On Fri, 22 Jun 2001, Jim Rees wrote:
> Ok, so you have a bunch of executables and a table of pre-computed CRC's.
>
> No, you have a bunch of executables, and for each you have a crypto hash
> signed with a private key.
Ok.
> You could store the public key in the secure rom, but this guy wants to use
> a smart card, presumably because he wants to be able to re-key. Of course
> the card and the secure hardware still have to share a key (or key pair) so
> they can mutually authenticate.
Ok, well lets see .. the signatures of each bin can be stored on the
smartcard along with a patched kernel. Ok, that will work so long as the
hardware is intact. Speed may be a slight issue, but I doubt it will
be all that bad.
The hacker will just replace the CPU and ROMs of the machine that
require the smartcard to boot, thats all. I know that we like to ignore
this fact, but the case of the Net-appliance that was hacked was
mentioned. Did you know that people replace the processors and ROMs in
those things for FUN, to give better performance?
Small companies will start up selling kits to hack the machine, all that
will be required in the end is the ability to solder.
And that is the obvious hack -- some brilliant minds will likely find an
easier way.
I really don't think that there is a solution short of secure,
tamper-resistant hardware. And giving away that sort of stuff isn't all
that cost-effective.
--
Michael Graffam ([EMAIL PROTECTED])
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
