[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: attracting funding for tempest? (Re: SOFT TEMPEST)




Adam Back wrote on 1998-02-09 21:34 UTC:
> There should be a reasonably large supply of
> commercial funding candidates even given the 90 : 10 ratio of business
> interest in availability over confidentiality.

Availability is usually based on authenticity, and authenticity is based
on the confidentiality of keying variables, therefore at some level,
everyone interested in computer security should be interested in
research about the hardware aspects of confidentiality.

> > Copyright protections seems to be an interesting application.
> 
> Personally I view technology to assist copyright piracy a more
> interesting research goal!

Come on, copyright piracy is technically trivial today! Little software
is sold with any copyright protection technology, and if, then it is
usually easily broken as the full cleartext machine code is always
available for reverse engineering.

> I am not sure I want to see my computer narcing out over RF
> frequencies what software is installed -- once enabled for corporates
> there is the risk it will be used against individuals.

This concerns only individuals who feel important enough to fear that
any organization might want to spend hundreds of dollars per day
to park a grey van full of state-of-the-art DSP and HF equipment
in front of your home exclusively to observe what you do on your
home machine. Quite unrealistic. Of course, in the future,
when cellular base stations become freely programmable DSP software
radios that can via the network be turned from GSM-BTSs into
Tempest monitoring stations by a minor software update, then the
paranoid's deep desire to be observed could actually be fulfilled
by evil organizations on a very large scale. Stay tuned ...

> This sounds
> about as (un)desirable as CPUs capable of running encrypted
> instruction streams, with per CPU keys loaded at manufacture enabling
> software to be purchased for your CPU only (and hence disempowering 
> users who will thus be unable to even disassemble such code prior to
> running), or smart cards as modernized next generation dongles.

Well, I have been thinking about this one, too, and I am quite sure that
we will see such mechanisms showing up in common desktop processors
within the next few years. Then, copyright piracy will become an
interesting technological challenge and research on attacks will
become orders of magnitude more fascinating than now. See

  http://www.cl.cam.ac.uk/~mgk25/trustno1.pdf

for details. I am not sure, whether high-security copy protection
is a really bad idea: It could also mean that strict technical
copyright enforcement like it is possible with cryptoprocessors
will change the market situation favourably: Small startup companies
suddenly become able to sell mass market software at prices in
the range of <10 dollars per copy with only a cheap web server as their
distribution infrastructure. When the success of software marketing
is not any more dependent on the distribution infrastructure that
big players like Microsoft enjoy today (retailers, bundling contracts,
etc.), market success would much more depend on the quality of
product and service than on the control over a distribution
system infrastructure. If the copy protection offered by
cryptoprocessors would allow small companies to compete successfully
with high quality ultra-low price software against Microsoft, then
the old shareware distribution concept might actually start to work.
In addition, the same transistors used for bus encryption can
also be used to keep your entire harddisk encrypted without performance
loss and the encrypted software distribution protects you better
against Trojans, so you'll get increased overall security as a free
side effect.

Markus

-- 
Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK
email: mkuhn at acm.org,  home page: <http://www.cl.cam.ac.uk/~mgk25/>