Thread: Snooping TV.
View Single Post
  #272   Report Post  
Posted to uk.d-i-y
tim... tim... is offline
external usenet poster
  
Posts: 3,789
Default Snooping TV.


"John Rumm" wrote in message
o.uk...
On 14/03/2017 17:16, tim... wrote:


"John Rumm" wrote in message
o.uk...
On 13/03/2017 19:38, tim... wrote:




It's a specifically written embedded program that chooses to throw away
*everything* that doesn't match (otherwise it's useless as a secure
product)

You seem to be suggesting a system where a unique public key pair is
used to allow the device to verify the authenticity of code updates
without replying on signed binaries and the more commonly used systems
for establishing trust in these circumstances.

I am not sure what you are referring to as signed binaries

my understanding of signed binaries is to make sure that what you have
received is what was sent, so that you don't try and load accidentally
faulty code

No, that would just be a checksum, or possibly a cryptographic hash like a
MD5 checksum.

the "encryption" used to make sure that the download is authentic, lies
above that

This is normally done with digital certification and a secured
communications channel.

the whole idea is that there isn't a secure communications channel

The initial part of the secure session establishment will typically use
public key cryptography (even if a higher performance symmetric algorithm
is used once a secure key exchange can be done). The key pairs will be
created on the fly. The digital signature is issued by a certification
authority to guarantee that a public key paid is actually owned by who it
claims to be owned by.

but you said that there were places that would create dodgy certificates

So using this approach you get a good combination of protections without
needing any hard coded keys that could be compromised, and you also get to
verify you are actually talking to the right endpoint, and eliminate the
potential for impersonation or "man in the middle" attacks.

(Its the way web based https or other SSL channels connections are
established example).

Plenty more on it he

https://en.wikipedia.org/wiki/Certificate_authority
and
https://en.wikipedia.org/wiki/Public_key_infrastructure

thanks


The difficulty with those types of systems is that they fall about in
a heap the moment the private key is compromised.

I understand that this is the weak link

but I also *know* that it is the technique used to control downloads of
software in some safety critical applications - applications where the
acceptance of hacked code could kill someone (if that were the intention
of the hacker)

I have no idea how the holder of that key makes sure it remains secure,
I was only working on the public end.

That's why modern systems will often use one time key pairs to initiate
the channel. Once the connection is done with, the old keys are of no
further value.

but how do you tell the device that you are communication with, the new key
in a secure way? What stops someone cloning this process?

Remember, this is a download being broadcast to 100,000 (or 1 million)
separate devices all at the same time

This isn't a point to point communications link

tim



Reply With QuoteReply With Quote