Electrical Engineering
      and Computer Sciences

Electrical Engineering and Computer Sciences

COLLEGE OF ENGINEERING

UC Berkeley

Side Effects Are Not Sufficient to Authenticate Software

Umesh Shankar, Monica Chew and J. D. Tygar

EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-04-1363
September 2004

http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/CSD-04-1363.pdf

Kennell and Jamieson recently introduced the Genuinity system for authenticating trusted software on a remote machine without using trusted hardware. Genuinity relies on machine-specific computations, incorporating side effects that cannot be simulated quickly. The system is vulnerable to a novel attack, which we call a substitution attack. We implement a successful attack on Genuinity, and further argue this class of schemes are not only impractical but unlikely to succeed without trusted hardware.


BibTeX citation:

@techreport{Shankar:CSD-04-1363,
    Author = {Shankar, Umesh and Chew, Monica and Tygar, J. D.},
    Title = {Side Effects Are Not Sufficient to Authenticate Software},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2004},
    Month = {Sep},
    URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/6207.html},
    Number = {UCB/CSD-04-1363},
    Abstract = {Kennell and Jamieson recently introduced the Genuinity system for authenticating trusted software on a remote machine without using trusted hardware. Genuinity relies on machine-specific computations, incorporating side effects that cannot be simulated quickly. The system is vulnerable to a novel attack, which we call a substitution attack. We implement a successful attack on Genuinity, and further argue this class of schemes are not only impractical but unlikely to succeed without trusted hardware.}
}

EndNote citation:

%0 Report
%A Shankar, Umesh
%A Chew, Monica
%A Tygar, J. D.
%T Side Effects Are Not Sufficient to Authenticate Software
%I EECS Department, University of California, Berkeley
%D 2004
%@ UCB/CSD-04-1363
%U http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/6207.html
%F Shankar:CSD-04-1363