Solo dal 2023 l'AI è diventata parte del discorso di tutti: il suo utilizzo, l'addestramento con nostri dati, le opposizioni ecc.
Ma ogni tanto mi piace condividere ciò che succedeva già 17 anni fa, che ha posto le basi per tutto ciò, ma che in pochi tenevano in considerazione
Zu gut, um es nicht zu teilen...
When I red about Windows TPM this morning, I instantly remembered this presentation from 25 years ago, introducing #TCPA 🫶 it aged (very) well and is imho still useful ... check it out please, you won't regret: https://youtu.be/mLoIcdIu_Kk?si=SI7LFtc2zNcxjrDA
#trust #trustedcomputing #goodmorning
Concept, Script, Design, Animation, Production LAFKON & Lutz Vogel | 2005
EU to Apple: “Let Users Choose Their Software”; Apple: “Nah”
https://www.eff.org/deeplinks/2024/10/eu-apple-let-users-choose-their-software-apple-nah
#DigitalServicesAct #TrustedComputing #EUPolicy #BigTech #DRM
And, once again, "trusted computing" should not be trusted…
L. Wilke et al, "TDXdown: Single-Stepping and Instruction Counting Attacks against Intel TDX"¹
[…]
Intel recently launched Intel TDX, its second generation TEE, which protects whole virtual ma- chines (VMs). To minimize the attack surface to side-channels, TDX comes with a dedicated single-stepping attack countermeasure.
In this paper, we systematically analyze the single-stepping coun- termeasure of Intel TDX and show, for the first time, that both, the built-in detection heuristic as well as the prevention mechanism, can be circumvented. We reliably single-step TDX-protected VMs by deluding the TDX security monitor about the elapsed processing time used as part of the detection heuristic. Moreover, our study reveals a design flaw in the single-stepping countermeasure that turns the prevention mechanism against itself: An inherent side- channel within the prevention mechanism leaks the number of instructions executed by the TDX-protected VM, enabling a novel attack we refer to as StumbleStepping. Both attacks, single-stepping and StumbleStepping, work on the most recent Intel TDX enabled Xeon Scalable CPUs.
Using StumbleStepping, we demonstrate a novel end-to-end at- tack against wolfSSL’s ECDSA implementation, exploiting a con- trol flow side-channel in its truncation-based nonce generation algorithm. We provide a systematic study of nonce-truncation im- plementations, revealing similar leakages in OpenSSL, which we exploit with our single-stepping primitive. Finally, we propose de- sign changes to TDX to mitigate our attacks.
[…]
#TDX #TrustedComputing #Intel
__
¹ https://uzl-its.github.io/tdxdown/
I feel like a #TPM should have a little tag on it that tells people what it does; "If you disconnect me from this computer all the data on it becomes unreadable. Pull in case of cops. Pull and destroy!"
#trustedComputing #encryption #uefi #cryptography #security #infosec
Third on the list was Briongos et al.'s "No Forking Way: Detecting Cloning Attacks on Intel SGX Applications," presenting a practical clone-detection mechanism for Intel SGX that does not rely on a trusted third party. (https://www.acsac.org/2023/program/final/s207.html) 4/5
#IntelSGX #TrustedComputing
You likely use the #InternetofThings (#IoT) each day for work, school, or leisure - but do you know how to safeguard the devices you use within it from #digitalthreats?
#Dataprivacy and #digitalsecurity skills can be for everyone! Learn how to stay protected in the article by #Cybersecurity Expert Simone Bertulli:
#LPI #SecurityEssentials #malware #openstandards #attestation #Linux #bluebugging #TrustedComputing #cryptography #tech
@rigo @harkank #TrustedComputing ist en nur nen #Govware - #Feigenblatt...
How Windows uses the TPM | Windows Security | Microsoft Learn
A really nice, clear overview of trusted platform modules:
https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/how-windows-uses-the-tpm
How Windows uses the TPM | Windows Security | Microsoft Learn
https://alecmuffett.com/article/109104
#TrustedComputing #tpm #windows
#CyberSecurity #TrustedComputing: "After all, a system that treats the device's owner as an adversary is a natural ally for the owner's other, human adversaries. The rubric for treating the owner as an adversary focuses on the way that users can be fooled by bad people with bad programs. If your computer gets taken over by malicious software, that malware might intercept queries from your antivirus program and send it false data that lulls it into thinking your computer is fine, even as your private data is being plundered and your system is being used to launch malware attacks on others.
These separate, non-user-accessible, non-updateable secure systems serve a nubs of certainty, a remote fortress that observes and faithfully reports on the interior workings of your computer. This separate system can't be user-modifiable or field-updateable, because then malicious software could impersonate the user and disable the security chip.
It's true that compromised computers are a real and terrifying problem. Your computer is privy to your most intimate secrets and an attacker who can turn it against you can harm you in untold ways. But the widespread redesign of out computers to treat us as their enemies gives rise to a range of completely predictable and – I would argue – even worse harms. Building computers that treat their owners as untrusted parties is a system that works well, but fails badly." https://pluralistic.net/2024/01/18/descartes-delenda-est/#self-destruct-sequence-initiated
Second up as #ACSAC2023 paper #preview today is Plappert & Fuchs's proposal of a lightweight #attestation scheme tailored to connected #vehicles that securely interlocks two #trustedcomputing technologies: TPM and DICE.
https://www.openconf.org/acsac2023/modules/request.php?module=oc_program&action=summary.php&id=64
@marzlberger #TrustedComputing ist eh nur #Verarsche solange #AMD64, #AMR64 & Co. genutzt werden und keine Transparenz runter auf den einzelnen Transistor und Takt besteht...
You get subjected to draconian tech like #DRM, #TrustedComputing, #RemoteAttestation and #PartsPairing in the name of protecting IP. What about your IP? The code you write, the paintings you make and even your online comments get fed into #AI and reproduced wholly or in part elsewhere, in the name of #fairuse. What is common to these seemingly contradictory, if not hypocritical measures? Those who promote it have the money to deploy them in mass and fight you in court if you challenge them.
Es gibt einen Angriff gegen die #AMD Speicherverschlüsselung. Damit sollte #TrustedComputing in der #Cloud schwer angezaehlt sein.
