[E-voting] encryption compromised by hardware

A.J.Delaney at brighton.ac.uk A.J.Delaney at brighton.ac.uk
Mon Nov 20 13:19:28 GMT 2006


On Mon, 2006-11-20 at 12:23 +0000, Timothy Murphy wrote:
> On Monday 20 November 2006 08:58, A.J.Delaney at brighton.ac.uk wrote:
> That doesn't sound right to me.
> Do you have any reference for it?
> 
No I don't.  As I said I'm not an expert in cryptography at all.  But
from my understanding of computing, once you can run an application in a
processors supervisor mode you can read any memory address.  Thus if the
decryption key is anywhere in memory you can snag it.  The TCPA
("Trusted computing") stuff puts decryption keys in a hardware module
that not even the priviledged instructions on a processor are supposed
to be able to read.

So from my understanding, more pragmatic than academic, if your attacker
can run a privileged application you have no security.

...but as I said, I may be mistaken.

-- 
Aidan Delaney
Lecturer,
School of Computing, Mathematics and Information Sciences,
University of Brighton.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.stdlib.net./pipermail/e-voting/attachments/20061120/a56a70cf/attachment.pgp


More information about the E-voting mailing list