[cryptography] Your GPU's ???Fingerprint??? Could Lead to New Security Methods

Natanael natanael.l at gmail.com
Tue Oct 30 09:30:38 EDT 2012


Yeah, this looks like TPM with software protection instead of hardware
protection.

Rootkits can screw it up.
Den 30 okt 2012 14:27 skrev "Solar Designer" <solar at openwall.com>:

> This is very curious, but ...
>
> On Tue, Oct 30, 2012 at 10:08:06AM +0100, Eugen Leitl wrote:
> > Cloning the actual SRAM state in a GPU is not possible, said Dr. Lange.
> "What
> > we've done so far in our research is reading out this SRAM state. We can
> of
> > course copy this readout. What we're aiming for is to put an
> authentication
> > system in place where the GPU never hands over the raw data. Instead the
> GPU
> > uses it in a challenge-response protocol, just like the secret key in a
> > signature system or zero-knowledge protocol. This does rely on the OS
> and/or
> > hypervisor shielding the card from bad requests, such as ???hand over
> all your
> > secrets,???" she said.
>
> ... since it relies on OS and/or hypervisor security anyway, about the
> same functionality and security (not a lot of it) can be achieved by
> keeping the secret in a disk file (protected with filesystem/OS
> permissions) and having the crypto implemented in an OS driver (or
> privileged program).  Use of a GPU does not appear to provide much
> advantage on top of that.  It can't be physically cloned, but if OS
> security fails, then the GPU's secrets can be cloned and the
> authentication protocol simulated in host software (on attacker's
> machine, without the GPU).
>
> Alexander
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20121030/e8a03479/attachment.html>


More information about the cryptography mailing list