Trusted Computing Chip Hacked

Slashdot links to coverage of Christopher Tarnovksy’s recent presentation at Black Hat DC. This attack may be more feasible than initially thought, not requiring an electron scanning microscope. But it is only a little bit easier. As the NZ Herald News story explains, Tarnovsky had physical control of the chips in question and in the process stripped away material to expose circuit elements he essentially wire tapped.

The type of chip attacked is of special interest because it was held forth by industry as unbreakable. The idea is a trusted chip would form an impenetrable, hardware based root of trust for applications that needed crypto that was ironclad from the bare metal on up. TPM systems came under close scrutiny when they were initially associated with burdensome DRM schemes. Despite that one narrow application, the chips are genuinely quite useful and some hackers have explored what user serving applications could be built with them.

As far as the security of the Infineon chips goes, the rule of thumb is that once an attack is demonstrated, it only gets easier over time. That usually assumes a software attack where automation and other optimization techniques can be brought to bear. There is evidence to suggest a similar though much, much weaker trend exists for hardware attacks. For the time being, the statements by the chip vendor about the unlikelihood of this attack and its limitation to one class of chips are likely to remain true for the foreseeable future.

Quick Links for 8/27/2009

  • Now the US Courts are fine with RECAP
    According to Masnick at Techdirt, the Deputy Chief of for Policy and Budget at the Administrative Office of the US Courts not only claims to be fine with the Firefox extension to free court documents, but also has spoken with Professor Felten who oversaw its development. The Deputy Chief and Felten have apparently been on the same page throughout the project, suggesting the nastygram was a bit of bureaucratic indigestion.
  • Federal appeals court’s ruling enhances computer privacy
    According to Wired, this is as much a win for privacy as it is a contentious ruling. The dissenting judges point out the problem, the lack of supporting precedents. I expect this will be re-hashed and quickly as a consequence.
  • Holographic rendering GPU
    Some excellent details at Ars from Chris Lee on some recent research in Japan. The feat of rendering a hologram with essentially a pair of beefy FPGAs is impressive though the results are limited in the depth of the hologram and the frame rate possible for animations. Undoubtedly with what is essentially just a proof of concept at this stage, performance will improve rapidly given the ultimate result of true holographic projection.
  • ACLU sues for records around border laptop searches
    The suit is under the Freedom of Information Act and is intended to assess the risk to Fourth Amendment rights posed by expanded search and seizure powers at US borders. No news other than that the suit has been filed.
  • Google Sumer of Code efforts in open government
    Dana Oshiro at RWW describes to projects at Sunlight Labs receiving interns from Google’s project. One is focusing on local government, which I think is an excellent next step beyond transparency in the federal government. The other aims to better support citizen engagement and congressional discourse with constituents.
  • Facebook updates privacy policy for the bettter
    According to this Bits article by Claire Cain Miller, the changes fall into roughly two groups. The first, largely at the behest of the Canadian Privacy Commissioner, improve data retention and transparency into policies. The second address a disturbing gap that has been drawing a good deal of attention, private data handling for 3rd party applications.
  • Was Obama image removed from Flickr for a fake takedown?
    According to this RWW piece, this may be the explanation, considering all of the plausible rights holders have denied issuing the take down.

TCLP 2009-08-23 News

This is news cast 188.

In the intro, I will be speaking at the Maryland gathering for Software Freedom Day on September 19th. More details after Dragon*Con.

This week’s security alerts are new research to predict online attacks and cracking real time ID generators.

In this week’s news new research into nanoscale lasers using surface plasmons to break the previous scale limits with some more good technical detail in Ars’ coverage, an excellent discussion of transformative works, URL shortening service Tr.im cheats death by opening its source and its data, and an operating system programmed in assembly.

Following up this week i4i confirms OpenOffice doesn’t violate its patent and Nina Paley shares the source files to her wonderful open content workSita Sings the Blues“.

[display_podcast]

Grab the detailed show notes with time offsets and additional links either as PDF or OPML. You can also grab the flac encoded audio from the Internet Archive.

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.