*Rootkits*. Just replace the firmware. Den 30 okt 2012 19:13 skrev "Jonas Wielicki" <developm...@sotecware.net>:
> On 30.10.2012 14:30, Natanael wrote: > > Yeah, this looks like TPM with software protection instead of hardware > > protection. > > > > Rootkits can screw it up. > > I guess that is why the researchers suggested an on-GPU > challenge-response protocol implementation which would not hand out the > initial SRAM state directly to any software. > > > Den 30 okt 2012 14:27 skrev "Solar Designer" <so...@openwall.com>: > > > >> This is very curious, but ... > >> > >> On Tue, Oct 30, 2012 at 10:08:06AM +0100, Eugen Leitl wrote: > >>> Cloning the actual SRAM state in a GPU is not possible, said Dr. Lange. > >> "What > >>> we've done so far in our research is reading out this SRAM state. We > can > >> of > >>> course copy this readout. What we're aiming for is to put an > >> authentication > >>> system in place where the GPU never hands over the raw data. Instead > the > >> GPU > >>> uses it in a challenge-response protocol, just like the secret key in a > >>> signature system or zero-knowledge protocol. This does rely on the OS > >> and/or > >>> hypervisor shielding the card from bad requests, such as ???hand over > >> all your > >>> secrets,???" she said. > >> > >> ... since it relies on OS and/or hypervisor security anyway, about the > >> same functionality and security (not a lot of it) can be achieved by > >> keeping the secret in a disk file (protected with filesystem/OS > >> permissions) and having the crypto implemented in an OS driver (or > >> privileged program). Use of a GPU does not appear to provide much > >> advantage on top of that. It can't be physically cloned, but if OS > >> security fails, then the GPU's secrets can be cloned and the > >> authentication protocol simulated in host software (on attacker's > >> machine, without the GPU). > >> > >> Alexander > >> _______________________________________________ > >> cryptography mailing list > >> cryptography@randombit.net > >> http://lists.randombit.net/mailman/listinfo/cryptography > >> > > > > > > > > _______________________________________________ > > cryptography mailing list > > cryptography@randombit.net > > http://lists.randombit.net/mailman/listinfo/cryptography > > > > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
