Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Hardwires Encryption Into Chips

Posted by ryuzaki0 on from the it's-in-the-chip dept.

zenwarrior writes "Reported by CNET, a new chip technology termed Secure Blue by IBM will keep users' data encrypted and secured at virtually every moment on essentially anything in which the chip can be used. Data is even encrypted in RAM, leaving display for users' viewing as almost the last place it isn't encrypted. This has to be considered decidedly anti-Homeland Defense by the current administration. If so, when will we see it if ever?"

32 of 244 comments (clear)

  1. Clipper Chip??? by DAldredge · · Score: 5, Insightful

    Like the last adminstration would have liked this tech? Face it - neiter party in DC likes anything that takes power away from them.

    1. Re:Clipper Chip??? by Doc+Ruby · · Score: 2, Insightful

      We're talking about the current administration, the one we've got, the one we can do something about. Not just partisan politics. But actual politics that go way beyond elections, to actually governing the country.

      I know partisans want to do nothing but win elections, get the bribes and power. But we need politicians who can also run the country. And people who can communicate with them to ensure they represent us.

      When Democrats have some power, even when balanced by a Republican other branch, the only bad politicians are Democrats. When Republicans have all the power, the only bad politicians are the old, half-forgotten Democrats. When Republican infallibility is debunked, then "neither party is good" - until Democrats no longer threaten Republicans. When did /. become FreeRepublic?

      --

      --
      make install -not war

    2. Re:Clipper Chip??? by Anonymous Coward · · Score: 1, Insightful

      The question to ask here is: "what does secure mean?"

      Secure against me, or secure for me? A super-secure system that can ensure that *only* I can get at the data, and does not allow third-party software to lock *me* out of that data... I'll buy. If it's another load of crap like Trusted Computing which makes explicit in its design that the root key is hidden from you, the owner, then it's no sale.

      As the owner I want access to the entire contents of the machine if I wish. Otherwise, it will ultimately be used against you not for you.

  2. When will we see it, if ever? by magetoo · · Score: 5, Insightful

    My guess: In media center PCs in 3... 2... 1...

    1. Re:When will we see it, if ever? by frovingslosh · · Score: 5, Insightful

      Yup, mod parent up. Some might call this anti-homeland defense (particularly if the childishly believe the feds can't get your data this way), but the reality is that it is a maror shove in the DRM direction. With DRM already in the SATA hard drives, this is another way to fence the user away from their data. And what happens when Windows does it's all too common trick of refusing to boot and let you at your existing files? Well just reinstall everything (from the CDs that the major OEMs like Dell no longer even bother to give you) and retype it, because you sure are not going to recover it any longer. This is called trusted computing.

      --
      I'm an American. I love this country and the freedoms that we used to have.
  3. Pretty cool by liliafan · · Score: 4, Insightful

    Interesting report but I would like to see more details, what type of encryption is being used? I think this would be a great thing, however, I can see it being blocked from ever reaching the market due to home security risks, unless there is a backdoor installed which really makes it kinda pointless in the first place.

    Regardless it is very interesting that they say this technology can be used on any chip and not just powerPC's, also is the encrypted data tied to the chip or the system, how would this effect SMP systems, or virtual partitions?

    --
    GeekServ Unix Consulting Services (http://www.geekserv.com)
  4. DRM by Ingolfke · · Score: 4, Insightful

    This can help you, the end-user secure your data, but is also a necessary component of a DRM hardware solution.

    1. Re:DRM by linguae · · Score: 4, Insightful
      Come up with fair prices and easy to use players as Apple did. And you've got win-win scenario without DRM even come into play.

      Hmmm, doesn't Apple use DRM in its iTunes music and in OS X?

    2. Re:DRM by babbling · · Score: 3, Insightful

      The purpose of DRM isn't to stop people copying. That is just the stated purpose. There are other motives involved.

    3. Re:DRM by GreyWolf3000 · · Score: 1, Insightful

      Not one that relies on draconian hardware chips that prevent you from having control over your computer. So while the parent wasn't perhaps as thorough in his explanation, he still had a point.

      --
      Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
    4. Re:DRM by Firehed · · Score: 4, Insightful
      It locks you into certain hardware. Not too many people will be keen to switch to a PlaysForSure-compatible player if they've got an iTunes library full of protected AAC songs. In any case, it's a futile attempt to do so as there are so many ways to deal with it, but it'll certainly deter casual users (read: those that can't be bothered to burn and re-rip their whole purchased library) from switching. CSS? It's not to stop copying DVDs, it's to make sure that everyone who makes players has to pay a licensing fee. Why else can you grab PC DVD player drives for <$20 where a standalone DVD player starts around the $40 mark?

      They know damned well that until our brains can decode encrypted digital video and audio, they can't stop copying. It must be converted to analog before we can use it, and while they can hamper things, there's absolutely no way to stop microphones and camcorders. It's for the sole purpose of extracting as much profit from everyone as possible. The anti-piracy makes a decent cover, but in reality it's one of the largest anti-competitive schemes in recent history.

      --
      How are sites slashdotted when nobody reads TFAs?
  5. Or Sponsored by DHS? by MooseByte · · Score: 4, Insightful

    "This has to be considered decidedly anti-Homeland Defense by the current administration."

    Unless they designed the backdoor to be inserted....

    1. Re:Or Sponsored by DHS? by Anonymous Coward · · Score: 2, Insightful
      well thats not even funny to joke about! start fighting back, heres a quote from somone on anonet for why they do what they do:
      Because everyday more and more of our freedoms (it doesn't matter where you are in the world) are taken away. Now they are starting in on the internet. So I figured it was time to build something "they" don't control and start it sooner rather than later.
      thats good enough for me, anonetnfo.brinkster.net.nyud.net:8090 - it might be seen as an advert, but it wasn't intended to be one
    2. Re:Or Sponsored by DHS? by Jeremi · · Score: 4, Insightful
      You can bet on it


      Can you? If anything about the government-installed backdoor ever became public knowledge, IBM would be facing all kinds of lawsuits from anyone who ever bought that chip, would probably have to refund or replace every copy of the chip they ever sold, and it would be a long, long time before anyone would seriously consider buying a "secure" chip from IBM again.


      I like a crypto-fascist conspiracy as much as the next guy, but wouldn't that be an awfully big marketing risk for IBM to take?

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    3. Re:Or Sponsored by DHS? by Kjella · · Score: 3, Insightful

      Back when I was in university, I had a computer security prof who was a bit of a conspiracy nut. He'd tell you that the government doesn't need a back door, because whatever encryption algorithm IBM's using, the NSA can already crack it.

      They are certainly among the best in the field, and yes they did improve DES. However, that doesn't change the fact that many published encryption schemes like GOST (Russian), Rijendael (European, better known as AES) were developed outside the US. Very many cryptographers have taken a whack at both those and US algorithms, and they seem to hold. To think that the NSA has solvers for all of these and the rest of the world can't find solvers for any of them, is putting too much faith in the NSA. It seems quite obvious at this point that secure encryption does exist. Of course, there's always the chance the NSA has broken some of these algorithms, which they aren't very likely to talk about. But I strongly doubt they've cracked all of them. And as far as brute force go, it wasn't too long since 40 bits was the limit, now 128bit is everywhere. I strongly doubt their breaking capability rose with 2^88 in that time, I think it's more a case of the cat being out of the bag.

      --
      Live today, because you never know what tomorrow brings
    4. Re:Or Sponsored by DHS? by CodeBuster · · Score: 2, Insightful

      I think it's more a case of the cat being out of the bag.

      Remember also that the NSA is concerned with practical mission concerns and not just the theoretical side of cryptography. In the real world the weakness is rarely in the algorithm chosen, but rather in bungled key management, social engineering, or other physical security concerns which serve as the weak link in the chain. The NSA would not bother brute forcing your key if they could log your keystrokes from a van parked somewhere in the neighborhood or bug your keyboard while you are not home or trick someone at your company to give out the passphrase during a pretext phone call, or any number of other ways that intelligence agencies know about. The secure transmission and storage of keys is the real problem and most private entities are no match for experienced agents of the system when it comes to securing their sensitive data.

  6. A chain is only as strong as its weakest link by voice_of_all_reason · · Score: 3, Insightful

    Cliche, yes. But true. Throwing up more doors is only going to add another layer of UI headache, and it won't do anything to address the issue of say, FBI agents losing their laptops in bars...(http://www.theregister.co.uk/2001/07/18/fb i_loses_hundreds_of_laptops/)

  7. Re:Homeland Security Vrs RIAA by Ohreally_factor · · Score: 2, Insightful

    What's to stop the government from seizing both you and your computer, flying you out of the country, and then torturing you until you give up the password?

    Besides which, I'm pretty sure the RIAA and the MPAA will get behind this, and they've got Congress in their pocket.

    --
    It's not offtopic, dumbass. It's orthogonal.
  8. Said by Mark_MF-WN · · Score: 1, Insightful

    Who said they would have liked it? The Clinton administration was about as republican as it gets. But it's always the current administration that's under the spotlight. Don't worry -- if and when the Democrats next hold the presidency, everyone will rip them apart for stripping away freedoms as fast as they can. But until then, it's Bush and the cronies who are fucking you over, and so they're the ones that get all the criticism. Criticizing Clinton is, at this point, an exercise in political futility. He can't really do much damage at this point.

    1. Re:Said by Lord+Kano · · Score: 3, Insightful

      The Clinton administration was about as republican as it gets.

      Only if you don't know what Republicans are.

      The Clinton administration was enthusiastically "Pro-Choice" and Anti-Second Amendment, quite the opposite of the Republicans. Clinton also passed a middle(and upper)-class tax hike. Once again, not very Republican of him.

      LK

      --
      "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
    2. Re:Said by MobileTatsu-NJG · · Score: 3, Insightful

      "But until then, it's Bush and the cronies who are fucking you over, and so they're the ones that get all the criticism. Criticizing Clinton is, at this point, an exercise in political futility. He can't really do much damage at this point."

      I think the OP's point was that GWB doesn't hold the patent on evil. This is something to be mindful of. The next guy, democrat or republican, could easily be just as evil. If you just assume "Hey, it's not Bush! Our problems have gone away!", well then you're in a wee bit o trouble.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    3. Re:Said by mOdQuArK! · · Score: 2, Insightful
      he's actually more left wing than any other president.

      Nah, he's right wing, but it's more of the Benito Mussolini fascist government right-wing direction instead of the Liberterian less-government right-wing direction.

      (Whoever was responsible for reducing the description of anyone's political views down to a simple left or right direction has really done a lot of damage to the possibility of diversity in our public discussions.)

    4. Re:Said by C0vardeAn0nim0 · · Score: 2, Insightful

      protection has nothing to do with being left or right wing. the last military dictatorship in brasil, that lasted from 1964 to 1985, was a far right government and they were protectionists. most imports were forbiden, brasilian agriculture had several subsidies, and other stuff.

      this kind of protectionism has nothing to do with being left or right. it has more to do with the oposing forces represented by populism (do things that apeal to the public. screw common sense) and pragmatism (do sensible things that work on the long term, even if they're initially unpopular). this is just my opinion. feel free to disagree or point mistakes in my interpretation.

      --
      What ? Me, worry ?
  9. Maybe negative, but in a different way by towsonu2003 · · Score: 4, Insightful
    Secure Blue by IBM will keep users' data encrypted and secured at virtually every moment on essentially anything in which the chip can be used. ... This has to be considered decidedly anti-Homeland Defense by the current administration.
    I don't get the reference to Homeland Security? Is this the result of the newest US social scare, or is it really relevant?

    Anyway, this could be bad news in two ways:
    1. It will be used for DRM for sure
    2. You won't be able to see what's going on on your employee's computer (which is good news for the employee)

    But how does the Homeland Security gets injected into this issue? I mean, will some poor encryption (of which the specs can be supoeaned under the patriot act) stop the Department of Homeland Security from getting into our hard drives and data? I wish someone could clarify this...

  10. Re:Homeland Security Vrs RIAA by DoraLives · · Score: 2, Insightful
    we get to see what happens when the RIAA face off against the Department for Homeland Security and the CIA

    These outfits are the same side of the same coin, so there will be no "face off." They're all in cahoots together and you can rely on the fact that the RIAA or any other *AA will fall all over themselves attempting to give the DHS or whomever, any little thing their hearts desire, including whatever keys to whatever algorithm they may be interested in at any given time. It's YOU AND I who are on the outside looking in, here.

    --
    Is it fascism yet?
  11. This isn't meant to protect you from the gov't by Anonymous Coward · · Score: 2, Insightful

    This technology is clearly meant to keep consumers from getting to data they (thought they) bought. If every link in the chain is encrypted, right up to the tamper proof screen and speakers (which will destroy their keys as soon as one attempts to open it, rendering them useless), digital copies of protected media aren't possible anymore.

    One small step for IBM, one giant leap for DRM...

    However, there's still hope: making tamper proof hardware is very difficult. Making hardware that's not vulnerable to side channel attacks is extremely difficult. And lots of existing cryptographic systems are weak due to misuse of the cryptographic building blocks (think WEP for example). And then there's the weaknesses that are introduced on purpose, to satisfy certain three-letter agencies.

  12. Re:Ok, what are we talking about? by Ender_Stonebender · · Score: 2, Insightful

    The submitter is using "anti-Homeland Security" as a way of testing the intelligence of Slashdot users. See, this technology is (quite transparently) for digital restrictions enforcement*, which the general population of Slashdot is against. However, the general population of Slashdot is also against the invasions of privacy perpetrated (or attempted to be perpetrated) on US citizens by various agencies with "Homeland Security" agencies**; so the submitter is attempting to skew the conversation (and perhaps eventually general zeitgeist of Slashdot) in the direction of "encryption is good because it's hard to spy on us" and hoping we don't notice that a) it's (probably, haven't RTFA yet) not a publicly available algorithm that real cryptographic experts can examine for weaknesses and b) that we're not in control of what gets encrypted and what doesn't.

    Hopefully all of you figured all that out before reading this comment.

    --Ender

    * Stolen from someone else's sig: "The key to stopping Digital Restrictions Enforcement is to stop calling it DRM." Or maybe it was some other phrase that could have been acronimized to "CRAP".

    ** A while back, I looked for actual references about the *federal* Department of Homeland Security pulling these stunts. All reports were either hoaxes (Mao's Little Red Book incident), or local agencies with similar names.

    --
    Loose things are easy to lose. You're getting your hair cut. They're going there to see their aunt.
  13. Keys too or only algorithms? by quentin_quayle · · Score: 5, Insightful

    Apparently what they're putting in the chips is, at least, encryption/decryption routines. Aside from the obvious questions (what happens when you want to change algorithms?), the important question is whether they're including digital keys as well.

    The single factor that makes "trusted computing" evil is that there's a digital key (the "attestation" or "endorsement" key) baked into the TPM which the owner of the machine is prevented from accessing or changing. If all the keys were accessible to the owner, it would be a purely beneficial technology. With the anti-owner feature, it becomes an engine of DRM, censorship, and vendor lock-in on a vast scale, and at a fundamental level absolutely prevents security and privacy for the computer owner.

    So the question is which category this IBM tech falls into. And that in turn depends on whether digital keys will be baked into the processor, or whether it's only a set of routines that any software can use under the owner's control.

  14. Debugging by jfclavette · · Score: 2, Insightful

    Seriously, reading that core dump won't be easy...

  15. Since when? by mcc · · Score: 3, Insightful

    Not one that relies on draconian hardware chips that prevent you from having control over your computer.

    I'm sorry, what? According to wide report, as of the new Intel macs, Apple is in fact using draconian hardware chips that prevent you from having control over your computer, and is reportedly using these specifically to keep you from running OS X on unauthorized hardware. (Though, hilariously enough, that's according to wide report. There is no hard evidence I've seen one way or the other that these chips are or aren't even in the new macs to begin with! All reports of TPM in the Intel macs are based on sort of circumstantial evidence from reports of the developer betas of the Intel macs. Since the actual release of the Intel macs, everyone has gone silent on the subject, and Google doesn't turn up any attempts I can find to take apart the Intel macs and the kernel to see whether TPM is in there. Apparently though the slashdot and tech blogger crowd were angry and opposed to Palladium/TPM for three or five years nonstop since it was announced, they just fell silent once they saw how shiny the new iMacs are.)

    You are of course correct that they aren't, of course, using these chips for iTunes or the iPod. Yet. But if the chips are in the machines, they could start using them for such purposes at any time. The iTunes DRM already subtly changes with each iTunes version (the jHymn backup utility still doesn't work with the iTunes 6.0 DRM).

    Though all of my computers since I was six years old have been Apples, if it's true that Apple is using TPM in their machines now, it would seem I'm going to be using Linux from now on. I was rather annoyed at the prospect of having to suffer a hardware platform transition (again) to begin with, but I can at least understand the reasoning behind that. But I'm absolutely not willing to pay for a computer if there's this ticking TPM time bomb buried in it that means, if someday the OS vendor changes their mind, a single OS update could sweep through and my computer would no longer be mine.

    --
    Irritable, left-wing and possibly humorous bumper stickers and t-shirts
  16. It's evolution by SlappyBastard · · Score: 2, Insightful
    As people try harder and harder to control your information, those who seek to avoid that control are going to push that information into vaults and underground.

    My main fear is that the better part of the internet is going to be pushed underground because the gov't wants to read your email and the corps want to charge Google for letting you search for anything.

    If these people get their way, there will be no incentive for intelligent people to use an above-ground internet.

    --
    I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
  17. Far from a be-all end-all solution by NittanyTuring · · Score: 2, Insightful

    AFAIK, this technology would only address a number of physical security threats. Adversaries would be stopped from stealing hard drives, or trying to pick up any bits which leak into the environment (maybe through EM signals). While these problems are important to solve, this technology is far from a be-all end-all solution.

    Since the protection only occurs in hardware, one can still exploit the same software-based attack vectors that have been around for ages. Encryption is done even below the OS. If some Trojan horse got kernel-level priveleges and looked at physical RAM, it would see the plaintext and not the ciphertext, All the problems of network security still abound. as data sent out on the network is not protected.

    I'm not sure how this could be used for DRM. I guess Secure Blue could be extended to give or take keys over the network, and data can be transmitted as ciphertext and stored as-is into RAM. Can someone explain how this would work? TPMs can be used for DRM, but they work quite differently.

    I disagree that the screen is the only place for seeing data unencrypted. Devices will need DMA access to memory, and Secure Blue would have to decrypt the data before sending it down the bus. How is leakage protected in this case?