Overcoming the potential downside of TCPA

Carl Ellison cme at acm.org
Wed Aug 14 06:32:10 PDT 2002


At 10:58 PM 8/13/2002 -0700, Joseph Ashwood wrote:
>Lately on both of these lists there has been quite some discussion
>about TCPA and Palladium, the good, the bad, the ugly, and the
>anonymous. :) However there is something that is very much worth
>noting, at least about TCPA.
>
>There is nothing stopping a virtualized version being created.

The only thing to stop that is the certificate on the TCPA's built-in
key.  You would have to shave one TCPA chip and use its key in the
virtualized version.  If you distributed that shaved key publicly or
just to too many people, then its compromise would likely be detected
and its power to attest to S/W configuration would be revoked.

However, if you kept the key yourself and used it only at the same
frequency you normally would (for the normal set of actions), then
the compromise could not be detected and you should be able to run
virtualized very happily.

That's one of the main problems with TCPA, IMHO, as a security
mechanism: that its security depends on hardware tamper resistance --
but at the same time, the TPM needs to be a cheap part, so it can't
be very tamper resistant.

 - Carl



+------------------------------------------------------------------+
|Carl M. Ellison         cme at acm.org     http://world.std.com/~cme |
|    PGP: 75C5 1814 C3E3 AAA7 3F31  47B9 73F1 7E3C 96E7 2B71       |
+---Officer, arrest that man. He's whistling a copyrighted song.---+

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com





More information about the cypherpunks-legacy mailing list