[linux-elitists] Monday 15 Dec: first all-Open Source System-on-Chip

Jason Spence jspence@lightconsulting.com
Thu Dec 11 22:04:26 PST 2003

On Thu, Dec 11, 2003 at 07:07:01PM -0800, Karsten M. Self wrote: 
> on Thu, Dec 11, 2003 at 04:49:11PM -0800, Jason Spence (jspence@lightconsulting.com) wrote:
> > On Thu, Dec 11, 2003 at 01:23:33PM -0600, D. Joe Anderson wrote: 
> > > 
> > > w00t!  Here's a good start to the the back-up plan if
> > > TCPA/Longhorn/Palladium/"Fritz-chips"* get out of hand.
> > 
> > You know, the black hat community is drooling over the possibility of
> > a secure execution environment that would allow applications to run in
> > a secure area which cannot be attached to via debuggers and such.
> Any more background on that?  Excellent sig material, BTW ;-)

TCPA and friends have a few core objectives driven by different
parties in the standards bodies:

 - Provide secure audio playback with license management,
   self-destructing licenses, etc

 - Uniquely identify hardware instances for software license
   management and software activation type schemes

 - Provide a trusted "hypervisor" or "ring -1" environment from which
   authorized code can spy on the operating system and make sure it's
   not running any reverse engineering tools or known cracks before
   the authorized code can install itself or download privileged data
   like strictly licensed content or restricted documents, etc

 - Really fast PKI crypto on a dedicated processor for ipsec type

 - Protected cert store in hardware that is somehow immune or
   resistent to tampering (I don't completely understand how this
   can't be attacked by patching the nexus on the hard disk; I'm
   learning more about it)

<scenario class="evil">
I write a worm.  It's a nasty little bugger.  It pokes around your
machine and your network for anything that looks like a credit card
number.  It's allowed to install itself in the protected memory area
because it's ostensibly a popup blocker or spam blocker or something
and I got it certified by NGSCB or whoever'll be in charge of handing
out signatures.  

It joins a p2p network of other worms which can't be spied upon
because the crypto keys are located in curtained memory and since your
debugger doesn't have access to curtained memory, you can't get a copy
of them.  You can't get a copy of the destination addresses that your
credit card numbers are being sent to either, because those are also
located in curtained memory.  Oh yeah, and it'll fire up your modem
and wardial for fax machines and randomly fax the credit card numbers
around too, just because I like to be a pain in the ass.

So one of these nodes is not like the others, and I'm sitting on it
collecting credit card numbers all day long.  Anyone who tries to
break my scheme is going to get their ass thrown in jail by everyone
with an interest in keeping the scheme secure, like software vendors
who want to lock you in to their file formats, governments out to
censor you, the media industries, etc.  So I scam a million dollars
through credit card fraud and fencing stolen goods and retire in Cabo.

But those are just the black hats.  What if the governments didn't
like you saying naughty things about them?  Or generic megacorp wants
to take your little business out just because?  Or what if the
megacorps start fighting over file formats and interoperability using
this stuff?  Here's a bunch of even more fun scenarios:


And here's the MS document outlining their strategy:

Locke, the Vikings, and a bunch of others throughout history have had
a lot to say about individual responsibility and assigning rights to
the state, because they were worried about tyrants doing Bad Things to
them.  So Jefferson and those other guys wrote things like freedom of
speech and certain other rights right into the constitution and bill
of rights.  So we trust the federal government to enforce those rights
because otherwise we'll yank the officials which make it up right out
of office during the next election.  Or at least that's the way it's
supposed to be... but the people are becoming increasingly apathetic
about it.  Voter turnout continues to decline, and so that last ditch
safety mechanism won't be very effective if someone decides to take
control of the trusted component we know as the federal government and
use things like TCPA and friends to literally take over the world.

I understand the vendors' point of view that sometimes you just can't
trust the users, but this is the wrong way to implement protection
against them.  The people who implement this stuff should be unbiased
towards either the software vendors or the people, and that's just not
the case here.  The people who are implementing these ideas are the
software vendors and the media companies, and they're pretty upset
about pirates and music thieves.  If I were them, I'd exact some kind
of retribution or competitive advantage out of this thing I'm
designing to make up for all the pirated software and stolen music and
annoying competitors I've had to put up with in the past.

 - Jason Last known location: 2.5 miles northwest of MOUNTAIN VIEW, CA

Take everything in stride.  Trample anyone who gets in your way.

More information about the linux-elitists mailing list