The Bear/Enforcer Project
Dartmouth College
http://enforcer.sourceforge.net
http://www.cs.dartmouth.edu/~sws/abstracts/msmw03.shtml
How can you verify that a remote computer is the real thing, doing
the right thing? High-end secure coprocessors are expensive and
computationally limited;
How can you verify that a remote computer is the real thing, doing
the right thing?
You cannot.
Using a high-end secure coprocessor (such as the 4758, but not
with a flawed application) will raise the threshold for the adversary
significantly.
No, there are no absolutes. But there are
Just to clarify...
I'm NOT saying that any particular piece of secure hardware can never be
broken. Steve Weingart (the hw security guy for the 4758) used to insist that
there was no such thing as tamper-proof. On the HW level, all you can do is
talk about what defenses you tried, what
(To those people who missed the original comment a year or two back, the first
PKI workshop required that people use plain passwords for the web-based
submission system due to the lack of a PKI to handle the task).
Hey, but at least the password was protected by an SSL channel,
which was
at the NIST PKI workshop a couple months ago there were a number
of infrastructure presentations where various entities in the
infrastructure were ...signing random data as part of authentication
protocol
I believe our paper may have been one of those that Lynn objected to.
We used the
it isn't sufficient that you show there is some specific
authentication protocol with unread, random data ... that has
countermeasures against a dual-use attack ... but you have to
exhaustively show that the private key has never, ever signed any
unread random data that failed to contain
For what it's worth, last week, I had the chance to eat dinner with
Carlisle Adams (author of the PoP RFC), and he commented that he didn't
know of any CA that did PoP any other way than have the client sign
part of a CRM.
Clearly, this seems to contradict Peter's experience.
I'd REALLY love
has a TLS server (or client, for that matter) key ever actually been
compromised?
Hi, Marc!
I don't know about in-the-wild attacks.
However, proof-of-concept attacks:
Server-side: Brumley and Boneh did timing attacks on Apache SSL
servers---see their Usenix Security paper from 2003.
On Feb 4, 2005, at 6:58 AM, Eric Murray wrote:
So a question for the TCPA proponents (or opponents):
how would I do that using TCPA?
check out
enforcer.sourceforge.net
We also had a paper at ACSAC 2004 with some of the apps we've built on
it.
Two things we've built that haven't made it yet to
