Sunday, August 07, 2016

[txqwdosn] User authenticated system integrity

At the beginning of the boot process, the computer checks for the existence of a file at a hardcoded location.  That file is a program with an authentication tag (MAC).  If the file does not exist, the computer does some error behavior, perhaps proceeding with boot for backward compatibility.  If it does exist, the computer asks the user for the key to verify the authentication tag.  If the key is correct and the MAC verifies, the computer immediately forgets the key and runs the program.  If not, some other error behavior.

The program is a system integrity checker.  Key points: the user has control over both the key and the program, so there are no DRM issues of users being restricted about what they can do with their computer.  Because the key is forgotten before the main operating system boot, malware running within the OS cannot alter the integrity checking program with something else by stealing the key.

Devilish details, most notably: occasionally, perhaps often, the integrity checker will need to be updated so the authentication tag will need to be recomputed.  This requires the key, so provides malware using a keystroke logger or other spoofing an opportunity to steal the key.

No comments :