Motivating Scenarios
11
TCP. Of course, for this protection to be meaningful, we also need to look at
how the data got there, and who uses it: the implicit assumption here is that the
code the TCP runs when it interacts with this secure storage is also trustworthy;
adversarial attempts to alter it will also result in destruction of the data.
In Chapter 1, we discussed the difference between the terms “trustworthy”
and “trustable”. Just because the code in the TCP might be trustworthy, why
should a relying party trust it? Given the above implicit assumption—tampering
code destroys the protected data—we can address this problem by letting the
code prove itself via use of a key sheltered in the protected area, thus giving us
authenticity of code.
In perhaps the most straightforward approach, the TCP would itself generate
an RSA key pair, save the private key in the protected memory, and release
the public key to a party who could sign a believable certificate attesting to the
fact that the sole entity who knows the corresponding private key is that TCP,
in an untampered state. This approach is straightforward, in that it reduces
the assumptions that the relying party needs to accept. If the TCP fails to be
trustworthy or the cryptosystem breaks, then hope is lost. Otherwise, the relying
party needs only needs to accept that the CA made a correct assertion.
Another public key approach involves having an external party generate the
key pair and inject the private key, and perhaps escrow it as well. Symmetric
key approaches can also work, although the logic can be more complex. For
example, if the TCP uses a symmetric key as the basis for an HMAC to prove
itself, the relying party must also know the symmetric key, which then requires
reasoning about the set of parties who know the key, since this set is no longer
a singleton.
Once we have set up the basis for untampered computation within the TCP to
authenticate itself to an outside party—because, under our model, attack would
have destroyed the keys—we can use this ability to let the computation attest
to other things, such as data stored within the
TCP. This gives us authenticity
of data. We can transform a TCP’s ability to hide data from the adversary into
an ability to retain and transmit data whose values may be public—but whose
authenticity is critical.
Above, we discussed secrecy of data. However, in some sense, code is data.
If the hardware architecture permits, the TCP can execute code stored in the
protected storage area, thus giving us secrecy of code. Carrying this out in
practice can be fairly tricky; often, designers end up storing encrypted code in
a non-protected area, and using keys in the protected area to decrypt and check
integrity. (Chapter 6 will discuss this further.) An even simpler approach in this
vein is to consider the main program public, but (in the spirit of Kerckhoff’s
law) isolate a few key parameters and shelter them in the protected storage.
However, looking at the potential taxonomy simply in terms of a 2x2 ma-
trix overlooks the fact that a TCP does not just have to be passive receptacle
评论1
最新资源