Other uses of TCPA

Mike Rosing eresrch at eskimo.com
Sat Aug 3 21:44:58 PDT 2002 

On Sat, 3 Aug 2002, AARG! Anonymous wrote:

> The TPM public key is called the Endorsement key - this is the key which
> is signed by the manufacturer and which proves that the TPM is a valid
> implementation of TCPA.  Here is what section 9.2 of the TCPA spec says
> about it:
>
> : A TPM only has one asymmetric endorsement key pair. Due to the nature of
> : this key pair, both the public and private parts of the key have privacy
> : and security concerns.
> :
> : Exporting the PRIVEK from the TPM must not occur. This is for security
> : reasons. The PRIVEK is a decryption key and never performs any signature
> : operations.
> :
> : Exporting the public PUBEK from the TPM under controlled circumstances
> : is allowable. Access to the PUBEK must be restricted to entities that
> : have a "need to know." This is for privacy reasons.

And in another message:

I said:
=> In other words, the manufacturer has access to all your data because
=> they have the master storage key.
=>
=> Why would everyone want to give one manufacturer that much power?

AARGH! said:
>It's not quite that bad.  I mentioned the blinding.  What happens is
>that before the master storage key is encrypted, it is XOR'd with a
>random value, which is also output by the TPM along with the encrypted
>recovery blob.  You save them both, but only the encrypted blob gets
>sent to the manufacturer.  So when the manufacturer decrypts the data,
>he doesn't learn your secrets.
>
>The system is cumbersome, but not an obvious security leak.

Who owns PRIVEK?  Who controls PRIVEK?  That's who own's TCPA.

And then there was this comment in yet another message:

>In addition, we assume that programs are able to run "unmolested";
>that is, that other software and even the user cannot peek into the
>program's memory and manipulate it or learn its secrets.  Palladium has
>a feature called "trusted space" which is supposed to be some special
>memory that is immune from being compromised.  We also assume that
>all data sent between computers is encrypted using something like SSL,
>with the secret keys being held securely by the client software (hence
>unavailable to anyone else, including the users).

Just how "immune" is this program space?  Does the operator/owner of
the machine control it, or does the owner of PRIVEK control it?  So
the owner of PRIVEK can send a trojan into my machine and take it over
anytime they want.  Cool, kind of like the movie "Collosis" where a
super computer takes over the world.

The more I learn about TCPA, the more I don't like it.

Patience, persistence, truth,
Dr. mike

More information about the cypherpunks-legacy mailing list