Re: Can a program prove it's own integrity?

From: BenL (ben.livengood_at_bannerhealth.com)
Date: 05/29/04 

Date: 28 May 2004 23:28:20 -0700

AE <hidden@nospam.com> wrote in message news:<c850eg$cps$05$1@news.t-online.com>...
> The idea is to make the program calculate a MAC of the program itself
> based on a user-provided password.
>
> An attacker doesn't know what password will be typed in so replacing the
> program he would have to find a way to calculate the right MAC for every
> possible password.
>
> Size of program can be checked separately so it is not possible to
> create a replacement that contains the complete original program.
>
> Regards,
> Andreas

Based upon the rest of this thread, it looks like a CD-R is basically
the best way to go, but write it to one of the mini-sized CD-Rs,
either the minidisc size or the credit card size and keep it with you
at all times. This will prevent modification and replacement, and also
examination of the boot loader. Note that you are still SOL for any
practical attacks, because keyboard loggers and tempest devices are
far easier to use than modifying a customized encrypting bootloader.
Don't discount the idea of a virtualized computer run under an
emulator started from the BIOS; SoftICE, VMWare, bochs, and others are
all examples of well emulated hardware. Note that everything can be
faked, including timers such as the Pentium TSC and the PITs. There is
realisticly no way to detect any such a virtualized environment. The
best way to defeat it is to do something obviously slow to emulate,
like switching in and out of protected mode while setting up lots of
page tables and overwriting all available memory several times that
will force the emulator to do extra work, and then manually time the
execution to detect virtualization. However, this only works if you
can guarantee that the boot image is not available to an attacker. It
would be (relatively) simple to add hardware to a motherboard that
would just store the last few boot images to a flash device for later
removal and analysis. Basically, the securest device you could own
would be an encrypted PDA that you keep on your person at all times.
Even then, tempest is probably not your friend.

Relevant Pages

  • Re: About War Driving ..
    ... However, MAC filtering does not qualify as defense in depth, ... because the attacker can spoof a valid IP address. ... broadcasting the SSID doesn't hide a network, but just makes it show up ... machines in your building that you can control and check the MAC ...
    (Security-Basics)
  • Re: Authentication of a messages using a counter and a MAC
    ... used to do MAC of the message, so when the want to communicate the use ... Because you are taking a random walk, the odds of finding a collision ... the attacker build the data series they want ... forging the MAC for a single malicious packet." ...
    (sci.crypt)
  • Re: Authentication of a messages using a counter and a MAC
    ... I was thinking to have a MAC of size 3 byte, does it mean that i can ... Because you are taking a random walk, the odds of finding a collision ... the attacker build the data series they want ... forging the MAC for a single malicious packet." ...
    (sci.crypt)
  • Re: wireless help
    ... With some Mac and ip list restrict to your user only, ... if the attacker as an ip and a mac but cant use any services ... the victim, the victim, is out, and the attacker can get is connection. ... be encryption like VPN or IPSec, I suspect. ...
    (Security-Basics)
  • Re: Can a program prove its own integrity?
    ... > program he would have to find a way to calculate the right MAC for every ... If the attacker has access to the box, the MAC can be bypassed, ... get and build a simple program that does a SHA-1 hash of a file. ... Modify the program to calculate a hash of itself. ...
    (sci.crypt)
Quantcast