Umesh Shankar, Monica Chew and J. D. Tygar
EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-04-1363
September 2004
http://www2.eecs.berkeley.edu/Pubs/TechRpts/2004/CSD-04-1363.pdf
Kennell and Jamieson recently introduced the Genuinity system for authenticating trusted software on a remote machine without using trusted hardware. Genuinity relies on machine-specific computations, incorporating side effects that cannot be simulated quickly. The system is vulnerable to a novel attack, which we call a substitution attack. We implement a successful attack on Genuinity, and further argue this class of schemes are not only impractical but unlikely to succeed without trusted hardware.
BibTeX citation:
@techreport{Shankar:CSD-04-1363, Author = {Shankar, Umesh and Chew, Monica and Tygar, J. D.}, Title = {Side Effects Are Not Sufficient to Authenticate Software}, Institution = {EECS Department, University of California, Berkeley}, Year = {2004}, Month = {Sep}, URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2004/6207.html}, Number = {UCB/CSD-04-1363}, Abstract = {Kennell and Jamieson recently introduced the Genuinity system for authenticating trusted software on a remote machine without using trusted hardware. Genuinity relies on machine-specific computations, incorporating side effects that cannot be simulated quickly. The system is vulnerable to a novel attack, which we call a substitution attack. We implement a successful attack on Genuinity, and further argue this class of schemes are not only impractical but unlikely to succeed without trusted hardware.} }
EndNote citation:
%0 Report %A Shankar, Umesh %A Chew, Monica %A Tygar, J. D. %T Side Effects Are Not Sufficient to Authenticate Software %I EECS Department, University of California, Berkeley %D 2004 %@ UCB/CSD-04-1363 %U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2004/6207.html %F Shankar:CSD-04-1363