On Oct 22, 2013, at 9:50 PM, John Ioannidis wrote:
And to add another, there was a presentation on ARM TrustZone, the OS inside your CPU, that's seems so designed for backdoors that ARM actually gives tips for running TrustZone invisible to the normal OS. https://www.hackinparis.com/sites/hackinparis.com/files/Slidesthomasroth.pdf
TrustZone sounds like Palladium from 15 or so ago. Have we learned *nothing*? Actually, there is a difference: Palladium had remote attestation built in - it was a selling point. People concentrated on that as the "bad" part, thought the rest could actually be useful. The reference designs let you do whatever you wanted with your own device - you have full access to the trusted elements, could sign your own boot loader if you wanted. Of course, someone providing DRM'ed material could refuse to talk to your system if it didn't attest to running "acceptable" code.
The new technologies don't build remote attestation in, so avoid the whole debate. And the base technologies are neutral on the issue of whether you can write your own trusted code. It's the specific implementations that block you from changing the keys, the bootloader, any of the code running in the secure element, etc. The net effect is similar. Nothing keeps a system builder from including remote attestation, but because of the nature of the devices, who is doing the controlling (the cell service providers), and the much higher level of integration of the components (making it harder to pull pieces out of the controlled environment) it really doesn't much matter: If you're successfully talking to the cell network at all, they assume you have "approved" hardware. (Should people start building their own cell hardware from the ground up - certainly possible if you don't care about how practical the device is as a *cell phone*, but extremely difficult if you want something practical - they could always add remote attestation, or some simplified variant that's good enough for the cell provider's purposes, later.) Palladium was subject to political attack because it was open about what it could do for DRM suppliers. The new technologies are harder to attack this way because the responsibility is diffused, and the good and the bad are very thoroughly mixed together. The availability of secure modes in the hardware can be explained as necessary to allow for safe operation in an unsafe world, and in and of themselves harmless - just a safer extension of user space/kernel space isolation. The system builders build things to keep the systems safe from malware, a known and growing problem. The network providers want to protect their networks. Everyone sees the need for heavy protection - including from the device owner - of internal "wallets". -- Jerry _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography