Bugtraq mailing list archives
Re: Dell BIOS DoS
From: Eric Anderson <anderson () cs uoregon edu>
Date: Tue, 9 Dec 2003 17:50:57 -0800
On Dec 9, 2003, at 12:02 PM, Craig Paterson wrote:
David Brodbeck wrote:There is no such thing as security from someone who has physical access tothe hardware.Alright, so this is a tangent, but: that is what encryption is for. The whole basis of encryption assumes that the attacker has access to the message (your data), but that without the appropriate keys you can't usefully access it. No, this doesn't have much to do with the value or otherwise of BIOS passwords, but it's often stated that physical access renders all your data wide open, which isn't necessarily the case.
I'll continue the tangent: Encryption's great against an attacker who has physical access to the device holding your data, as long as they don't have physical access to the device holding your keys! We can sort of separate hardware into:
Type 1. Storage/transit parts which only handle encrypted data and never see the key. Type 2. Use/processing parts which operate on the unencrypted data, and thus need the key (or only deal with the plain text in the first place.)
The maxim then becomes "There is no such as security from someone who has physical access to the (type 2) hardware."
I would describe most of the "secure/trusted hardware" efforts that I've seen (such as the system Alexandros Papadopoulos mentioned) as trying to move as much of the system type 1 as possible, and make the type 2 bits user-inaccessible. There are a few interesting things you can do with data without decrypting it at all (a pure type 1 situation), but most applications require some type 2 bits. The trick with a secure cryptographic coprocessor is that the exposed data bus can be type 1, with the type 2 operations happening somewhere inside. This would accomplish nothing against an attacker with absolute physical access who could read or change the voltage anywhere in the chip at any time. But it does work against an attacker with "normal" physical access who can only observe or tamper with data on the chip's external interfaces.
-- Eric Anderson - anderson () cs uoregon edu University of Oregon Network Security Research Lab PGP fingerprints: D3C5 D6FF EDED 9F1F C36D 53A3 74B7 53A6 3C74 5F12 9544 C724 CAF3 DC63 8CAB 5F30 68AE 5C63 B282 2D79
Attachment:
PGP.sig
Description: This is a digitally signed message part
Current thread:
- Dell BIOS DoS James Evans (Dec 08)
- Re: Dell BIOS DoS jon schatz (Dec 09)
- Re: Dell BIOS DoS Steve Shockley (Dec 09)
- Re: Dell BIOS DoS der Mouse (Dec 10)
- <Possible follow-ups>
- RE: Dell BIOS DoS David Brodbeck (Dec 09)
- Re: Dell BIOS DoS Craig Paterson (Dec 09)
- RE: Dell BIOS DoS Lyal Collins (Dec 10)
- Re: Dell BIOS DoS Eric Anderson (Dec 10)
- Re: Dell BIOS DoS Alexandros Papadopoulos (Dec 09)
- Re: Dell BIOS DoS Jim Paris (Dec 10)
- Re: Dell BIOS DoS Craig Paterson (Dec 09)
- Dell BIOS DoS Ross Draper (Dec 09)
- Mobile Device Security, Was: Re: Dell BIOS DoS Karsten W. Rohrbach (Dec 10)
- Re: Dell BIOS DoS Seth Arnold (Dec 10)
- Re: Dell BIOS DoS Thor (Dec 11)
- PGP secret keys (was Re: Dell BIOS DoS) Matthew Wakeling (Dec 12)
- Re: Dell BIOS DoS jon schatz (Dec 09)