Re: Free Rootkit with Every New Intel Machine
http://www.nvlabs.in/?q=node/32 Vipin Kumar of of NVLabs had announced a break of TPM and a demonstration of a break into Bitlocker, (presumably using TPM) to be presented at Black Hat 2007. The presentation has been pulled. Significance to the exchanges on cryptography under this subject stem from the abstract of the announcement. It references a paper on implementing Trusted Computing: https://www.trustedcomputinggroup.org/news/Industry_Data/Implementing_Trusted_Computing_RK.pdf From Which Kumar interpolates the graph shown in figure 4 to make the claim that through the end of 2007 there will be 150 million TPM devices shipped. The preceding paragraph to figure 4 makes a claim of 20 million TPM devices shipped in 2005. The paper is produced by Endpoint Technologies Associates, Inc., and doesn't give references for how the numbers were promulgated. The graph shows a number of TPM devices shipped per year to exceed 250 million by the years 2010. The point being that's a lot tchotchkes, even if the claimed numbers are inflated in a fashion reminiscent of how fast the internet was growing before the internet bubble burst. Even conservatively there is in the tens of millions of these devices sold, although we have no indication how many were actually used for Trusted Computing purposes. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Free Rootkit with Every New Intel Machine
Looking for TPM enterprise adoption. The current version of TPM was adopted in March o f 2006, which should have limited TPM up take. There's an article in Network World http://www.networkworld.com/allstar/2006/092506-chip-security-papa-gino.html from September 2006 talking about a restaurant chain being a pioneer in the use of TPM, apparently a poster boy for Dell. There's also http://www.fcw.com/article95422-07-26-06-Web July 26, 2006, talking about the Army mandating TPM in all their small computers (PCs), a relatively large enterprise customer. A 10-Q filed by Wave Systems in May provides providence for the numbers quoted in NVLabs abstract on their TPM breaker: http://sec.edgar-online.com/2007/05/10/0001104659-07-038339/Section9.asp † Adoption of TPMs and Trusted Computing technology is also growing - according to industry analyst, IDC, shipments of TPMs are expected to grow from under 25 million units in 2005 to over 250 million units in 2010. More information is available from the IT Compliance Institute. (looking at the IT Compliance Institute doesn't seem to help) The IDC is the quoted source for TPM adoption, figuring prominently on the trudedcomputingroup.org web site and articles derived from publicity. There's an Executive Summary from IDC: https://www.trustedcomputinggroup.org/news/Industry_Data/IDC_448_Web.pdf Predicting TPM 75 percent penetration for world wide Desktop PCs in 2009, 85 percent for mobile computing, and 80 percent for servers. The only other data point is for 2005, showing a couple of percent for Desktop PC, three percent for Servers, and 37 percent for mobile PCs There's a claim the Bitlocker in Vista provided the tipping point for TPM uptake in: http://www.investors.com/editorial/IBDArticles.asp?artsec=17issue=20070306 The IDC reference is Worldwide PC Interface and Technologies 2007-2010 Forecast February 2007, Doc #205155, a Market Analysis http://idc.com/getdoc.jsp?containerId=205155 At $4500, a bit steep for curiosity's sake. TPM is the focus of a chapter or section on Security, as seen in the table of contents The Papa Gino's Restaurants example for Network World,is indeed a Dell real world example, one of several mentioned: https://www.trustedcomputinggroup.org/news/Industry_Data/Endpoint_Technologies_Associates_TCG_report_Jan_29_2007.pdf The real world examples include a Japanese pharmaceutical company with 20,000 seats Papa Gino's Pizzas A US auto rental agency of indeterminate size using HP's security solution. Three projects underway in Japan, the Japanese Ministry of Economy, Trade and Industry funded security initiatives for: Sendai Wellness Consortium (sounds like an HMO) IBM's Tokyo Research Laboratory Nagoya University Medical Center The size of these aren't known, but should qualify as respectably sized enterprises. This paper is from Endpoint Technologies, again and intended to allay naysayers of Trusted Computing adoption rates: Some market watchers may feel that the entire Trusted Computing movement, championed by the Trusted Computing Group (TCG) with its Trusted Platform Module (TPM) and related security technologies, is just a straw man and that it will be years before large numbers of companies and even individuals adopt TPM based secure computing. For example, IDC cites, in Trusted Platform Module: Adoption Dynamics, August 30, 2006, a complex system dynamics model that shows that only the PC hardware OEMs and the smallest security vendors are fully engaged with the TPM, and that Microsoft and the major security players remain at best tepid in their support. Particularly, the authors cite a lack of user pull in TPM deployment. They conclude that, although many TPM modules will ship on client systems over the next few years, most will remain inactive. [There's also anecdotal evidence IDC hasn't always had their cheery outlook for TPM uptake.] There are other developments mentioned in the paper: The NSA uses TPM for encrypted disk drives The US Army is mentioned herein requiring TPM on PCs The Federal Deposit Insurance Corporation has recommended that their member banks adopt TPM. Also, Microsoft appears to have actually jumped on the TPM bandwagon, supplying impetous over the tipping point: http://www.pc.ibm.com/us/pdf/idc_compliance_whitepaper.pdf February 2005, Validation of Hardware Security in PC Clients, sponsored by IBM and Microsoft TPM is pretty much required for PC biometric authentication (fingerprints) There are a few more poster children marched out: A large international pharmaceutical company (perhaps different from above) A Large Apparel Manufacturer, mentions Sarbannes-Oxley, and fingerprint access. We're being underwhelmed with hard numbers and numerous examples of enterprise adoption. - The Cryptography Mailing List Unsubscribe by sending unsubscribe
Re: Quantum Cryptography
At 08:51 AM 6/28/2007, Alexander Klimov wrote: I suspect there are two reasons for QKD to be still alive. First of all, the cost difference between quantum and normal approaches is so enormous that a lot of ignorant decision makers actually believe that they get something extra for this money. If you tell a lie big enough and keep repeating it, people will eventually come to believe it. The second reason is ``rollback'' (is it right term?): you pay Kickbacks would be the usual American term. $10 from your company funds to a QKD vendor, and they covertly give $5 back to you. Never attribute to malice what can be adequately explained by incompetence. Quantum Crypto is shiny new technology, complete with dancing pigs. And once you've invested the research and development costs into building it, of course you want to sell it to anybody who could use it. So what kind of threat models does it address, and what does that say about the kinds of customers who'd want it? - It doesn't protect against traffic analysis, because the eavesdropper can follow the fiber routes and see who you're connected to. - It potentially provides perfect forward secrecy a long time into the future against attackers who can eavesdrop on you now and save all the bits they want. That's mainly useful for military applications - most commercial applications don't require secrecy for more than a few years, and most criminal activities can't use it because of the traffic analysis threat. Maybe banks? - It doesn't protect against Auditors getting your data. So maybe it's not useful for banks. That's really too bad, because except for the military, the main kinds of customers that need to spend lots of money on extra-shiny security equipment are doing so to distract Auditors, but it does let you tell the auditors you'd done everything you could. - The Quantum Key Distribution versions only protect keys, not data, so it doesn't protect you against cracking symmetric-key algorithms. It does provide some protection against Zero-Day attacks on public-key crypto-systems, but wrapping your key exchange in a layer of symmetric-key crypto can do that also. And if you're the military, you can revert to the traditional armed couriers with briefcases handcuffed to their arms method. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Backdoor Man...
Hi gang, Apparently Backdoor Man is still popular, but not as a blues. http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9025436 So, the question is, can you trust *any* commercial vendor where you can't verify the code? We have no clue if this was done for Intuit itself or if it was done at the request of some _agency_; however, even if it was only done for Intuit it does leave a rather sour taste because this is yet another proof of security by obscurity does not work and will eventually be exploited. BTW, does anyone have a conversion metric for, say John the Ripper on a P4 3GHz with 1GB of memory (or some other commodity level computer) to the tera (soon to be peta it looks like) flop ratings on super computers? Thanks, Allen - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Quantum Cryptography
On Jun 29, 2007, at 10:44 AM, Steven M. Bellovin wrote: It's very valid to criticize today's products, and it's almost obligatory to criticize over-hyped marketing. As I said, I don't think today's products are useful anywhere, and the comparisons vendors draw to conventional cryptography are at best misleading. But let's not throw the baby out with the bathwater. The problem I have with QC is that, as others have amply pointed out, there is a lot of bathwater but not much of a baby to speak of. If someone created a protocol that does a DH exchange at the beginning and then throws away the secret and performs the rest of the communication in plaintext, we'd hardly call the resulting system a cryptographic protocol. Really, we'd be hesitant to use any form of the word cryptography in the description. QC, however, does something exactly analogous: it performs a quantum key exchange and then falls back on classical primitives. It's at best confusing, fallacious and disingenuous to refer to such setups as quantum cryptography, though I understand classical encryption with quantum key exchange has less of a marketable ring to it. So, by all means, let the QKD and related research continue. It's interesting, it's cool, it's *important* work. But when the folks behind it are talking to those of us who understand and work with cryptography every day, they need to do a much better job at not letting their own imprecise and almost deceitful terminology paint themselves in a corner and trigger our snakeoil detectors. I deeply support Jon's proposal of renaming the whole thing quantum secrecy, in which case I'd get off my snark horse and show more respect for the whole thing. -- Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]