On Mon, May 08, 2006 at 10:22:32PM +0000, Jason Holt wrote: > On Mon, 8 May 2006, Michael Halcrow wrote: > >On Mon, May 08, 2006 at 09:41:49PM +0000, Jason Holt wrote: > >>You're talking about multiple machines being able to decrypt, so > >>is it a shared secret across the machines? > > > >Yes -- a shared private key, but that key is only available to the > >operating environment of each machine when the machine is booted in > >a trusted manner. A set of machines are certified as appropriate > >for handling trade secrets, set up with a secure operating > >environment (including auditing, MAC, and so forth), and then data > >is transparently accessible on only those machines. Additional > >secrets protecting the data (i.e., passphrases) can narrow down > >access to a subset of users of that set of machines (providing a > >convenient means of two-factor authentication). > > Okay, I think I'm starting to get it. So let's say there are two > machines with TPM modules and freshly installed OSes, and that we > ignore the passphrase issue for the moment (since it doesn't seem to > add much to the TPM example). I generate a keypair on one machine, > and then somehow send the private key to the other?
Yes, and encrypt that key with one of the keys that can only be unsealed when the machine is booted in a trusted configuration. > Then when I create my ciphertext, it gets encrypted against the > public key, right? Yup. (And for the benefit of those who may be listening, you would really encrypt the symmetric key used to create the ciphertext with the public key.) > If I didn't have TPM, I could still do all that, but you're talking about > the TPM ensuring that not only does the machine *have* the private key, but > that the machine is in a certain state. Exactly. > So it saves us from an attacker who has the ciphertext *and* access > to one of the machines, but who can't login as me or otherwise > convince the OS to ask the TPM for the key You have the basic idea. > Are there any other attacks it prevents? Most of the uses that I am interested in have to do with machines in a corporate environment. Remote attestation generally leaves a bad taste in my mouth, but I can think of a few cases where I might be willing to make that tradeoff. For instance, I might not complain about a gaming device using remote attestation to counteract cheaters, as long as it is advertised prominently what elements of the gaming device and game I have control over, and which parts the company providing the device claims control over. I would never let that happen to my general-purpose computing device, but I would not mind so much for a special-purpose gaming device (if it were cheap enough). That would be a ``bargain'' that I would be willing to make -- to relinquish control over my own gaming device in exchange for a network in which everyone else has relinquished control over their devices, so that we can all play the game sans cheaters. Other such applicatoins are detailed in this blog entry: http://www.invisiblog.com/1c801df4aee49232/article/0df117d5d9b32aea8bc23194ecc270ec Of course, I would fully expect the ability to join a non-attested network to play if I so desired, but an attested gaming network would definitely hold value if cheating in the non-attested network became rampant. I would spend my freedom for certain benefits -- but *I* want the ability to decide how much freedom I spend and where I spend it. And the attestation enforcement must be entirely technical -- *no* legislation should threaten people who figure out a way to circumvent the attestation mechanism. Some people think that that a legislation-free remote attestation is a pipe-dream, while others think that non-attested alternatives will cease to exist in the free market, and so they choose to oppose the technology of remote attestation outright... And have you heard of Direct Anonymous Attestation? May have implications for anonymous remailers (also discussed in the blog above): http://www.zurich.ibm.com/security/daa/ On a personal note, the day my bank tries to insist that I do a remote attestation from my general-purpose computing device is the day that I switch to another financial services provider. ;-) As soon as my team finishes with the PKI support in eCryptfs this summer, I *will* be using the TPM in my laptop to cryptographically lock my files to my machine; that's the sort of thing for which I personally find the TPM to be useful. Mike .___________________________________________________________________. Michael A. Halcrow Security Software Engineer, IBM Linux Technology Center GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C 20F5 DB40 8531 6DCA 8769 "Why adults should pretend to omniscience before 6-year-olds, I can't for the life of me understand." - Carl Sagan
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
