Dell to Add Security Chip to PCs
Dan Kaminsky
dan at doxpara.com
Thu Feb 3 23:02:43 PST 2005
>>Uh, you *really* have no idea how much the black hat community is
>>looking forward to TCPA. For example, Office is going to have core
>>components running inside a protected environment totally immune to
>>antivirus.
>>
>>
>
>How? TCPA is only a cryptographic device, and some BIOS code, nothing
>else. Does the coming of TCPA chips eliminate the bugs, buffer overflows,
>stack overflows, or any other way to execute arbitrary code? If yes, isn't
>that a wonderful thing? Obviously it doesn't (eliminate bugs and so on).
>
>
>
TCPA eliminates external checks and balances, such as antivirus. As the
user, I'm not trusted to audit operations within a TCPA-established
sandbox. Antivirus is essentially a user system auditing tool, and
TCPA-based systems have these big black boxes AV isn't allowed to analyze.
Imagine a sandbox that parses input code signed to an API-derivable
public key. Imagine an exploit encrypted to that. Can AV decrypt the
payload and prevent execution? No, of course not. Only the TCPA
sandbox can. But since AV can't get inside of the TCPA sandbox,
whatever content is "protected" in there is quite conspicuously unprotected.
It's a little like having a serial killer in San Quentin. You feel
really safe until you realize...uh, he's your cellmate.
I don't know how clear I can say this, your threat model is broken, and
the bad guys can't stop laughing about it.
>I use cryptographic devices everyday, and TCPA is not different than the
>present situation. No better, no worse.
>
>
I do a fair number of conferences with exploit authors every few months,
and I can tell you, much worse. "Licking chops" is an accurate assessment.
Honestly, it's a little like HID's "radio barcode number" concept of
RFID. Everyone expects it to get everywhere, then get exploited
mercilessly, then get ripped off the market quite painfully.
--Dan
More information about the Testlist
mailing list