Re: Palladium -- trivially weak in hw but secure in software?? (Re: palladium presentation - anyone going?)
Software-based attacks are redistributable. Once I write a program that hacks a computer, I can give that program to anyone to use. I can even give it to everyone, and then anyone could use it. The expertise necessary can be abstracted away into a program even my mother could use. Hardware-based attacks cannot be redistributed. If I figure out how to hack my system, I can post instructions on the web but it still requires technical competence on your end if you want to hack your system too. While this doesn't help a whole lot for a DRM goal (once you get the non-DRM version of the media data, you can redistribute it all you want). I think this assumption may be incorrect. In order for content providers to win the DRM fight it seems like they need to address two issues. First, put up a big enough barrier for most users that circumventing access controls is infeasible, or simply not worth it. Second, put up a big enough barrier for most users that gaining access to copies of media with the access controls removed is either infeasible, or simply not worth it. I believe tamper resistant hardware solves the first problem, even if, as Adam conjectures, all that is required to access media protected by Palladium is a $50 kit (which remember, you can't obtain legally) and some hardware hacking. This seems to rule out well over %99 of the media consuming public. The problem of obstructing the distribution of media is really a different topic. I think that solving this problem is easier than most folks think. Again, you don't have to totally stop it P2P, or that kid in the shopping mall selling copied CD's. All you have to do is put up big enough technical and legal barriers that the general public would rather just pay for the media. While it may be the case that Palladium is not a serious barrier to the average CS graduate student, Cypherpunk, or even the home user who has a modicum of hardware clue, I don't think this will kill it as an effective technology for supporting DRM, assuming that the software cannot be broken. --Tal
Palladium -- trivially weak in hw but secure in software?? (Re: palladium presentation - anyone going?)
Remote attestation does indeed require Palladium to be secure against the local user. However my point is while they seem to have done a good job of providing software security for the remote attestation function, it seems at this point that hardware security is laughable. So they disclaim in the talk announce that Palladium is not intended to be secure against hardware attacks: | Palladium is not designed to provide defenses against | hardware-based attacks that originate from someone in control of the | local machine. so one can't criticise the implementation of their threat model -- it indeed isn't secure against hardware based attacks. But I'm questioning the validity of the threat model as a realistic and sensible balance of practical security defenses. Providing almost no hardware defenses while going to extra-ordinary efforts to provide top notch software defenses doesn't make sense if the machine owner is a threat. The remote attestation function clearly is defined from the view that the owner is a threat. Without specifics and some knowledge of hardware hacking we can't quantify, but I suspect that hacking it would be pretty easy. Perhaps no soldering, $50 equipment and simple instructions anyone could follow. more inline below... On Mon, Oct 21, 2002 at 09:36:09PM -0400, Arnold G. Reinhold wrote: [about improving palladium hw security...] Memory expansion could be dealt with by finding a way to give Palladium preferred access to the first block of physical memory that is soldered on the mother board. I think standard memory could be used. I can think of simple processor modifications that could fix this problem with hardware tamper resistance assurance to the level of having to tamper with .13 micron processor. The processor is something that could be epoxyied inside a cartridge for example (with the cartridge design processor + L2 cache housings as used by some Intel pentium class processors), though probably having to tamper with a modern processor is plenty hard enough to match software security given software complexity issues. Adam -- http://www.cypherspace.net/
Re: Palladium -- trivially weak in hw but secure in software?? (Re: palladium presentation - anyone going?)
On Tue, Oct 22, 2002 at 04:52:16PM +0100, Adam Back wrote: So they disclaim in the talk announce that Palladium is not intended to be secure against hardware attacks: | Palladium is not designed to provide defenses against | hardware-based attacks that originate from someone in control of the | local machine. so one can't criticise the implementation of their threat model -- it indeed isn't secure against hardware based attacks. But I'm questioning the validity of the threat model as a realistic and sensible balance of practical security defenses. Providing almost no hardware defenses while going to extra-ordinary efforts to provide top notch software defenses doesn't make sense if the machine owner is a threat. This depends. I would say this is an interesting threat model. It makes the attacks non-redistributable. Software-based attacks are redistributable. Once I write a program that hacks a computer, I can give that program to anyone to use. I can even give it to everyone, and then anyone could use it. The expertise necessary can be abstracted away into a program even my mother could use. Hardware-based attacks cannot be redistributed. If I figure out how to hack my system, I can post instructions on the web but it still requires techinical competence on your end if you want to hack your system too. While this doesn't help a whole lot for a DRM goal (once you get the non-DRM version of the media data, you can redistribute it all you want), it can be very useful for security. It can help to eliminate the 'script kiddie' style of attackers. Rick