Forwarded From: Ken Williams <jkwilli2@unity.ncsu.edu>
Why Intel's ID tracker won't work
By Bruce Schneier, ZDNN
January 26, 1999 4:45 PM PT
URL: http://www.zdnet.com/zdnn/stories/comment/0,5859,2194863,00.html
Last Thursday Intel Corp. announced that its new processor chips would
come equipped with ID numbers, a unique serial number burned into the chip
during manufacture. Intel said that this ID number will help facilitate
e-commerce, prevent fraud and promote digital content protection.
Unfortunately, it doesn't do any of these things.
To see the problem, consider this analogy: Imagine that every person was
issued a unique identification number on a national ID card. A person
would have to show this card in order to engage in commerce, get medical
care, whatever. Such a system works, provided that the merchant, doctor,
or whoever can examine the card and verify that it hasn't been forged. Now
imagine that the merchants were not allowed to examine the card. They had
to ask the person for his ID number, and then accept whatever number the
person responded with. This system is only secure if you trust what the
person says.
The same problem exists with the Intel scheme.
Too easy to hack
Yes, the processor number is unique and cannot be changed, but the
software that queries the processor is not trusted. If a remote Web site
queries a processor ID, it has no way of knowing whether the number it
gets back is a real ID or a forged ID. Likewise, if a piece of software
queries its processor's ID, it has no way of knowing whether the number it
gets back is the real ID or whether a patch in the operating system
trapped the call and responded with a fake ID. Because Intel didn't bother
creating a secure way to query the ID, it will be easy to break the
security.
As a cryptographer, I cannot design a secure system to validate
identification, enforce copy protection, or secure e-commerce using a
processor ID. It doesn't help. It's just too easy to hack.
This kind of system puts us in the same position we were in when the
government announced the Clipper chip: Those who are engaged in illicit
activities will subvert the system, while those who don't know any better
will find their privacy violated. I predict that patches that randomize
the ID number will be available on hacker Web sites within days of the new
chips hitting the streets.
The real question
The only positive usage for processor IDs is the one usage that Intel said
they would not do: Stolen processor tracking. Pentium II chips are so
valuable that trucks are hijacked on the highways, sometimes resulting in
drivers being killed. A database of stolen processor IDs would drop the
market for stolen CPUs to zero: Board manufacturers, computer companies,
resellers and customers could simply query the database to ensure that
their particular CPU wasn't stolen. (This is the primary usage for
automobile VINs.) This same system could be used to prevent manufacturers
from overclocking their CPUs -- running them faster than Intel rated them
for -- another thing that Intel would love to prevent.
The real question is whether computers are a dangerous technology, and
need to be individually tracked like handguns and automobiles. During the
Cold War many Eastern European countries required mimeograph machines to
be individually licensed; I have a hard time believing that computers need
the same sorts of controls.
Bruce Schneier is the president of Counterpane Systems and the author of
"Applied Cryptography."
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:11:09 1999