts (C/C++, Java) - computer and network security - project management MATHEMATICIANS - cryptography and cryptanalysis - diverse theoretical and applied areas of mathematics - optimization, numerical and computational methods Requirements: ------------- Postions in our organisation will be of interest to those with a post-secondary education and/or experience in: engineering, mathematics, computer science, language studies, political science, business, economics or accounting. You must be a Canadian citizen and eligable for a top secret security clearance. positions are located in Ottawa. CSE is an equal opportunity employer. We welcome applications from all qualified individuals, including women, mempers of visible minorities, Aboriginal peoples and persons with disabilities. It sounds so good that I would certainly consider applying myself if it were not for the fact that I love my current occupation as slave and chew-toy for the privilaged and beautifle so very much. For those of you who are not canadian citizens, I can let you in on a little secret. CSIS doesn't check all that closely when they do their security clearance background investigations, and so you can just tell them you forgot your ID in your other suit when they ask for it. By all accounts, the pay is great as are the fringe benefits. Loot confiscated as a part of legitimate intelligence excercises and operations are generally made available on a first-come, first- serve basis to employees in good standing. Other benefits include super-human abilities and powers unavailable to normal human beings. All in all, it sounds like a great place to work. Good luck to any of you who apply. Regards, Steve ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
On Wed, Feb 02, 2005 at 12:45:58PM -0500, Steve Thompson wrote:
Well we all know that having complete control over one's own computer is far too dangerous. Obviously, it would be best if computers, operating systems, and application software had proprietary back-doors that would enable the secret police to arbitrarily monitor the all goes on in the suspicious and dark recesses of memory and the CPU.
If there's nasty Nagscab living on your motherboard, you might as well use it for something constructive: http://www.linuxjournal.com/article/6633 (Of course the stuff might contain undocumented "features", so only a fool would rely it to conform to specs, all the time). -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
On Wed, 2 Feb 2005, Trei, Peter wrote:
Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over.
Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys. -- Erwann ABALEA <erwann@abalea.com> - RSA PGP Key ID: 0x2D0EABD5 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
Erwann ABALEA wrote:
On Wed, 2 Feb 2005, Trei, Peter wrote:
Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over.
Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys.
So .. the way this works is that Dell & Microsoft ship you a computer with lots of nice multimedia stuff on it. You take control of your chip by erasing it and regenerating keys, and then the multimedia software that you paid for no longer works? I'm just curious on this point. I haven't seen much to indicate that Microsoft and others are ready for a nymous, tradeable software assets world. iang -- News and views on what matters in finance+crypto: http://financialcryptography.com/
Uh, you *really* have no idea how much the black hat community is looking forward to TCPA. For example, Office is going to have core components running inside a protected environment totally immune to antivirus. Since these components are going to be managing cryptographic operations, the "well defined API" exposed from within the sandbox will have arbitrary content going in, and opaque content coming out. Malware goes in (there's not a executable environment created that can't be exploited), sets up shop, has no need to be stealthy due to the complete blockage of AV monitors and cleaners, and does what it wants to the plaintext and ciphertext (alters content, changes keys) before emitting it back out the opaque outbound interface. So, no FUD, you lose :) --Dan Erwann ABALEA wrote:
On Wed, 2 Feb 2005, Trei, Peter wrote:
Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over.
Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys.
On Wed, 2 Feb 2005, Dan Kaminsky wrote:
Uh, you *really* have no idea how much the black hat community is looking forward to TCPA. For example, Office is going to have core components running inside a protected environment totally immune to antivirus.
How? TCPA is only a cryptographic device, and some BIOS code, nothing else. Does the coming of TCPA chips eliminate the bugs, buffer overflows, stack overflows, or any other way to execute arbitrary code? If yes, isn't that a wonderful thing? Obviously it doesn't (eliminate bugs and so on).
Since these components are going to be managing cryptographic operations, the "well defined API" exposed from within the sandbox will have arbitrary content going in, and opaque content coming out. Malware goes in (there's not a executable environment created that can't be exploited), sets up shop, has no need to be stealthy due to the complete blockage of AV monitors and cleaners, and does what it wants to the plaintext and ciphertext (alters content, changes keys) before emitting it back out the opaque outbound interface.
I use cryptographic devices everyday, and TCPA is not different than the present situation. No better, no worse. -- Erwann ABALEA <erwann@abalea.com> - RSA PGP Key ID: 0x2D0EABD5
Uh, you *really* have no idea how much the black hat community is looking forward to TCPA. For example, Office is going to have core components running inside a protected environment totally immune to antivirus.
How? TCPA is only a cryptographic device, and some BIOS code, nothing else. Does the coming of TCPA chips eliminate the bugs, buffer overflows, stack overflows, or any other way to execute arbitrary code? If yes, isn't that a wonderful thing? Obviously it doesn't (eliminate bugs and so on).
TCPA eliminates external checks and balances, such as antivirus. As the user, I'm not trusted to audit operations within a TCPA-established sandbox. Antivirus is essentially a user system auditing tool, and TCPA-based systems have these big black boxes AV isn't allowed to analyze. Imagine a sandbox that parses input code signed to an API-derivable public key. Imagine an exploit encrypted to that. Can AV decrypt the payload and prevent execution? No, of course not. Only the TCPA sandbox can. But since AV can't get inside of the TCPA sandbox, whatever content is "protected" in there is quite conspicuously unprotected. It's a little like having a serial killer in San Quentin. You feel really safe until you realize...uh, he's your cellmate. I don't know how clear I can say this, your threat model is broken, and the bad guys can't stop laughing about it.
I use cryptographic devices everyday, and TCPA is not different than the present situation. No better, no worse.
I do a fair number of conferences with exploit authors every few months, and I can tell you, much worse. "Licking chops" is an accurate assessment. Honestly, it's a little like HID's "radio barcode number" concept of RFID. Everyone expects it to get everywhere, then get exploited mercilessly, then get ripped off the market quite painfully. --Dan
I don't know how clear I can say this, your threat model is broken, and the bad guys can't stop laughing about it.
Come on, now...who's going to be better at Security than Microsoft? Since bad guys won't be allowed inside the TCPA world then everything's going to be just fine. Seems like the "evil packet" idea will be useful here...bad packets should have their "evil bit" set to one, and they won't be alllowed inside. -TD
In message <42031E13.4040205@doxpara.com>, Dan Kaminsky writes:
Uh, you *really* have no idea how much the black hat community is looking forward to TCPA. For example, Office is going to have core components running inside a protected environment totally immune to antivirus.
How? TCPA is only a cryptographic device, and some BIOS code, nothing else. Does the coming of TCPA chips eliminate the bugs, buffer overflows, stack overflows, or any other way to execute arbitrary code? If yes, isn't that a wonderful thing? Obviously it doesn't (eliminate bugs and so on).
TCPA eliminates external checks and balances, such as antivirus. As the user, I'm not trusted to audit operations within a TCPA-established sandbox. Antivirus is essentially a user system auditing tool, and TCPA-based systems have these big black boxes AV isn't allowed to analyze.
Imagine a sandbox that parses input code signed to an API-derivable public key. Imagine an exploit encrypted to that. Can AV decrypt the payload and prevent execution? No, of course not. Only the TCPA sandbox can. But since AV can't get inside of the TCPA sandbox, whatever content is "protected" in there is quite conspicuously unprotected.
It's a little like having a serial killer in San Quentin. You feel really safe until you realize...uh, he's your cellmate.
I don't know how clear I can say this, your threat model is broken, and the bad guys can't stop laughing about it.
I have no idea whether or not the bad guys are laughing about it, but if they are, I agree with them -- I'm very afriad that this chip will make matters worse, not better. With one exception -- preventing the theft of very sensitive user-owned private keys -- I don't think that the TCPA chip is solving the right problems. *Maybe* it will solve the problems of a future operating system architecture; on today's systems, it doesn't help, and probably makes matters worse. TCPA is a way to raise the walls between programs executing in different protection spaces. So far, so good. Now -- tell me the last time you saw an OS flaw that directly exploited flaws in conventional memory protection or process isolation? They're *very* rare. The problems we see are code bugs and architectural failures. A buffer overflow in a Web browser still compromises the browser; if the now-evil browser is capable of writing files, registry entries, etc., the user's machine is still capable of being turned into a spam engine, etc. Sure, in some new OS there might be restrictions on what such an application can do, but you can implement those restrictions with today's hardware. Again, the problem is in the OS architecture, not in the limitations of its hardware isolation. I can certainly imagine an operating system that does a much better job of isolating processes. (In fact, I've worked on such things; if you're interested, see my papers on sub-operating systems and separate IP addresses per process group.) But I don't see that TCPA chips add much over today's memory management architectures. Furthermore, as Dan points out, it may make things worse -- the safety of the OS depends on the userland/kernel interface, which in turn is heavily dependent on the complexity of the privileged kernel modules. If you put too much complex code in your kernel -- and from the talks I've heard this is exactly what Microsoft is planning -- it's not going to help the situation at all. Indeed, as Dan points out, it may make matters worse. Microsoft's current secure coding initiative is a good idea, and from what I've seen they're doing a good job of it. In 5 years, I wouldn't be at all surprised if the rate of simple bugs -- the buffer overflows, format string errors, race conditions, etc. -- was much lower in Windows and Office than in competing open source products. (I would add that this gain has come at a *very* high monetary cost -- training, code reviews, etc., aren't cheap.) The remaining danger -- and it's a big one -- is the architecture flaws, where ease of use and functionality often lead to danger. Getting this right -- getting it easy to use *and* secure -- is the real challenge. Nor are competing products immune; the drive to make KDE and Gnome (and for that matter MacOS X) as easy to use (well, easier to use) than Windows is likely to lead to the same downward security sprial. I'm ranting, and this is going off-topic. My bottom line: does this chip solve real problems that aren't solvable with today's technology? Other than protecting keys -- and, of course, DRM -- I'm very far from convinced of it. "The fault, dear Brutus, is not in our stars but in ourselves." --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
On Wed, 2 Feb 2005, Erwann ABALEA wrote:
On Wed, 2 Feb 2005, Trei, Peter wrote:
Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over.
Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys.
-- Erwann ABALEA <erwann@abalea.com> - RSA PGP Key ID: 0x2D0EABD5
After TCPA systems are the only systems for sale at CompUSA, how long before this off switch is removed? All agree we live in a time of crisis; at any moment MICROSOFT/RIAA/MPAA/HOMSECPOL/CONGREGATIONOFMARTYRS may require of all of us an attestation of faith and obedience greater and more secure than present hardware can convincingly convey. oo--JS.
On Thu, 3 Feb 2005, Jay Sulzberger wrote:
On Wed, 2 Feb 2005, Erwann ABALEA wrote:
On Wed, 2 Feb 2005, Trei, Peter wrote:
Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over.
Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys.
After TCPA systems are the only systems for sale at CompUSA, how long before this off switch is removed? All agree we live in a time of crisis; at any moment MICROSOFT/RIAA/MPAA/HOMSECPOL/CONGREGATIONOFMARTYRS may require of all of us an attestation of faith and obedience greater and more secure than present hardware can convincingly convey.
And do you seriously think that "you can't do that, it's technically not possible" is a good answer? That's what you're saying. For me, a better answer is "you don't have the right to deny my ownership". -- Erwann ABALEA <erwann@abalea.com> - RSA PGP Key ID: 0x2D0EABD5
On Thu, 3 Feb 2005, Erwann ABALEA wrote:
And do you seriously think that "you can't do that, it's technically not possible" is a good answer? That's what you're saying. For me, a better answer is "you don't have the right to deny my ownership".
Yes, Senator McCarthy, I do in fact feel safer knowing that mathematics protects my data. Welcome to cypherpunks. -J
On Wed, Feb 02, 2005 at 05:30:33PM +0100, Erwann ABALEA wrote:
Please stop relaying FUD. You have full control over your PC, even if this
Please stop relaying pro-DRM pabulum. The only reason for Nagscab is restricting the user's rights to his own files. Of course there are other reasons for having crypto compartments in your machine, but the reason Dell/IBM is rolling them out is not that.
one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys.
Really? How interesting. Please tell us more. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
Bonjour, On Wed, 2 Feb 2005, Erwann ABALEA wrote:
On Wed, 2 Feb 2005, Trei, Peter wrote:
Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over.
Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys.
I've read your objections. Maybe I wasn't clear. What's wrong in installing a cryptographic device by default on PC motherboards? I work for a PKI 'vendor', and for me, software private keys is a nonsense. How will you convice "Mr Smith" (or Mme Michu) to buy an expensive CC EAL4+ evaluated token, install the drivers, and solve the inevitable conflicts that will occur, simply to store his private key? You first have to be good to convice him to justify the extra depense. If a standard secure hardware cryptographic device is installed by default on PCs, it's OK! You could obviously say that Mr Smith won't be able to move his certificates from machine A to machine B, but more than 98% of the time, Mr Smith doesn't need to do that. Installing a TCPA chip is not a bad idea. It is as 'trustable' as any other cryptographic device, internal or external. What is bad is accepting to buy a software that you won't be able to use if you decide to claim your ownership... Palladium is bad, TCPA is not bad. Don't confuse the two. -- Erwann ABALEA <erwann@abalea.com> - RSA PGP Key ID: 0x2D0EABD5
Erwann ABALEA <erwann@abalea.com> writes:
I've read your objections. Maybe I wasn't clear. What's wrong in installing a cryptographic device by default on PC motherboards? I work for a PKI 'vendor', and for me, software private keys is a nonsense.
A simple crypto device controlled by the same software is only slightly less nonsensical. That is, the difference between software-controlled keys and a device controlling the keys that does anything the software tells it to is negligible. To get any real security you need to add a trusted display, I/O system, clock, and complete crypto message-processing capability (not just "generate a signature" like the current generation of smart cards do), and that's a long way removed from what TCPA gives you.
You could obviously say that Mr Smith won't be able to move his certificates from machine A to machine B, but more than 98% of the time, Mr Smith doesn't need to do that.
Yes he will. That is, he may not really need to do it, but he really, really wants to do it. Look at the almost-universal use of PKCS #12 to allow people to spread their keys around all over the place - any product aimed at a mass- market audience that prevents key moving is pretty much dead in the water.
Installing a TCPA chip is not a bad idea.
The only effective thing a TCPA chip gives you is a built-in dongle on every PC. Whether having a ready-made dongle hardwired into every PC is a good or bad thing depends on the user (that is, the software vendor using the TCPA device, not the PC user). Peter.
Erwann ABALEA wrote:
I've read your objections. Maybe I wasn't clear. What's wrong in installing a cryptographic device by default on PC motherboards? I work for a PKI 'vendor', and for me, software private keys is a nonsense. How will you convice "Mr Smith" (or Mme Michu) to buy an expensive CC EAL4+ evaluated token, install the drivers, and solve the inevitable conflicts that will occur, simply to store his private key? You first have to be good to convice him to justify the extra depense. If a standard secure hardware cryptographic device is installed by default on PCs, it's OK! You could obviously say that Mr Smith won't be able to move his certificates from machine A to machine B, but more than 98% of the time, Mr Smith doesn't need to do that.
Installing a TCPA chip is not a bad idea. It is as 'trustable' as any other cryptographic device, internal or external. What is bad is accepting to buy a software that you won't be able to use if you decide to claim your ownership... Palladium is bad, TCPA is not bad. Don't confuse the two.
the cost of EAL evaluation typically has already been amortized across large number of chips in the smartcard market. the manufactoring costs of such a chip is pretty proportional to the chip size ... and the thing that drives chip size tends to be the amount of eeprom memory. in tcpa track at intel developer's forum a couple years ago ... i gave a talk and claimed that i had designed and significantly cost reduced such a chip by throwing out all features that weren't absolutely necessary for security. I also mentioned that two years after i had finished such a design ... that tcpa was starting to converge to something similar. the head of tcpa in the audience quiped that i didn't have a committee of 200 helping me with the design.
participants (12)
-
Anne & Lynn Wheeler -
Dan Kaminsky -
Erwann ABALEA -
Eugen Leitl -
Ian G -
Jason Holt -
Jay Sulzberger -
pgut001@cs.auckland.ac.nz -
Steve Thompson -
Steven M. Bellovin -
Trei, Peter -
Tyler Durden