Quoting [EMAIL PROTECTED]:
> On Fri, 22 Jun 2001, Jim Rees wrote:
>
> > Ok, so you have a bunch of executables and a table of pre-computed
> CRC's.
> >
> > No, you have a bunch of executables, and for each you have a crypto
> hash
> > signed with a private key.
>
> Ok.
>
> > You could store the public key in the secure rom, but this guy wants
> to use
> > a smart card, presumably because he wants to be able to re-key. Of
> course
> > the card and the secure hardware still have to share a key (or key
> pair) so
> > they can mutually authenticate.
>
> Ok, well lets see .. the signatures of each bin can be stored on the
> smartcard along with a patched kernel. Ok, that will work so long as
> the
> hardware is intact. Speed may be a slight issue, but I doubt it will
> be all that bad.
I don't have to store each signature of each bin into the smartcard. I won't
have enough RAM for that! I'll store inside each executable and library the
signed crypto hash. The kernel will check if the crypto hash is still the same
and the smartcard will just check if the signature of the crypto hash.
The solution of maintaining a separated DB of signature is not a good idea.
I'll need to check if the DB is not altered by the cracker, and it's another
source of problem.
>
> The hacker will just replace the CPU and ROMs of the machine that
> require the smartcard to boot, thats all. I know that we like to
> ignore
> this fact, but the case of the Net-appliance that was hacked was
> mentioned. Did you know that people replace the processors and ROMs in
> those things for FUN, to give better performance?
>
> Small companies will start up selling kits to hack the machine, all
> that
> will be required in the end is the ability to solder.
>
> And that is the obvious hack -- some brilliant minds will likely find
> an
> easier way.
>
> I really don't think that there is a solution short of secure,
> tamper-resistant hardware. And giving away that sort of stuff isn't
> all
> that cost-effective.
Yeah, but the CPU is the most expensive part of the system. And I'm sure there
is good insulating glues that will make it hard to remove without destroing the
main board.
If the price of the separated parts is too expensive, the majority will quit.
Ok, maybe there will be some crazy hackers that are going the spend all that
money, just for the fun of it, but we don't care. All we want is to avoid
having thousands of people registering for our stuff and after a cheap hack
(software only, for example), don't use it as we want them to use it.
We are not going the sell remote controls for nuclear missiles that must only
allow the targeting of the bad guys! ;-)
---
-°) Patrick Valsecchi
/\\
_\_v http://dante.urbanet.ch/~patrick/index.html
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
