Trusted chips (was Re: Triad Systems and Ohio Recount)

From: Edward Cherlin <cherlin_at_pacbell_dot_net>
Date: Fri Dec 24 2004 - 02:56:04 CST

On Thursday 23 December 2004 02:53 pm, charlie strauss wrote:
> Ed,
> I dont know about computer forensics in any useful detail.
>
> But one thing I think that will likely be a godsend to
> electronic voting is the Next Generation Trusted Computing
> Platform. While derided on slashdot for the way it imposes
> DRM on your computer it's actually exactly what e-voting
> needs.

Hmm. Open Source DRM...

> to recap the basic concepts of the NGTCP. some small very
> trusted and easily secure part of the computer will boot. It
> will then validate every hardware component and every signed
> software component that is loaded. Hardware, even screens,
> and keyboards will be designed to fit into the authentication
> protocol, each having some unforgable signature authorized by
> the trusted portion. I dont know how that will be done but
> apparently this is worked out.
>
> The idea is that the central trust allocation unit will be so
> small it can be validated and kept secure. Since every
> component from OS to drivers is signed you cant defeat the
> system or even emulate it.
>
> Again I dont know how this is done.
>
> (formerly it was known as paladium, so you probably heard of
> it) and it started as a project between Intel and Microsoft.
> There are now motherboards out that supposedly support this
> but I have not looked into it. And I have read there is an
> opensource project to bring this to linux.

I looked into all this a bit in 2000 when National Semiconductor
announced plans for a secure microprocessor which would generate
public-private key pairs on chip, never letting the private key
off the chip. There were several other such initiatives.
Assuming appropriate packaging, so that the key could not be
read externally without destroying the circuit, it could
provably maintain secrets pretty well and do a fair amount of
security checking.

Of course, access to its inputs would allow spoofing of devices
it was supposed to be attached to, and there are other attacks.
You have to check *all* of the details in security.

"There is no such thing as 100% security. We of the profession
are not accustomed to speaking in such inexactitudes."--from the
BBC series Colditz.

-- 
Edward Cherlin
Generalist & activist--Linux, languages, literacy and more
"A knot! Oh, do let me help to undo it!"
--Alice in Wonderland
http://cherlin.blogspot.com
_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Fri Dec 31 23:17:19 2004

This archive was generated by hypermail 2.1.8 : Fri Dec 31 2004 - 23:17:22 CST