Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday June 21 2017, @03:43PM   Printer-friendly
from the ebg-13-qbrfa'g-pbhag dept.

http://www.bbc.com/news/technology-40326544

A European Parliament committee wants end-to-end encryption to be enforced on all forms of digital communication to protect European Union (EU) citizens. The draft legislation seeks to protect sensitive personal data from hacking and government surveillance. EU citizens are entitled to personal privacy and this extends to online communications, the committee argues. A ban on "backdoors" into encrypted messaging apps like WhatsApp and Telegram is also being considered.

[...] "The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, email, internet phone calls and personal messaging provided through social media," said a draft proposal from the European Parliament's Committee on Civil Liberties, Justice, and Home Affairs.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Informative) by pTamok on Wednesday June 21 2017, @09:13PM (5 children)

    by pTamok (3042) on Wednesday June 21 2017, @09:13PM (#529207)

    Unless you know what is in the Boot Loader Stage 1 AP Trusted ROM, and can confirm that is what is on-chip, you have no idea what software/firmware is being run in the Trusted context. None.

    The architecture has better public documents than AMD or Intel - it's on Github

    https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/firmware-design.md [github.com]

    https://github.com/ARM-software/arm-trusted-firmware [github.com]

    ...but, as an end-user, you have no idea what has been put in the Trusted ROM of any systems that have an ARM Trusted Zone implemented. As the firmware is open source, and replaceable, you can audit that, and provide your own, if you wish. The trouble is, the ROM could enable a third-party to replace the firmware, and you'd have no way of knowing.

    If you read the firmware update guide:

    https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/firmware-update.md [github.com]

    ...the Firmware Update (FWU) feature, which enables authenticated firmware to update firmware images from external interfaces such as USB, UART, SD-eMMC, NAND, NOR or Ethernet to SoC Non-Volatile memories such as NAND Flash, LPPDR2-NVM or any memory determined by the platform. This feature functions even when the current firmware in the system is corrupt or missing; it therefore may be used as a recovery mode.

    Oh look - the firmware can be replaced over Ethernet. I'll leave you to join the dots.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday June 21 2017, @10:15PM

    by Anonymous Coward on Wednesday June 21 2017, @10:15PM (#529243)

    A lot of ARM SoCs have built in ROM and the ability to do an initial load of software from UART, SPI, Ethernet, etc. Even SoCs that don't have special trusted zone. All the SoCs that I have seen require physical access to enable that feature (jumper, etc.) and also have the ability to turn that feature off. They don't just willy-nilly decided to download stuff.

    Obviously if you don't control the initial loading of software or you don't control the trust zone, then there is an element of trust involved. At least with the ARMs I have seen, you do have the ability to roll your own chain of trust. With Intel, not so much.

  • (Score: 2) by bob_super on Thursday June 22 2017, @05:13PM (3 children)

    by bob_super (1357) on Thursday June 22 2017, @05:13PM (#529582)

    The best argument for Trustzone is the fact that the US doesn't prevent ARM chips from being in its weapons systems.
    If they convinced the foundry or the English designers to add a backdoor, they clearly trust their ability to safeguard that hack or key better than they protect their own NSA/CIA hacking tools.

    • (Score: 1) by pTamok on Thursday June 22 2017, @05:41PM (2 children)

      by pTamok (3042) on Thursday June 22 2017, @05:41PM (#529596)

      The thing is, ARM don't sell chips. They sell chip designs. What you buy from ARM is a Hardware Description Language (HDL) description of an ARM processor, which you then get a foundry to build for you. The US military have access to trusted foundries*, so can get their supply of ARM chips from trusted foundries, and also, because they buy the HDL, can audit the design.
      Buying actual pre-made chips is different. ARM don't sell ARM chips. If you buy a chip with an ARM core, you have to trust that the foundry haven't added (or been forced to add, for National Security reasons) their own modules to the HDL.

      *Look up "Trusted Foundry Program" in your Internet Search Engine of choice. There is a list of trusted foundries here: http://www.dmea.osd.mil/otherdocs/AccreditedSuppliers.pdf [osd.mil] ; and more details here: http://www.dmea.osd.mil/trustedic.html [osd.mil] . Many of the links you find in the search go to .mil domains and raise alarms in browsers, as the TLS certificates are not in the browsers's list of trusted certificates and/or the CA authority is not known to the browser.

      • (Score: 2) by bob_super on Thursday June 22 2017, @05:53PM (1 child)

        by bob_super (1357) on Thursday June 22 2017, @05:53PM (#529600)

        I used to sell chips with ARM cores inside to military suppliers.
        I was not allowed to listen to the Classified discussions between our Cleared guys and theirs, but whatever was revealed in those briefings did not prevent the chips from being considered in the context of Classified programs.

        • (Score: 1) by pTamok on Thursday June 22 2017, @08:30PM

          by pTamok (3042) on Thursday June 22 2017, @08:30PM (#529653)

          You don't say if you worked for ARM, a foundry, or someone else. I'll guess not ARM.

          If the foundry using ARM's intellectual property were a trusted foundry, then there's no problem. It doesn't mean ARM processor cores in general should be trusted, it just means that chips built in trusted foundries using ARM's intellectual property might be trustworthy for your purposes, assuming the foundry is trusted by you.

          ARM do not sell chips, they sell licences to implement their chip design. Once you have their HDL, you can audit it, but you also need to make sure the implementation in the foundry is trustworthy. Quite apart from someone adding a hardware module that you don't know about in the HDL, there are hardware hacks to compromise chips that are difficult to detect for example: https://phys.org/pdf298789584.pdf [phys.org] . The paper two which it refers should be at http://people.umass.edu/gbecker/BeckerChes13.pdf, [umass.edu] but is now a 404. The Internet Archive has a copy here: https://web.archive.org/web/20140209150713/http://people.umass.edu/gbecker/BeckerChes13.pdf [archive.org] - it is interesting reading.

          Our first target is a design based on Intel’s new cryptographically secure RNG. Most prominently, it is used in the Ivy Bridge processors...
          The cryptographically secure RNG generates unpredictable 128-bit random numbers. The security has been verified by an independent security company [7] and is NIST SP800-90, FIPS 140-2, and ANSI X9.82 compliant. We will modify the digital post-processing of the design at the sub-transistor level to compromise the security of keys generated with this RNG. Our Trojan is capable of reducing the security of the produced random number from 128 bits to n bits, where n can be chosen. Despite these changes, the modified Trojan RNG passes not only the Built-In-Self-Test (BIST) but also generates random numbers that pass the NIST test suite for random numbers.

          ARM may well be selling designs without back-doors. But ARM have no control over what you subsequently do to the design.

          (By the way, although I'm talking about foundries and HDL, foundries don't actually get to see the HDL - they get layout masks. They key point is, though, that you have to be able to verifiably trust all stages in the chip's manufacture.)