Thread: Snooping TV.
View Single Post
  #275   Report Post  
Posted to uk.d-i-y
John Rumm John Rumm is offline
external usenet poster
  
Posts: 25,191
Default Snooping TV.
On 15/03/2017 17:07, tim... wrote:


"John Rumm" wrote in message
o.uk...
On 14/03/2017 17:16, tim... wrote:


"John Rumm" wrote in message
o.uk...
On 13/03/2017 19:38, tim... wrote:




It's a specifically written embedded program that chooses to throw
away
*everything* that doesn't match (otherwise it's useless as a secure
product)

You seem to be suggesting a system where a unique public key pair is
used to allow the device to verify the authenticity of code updates
without replying on signed binaries and the more commonly used systems
for establishing trust in these circumstances.

I am not sure what you are referring to as signed binaries

my understanding of signed binaries is to make sure that what you have
received is what was sent, so that you don't try and load accidentally
faulty code

No, that would just be a checksum, or possibly a cryptographic hash
like a MD5 checksum.

the "encryption" used to make sure that the download is authentic, lies
above that

This is normally done with digital certification and a secured
communications channel.

the whole idea is that there isn't a secure communications channel

The initial part of the secure session establishment will typically
use public key cryptography (even if a higher performance symmetric
algorithm is used once a secure key exchange can be done). The key
pairs will be created on the fly. The digital signature is issued by a
certification authority to guarantee that a public key paid is
actually owned by who it claims to be owned by.

but you said that there were places that would create dodgy certificates

That is also why there is a revocation mechanism. If a certificate
itself is compromised it can be revoked, and the same applies to a
certification authority as well (in fact one was recently removed).

That's why modern systems will often use one time key pairs to
initiate the channel. Once the connection is done with, the old keys
are of no further value.

but how do you tell the device that you are communication with, the new
key in a secure way? What stops someone cloning this process?

Because the security certificate is tied to a particular domain name and
IP address as well.

Remember, this is a download being broadcast to 100,000 (or 1 million)
separate devices all at the same time

This isn't a point to point communications link

Which "this" are you referring to in particular?

True multipoint comms (e.g. multicast) on the internet is still fairly
rare - so frequently single source to multiple hosts will still
typically be a point to point link (even in things like iplayer etc).
Multicast also has the disadvantage that you can't so easily establish a
reliable channel over it. This may not matter for the streaming
applications it was intended for (where the timelyness of the data are
as or more important than their absolute correctness), but it will be a
big obstacle for doing things like software updates to multiple devices.
So you have to rely on Forward Error Correction (FEC) to correct errors.
(There are some slightly more obscure protocols that layer on top of UDP
to give some error protection)


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
Reply With QuoteReply With Quote