RE: Dell to Add Security Chip to PCs
Erwann ABALEA
On Wed, 2 Feb 2005, Trei, Peter wrote:
Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over.
Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys.
Congratulations on your new baby. Working in the security business, paranoia is pretty much a job requirement. "What's the worst that could happen?" is taken seriously. The best that can happen with TCPA is pretty good - it could stop a lot of viruses and malware, for one thing. But the worst that can happen with TCPA is pretty awful. It could easily be leveraged to make motherboards which will only run 'authorized' OSs, and OSs which will run only 'authorized' software. And you, the owner of the computer, will NOT neccesarily be the authority which gets to decide what OS and software the machine can run. If you 'take ownership' as you put it, the internal keys and certs change, and all of a sudden you might not have a bootable computer anymore. Goodbye Linux. Goodbye Freeware. Goodbye independent software development. It would be a very sad world if this comes to pass. Peter Trei
The best that can happen with TCPA is pretty good - it could stop a lot of viruses and malware, for one thing.
No, it can't. That's the point; it's not like the code running inside the sandbox becomes magically exploitproof...it just becomes totally opaque to any external auditor. A black hat takes an exploit, encrypts it to the public key exported by the TCPA-compliant environment (think about a worm that encrypts itself to each cached public key) and sends the newly unauditable structure out. Sure, the worm can only manipulate data inside the sandbox, but when the whole *idea* is to put everything valuable inside these safe sandboxes, that's not exactly comforting. --Dan
Trei, Peter wrote:
It could easily be leveraged to make motherboards which will only run 'authorized' OSs, and OSs which will run only 'authorized' software.
And you, the owner of the computer, will NOT neccesarily be the authority which gets to decide what OS and software the machine can run.
If you 'take ownership' as you put it, the internal keys and certs change, and all of a sudden you might not have a bootable computer anymore.
Goodbye Linux. Goodbye Freeware. Goodbye independent software development.
It would be a very sad world if this comes to pass.
Yes it would, many governments are turning to Linux and other freeware. Many huge companies make heavy use of Linux and and freeware, suddenly losing this would have a massive effect on their bottom line and possibly enough to impact the economy as a whole. Independent software developers are a significant part of the economy as well, and most politicians do not want to associate themselves with the concept of "hurting small business". Universities and other educational institutions will fight anything that resembles what you have described tooth and nail. To think that this kind of technology would be mandated by a government is laughable. Nor do I believe there will be any conspiracy on the part of ISPs to require to in order to get on the Internet. As it stands now most people are running 5+ year old computer and windows 98/me, I doubt this is going to change much because for most people, this does what they want (minus all the security vulnerabilities, but with NAT appliances those are not even that big a deal). There is no customer demand for this technology to be mandated, there is no reason why an ISP or vendor would want to piss off significant percentages of their clients in this way. The software world is becoming MORE open. Firefox and Openoffice are becoming legitimate in the eyes of government and businesses, Linux is huge these days, and the open source development method is being talked about in business mags, board rooms, and universities everywhere. The government was not able to get the Clipper chip passed and that was backed with the horror stories of rampant pedophilia, terrorism, and organized crime. Do you honestly believe they will be able to destroy open source, linux, independent software development, and the like with just the fear of movie piracy, mp3 sharing, and such? Do you really think they are willing to piss off large sections of the voting population, the tech segment of the economy, universities, small businesses, and the rest of the world just because the MPAA and RIAA don't like customers owning devices they do not control? It is entirely possibly that a machine like you described will be built, I wish them luck because they will need it. It is attempted quite often and yet history shows us that there is really no widespread demand for iOpeners, WebTV, and their ilk. I don't see customers demanding this, therefor there will probably not be much of a supply. Either way, there is currently a HUGE market for general use PCs that the end user controls, so I imagine there will always be companies willing to supply them. My primary fear regarding TCPA is the remote attestation component. I can easily picture Microsoft deciding that they do not like Samba and decide to make it so that Windows boxes simply cannot communicate with it for domain, filesystem, or authentication purposes. All they need do is require that the piece on the other end be signed by Microsoft. Heck they could render http agent spoofing useless if they decide to make it so that only IE could connect to ISS. Again though, doing so would piss off a great many of their customers, some of who are slowly jumping ship to other solutions anyway. -- Mark Allen Earnest Lead Systems Programmer Emerging Technologies The Pennsylvania State University [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
On 2005-02-04T14:30:48-0500, Mark Allen Earnest wrote:
The government was not able to get the Clipper chip passed and that was backed with the horror stories of rampant pedophilia, terrorism, and organized crime. Do you honestly believe they will be able to destroy open source, linux, independent software development, and the like with just the fear of movie piracy, mp3 sharing, and such? Do you really think they are willing to piss off large sections of the voting population, the tech segment of the economy, universities, small businesses, and the rest of the world just because the MPAA and RIAA don't like customers owning devices they do not control?
They managed with the HTDV broadcast flag mandate. -- "War is the father and king of all, and some he shows as gods, others as men; some he makes slaves, others free." --Heraclitus (Kahn.83/D-K.53)
On Fri, Feb 04, 2005 at 08:21:47PM +0000, Justin wrote:
They managed with the HTDV broadcast flag mandate.
If I film off a HDTV screen with a HDTV camera (or just do single-frame with a good professional camera) will the flag be preserved? Watermarks will, but that's the next mass genocide by IP nazis. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
On 2005-02-04T23:28:56+0100, Eugen Leitl wrote:
On Fri, Feb 04, 2005 at 08:21:47PM +0000, Justin wrote:
They managed with the HTDV broadcast flag mandate.
If I film off a HDTV screen with a HDTV camera (or just do single-frame with a good professional camera) will the flag be preserved?
I don't think so, I think the flag is in the bitstream and doesn't affect visual output at all. You still run into significant quality loss trying to get around it that way. The point is that HDTV is a popular consumer technology, and the MPAA and TV networks alone managed to hijack it. -- "War is the father and king of all, and some he shows as gods, others as men; some he makes slaves, others free." --Heraclitus (Kahn.83/D-K.53)
On Sat, Feb 05, 2005 at 01:19:46AM +0000, Justin wrote:
If I film off a HDTV screen with a HDTV camera (or just do single-frame with a good professional camera) will the flag be preserved?
I don't think so, I think the flag is in the bitstream and doesn't affect visual output at all. You still run into significant quality
I know; that was a rhetorical question.
loss trying to get around it that way.
I doubt the quality loss would be perceivable. What you'll get will be persistent artifacts which would allow source fingerprinting via digital forensics.
The point is that HDTV is a popular consumer technology, and the MPAA and TV networks alone managed to hijack it.
I have yet to see a single HDTV movie/broadcast, and I understand most TV sets can't display anything beyond 800x600. DVD started with a copy protection, too. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
On Sat, Feb 05, 2005 at 11:23:14AM +0100, Eugen Leitl wrote:
The point is that HDTV is a popular consumer technology, and the MPAA and TV networks alone managed to hijack it.
I have yet to see a single HDTV movie/broadcast, and I understand most TV sets can't display anything beyond 800x600.
Not widespread in Europe yet, but all the big networks in the US now support it for most or nearly all their prime time schedule and most big events (sports and otherwise) are now in HDTV in the USA. Also more and more cable networks in HDTV and some movie channels. Bandwidth is the big limitation on satellite and cable, otherwise there would be even more. And HDTV sets are selling well now in the USA. Most do not yet have the full 1920 by 1080 resolution, but many are around 1280 by 720 native resolution which works well with the 720p progressive version used primarily for sports (looks better with fast motion).
DVD started with a copy protection, too.
However the really strange thing about the FCC broadcast flag is that the actual over the air ATSC transport stream on broadcast channels is mandated by law to be sent *IN THE CLEAR*, no encryption allowed - so the FCC decision basicly requires any receiver sold to the public *ENCRYPT* an ITC signal before providing it to the user. Naturally this bit of nonsense will go far to make the broadcast flag very effective indeed at preventing anyone with very modest sophistication from capturing the over the air in the clear transport stream and passing it around on P2P networks or whatever - there is already plenty of PCI hardware out there to receive ATSC transmissions (MyHD and many others) and supply the transport stream to software running on the PC. -- Dave Emery N1PRE, die@dieconsulting.com DIE Consulting, Weston, Mass 02493
participants (6)
-
Dan Kaminsky -
Dave Emery -
Eugen Leitl -
Justin -
Mark Allen Earnest -
Trei, Peter