|
Posted by Sebastian Gottschalk on September 2, 2006, 8:37 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Saqib Ali wrote:
> A recent "self-serving" report by Phoenix Technologies indicated that
> 84 of attacks could have been prevented only if Device Authentication
> was used in addition to user authentication.
>
> - Evidence Abound:
> · Losses from stolen IDs and passwords far exceeded damages from
> worms, viruses, and other attack methods not utilizing logon accounts
> · Vast majority of attackers, 78 percent, committed crimes from their
> home computers; most often using unsanctioned computers with no
> relationship to the penetrated organization
> · 88 percent, of those crimes were committed from a home PC using
> stolen IDs and passwords and following normal logon procedures.
>
> - Link to full report:
> https://forms.phoenix.com/cybercrime/docs/cyberdoc.pdf
>
> -Their solution?
> Use Trusted Platform Module to authenticate devices.
>
> - Problem?
> TPM can also be used to force DRM. (EFF and ACLU member don't like DRM
> to say the least)
What about a working TMPs first? Just imagine some chip engineer with a
huge mathematical but no cryptographic background actually followed the
specification exactly, then he wouldn't have corrected key<<1024 to
key%(1<<1024) and the entire security would be reduced from 1024 to 1 bit;
well, if the chip actually worked at all, because with such a specification
just a working initialization would be a miracle.
Anyway, they're right. With such a criticial cryptographic device like a
TPM you need an absolutely trustworthy operating system in control of that
device, so Windows, especially the new one with kernel-integrated and
non-removable DRM is totally out of business for such a job.
> 3) Create a world-wide PKI, issue SSL certificates to machines as well
> as users, and then perform client side authentication from the server.
Why world-wide? A corporate-wide PKI with issuing certificates to the users
is a feasible method.
> 4) Use IP addresses to perform machine authentication.
Ouch!
> Any thoughts?
What about Smartcards? Similar to TPM, but not hard-wired, long-term
proven, fully under your control and exchangeable.
| 
XML site map