Side Effects Are Not Sufficient to Authenticate Software
Umesh Shankar, Monica Chew and J. D. Tygar
EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-04-1363
September 2004
http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/CSD-04-1363.pdf
Kennell and Jamieson recently introduced the Genuinity system for authenticating trusted software on a remote machine without using trusted hardware. Genuinity relies on machine-specific computations, incorporating side effects that cannot be simulated quickly. The system is vulnerable to a novel attack, which we call a substitution attack. We implement a successful attack on Genuinity, and further argue this class of schemes are not only impractical but unlikely to succeed without trusted hardware.
BibTeX citation:
@techreport{Shankar:CSD-04-1363,
Author = {Shankar, Umesh and Chew, Monica and Tygar, J. D.},
Title = {Side Effects Are Not Sufficient to Authenticate Software},
Institution = {EECS Department, University of California, Berkeley},
Year = {2004},
Month = {Sep},
URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/6207.html},
Number = {UCB/CSD-04-1363},
Abstract = {Kennell and Jamieson recently introduced the Genuinity system for authenticating trusted software on a remote machine without using trusted hardware. Genuinity relies on machine-specific computations, incorporating side effects that cannot be simulated quickly. The system is vulnerable to a novel attack, which we call a substitution attack. We implement a successful attack on Genuinity, and further argue this class of schemes are not only impractical but unlikely to succeed without trusted hardware.}
}
EndNote citation:
%0 Report %A Shankar, Umesh %A Chew, Monica %A Tygar, J. D. %T Side Effects Are Not Sufficient to Authenticate Software %I EECS Department, University of California, Berkeley %D 2004 %@ UCB/CSD-04-1363 %U http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/6207.html %F Shankar:CSD-04-1363