[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The security characteristics of crypto modules with secrets

From: Matt Blaze <[email protected]>
On Tue, 31 Jan 1995, Eric Hughes wrote:
> Let's take as our model general purpose computers which can't store
> secrets connected directly to crypto modules which can.  Furthermore,
> let us assume that these general purpose computer are subject to
> intrusion.  In other words, it's today's servers with attached crypto.
> Now, the crypto module can't authenticate the machine it's plugged
> into, because, by definition, that machine can't keep a secret.

The model does not work, because that is not what we
want to do.

True:  Matt's proposal cannot authenticate a machine.  But
one does not really want to authenticate a machine.  One
wants to authenticate data, that one might choose
to transmit from that machine.  For this purpose a 
tamper resistant crypto module that can be connected 
to a machine, but which is under user
control, not under the control of the machine, is the
only totally bullet proof solution.

Of course expensive tamper proof crypto modules already exist:  A 
Dos computer in a room with a key, running virtually no 
network software and possessing almost no utilities, though
doubtless what Matt had in mind was a PCI card that one
could keep in ones wallet.

> The prevalent use of modules further reduces the likelihood of initial
> attacks based on spoofing.  Since active IP attacks require the
> subversion of routers, and since router software is much more
> difficult to subvert than general purpose servers, adding crypto
> modules to routers would be a big win.

This does not make sense:  The advantage of a tamper resistant module
is that if somebody physically gets to the system, he still cannot
get the key.  But if he physically gets to the router, he can
make it do his will, even if he does not get the key.  So one
might as well have the key in software in the router.

If the router is hard to subvert, and the attacker cannot 
physically get to it, then there is little need for a separate
tamper resistant module.  Software will do fine.

If the router can be got at, you are stuffed regardless, tamper
resistant module or not.

We have the right to defend ourselves     |   http://www.catalog.com/jamesd/
and our property, because of the kind     |  
of animals that we are. True law          |   James A. Donald
derives from this right, not from the     |  
arbitrary power of the omnipotent state.  |   [email protected]