undefined | Better HN

0 pointslxgr2y ago0 comments

> This is not the way TPMs are used by most of the industry. [...] It is only done by the OSS community.

So some industry stakeholders are doing bad things with an inherently neutral technology. Does that mean we need to get rid of the entire thing, thereby also killing the OSS use cases?

Yes, trusted computing can be used in user-hostile ways, but the solution here seems to be to not use OSes and applications using it in that way, rather than throwing out the technology as a whole.

0 comments

AnthonyMouse2y ago

The trouble is we keep conflating two different things.

Something that works like a hardware security module, where it stores your keys and tries to restrict who can access them, has some potential uses. The keys are only in your own device, so someone can't break an entirely different device or a centralized single point of failure to get access. And this can't be used against the user because both the device and the key itself are still fully in their control -- they could put a key in the HSM and still have a copy of it somewhere else to use however they like.

Whereas anything that comes with a vendor's keys installed in it from the factory is both malicious and snake oil. Malicious because it causes the user's device to defect against them and some users aren't sophisticated enough to understand this or bypass it even if malicious attackers can, and snake oil because you can't rely on something for actual security if a break of any device by anyone anywhere could forge attestations, since that is extremely likely to happen and has a long history of doing so.

lxgrOP2y ago

> Anything that comes with a vendor's keys installed in it from the factory is both malicious and snake oil.

I don't agree that all trusted computing use cases are inherently user-hostile. DRM is a well-known example, but e.g. Signal used to do interesting things server-side using (now no-longer trusted, ironically) Intel SGX/TXT, like secure contact matching or short PIN/password security stretching for account recovery.

Android Protected Confirmation [1] is also trusted computing at its core, but can be used to increase security for users (although I could also see that usage encourage a device vendor monoculture, since every app vendor needs to select a set of trusted device manufacturers).

> snake oil because you can't rely on something for actual security if a break of any device by anyone anywhere could forge attestations

Attestation keys are usually per-device, so if indeed only one device gets compromised at great attacker expense, it's usually possible for a scheme to recover. If all devices just systematically leak their keys as has certainly happened in the past, that won't help, of course.

[1] https://android-developers.googleblog.com/2018/10/android-pr...

AnthonyMouse2y ago

> e.g. Signal used to do interesting things server-side using (now no-longer trusted, ironically) Intel SGX/TXT

Because this is the "snake oil" prong of its failure -- and why it's no longer trusted.

> Android Protected Confirmation

This could be implemented without any vendor keys. You associate the user's own key with the user's account.

> Attestation keys are usually per-device, so if indeed only one device gets compromised at great attacker expense, it's usually possible for a scheme to recover.

That's assuming it matters at that point. The attacker doesn't care if you revoke the keys after they steal your money.

And once they extract a key from one device, they have a known working procedure to get more. For non-software extraction most of the expense is the equipment which they'd still have from the first one.

> If all devices just systematically leak their keys as has certainly happened in the past, that won't help, of course.

And is likely to happen in the future, so any design that makes the assumption that it will not happen is clearly flawed.

1 more reply

j / k navigate · click thread line to collapse

0 comments

AnthonyMouse2y ago

The trouble is we keep conflating two different things.

lxgrOP2y ago

> Anything that comes with a vendor's keys installed in it from the factory is both malicious and snake oil.

> snake oil because you can't rely on something for actual security if a break of any device by anyone anywhere could forge attestations

[1] https://android-developers.googleblog.com/2018/10/android-pr...

AnthonyMouse2y ago

> e.g. Signal used to do interesting things server-side using (now no-longer trusted, ironically) Intel SGX/TXT

Because this is the "snake oil" prong of its failure -- and why it's no longer trusted.

> Android Protected Confirmation

This could be implemented without any vendor keys. You associate the user's own key with the user's account.

> Attestation keys are usually per-device, so if indeed only one device gets compromised at great attacker expense, it's usually possible for a scheme to recover.

That's assuming it matters at that point. The attacker doesn't care if you revoke the keys after they steal your money.

> If all devices just systematically leak their keys as has certainly happened in the past, that won't help, of course.

And is likely to happen in the future, so any design that makes the assumption that it will not happen is clearly flawed.

1 more reply

j / k navigate · click thread line to collapse