[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Executing Encrypted Code



-----BEGIN PGP SIGNED MESSAGE-----

> 
> At 9:18 PM 12/19/1996, Ben Byer wrote:
> >> At the last meeting references were made to processors which only
> >> execute encrypted code.  Decryption occurs on chip.
> >>
> >> If each chip has a unique public/secret key pair, and executes
> >> authenticated code only, there are some interesting implications.
> 
> > Let's see... What about this scenario:
> 
> > Alice gets a contraband copy of PGP 4.0 off the Internet.  Since the
> > public-key algorithm is publicized so that people can encrypt software
> > to a chip, PGP 4.0 has the ability to encode/decode/generate keys for
> > the chip.  Alice generates a public key/private key pair 0x12345678,
> > in software.  Alice goes to www.microsoft.com and orders Office '99
> > online, and tells Microsoft "Hi, my name is Alice, my credit card
> > number is 31426436136778 and my PGPentium's public key is 0x12345678."
> 
> > Microsoft unwittingly sends Alice a copy encrypted to 0x12345678, for
> > which she has the private key to.  Alice decrypts Office '99, and
> > reencrypts it with public key of her PGPentium, as well as the keys f
> > all her friends.
> 
> The software vendor would be wise to check that the public key was
> legal.  It would be a simple matter for the manufacturer to publicize
> all public keys that had been installed on chips.

The manufacturer is going to publish a list of ALL of the public keys?
We're talking one key per chip, right?  Isn't that an AWFUL lot of
keys, like, in the millions range?

Also... with a few million possible keys like this, all you need to do
is to either guess or factor just one of them.

> > Does the authentication defeat this?
> 
> I'm sort of waving my hands around when I say "authentication".
> 
> One approach is for the manufacturer to authenticate software submitted
> by approved vendors.  The vendors are then tasked with encrypting it
> for the correct processor.

I'm not sure the "approved" bit would go over too well... one idea
would be to license the compiler writers, who would build the
encryption into compilers.  It's still not horribly great, but
better.

> > Our computers would only run software from Microsoft?  Scary.
> 
> There are all sorts of nifty deals that could be made.  Microsoft
> could commission a special run of the processors which only run
> Microsoft approved software.  Machines using these processors could
> be given away or sold at a steep discount.

Right; the only reason I could see people using this would be for
economical reasons.

> You could also timestamp the software so that it only runs for a given
> length of time.  This will encourage people to upgrade regularly.  ;-)
> The processors could also support metering.  

Right; once the user loses control of what he's running, then you can
pretty much do anything you want as far as metering goes.

ObGAK question:  Would this be exportable?  I mean, you could be
encrypting god knows WHAT into those .exe's...  Key escrow?  How would
they get the key?!?  I can see the headlines, "Key Escrow Database
Leaked to Pirate Firm"... :)

- -- 
Ben Byer    [email protected]    I am not a bushing

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMroTE7D5/Q37XXHFAQG6sgL8DnusDI/jqV3sn9U5ru2hhJPFxP1dZVpZ
ohmJYteQdraD5/YfmvYNHFfslULB47Spx6ZTpT+xw512iMWJfyW5sN6NtejL6+CM
2BoX0SaRGxZrfVeRFAZAXMVx3/ak1LDk
=HZOI
-----END PGP SIGNATURE-----