Just because some cars have anti-theft devices that can be defeated in seconds .... doesn't make all auto anti-theft devices useless.
so you have currently have an environment that has no protection and everything is totally wide open. lets say a hardware chip that currently has no tamper resistance and a whole infrastructure is put in place based on having security based on a hardware chip. Hypothetically it eliminates allt the non-physical attacks. however there are still vulnerabilities involving physical attacks on the hardware components. Would that be beneficial? Would it be helpful to eliminate all network and electronic attacks leaving only physical attacks? One of the issues is that some amount of the population actually has some sensitivity for dealing with physical attacks. Part of the current problem is many people don't have any experience dealing with electronic and non-physical attacks. I would consider the elimination of all electronic and network attacks as an interesting prospect. So what does the world currently do about physical attacks. Some organizations .... if they physical own the device and trying to protect against outside attacks .... might put the device under armed guards. If it is DRM, where the chip is, in effect, acting as a proxy agent on somebody else's behalf then there is issue about protection about physical attacks by the person in possesion of the device. Tamper-resistance just ups the cost of a succesful attack. One could hypothesis the value of something that is always in excess of the protection measures. .... i.e. security proportional to the risk; aka ... regardless of the protection measures there could always be some hypothetical value making it worth the cost of mounting an attack. The hypothetical DRM risk is possibly 90 percent of the infrastructure (not single, here & there isolated copying .... copying being done everywhere). Would some TCPA possibly both increase the percent of authorized copies and reduce the unauthorized copies (i.e. a method to reduce unauthorized copies to zero is by not publishing the works at all). The issue isn't absolutely ruling out unauthorized copies .... the issue is increasing the percent of authorized copies. So hypothetically, the environment has reduced all the vulnerabilities and attacks to attacks just on the physical chip. It is possible that market forces could react to such an environment and opportunity. One opportunity might be higher priced PCs that have chips evaluated at EAL7-high with loads of tamper-resistance along with certain works are only available on machines having the higher evaluated chips. random mutterings about parameterized risk management: http://www.garlic.com/~lynn/99.html#235 Attacks on a PKI http://www.garlic.com/~lynn/99.html#238 Attacks on a PKI http://www.garlic.com/~lynn/aadsm2.htm#stall EU digital signature initiative stalled http://www.garlic.com/~lynn/aadsm2.htm#strawm3 AADS Strawman http://www.garlic.com/~lynn/aadsm3.htm#cstech3 cardtech/securetech & CA PKI http://www.garlic.com/~lynn/aadsm3.htm#cstech4 cardtech/securetech & CA PKI http://www.garlic.com/~lynn/aadsm3.htm#cstech5 cardtech/securetech & CA PKI http://www.garlic.com/~lynn/aadsm3.htm#cstech9 cardtech/securetech & CA PKI http://www.garlic.com/~lynn/aadsm3.htm#kiss2 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp-00.txt)) http://www.garlic.com/~lynn/aadsmore.htm#bioinfo2 QC Bio-info leak? http://www.garlic.com/~lynn/aadsmore.htm#bioinfo3 QC Bio-info leak? http://www.garlic.com/~lynn/aadsmore.htm#biosigs biometrics and electronic signatures http://www.garlic.com/~lynn/aepay3.htm#x959risk1 Risk Management in AA / draft X9.59 http://www.garlic.com/~lynn/aepay6.htm#x959b X9.59 Electronic Payment standard issue http://www.garlic.com/~lynn/2000.html#46 question about PKI... http://www.garlic.com/~lynn/2000.html#57 RealNames hacked. Firewall issues. [EMAIL PROTECTED] on 8/14/2002 9:19 am wrote: The problem with this idea is that TCPA is useless. For all the *useful* things you are thinking of, you need TCPA plus an approved key. The only way you are going to get an approved key is inside a tamper-resistant chunk of hardware. If you should manage to extract the key, then yes, you'll be able to create that CD. But the idea is that you, the hardware owner, are not authorized to extract the information contained in your own hardware. I find the idea of "owning" something without having the legal right to open it up and look inside legally dubious at best, but I'm no lawyer.... The idea is that you shouldn't get anywhere without hardware hacking. The people doing this have decided hardware hacks are acceptable risks because they only want to protect cheap data -- movies, songs, commercial software, whatever. They are sticking to stuff that's not expensive enough to justify hardware hacks. However, if this infrastructure does in fact become trusted and somebody tries to use it to protect more valuable data, God help them. They'll get their asses handed to them on a platter. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]