PeerPoint An Open P2p requirements Definition and Design Specification Proposal



Download 0.69 Mb.
Page14/20
Date02.02.2017
Size0.69 Mb.
#15337
1   ...   10   11   12   13   14   15   16   17   ...   20

Security/Privacy


From: freebirds

Subject: [Freedombox-discuss] PSN, ARM's Trust Zone and TPM


On June 27, 2012, Ben the Pyrate asked:
I'm a little confused about all this concern I've been seeing

about UUIDs. Could someone explain this to me? How exactly does it

hurt your privacy/anonymity if your CPU has a UUID?
Or, asked another way, what is the attack vector? What would a

hacker or government or other adversary need to do in order to

track someone by their UUID? Please help me to understand this

threat.


Best regards,

Ben the Pyrate


My answer:
In 1999, Intel announced that its Pentium III processors have a

processor serial number (PSN). Whereas, Intel had concealed that

its earlier processor, the Pentium II had a PSN. See:

http://findarticles.com/p/articles/mi_m0BNO/is_2000_June/ai_62263364

/ andhttp://bigbrotherinside.org/ and



http://www.theregister.co.uk/1999/03/16/finding_your_pentium_ii_psn/

.
Intel installed a PSN for digital rights management. I will discuss

digital rights management under my paragraph on Trusted Platform

Module (TPM).


"It (PSN) allows software manufacturers and websites to identify

individuals more precisely." From:



http://www.geek.com/glossary/P/psn-processor-serial-number/
"But what I thought was the most interesting was that the processor

serial number still gets reported to the Windows operating system."

From:http://discussions.virtualdr.com/archive/index.php/t-

100736.html


"Pentium III's serial number could be read by external programs."

http://www.hardwarecentral.com/archive/index.php/t-52051.html
Privacy groups protested against the PSN's invasion of privacy. The

EU and China intended to ban Pentium III. See



http://en.wikipedia.org/wiki/Pentium_III
Therefore, Intel developed software that would disable the PSN for

users who's BIOS did not give an option to disable PSN. Disabling

means that the PSN would not be visible online. Whereas, the BIOS

option and Intel's software did not work. The PSN leaked and was

visible online. See:http://articles.cnn.com/keyword/pentium-iii

andhttp://bigbrotherinside.org/.


The PSN also leaked because malware hacked Intel's disabling. Intel

asked Symantec for a patch. The patch did not work.


Intel's misrepresented that it would discontinue inserting PSN and

in its place use TPM (Trusted Platform Module). Whereas, Intel

continued to insert PSN in its next processor, the Pentium 4. See

http://www.hardwarecentral.com/archive/index.php/t-49252.html
TPM's invasion of privacy is discussed at

http://www.gnu.org/philosophy/can-you-trust.html and see section on

How can TC be abused? athttp://www.cl.cam.ac.uk/~rja14/tcpa-

faq.html
TPM is a 1 GB microchip on the motherboard. TPM is not in the

processor. TPM has an universally unique identifier (UUID). In

addition to its own visible UUID, TPM creates a composite UUID

containing the serial numbers of other hardware such as the

internal hard drive. Websites, government, IT administrators and

hackers can see these UUIDs.


For example, if a consumer purchases an e-book or software and

changes his or her internal hard drive or copies it onto another

computer, the e-book will not play.
Government, hackers and information brokers can track the activity

and geolocation of computers by their UUIDs. Websites that read the

UUIDs can sell this tracking information along with other tracking

information to information brokers who resell it to investigators

who resell it to abusers.
There is more than version of TPM. "Meanwhile, there are spin-offs

and enhancements whose security characteristics were embedded even

more strictly. Examples are Intel's LaGrande Technology, ARM's

TrustZone, and starting in 2006, AMD's Presidio is expected to hit

the market."
Besides being tracked by use of a credit card, consumers can be

tracked by the UUID when they do online banking.


ARM's TrustZone

Secured PIN entry for enhanced user authentication in mobile

payments & banking

? Anti-malware that is protected from software attack

? Digital Right Management

? Software license management

? Loyalty-based applications

? Access control of cloud-based documents

? e-Ticketing Mobile TV
http://mobile.arm.com/products/processors/technologies/trustzone.php

?tab=Why+TrustZone?


Marvell uses ARM processors. ARM processors supporting TrustZone

include: ARM Cortex-A15, ARM Cortex-A9, ARM Cortex-A8, ARM Cortex-

A7, ARM Cortex-A5 and ARM1176. I could not tell by reviewing

Marvell's website which ARM the Kirkwood 88F6281 or the Sheva

processor in DreamPlug has. Could you please ask Marvell?
Hackers had it easy when one OS dominated the world. One article

discussed that hackers are performing less software attacks and

instead attacking processors. Hacking the processor at the kernel

level gives complete remote control of the computer. A PSN makes

the processor visible online. A PSN makes the processor vulnerable

to hacks.


Firmware rootkits that infect the BIOS are not always erased by

flashing the BIOS. See articles on the mebromi firmware rootkit.


A mesh network and OpenVPN and proxies, such as TOR, do not fully

grant privacy. The PSN and/or TPM's UUID are visible offline. I

cannot cite references on this. I have been hacked offline, first

by my wifi card and after I removed my wifi card and bluetooth

card, by my PSN. Yes, computers can be hacked via their wifi cards

even though the computers are offline. See



http://www.usatoday.com/tech/news/computersecurity/hacking/2006-08-

02-wireless-hackable_x.htm
There are plenty of articles on hacking bluetooth due to

bluetooth's MAC address being visible.


The old methods of tracking computers were IP address and MAC

address of the wifi card. If this were completely sufficient, there

would be no reason for PSN and TPM. The fact that they exist means

that they enable tracking of computers via hardware.


Don't give a false sense of security by promising privacy unless

you are also offering hardware privacy. Except for MAC address on

wifi cards, we had hardware privacy prior to Pentium II's PSN.

FreedomBox can ask Marvell and/or other manufacturer to "down

grade" to the early 1990s and give us back our hardware privacy.




Download 0.69 Mb.

Share with your friends:
1   ...   10   11   12   13   14   15   16   17   ...   20




The database is protected by copyright ©ininet.org 2024
send message

    Main page