[2506] in cryptography@c2.net mail archive
Re: NYT Article on Groat Spy Case
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Apr 14 18:14:19 1998
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@c2.net, ptrei@securitydynamics.com
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
Date: Wed, 15 Apr 1998 09:42:59 (NZST)
>One semi-defense against trojan attacks on crypto systems can be seen in CDSA
>- Intel's Common Data Security Architecture.
>
>[...]
>
>The trick is that all the modules are signed, and the CSSM checks the
>integrity of each module loaded, and the modules check the integrity of the
>CSSM. The system won't work unless all the signatures check out and the root
>signing authorities for the module certificates are acceptable to the CSSM.
>The capabilities manifest of each module is also checked - an 'espionage
>enabled' exportable CSSM won't link a strong crypto provider, for example.
I've always been rather dubious of the CDSA's protection mechanisms - it looks
like Intel is trying to re-fight the war over copy protection which was lost
about a decade ago. The issues are very similar, the only thing which has
changed is the technology - you have a software protection system which,
because of its very nature (it's sensitive to minute system changes) can cause
more problems than it solves, and the crackers can bypass it anyway so it only
ends up inconveniencing legitimate users. Or to quote Jerry Pournelle: "It was
protected by an 'unbreakable' system, which meant that it took the crackers a
full day to break it".
Peter.
