[cryptography] Your GPU's ???Fingerprint??? Could Lead to New Security Methods
natanael.l at gmail.com
Tue Oct 30 15:00:25 EDT 2012
*Rootkits*. Just replace the firmware.
Den 30 okt 2012 19:13 skrev "Jonas Wielicki" <development at sotecware.net>:
> On 30.10.2012 14:30, Natanael wrote:
> > Yeah, this looks like TPM with software protection instead of hardware
> > protection.
> > Rootkits can screw it up.
> I guess that is why the researchers suggested an on-GPU
> challenge-response protocol implementation which would not hand out the
> initial SRAM state directly to any software.
> > Den 30 okt 2012 14:27 skrev "Solar Designer" <solar at openwall.com>:
> >> This is very curious, but ...
> >> On Tue, Oct 30, 2012 at 10:08:06AM +0100, Eugen Leitl wrote:
> >>> Cloning the actual SRAM state in a GPU is not possible, said Dr. Lange.
> >> "What
> >>> we've done so far in our research is reading out this SRAM state. We
> >> of
> >>> course copy this readout. What we're aiming for is to put an
> >> authentication
> >>> system in place where the GPU never hands over the raw data. Instead
> >> GPU
> >>> uses it in a challenge-response protocol, just like the secret key in a
> >>> signature system or zero-knowledge protocol. This does rely on the OS
> >> and/or
> >>> hypervisor shielding the card from bad requests, such as ???hand over
> >> all your
> >>> secrets,???" she said.
> >> ... since it relies on OS and/or hypervisor security anyway, about the
> >> same functionality and security (not a lot of it) can be achieved by
> >> keeping the secret in a disk file (protected with filesystem/OS
> >> permissions) and having the crypto implemented in an OS driver (or
> >> privileged program). Use of a GPU does not appear to provide much
> >> advantage on top of that. It can't be physically cloned, but if OS
> >> security fails, then the GPU's secrets can be cloned and the
> >> authentication protocol simulated in host software (on attacker's
> >> machine, without the GPU).
> >> Alexander
> >> _______________________________________________
> >> cryptography mailing list
> >> cryptography at randombit.net
> >> http://lists.randombit.net/mailman/listinfo/cryptography
> > _______________________________________________
> > cryptography mailing list
> > cryptography at randombit.net
> > http://lists.randombit.net/mailman/listinfo/cryptography
> cryptography mailing list
> cryptography at randombit.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography