[clug] "Trusting" a remote machine booting from a CD

Michael Cohen michael.cohen at netspeed.com.au
Mon Apr 23 00:03:23 GMT 2007 

Tony,
 
You are trying to do the impossible - millions of dollars have gone into
developing similar drm schemes for xbox, ps2, and even windows vista. They have
all failed. (Not to mention their questionable motives...)

The root of the problem is that you are trying to control someone elses
machine. In particular your users are untrusted. They have all the advantages -
physical access, and network access.

Without security enforced on the hardware (i.e. lock it in a thick metal box)
you cant control what someone else can do with it. 

To come close (if this application does not warrant someone to reveng the
hardware) you can use a smart card to authenticate, but that will not stop
someone from modifying the software, it just will allow the right people to
authenticate. (i.e. someone cant copy the cd and pop onto your network - unless
they also copy the smart card).

At the end of the day if you cant trust your users, you have a bigger problem.

Michael

On Mon, Apr 23, 2007 at 09:20:46AM +1000, Tony Lewis wrote:
> Scenario: a remote computer boots off a custom CD, and automatically 
> attaches to a network.  Before being trusted on the network, I need to 
> verify for sure that it's booted off the correct CD.  Specifically, I 
> want to be sure someone hasn't taken the CD, copied and altered any part 
> of it, and is using that to boot from.
> 
> Put another way, I want to be able to give the CD to someone, and be 
> guaranteed that when their machine attempts to connect to the network, 
> that I can be sure that they're booting from the CD and therefore 
> haven't modified anything
> 
> I call this "BootsForSure" :-)
> 
> I don't see how I can do this with certainty, because any challenge I 
> ask the remote computer to do (e.g. sha1sum of the kernel) can be falsified.
> 
> One thing I can think of is to use obfuscated binaries that contain some 
> algorithm, e.g. a warped sha1sum.  But that's security by obscurity, and 
> isn't bulletproof.
> 
> Any ideas?
> 
> PS, I've just changed my subscribed email address, should it matter to 
> anyone.  I keep getting bounced on the other one.
> 
> Tony
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

More information about the linux mailing list