[clug] "Trusting" a remote machine booting from a CD

Paul Wayper paul.wayper at anu.edu.au
Mon Apr 23 00:35:49 GMT 2007 

Michael Cohen wrote:
> On Mon, Apr 23, 2007 at 09:20:46AM +1000, Tony Lewis wrote:
>   
>> Scenario: a remote computer boots off a custom CD, and automatically 
>> attaches to a network.  Before being trusted on the network, I need to 
>> verify for sure that it's booted off the correct CD.  Specifically, I 
>> want to be sure someone hasn't taken the CD, copied and altered any part 
>> of it, and is using that to boot from.
>>
>> Put another way, I want to be able to give the CD to someone, and be 
>> guaranteed that when their machine attempts to connect to the network, 
>> that I can be sure that they're booting from the CD and therefore 
>> haven't modified anything
>>     
> Tony,
>  
> You are trying to do the impossible - millions of dollars have gone into
> developing similar drm schemes for xbox, ps2, and even windows vista. They have
> all failed. (Not to mention their questionable motives...)
>   

I agree.  Which is why whenever someone asks to do the impossible, I
always want to know what their end goal is.  Tony, what are you actually
trying to achieve?  What particular service is that to-be-trusted
computer providing or connecting to?  What kind of network is this? 
What other services (e.g. network boot, ssh, vpn) do similar things and
why are they different?  It may be that by getting to the root goal of
the project will reveal a much simpler way to bypass the whole security
issue.

The other question would be: maybe all you need is a way of telling
correct responses from bad ones.  In distributed.net and SETI at home, for
example, there's no checking on whether the 'work completed' packet has
actually done the work - the work is just randomly rechecked by other
people.  The people that run the projects manually check for obvious
forgery - for instance, someone suddenly appearing from nowhere and
computing several orders of magnitude more keys per second than the top
people.  The forgers are usually fairly obvious in this situation. 
Likewise, BitTorrent uses a 'tit-for-tat' system - if you don't upload
to someone, they don't upload to you - which is impossible to forge
because you know that you've received bytes from someone, and that the
block hashes are good; unlike Kazaa and several other systems which had
a rating system based on the client's own evaluation of how good they
were, which could easily be forged.

So what are you really up to? :-)

Have fun,

Paul

More information about the linux mailing list