[cryptography] Your GPU's ???Fingerprint??? Could Lead to New Security Methods

Solar Designer solar at openwall.com
Tue Oct 30 09:27:10 EDT 2012


This is very curious, but ...

On Tue, Oct 30, 2012 at 10:08:06AM +0100, Eugen Leitl wrote:
> Cloning the actual SRAM state in a GPU is not possible, said Dr. Lange. "What
> we've done so far in our research is reading out this SRAM state. We can of
> course copy this readout. What we're aiming for is to put an authentication
> system in place where the GPU never hands over the raw data. Instead the GPU
> uses it in a challenge-response protocol, just like the secret key in a
> signature system or zero-knowledge protocol. This does rely on the OS and/or
> hypervisor shielding the card from bad requests, such as ???hand over all your
> secrets,???" she said.

... since it relies on OS and/or hypervisor security anyway, about the
same functionality and security (not a lot of it) can be achieved by
keeping the secret in a disk file (protected with filesystem/OS
permissions) and having the crypto implemented in an OS driver (or
privileged program).  Use of a GPU does not appear to provide much
advantage on top of that.  It can't be physically cloned, but if OS
security fails, then the GPU's secrets can be cloned and the
authentication protocol simulated in host software (on attacker's
machine, without the GPU).

Alexander



More information about the cryptography mailing list