Side Effects Are Not Sufficient to Authenticate Software

Umesh Shankar, Monica Chew and J. D. Tygar

EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-04-1363
September 2004

http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/CSD-04-1363.pdf

Kennell and Jamieson recently introduced the Genuinity system for authenticating trusted software on a remote machine without using trusted hardware. Genuinity relies on machine-specific computations, incorporating side effects that cannot be simulated quickly. The system is vulnerable to a novel attack, which we call a substitution attack. We implement a successful attack on Genuinity, and further argue this class of schemes are not only impractical but unlikely to succeed without trusted hardware.


BibTeX citation:

@techreport{Shankar:CSD-04-1363,
    Author = {Shankar, Umesh and Chew, Monica and Tygar, J. D.},
    Title = {Side Effects Are Not Sufficient to Authenticate Software},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2004},
    Month = {Sep},
    URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/6207.html},
    Number = {UCB/CSD-04-1363},
    Abstract = {Kennell and Jamieson recently introduced the Genuinity system for authenticating trusted software on a remote machine without using trusted hardware. Genuinity relies on machine-specific computations, incorporating side effects that cannot be simulated quickly. The system is vulnerable to a novel attack, which we call a substitution attack. We implement a successful attack on Genuinity, and further argue this class of schemes are not only impractical but unlikely to succeed without trusted hardware.}
}

EndNote citation:

%0 Report
%A Shankar, Umesh
%A Chew, Monica
%A Tygar, J. D.
%T Side Effects Are Not Sufficient to Authenticate Software
%I EECS Department, University of California, Berkeley
%D 2004
%@ UCB/CSD-04-1363
%U http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/6207.html
%F Shankar:CSD-04-1363