You, the problem TPM2 solves image/svg+xml You, the problem TPM2 solves Old copy protection systems tried to controlwhat your PC could do, and were always defeated.Remote attestation by itself permits your PCto do almost anything you want, but ensuresyour PC can't talk to any services requiring attestationif they don't like what your PC is doing or not doing."Remote attestation is coming back.How much freedom will it take?"-- Gabriel Sieben 『minority report mall』『galaxy 虹膜破解』 『voiceprintsharvested』 『加州政府 新生兒 DNA』『california DNA privacy』 fingerprintsusernamesnot passwords (Biometrics 皆然) 『touchid hack』『指紋鎖 一輩子無法更改』『von der leyen fingerprint』『Porras Darknet fingerprint』 Greg Chao-Kuei HungIM dept, CYUTSoftware Liberty Association, Taiwan You, the Problem TPM2 Solves 明文 密文 私鑰 公鑰 privatekey publickey asymmetric cryptography symmetric cryptography Digital Rights Managementothers' rights +big tech's extra powersenforced/exercisedon your devices A B attacker Normal Security Model DRM "Security" Model contentsupplier consumer||attacker Why DRM can never be secure You(r computer) will be assimilated. codeobsfucation "security" byobscurity Not Just DRMThere are other applications thatprovide some legitimacyof centralized control by big techs:- copyright enforcement- remote proctoring- game cheating prevention"Give up you control over to the big techsin exchange for some fairness" "TPM Hierarchy"Eric Chiang You are NOT ALLOWED to sahre or even READ,much less change your own TPM2 private key.You can only createsignatures using it.Effectively, TPM2 chipis the biometrics of your CPU.It will be a real-name/pseudonym worldfor computers on the Internet. Steve Lamb @ Microsoft TPM2 firmware OS VM (cloud)app a non-trusted train-prison Where to seal first? next? (with PCR)==> reverse engineering usingVM or anything else will be impossible These slides@ cyut article@ gnu What will the 3 supreme lordsbe able to enforce?- apps must come from Win Store- apps must respect DRM- apps must respect telemetry- competitors are expelled- or other much less justified restrictions fewer system configurationoptions will be available DRM, Trusted Computing,and Operating SystemArchitecture -- Reid&Caelli v.s. some cloudservice provider yourcomputer Every cloud service providerwill have as much rootkitpower over your computeras allowed by MS.Or google. Or apple.The OS overlords. What to do? - migrate from cloud services requiring remote attestation to those that don't- avoid cloud services as much as possible attestationrequired no attestationrequired "Web-Environment-Integrity" my commentson github Unpacking Google'snew "dangerous"Web-Environment-Integrity specification- vivaldi blog Google’s nightmare"Web Integrity API" wantsa DRM gatekeeperfor the web - arstechnica Apple already shippedattestation on the web,and we barely noticed- Tim Perry Google's WEI and Apple's PAT
1
  1. 標題
  2. qr code
  3. borg
  4. G-force
  5. DRM
  6. DRM always fails
  7. obfuscation
  8. more apps
  9. biometrics
  10. asymmetric cryptography
  11. TPM hierarchy
  12. TPM2 is the biometrics of your CPU
  13. PCR
  14. train analogy
  15. Sieben
  16. rootkit
  17. rootkit
  18. MS the supreme lord
  19. avoid cloud
  20. reduced diversity
  21. overall