On Wed, Jul 31, 2013 at 10:48:59PM -0700, Steve Weis wrote: > I think what you're saying was true in the past, but the game is > changing with modern hardware. There have been advances in CPU > features that make it possible to reduce the trust perimeter to just > the CPU and TPM. If I trust those two components, I can privately > compute on remote hardware, even if you have physical access and time. > > If my computation involves sending video out to a device in the clear, > then yes, you'll get that video. So, this doesn't help with > traditional DRM. But it does help protect me when I run in > environments outside my control, e.g. in infrastructure-as-a-service.
I'm not sure I can see scenarios that involve local I/O which give you much protection, but I bet I can be surprised. > > Note, if an adversary can subvert the CPU itself, you lose. There are > also known flaws in TPM specs and implementations, although these have > a higher bar to exploit than other low-cost physical attacks. > One part of this is definitely what guarantees can be made -- early TPM work was very specific that if you have physical access, all bets were off, and I don't think I've seen anyone who is comfortable relaxing that constraint. > Fortunately, there are some interesting CPU features in the pipeline > which may eliminate the dependency on TPMs completely. I can take it > off-list if you want to discuss further. > I'd be really interested, and we can maybe summarise a little back to the list. EFF's tech expertise is more highly distributed right now across Amsterdam and Nevada than usual, but it might make sense to meet soon to discuss some of these developments. Local and cloud security has never looked so precarious, nor attacks more well-funded. d. > On Wed, Jul 31, 2013 at 7:32 PM, Danny O'Brien <da...@eff.org> wrote: > > Of course, such remote attestation/control works as well for > > privacy-preservation as it does for DRM -- not very. If you *have* the > > data, you can do whatever you want with it. My computer can attest all > > it want, but if I want that video or that cable, I'll get it. Indeed, I > > already *have it*. all you're doing is determining the process by which > > I'll obtain a reproducible copy. It's not even that quantifiable as a > > cost, because we're already assuming I have physical access and time > > enough. > -- International Director, EFF | +1 415 436 9333 x150 | 815 Eddy Street, SF, CA 94109 -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
