| |||||||||||||
Similar in spirit?Similar in spirit?Posted Oct 9, 2006 15:33 UTC (Mon) by kleptog (subscriber, #1183)In reply to: Similar in spirit? by pimlott Parent article: Similar in spirit? The device doesn't need the checksum. The device merely reports the checksum to the media distributor, which validates it against its own (self-maintained) list. Well, that's obviously not going to work. Then I can simply set the code to return the expected checksum while actually running something else. For a remote entity to verify you're actually running a particular binary is hard. The act of sending the checksum becomes the weak link, because some upstream router can just change it. So instead, the device has to fetch a list of valid checksums and have some TPM of its own to verify the checksum against the list. It's the verifying of an authentic checksum list that is the crucial part, and where of use of encryption keys comes from.
(Log in to post comments)
Similar in spirit? Posted Oct 9, 2006 16:10 UTC (Mon) by pimlott (guest, #1535) [Link] Then I can simply set the code to return the expected checksum while actually running something else.As I said earlier in this thread, the device (with its proprietary operating system) "supports trusted remote querying of the running software". The query protocol naturally ensures the authenticity, integrity, and confidentiality of the communication. You or an upstream router can't tamper with it. The media distributer can be sure that it is talking to the unmodified operating system and getting trustworthy checksums.
|
|||||||||||||