On Tue, 25 Jul 2006, Perry E. Metzger wrote:
EE Times is carrying the following story:
http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=190900759
It is about attempts to use cryptography to protect chip designs from
untrustworthy fabrication facilities, including a technology from
Certicom.
Unlike ordinary DRM, which I think can largely work in so far as it
merely provides a (low) barrier to stop otherwise honest people from
copying something they find inexpensive in the first place, it seems
to me that efforts like this are doomed.
It is one thing if you're just trying to keep most people honest about
something that doesn't cost much money, and another if you're trying
to protect something worth millions of dollars from people with
extremely sophisticated reverse engineering equipment. In particular,
people who operate fabs are also in possession of exquisitely good
equipment for analyzing the chips they've made so they can figure out
process problems, and the "key injection" equipment Certicom is making
could easily be suborned as well.
I'd be interested in other people's thoughts on this. Can you use DRM
to protect something worth not eight dollars but eight million?
This has already been attempted with video game machines back in the 80s
and with consoles like the X-Box more recently. In both cases, the
encryption made it more difficult, but not impossible.
There seems to be this idea that if we just use enough DRM, or enough
encryption, we can overcome its weaknesses. It is like saying if we wish
for something hard enough we can overcome the laws of nature. (And if it
didn't happen, we did not wish hard enough.)
But enough about US foreign policy...
--
"I want to live just long enough to see them cut off Darl's head and
stick it on a pike as a reminder to the next ten generations that some
things come at too high a price. I would look up into his beady eyes and
wave, like this... (*wave*!). Can your associates arrange that for me,
Mr. McBride?"
- Vir "Flounder" Kotto, Sr. VP, IBM Empire.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
