Proposal for Tamper Evident Processors

The Register describes what sounds similar to a trusted computing system to me. The focus though is more on providing trust in order to increase security in the face of computer components of unknown provenance. The system also reads as being much more passive, notifying of suspicious activity on the chip rather than interfering in its operations.

The design was developed by researchers at Columbia University and made public at the 31st IEEE Symposium on Security and Privacy. There are essentially two monitors involved, one for the detecting when a microprocessor runs fewer or more instructions than expected and the other to look at the data for malicious modifications. Seems like a reasonable way to suss out tampering, assuming good enough knowledge of what is normal for the chip in question.

In reading this, I wondered at how the monitors themselves could be trustworthy, a sort of boot strapping problem. The researchers considered this more from the perspective of how chips are subverted during the design phase and at time of manufacture. They think it is unlikely that the entire design and fabrication process would be co-opted by attackers due to issues of cost. As long as those responsible for the in chip watchdogs are trustworthy, then the presumption is the tamper detection will be relatively trustworthy.

The demonstration at the Symposium showed the monitors working as designed without any false positives. The cost of the additional components in terms of performance also appear to be negligible. I’ll be curious to see if any of the big appliance makers, like Cisco, adopt this proposal and a follow up study to see how well it fares in the field. It still seems like there are a lot of open questions about how much protection this scheme will afford in the face of determined attackers.

Leave a Reply

Your email address will not be published. Required fields are marked *