Thread: Snooping TV.
View Single Post
  #256   Report Post  
Posted to uk.d-i-y
John Rumm John Rumm is offline
external usenet poster
  
Posts: 25,191
Default Snooping TV.
On 14/03/2017 17:16, tim... wrote:


"John Rumm" wrote in message
o.uk...
On 13/03/2017 19:38, tim... wrote:




It's a specifically written embedded program that chooses to throw away
*everything* that doesn't match (otherwise it's useless as a secure
product)

You seem to be suggesting a system where a unique public key pair is
used to allow the device to verify the authenticity of code updates
without replying on signed binaries and the more commonly used systems
for establishing trust in these circumstances.

I am not sure what you are referring to as signed binaries

my understanding of signed binaries is to make sure that what you have
received is what was sent, so that you don't try and load accidentally
faulty code

No, that would just be a checksum, or possibly a cryptographic hash like
a MD5 checksum.

the "encryption" used to make sure that the download is authentic, lies
above that

This is normally done with digital certification and a secured
communications channel. The initial part of the secure session
establishment will typically use public key cryptography (even if a
higher performance symmetric algorithm is used once a secure key
exchange can be done). The key pairs will be created on the fly. The
digital signature is issued by a certification authority to guarantee
that a public key paid is actually owned by who it claims to be owned by.

So using this approach you get a good combination of protections without
needing any hard coded keys that could be compromised, and you also get
to verify you are actually talking to the right endpoint, and eliminate
the potential for impersonation or "man in the middle" attacks.

(Its the way web based https or other SSL channels connections are
established example).

Plenty more on it he

https://en.wikipedia.org/wiki/Certificate_authority
and
https://en.wikipedia.org/wiki/Public_key_infrastructure

The difficulty with those types of systems is that they fall about in
a heap the moment the private key is compromised.

I understand that this is the weak link

but I also *know* that it is the technique used to control downloads of
software in some safety critical applications - applications where the
acceptance of hacked code could kill someone (if that were the intention
of the hacker)

I have no idea how the holder of that key makes sure it remains secure,
I was only working on the public end.

That's why modern systems will often use one time key pairs to initiate
the channel. Once the connection is done with, the old keys are of no
further value.

As nicely demonstrated by the CSS system applied to DVDs.

The old adage about every engineer can conceive of a crypto system
that they could not themselves break, it perhaps worth keeping in mind.

tis difficult to come up with any scheme that cannot be broken by a
rogue employee revealing the secret formula

The whole point of decent encryption is that there should be no secret
stuff. The whole algorithm should be open and freely available. Any form
of "security by obscurity" always fails.



--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
Reply With QuoteReply With Quote