Ross's TCPA paper

Lucky Green shamrock at cypherpunks.to
Sat Jun 22 23:01:12 PDT 2002 

Mike wrote quoting Lucky:
> > "trusted" here means that the members of the TCPA trust 
> that the TPM 
> > will make it near impossible for the owner of that motherboard to 
> > access supervisor mode on the CPU without their knowledge, 
> they trust 
> > that the TPM will enable them to determine remotely if the customer 
> > has a kernel-level debugger loaded, and they trust that the 
> TPM will 
> > prevent a user from bypassing OS protections by installing 
> custom PCI 
> > cards to read out memory directly via DMA without going through the 
> > CPU.
> 
> I don't see how they expect this to work.  We've already got 
> cheap rip off motherboards, who's gonna stop cheap rip off 
> TPM's that ain't really T?  I think it moves the game into a 
> smaller field where the players all have some bucks to begin 
> with, but somebody will create a "TPM" that looks like the 
> real thing, but runs cypherpunk code just fine.

I agree with your assertion that TPM's can't prevent DRM from being
broken. Nor is this the intent of introducing TPM's. The vendors have
realized that they have to raise the technical bar only so high to keep
those most inclined to break their systems (i.e. 16-year old Norwegians)
from doing so. Those that have the knowledge and resources to break TCPA
systems either won't have the time because they are engaged in gainful
employment, won't be willing to take the risk, because they have
accumulated sufficient material possessions to be unwilling to risk
losing their possessions, not to mention their freedom, in litigation,
or will break the security for their own gain, but won't release the
crack to the public. Criminal enterprise falls into the latter category.

The content vendors, which in this case includes the operating system
and application vendors, dislike, but can live with, major criminal
enterprise being the only other party to have unfettered access, since
criminal enterprise is just another competitor in the market place. Most
business models can survive another competitor. Where business models
threaten to collapse is when the marginal cost of an illegal copy goes
to zero and the public at large can obtain your goods without payment. I
don't know if the TCPA's efforts will prevent this, but in the process
of trying to achieve this objective, the average computers users, and
even many advanced computer users, will find themselves in a new
relationship with their PC: that of a pure consumer, with only the
choices available to them the what the 180 TCPA's members digital
signatures permit.

Cloning TPM's is difficult, though not impossible. Note that all TPM's
unique initial internal device keys are signed at time of manufacture by
a derivative of the TCPA master key. Unless you are one of the
well-known chipset or BIOS manufacturers, you can't get your TPM
products signed. It is theoretically possible, though far from easy, to
clone an entire TPM, keys and all.

However, the moment those fake TPM's show up in the market place, their
keys will simply be listed in the next CRL update. And if your OS and
TPM's miss a few CRL updates, your commercial OS and all your
applications will stop working. As might in the future your video card,
your PCI cards, your hard drive, and your peripherals.

You can try to hack around the code in the OS or firmware that performs
the checks, as long as you are willing to operate your machine
permanently off the Net from then on, because your system will fail the
remote integrity checks, but given that this and other security relevant
code inside the OS and applications are 3DES encrypted and are only
decrypted inside the TPM, you can't just read the object code from disk,
but get to first microprobe the decrypted op codes off the bus before
taking a debugger to the code. Not a trivial task at today's PC bus
speeds. Nor can you get too aggressive with the hacks, since your Fritz
may simply flush the keys and leave you with a bunch of 3DES encrypted
op codes and no corresponding decryption keys. Reverse engineering turns
pretty dim at that point.

None of these obstacles are impossible to overcome, but not by Joe
Computer User, not by even the most talented 16-year old hacker, and not
even by many folks in the field. Sure, I know some that could overcome
it, but they may not be willing to do the time for what by then will be
a crime. Come to think of it, doing so already is a crime.

--Lucky Green


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cypherpunks-legacy mailing list