[cryptography] Your GPU's ???Fingerprint??? Could Lead to New Security Methods

Jonas Wielicki development at sotecware.net
Tue Oct 30 15:05:33 EDT 2012


On 30.10.2012 20:00, Natanael wrote:
> *Rootkits*. Just replace the firmware.

Good point. Have not heard about firmware-updatable GPUs yet though, but
I suspect that it's just under my radar.

> Den 30 okt 2012 19:13 skrev "Jonas Wielicki" <development at sotecware.net>:
> 
>> On 30.10.2012 14:30, Natanael wrote:
>>> Yeah, this looks like TPM with software protection instead of hardware
>>> protection.
>>>
>>> Rootkits can screw it up.
>>
>> I guess that is why the researchers suggested an on-GPU
>> challenge-response protocol implementation which would not hand out the
>> initial SRAM state directly to any software.
>>
>>> Den 30 okt 2012 14:27 skrev "Solar Designer" <solar at openwall.com>:
>>>
>>>> This is very curious, but ...
>>>>
>>>> On Tue, Oct 30, 2012 at 10:08:06AM +0100, Eugen Leitl wrote:
>>>>> Cloning the actual SRAM state in a GPU is not possible, said Dr. Lange.
>>>> "What
>>>>> we've done so far in our research is reading out this SRAM state. We
>> can
>>>> of
>>>>> course copy this readout. What we're aiming for is to put an
>>>> authentication
>>>>> system in place where the GPU never hands over the raw data. Instead
>> the
>>>> GPU
>>>>> uses it in a challenge-response protocol, just like the secret key in a
>>>>> signature system or zero-knowledge protocol. This does rely on the OS
>>>> and/or
>>>>> hypervisor shielding the card from bad requests, such as ???hand over
>>>> all your
>>>>> secrets,???" she said.
>>>>
>>>> ... since it relies on OS and/or hypervisor security anyway, about the
>>>> same functionality and security (not a lot of it) can be achieved by
>>>> keeping the secret in a disk file (protected with filesystem/OS
>>>> permissions) and having the crypto implemented in an OS driver (or
>>>> privileged program).  Use of a GPU does not appear to provide much
>>>> advantage on top of that.  It can't be physically cloned, but if OS
>>>> security fails, then the GPU's secrets can be cloned and the
>>>> authentication protocol simulated in host software (on attacker's
>>>> machine, without the GPU).
>>>>
>>>> Alexander
>>>> _______________________________________________
>>>> cryptography mailing list
>>>> cryptography at randombit.net
>>>> http://lists.randombit.net/mailman/listinfo/cryptography
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> cryptography mailing list
>>> cryptography at randombit.net
>>> http://lists.randombit.net/mailman/listinfo/cryptography
>>>
>>
>> _______________________________________________
>> cryptography mailing list
>> cryptography at randombit.net
>> http://lists.randombit.net/mailman/listinfo/cryptography
>>
> 




More information about the cryptography mailing list