SystemsSec 2018W Lecture 7: Difference between revisions

From Soma-notes
Calvin (talk | contribs)
Calvin (talk | contribs)
Line 21: Line 21:




**Trusted Software (DRM): DRM: Digital Rights Management**
'''Trusted Software (DRM): DRM: Digital Rights Management'''


- Almsot no scope for confidentiality, meant mostly for preventing messing with bits.
- Almsot no scope for confidentiality, meant mostly for preventing messing with bits.

Revision as of 05:54, 31 January 2018

Audio

Lecture 7 Audio

Notes

- You want cryptography whenever your rival can mess with bits. i.e see, modify, etc.


- If you're talking about an isolated device, i.e single terminal for one person. what does crypto do for you? almost nothing. (ex: what if someone steals the system? if they mess with hardware?)

- TLS, SSH most common protocols nowadays for detection.

- #1 Rule: Never do your own crypto, including implementation.

- Most common use case on an individual system: file/file-systems encryption

- You can encrypt a file and send it, but if you have to send it, someone has to do something on the reciever side to decrypt it.


Trusted Software (DRM): DRM: Digital Rights Management

- Almsot no scope for confidentiality, meant mostly for preventing messing with bits.

- Trusted Boot:

- TPM: Trusted Platform Model, this is the portion of a chip that is meant to hold secrets and can do computations without giving away info.

As long as TPM is safe, all data is safe.


- An attacker must do 1 of 3 things if they want data access: break TPM, break the crypto, or get the keys.

- Arguably, getting the keys might be the easiest, even for a company like Apple or Microsoft (Trick one of the human(s) with the keys).

- MalwareBytes: 2 bad updates, essentially acting as a dedicated denial of service. This is a breach of trust.


- How did MS sign my boot order even though I have linux? Because they're allowed to.

- The reason you can't have linux on an Apple device is because of trusted boot; to startup linux, you would have to break the boot order, which would trigger security precautions. But, get the keys, and you could probably do it.