Re: TPM & disk crypto
Alexander Klimov schrieb: On Fri, 6 Oct 2006, Erik Tews wrote: And the TPM knows that your BIOS has not lied about the checksum of grub how? The TPM does not know that the BIOS did not lie about the checksum of grub or any other bios component. What you do is, you trust your TPM and your BIOS that they never lie to you, because they are certified by the manufature of the system and the tpm. (This is why it is called trusted computing) IIUC, TPM is pointless for disk crypto: if your laptop is stolen the attacker can reflash BIOS and bypass TPM. Moreover, TPM is actually bad for disk crypto: without it you lose your data only if your HDD dies, now you lose your data if your HDD dies *or* if you motherboard dies. If the user is not experienced in BIOS reflashing, they also lose their data if OS crashes and refuses to boot (not uncommon for some common OSes). There is a great risk of data loss if the TPM protection is badly implemented. You can, however, store an encrypted key in your (not encrypted) hard disk, and save the decryption key both inside the TPM (bound to valid bios/boot loader/Kernel/OS PCR values) *and* in a second place for emergency recovery (like a memory stick in a safe). This way, the data on the hard disk can only be decrypted, if the unaltered operating system is used - the TPM will not decrypt the bound data if the system state changed. Of course, after reflashing your bios, you need to use your second key credential (once). -- Martin Hermanowski http://martin.hermanowski.name https://www.openbc.com/hp/Martin_Hermanowski/ signature.asc Description: OpenPGP digital signature
Re: TPM & disk crypto
So the part about being able to detect viruses, trojans and attest them between client-server apps that the client and server have a mutual interest to secure is fine and good. The bad part is that the user is not given control to modify the hash and attest as if it were the original so that he can insert his own code, debug, modify etc. (All that is needed is a debug option in the BIOS to do this that only the user can change, via BIOS setup.) Adam On Mon, Oct 09, 2006 at 08:03:40PM +1000, James A. Donald wrote: > Erik Tews wrote: > >What you do is, you trust your TPM and your BIOS that they never lie to > >you, because they are certified by the manufature of the system and the > >tpm. (This is why it is called trusted computing) > > > >So if you don't trust your hardware and your manufactor, trusted > >computing is absolutely worthless for you. But if you trust a > >manufactor, the manufactor trusts the tpms he has build and embedded in > >some systems, and you don't trust a user that he did not boot a modified > >version of your operating system, you can use these components to find > >out if the user is lieing. > > Well obviously I trust myself, and do not trust anyone else all that > much, so if I am the user, what good is trusted computing? > > One use is that I can know that my operating system has not changed > behind the scenes, perhaps by a rootkit, know that not only have I not > changed the operating system, but no one else has changed the operating > system. > > Further, I can know that a known program on a known operating system has > not been changed by a trojan. > > So if I have a login and banking client program, which communicates to > me over a trusted path, I can know that the client is the unchanged > client running on the unchanged operating system, and has not been > modified or intercepted by some trojan. > > Further, the bank can know this, and can just not let me login if there > is something funny about client program or the OS. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
DIMACS Workshop on Information Security Economics
* DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, CoRE Building, Rutgers University Organizers: Alessandro Acquisti, Carnegie Mellon University, [EMAIL PROTECTED] Jean Camp, Indiana University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy and the Special Focus on Computation and the Socio-Economic Sciences. The deployment of an information security solution can be evaluated on whether the benefits expected from its deployment are higher than the costs of its deployment. Yet it is hard to quantify both benefits and costs, due to uncertainty about factors such as attackers' motivations, probability of an attack, and cost of an attack. This uncertainty about the value of tangible costs and benefits is complicated by intangible costs and benefits, such as user and market perceptions of the value of security. The field of economics has well developed theories and methods for addressing with these types of uncertainty. As such, there has been a growing interest in the economics of information security. Past notable work used the tools of economics to offer insights into computer security, offered mathematical economic models of computer security, detailed potential regulatory solutions to computer security, or clarified the challenges of improving security as implemented in practice. The goal of this workshop is to expand that interest in economics of information security. To meet this goal the workshop will bring together researchers already engaged in this interdisciplinary effort with other researchers in areas such as economics, security, theoretical computer science, and statistics. Topics of interest include economics of identity and identity theft, liability, torts, negligence, other legal incentives, game theoretic models, security in open source and free software, cyber-insurance, disaster recovery, reputation economics, network effects in security and privacy, return on security investment, security risk management, security risk perception both of the firm and the individual, economics of trust, economics of vulnerabilities, economics of malicious code, economics of electronic voting security, and economic perspectives on spam. Call for Participation: Investments in information security are contingent on the expected benefits and costs of their deployment. Yet, it is difficult to quantify those trade-offs: uncertainties about attackers' skills and motivations, systems' dependability, and the consequences of security failures are heightened by intangible considerations - such as individual perceptions of the value of security. In recent years, growing attention has been directed towards the application to information security of economic models for the evaluation of complex trade-offs under risk and uncertainty. This economics of information security has offered mathematical models of returns on security investments and behavioral models of users' decision making; it has detailed regulatory solutions to cyber-security issues; and it has clarified the challenges of improving everyday security and privacy. The DIMACS Workshop on Information Security Economics aims at enlarging the interest in this area by bringing together researchers already engaged in the field with other scientists and investigators in disciplines such as economics, business, statistics, and computer science. We encourage researchers and industry experts to submit manuscripts with original work to the Workshop; we especially encourage collaborative and interdisciplinary research from authors in multiple fields. Topics of interest include (but are not limited to) empirical and theoretical works on the economics of: * vulnerabilities and malicious code * spam, phishing, and identity theft * privacy, reputation, and trust * DRM and trusted computing * cyber-insurance, returns on security investments, and security risk management * security risk perception at the firm and individual levels. Questions about the workshop may be addressed to: [EMAIL PROTECTED] Organizers: Alessandro Acquisti, Carnegie Mellon University, [EMAIL PROTECTED] Jean Camp, Indiana University, [EMAIL PROTECTED] Submission instructions Submissions are due by November 3, 2006 (11:59PM PST), preferably in PDF format, to: [EMAIL PROTECTED] Submissions should not exceed approximately 10,000 words. Notifications of acceptance for the program will be sent by November 18, 2006. Registration: (Pre-registration deadline: January 8, 2007 ) Please see website for complete registration details. **
Re: TPM & disk crypto
Erik Tews wrote: What you do is, you trust your TPM and your BIOS that they never lie to you, because they are certified by the manufature of the system and the tpm. (This is why it is called trusted computing) So if you don't trust your hardware and your manufactor, trusted computing is absolutely worthless for you. But if you trust a manufactor, the manufactor trusts the tpms he has build and embedded in some systems, and you don't trust a user that he did not boot a modified version of your operating system, you can use these components to find out if the user is lieing. Well obviously I trust myself, and do not trust anyone else all that much, so if I am the user, what good is trusted computing? One use is that I can know that my operating system has not changed behind the scenes, perhaps by a rootkit, know that not only have I not changed the operating system, but no one else has changed the operating system. Further, I can know that a known program on a known operating system has not been changed by a trojan. So if I have a login and banking client program, which communicates to me over a trusted path, I can know that the client is the unchanged client running on the unchanged operating system, and has not been modified or intercepted by some trojan. Further, the bank can know this, and can just not let me login if there is something funny about client program or the OS. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: TPM & disk crypto
On Fri, 6 Oct 2006, Erik Tews wrote: > > And the TPM knows that your BIOS has not lied about the checksum of grub > > how? > > The TPM does not know that the BIOS did not lie about the checksum of > grub or any other bios component. > > What you do is, you trust your TPM and your BIOS that they never lie to > you, because they are certified by the manufature of the system and the > tpm. (This is why it is called trusted computing) IIUC, TPM is pointless for disk crypto: if your laptop is stolen the attacker can reflash BIOS and bypass TPM. Moreover, TPM is actually bad for disk crypto: without it you lose your data only if your HDD dies, now you lose your data if your HDD dies *or* if you motherboard dies. If the user is not experienced in BIOS reflashing, they also lose their data if OS crashes and refuses to boot (not uncommon for some common OSes). -- Regards, ASK - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: TPM & disk crypto
> From: Erik Tews [mailto:[EMAIL PROTECTED] > Sent: Donnerstag, 5. Oktober 2006 23:52 > [...] > > Later, you can remotely query your system and get a report > what has been bootet on your system. You can do this query > using a java application and tpm4java. > However, this is the big problem with the TPM according to the TCG spec. While you can remotely verify that the system came up according to what you installed there, you have no means to force it to either come up the way you want, or to be in a clear error state. That is the huge difference between the verifiable booting the TPM provides and secure booting, which would run only predetermined software. I assume that the TCG chose not to implement the latter due to fear of public bashing... Ulrich - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]