IBM Hardwires Encryption Into Chips

zenwarrior writes "Reported by CNET, a new chip technology termed Secure Blue by IBM will keep users' data encrypted and secured at virtually every moment on essentially anything in which the chip can be used. Data is even encrypted in RAM, leaving display for users' viewing as almost the last place it isn't encrypted. This has to be considered decidedly anti-Homeland Defense by the current administration. If so, when will we see it if ever?"

Clipper Chip???

[DAldredge]

Like the last adminstration would have liked this tech? Face it - neiter party in DC likes anything that takes power away from them.

When will we see it, if ever?

[magetoo]

My guess: In media center PCs in 3... 2... 1...

Re:When will we see it, if ever?

[frovingslosh]

Yup, mod parent up. Some might call this anti-homeland defense (particularly if the childishly believe the feds can't get your data this way), but the reality is that it is a maror shove in the DRM direction. With DRM already in the SATA hard drives, this is another way to fence the user away from their data. And what happens when Windows does it's all too common trick of refusing to boot and let you at your existing files? Well just reinstall everything (from the CDs that the major OEMs like Dell no longer even bother to give you) and retype it, because you sure are not going to recover it any longer. This is called trusted computing.

Pretty cool

[liliafan]

Interesting report but I would like to see more details, what type of encryption is being used? I think this would be a great thing, however, I can see it being blocked from ever reaching the market due to home security risks, unless there is a backdoor installed which really makes it kinda pointless in the first place.

Regardless it is very interesting that they say this technology can be used on any chip and not just powerPC's, also is the encrypted data tied to the chip or the system, how would this effect SMP systems, or virtual partitions?

Re:Pretty cool

[c0l0]

From what I've heard the encryption scheme to be implemented by the "Secure Blue" chip is supposed to be based on a sophisticated algorithm called "Triple-ROT52", developed at an university in Australia. Neat stuff, indeed!
 
 

Now let's lean back and see how long it takes for the Inquirer to pick this up...

Re:Pretty cool

[TheRaven64]

This sounds pretty paranoid, and easy to circumvent. No one is trying to ban OpenBSD in the US, for example, and it includes strong encryption (developed outside the USA), and is used on a number of router and firewalls.

Re:Pretty cool

[windowpain]

I'm not so sure that the Feds require encryption backdoors for devices. I think you may be thinking of CALEA and related laws. But AFAIK they refer only to tapping phone lines, rather than encryption.

Even if the Feds do pass a law requiring backdoors for devices, the law could be circumvented by doing the encryption in software. Not as convenient for the end-user perhaps, but millions of people around the world do that every day thanks to the various implementations of public-key (RSA) schemes.

Software trapdoors trump hardware backdoors.

DRM

[Ingolfke]

This can help you, the end-user secure your data, but is also a necessary component of a DRM hardware solution.

Re:DRM

[linguae]

Come up with fair prices and easy to use players as Apple did. And you've got win-win scenario without DRM even come into play.

Hmmm, doesn't Apple use DRM in its iTunes music and in OS X?

Re:DRM

[babbling]

The purpose of DRM isn't to stop people copying. That is just the stated purpose. There are other motives involved.

Re:DRM

[onecheapgeek]

He could, but he'd have to rename himself "coherentexplanation".

Re:DRM

[Firehed]

It locks you into certain hardware. Not too many people will be keen to switch to a PlaysForSure-compatible player if they've got an iTunes library full of protected AAC songs. In any case, it's a futile attempt to do so as there are so many ways to deal with it, but it'll certainly deter casual users (read: those that can't be bothered to burn and re-rip their whole purchased library) from switching. CSS? It's not to stop copying DVDs, it's to make sure that everyone who makes players has to pay a licensing fee. Why else can you grab PC DVD player drives for <$20 where a standalone DVD player starts around the $40 mark?

They know damned well that until our brains can decode encrypted digital video and audio, they can't stop copying. It must be converted to analog before we can use it, and while they can hamper things, there's absolutely no way to stop microphones and camcorders. It's for the sole purpose of extracting as much profit from everyone as possible. The anti-piracy makes a decent cover, but in reality it's one of the largest anti-competitive schemes in recent history.

Or Sponsored by DHS?

[MooseByte]

"This has to be considered decidedly anti-Homeland Defense by the current administration."

Unless they designed the backdoor to be inserted....

Re:Or Sponsored by DHS?

[Jeremi]

You can bet on it

Can you? If anything about the government-installed backdoor ever became public knowledge, IBM would be facing all kinds of lawsuits from anyone who ever bought that chip, would probably have to refund or replace every copy of the chip they ever sold, and it would be a long, long time before anyone would seriously consider buying a "secure" chip from IBM again.

I like a crypto-fascist conspiracy as much as the next guy, but wouldn't that be an awfully big marketing risk for IBM to take?

Re:Or Sponsored by DHS?

[Kjella]

Back when I was in university, I had a computer security prof who was a bit of a conspiracy nut. He'd tell you that the government doesn't need a back door, because whatever encryption algorithm IBM's using, the NSA can already crack it.

They are certainly among the best in the field, and yes they did improve DES. However, that doesn't change the fact that many published encryption schemes like GOST (Russian), Rijendael (European, better known as AES) were developed outside the US. Very many cryptographers have taken a whack at both those and US algorithms, and they seem to hold. To think that the NSA has solvers for all of these and the rest of the world can't find solvers for any of them, is putting too much faith in the NSA. It seems quite obvious at this point that secure encryption does exist. Of course, there's always the chance the NSA has broken some of these algorithms, which they aren't very likely to talk about. But I strongly doubt they've cracked all of them. And as far as brute force go, it wasn't too long since 40 bits was the limit, now 128bit is everywhere. I strongly doubt their breaking capability rose with 2^88 in that time, I think it's more a case of the cat being out of the bag.

Homeland Security Vrs RIAA

[Jumbo+Jimbo]

This has to be considered decidedly anti-Homeland Defense by the current administration. If so, when will we see it if ever?

Anti-Homeland Defense, maybe, but avoiding data leakage will make it very attractive to RIAA / MPAA and other copyright protection lobby groups.

So Maybe we get to see what happens when the RIAA face off against the Department for Homeland Security and the CIA - that would be one I would like to see (Maybe we should just watch them fight them nuke them both from orbit - only way to be sure).

A chain is only as strong as its weakest link

[voice_of_all_reason]

Cliche, yes. But true. Throwing up more doors is only going to add another layer of UI headache, and it won't do anything to address the issue of say, FBI agents losing their laptops in bars...(http://www.theregister.co.uk/2001/07/18/fb i_loses_hundreds_of_laptops/)

Re:A chain is only as strong as its weakest link

[TheRaven64]

The VM on my laptop is encrypted, as is my home directory. When I boot, a decryption key for the VM is stored in RAM. If the machine is turned off, this is lost and it is impossible (well, very hard) to recover the contents of the swap. My home directory key is generated from my password, which must be entered when I log in.

All of this encryption is done in hardware. I was considering, for my next laptop purchase, getting one with a MiniPCI slot that could have a crypto accelerator inserted (even a cheap one can handle over 300MB/s throughput, which is faster than my hard disk can do). Having this on-chip or even on the motherboard would be a huge incentive for me.

And repairing those computers?

[s0l3d4d]

And what will happen if you will replace the logic board of those computers? Will all your data be gone even for you?

Maybe negative, but in a different way

[towsonu2003]

Secure Blue by IBM will keep users' data encrypted and secured at virtually every moment on essentially anything in which the chip can be used. ... This has to be considered decidedly anti-Homeland Defense by the current administration.

I don't get the reference to Homeland Security? Is this the result of the newest US social scare, or is it really relevant?

Anyway, this could be bad news in two ways:
1. It will be used for DRM for sure
2. You won't be able to see what's going on on your employee's computer (which is good news for the employee)

But how does the Homeland Security gets injected into this issue? I mean, will some poor encryption (of which the specs can be supoeaned under the patriot act) stop the Department of Homeland Security from getting into our hard drives and data? I wish someone could clarify this...

Re:Said

[Lord+Kano]

The Clinton administration was about as republican as it gets.

Only if you don't know what Republicans are.

The Clinton administration was enthusiastically "Pro-Choice" and Anti-Second Amendment, quite the opposite of the Republicans. Clinton also passed a middle(and upper)-class tax hike. Once again, not very Republican of him.

LK

No processor overhead.

[Chas]

Hey man. What's that encryption on that thing?

Double ROT26.

Woo. That's gonna be TOUGH to crack!

Keys too or only algorithms?

[quentin_quayle]

Apparently what they're putting in the chips is, at least, encryption/decryption routines. Aside from the obvious questions (what happens when you want to change algorithms?), the important question is whether they're including digital keys as well.

The single factor that makes "trusted computing" evil is that there's a digital key (the "attestation" or "endorsement" key) baked into the TPM which the owner of the machine is prevented from accessing or changing. If all the keys were accessible to the owner, it would be a purely beneficial technology. With the anti-owner feature, it becomes an engine of DRM, censorship, and vendor lock-in on a vast scale, and at a fundamental level absolutely prevents security and privacy for the computer owner.

So the question is which category this IBM tech falls into. And that in turn depends on whether digital keys will be baked into the processor, or whether it's only a set of routines that any software can use under the owner's control.

Re:Said

[MobileTatsu-NJG]

"But until then, it's Bush and the cronies who are fucking you over, and so they're the ones that get all the criticism. Criticizing Clinton is, at this point, an exercise in political futility. He can't really do much damage at this point."

I think the OP's point was that GWB doesn't hold the patent on evil. This is something to be mindful of. The next guy, democrat or republican, could easily be just as evil. If you just assume "Hey, it's not Bush! Our problems have gone away!", well then you're in a wee bit o trouble.

Since when?

[mcc]

Not one that relies on draconian hardware chips that prevent you from having control over your computer.

I'm sorry, what? According to wide report, as of the new Intel macs, Apple is in fact using draconian hardware chips that prevent you from having control over your computer, and is reportedly using these specifically to keep you from running OS X on unauthorized hardware. (Though, hilariously enough, that's according to wide report. There is no hard evidence I've seen one way or the other that these chips are or aren't even in the new macs to begin with! All reports of TPM in the Intel macs are based on sort of circumstantial evidence from reports of the developer betas of the Intel macs. Since the actual release of the Intel macs, everyone has gone silent on the subject, and Google doesn't turn up any attempts I can find to take apart the Intel macs and the kernel to see whether TPM is in there. Apparently though the slashdot and tech blogger crowd were angry and opposed to Palladium/TPM for three or five years nonstop since it was announced, they just fell silent once they saw how shiny the new iMacs are.)

You are of course correct that they aren't, of course, using these chips for iTunes or the iPod. Yet. But if the chips are in the machines, they could start using them for such purposes at any time. The iTunes DRM already subtly changes with each iTunes version (the jHymn backup utility still doesn't work with the iTunes 6.0 DRM).

Though all of my computers since I was six years old have been Apples, if it's true that Apple is using TPM in their machines now, it would seem I'm going to be using Linux from now on. I was rather annoyed at the prospect of having to suffer a hardware platform transition (again) to begin with, but I can at least understand the reasoning behind that. But I'm absolutely not willing to pay for a computer if there's this ticking TPM time bomb buried in it that means, if someday the OS vendor changes their mind, a single OS update could sweep through and my computer would no longer be mine.