The whole article can be read here
Edit: Link to the article added and only parts of the article are kept. - Vysez
Edit: Link to the article added and only parts of the article are kept. - Vysez
Last edited by a moderator:
Cell's Security Architecture: Ibm's Prize And Sony's Achilles Heel
- Thread starter hey69
- Start date
Arstechnica was the source... I just finished reading that article. Even browsed the discussion.
I'm kind of at a loss. So is Ars saying that another SPE is going to be used for security?
It sounds like a noble effort though. I wonder how long before it is cracked, or at least circumvented. Oh, one last question. Someone in Ars asked why they couldn't update the firmeware to fix the hole. Is this a viable solution. Or are they stuck with what they have?
I'm kind of at a loss. So is Ars saying that another SPE is going to be used for security?
It sounds like a noble effort though. I wonder how long before it is cracked, or at least circumvented. Oh, one last question. Someone in Ars asked why they couldn't update the firmeware to fix the hole. Is this a viable solution. Or are they stuck with what they have?
Diamond.G said:
No. The OS SPE could be totally isolated from the rest of the system though, all the time, or when performing sensitive operations.
Also, the achille's heel they seem to suggest is that a hardware mod-chip could be produced to circumvent Cell's hardware security. This is obviously true, but the whole point is that this kind of attack is much more sophisticated and much less accessible than a software-based attack would be. If a software exploit is found, really anyone can take advantage of it by following the right steps. A mod-chip requires expertise, time and/or money spent on someone else's, to install one on your system, and it's quite a lot easier to zoom in on those providing such chips or installing them, and taking legal action.
Every system is vulnerable to software and hardware (mod-chip) exploits. The Cell security mechanisms are aimed minimising the possibility for the former, since they are the ones that are easier to implement and that are most likely to lead to widespread exploitation.
Also, as for hardware root keys - what's to stop each PS3 having a unique one? Ars seems to suggest once one system was cracked with a mod-chip, that same chip would work for them all. If the hardware root keys are all different, exposing it and configuring each mod-chip appropriately would be a lot of overhead for cracking each and every system.
To be honest, I'm not exactly sure what Ars's point is. No system is invulnerable. You can only keep raising the barrier to entry, so to speak, for aspiring hackers. IBM claims that Cell closes the door on slightly less-sophisticated, software-based attacks, and that would probably put exploits out of the reach of most people. IBM isn't claiming it's invulnerable, simply that they've added more and more security, such that it'll be less commonly easy to exploit.
By the way, IBM's own article on Cell security is here:
http://www.ibm.com/developerworks/power/library/pa-cellsecurity/
Last edited by a moderator:
Hardware root of secrecy: This feature is the heart of Cell's approach to software security. Cell stores a root key in hardware, and when an SPE boots in secure mode it must access that key in order to unseal the set of keys that it will use to decrypt the code and data that will go into its LS. Only an SPE running in secure mode with code that has been verified via runtime secure boot may ever access the root key.
the usual ars techinica armchair analysis...
genius...pure genius
the usual ars techinica armchair analysis...
genius...pure genius
What reason have Ars to believe that PS3 will only be using this Hardware Cell level security and not bother to have any patchable software security in place through the OS?
Running security software on semi-secure hardware is always better than running security software on insecure hardware ... in both cases the hardware is a fixed quantity which can not be upgraded, but in the latter you are screwed immediately and with the former you have some time.
Calling it an achilles heel is a bit silly.
If they did their job right it should at least be possible to guarantuee security for the online components of games, including additional content (because that could all be crypted for the specific machine, rather than be crypted with a universal code).
Calling it an achilles heel is a bit silly.
If they did their job right it should at least be possible to guarantuee security for the online components of games, including additional content (because that could all be crypted for the specific machine, rather than be crypted with a universal code).
Is this type of security really that different than the type MS uses? From the little that I understand, it doesn't seem to be. Also worth noting is how they have moved most of the sensitive stuff to the CPU itself. I reckon it would be quite difficult to find holes, unless they make mistakes like MS did with the demo disk thing. All in all I am not too worried as I don't ever plan on hacking any of the systems I will own.
What do you guys think?
What do you guys think?
Thought 'Achille's Heel' also means a weakspot that completely negates all other defenses and defeats the supposedly undefeatable. I certainly felt Ars were saying for all these security features, they'll do no good for PS3 security, and ignored the possibility of further OS securities being employed. I don't think it's fair to say this is the point to target that will utterly compromise the entire platform just yet.
predicate said:
As opposed to the Achille's leg or lower body you might normally find
There's no such thing as perfect security. The best you can hope for is that your system is so difficult to compromise, and so difficult to compromise on a wide scale, that only a few try and/or succeed. Limiting opportunity for software exploits is a good step in that direction. If Cell exploits were wholly limited to just hardware-based exploits (mod-chips), that'd be quite amazing, actually (though I have my doubts that'll actually be the case).
Last edited by a moderator:
!eVo!-X Ant UK
Banned
Great article thanks for the post But one thing that strikes me about the "MOD" chip is the detection, could'nt the original X-box detect if a MOD chip was installed on the board?? Im sure of this as the penalty was being banned from XBL.
Could'nt Sony do the same thing?? Like while your connected to the internet playing a game etc... etc... they run some sort of a system hardware scan to search for foriegn objects on the board that are'nt supposed to be there? And then take the aporopriate action?
But one thing that strikes me about the "MOD" chip is the detection, could'nt the original X-box detect if a MOD chip was installed on the board?? Im sure of this as the penalty was being banned from XBL. Could'nt Sony do the same thing?? Like while your connected to the internet playing a game etc... etc... they run some sort of a system hardware scan to search for foriegn objects on the board that are'nt supposed to be there? And then take the aporopriate action?
well compare it with the xbox and apparetnly the xbox360 where the achille is the dvd firmware.
you can now connect the xbox dvd drive to your pc, flash the firmare of it and voila you can play backups on it. (you can't execute unsigned code but thats not the main concern of the average pirat)
and this has been proven working also on the xbox360!
you can now connect the xbox dvd drive to your pc, flash the firmare of it and voila you can play backups on it. (you can't execute unsigned code but thats not the main concern of the average pirat)
and this has been proven working also on the xbox360!
!eVo!-X Ant UK said:Great article thanks for the post
Could'nt Sony do the same thing?? Like while your connected to the internet playing a game etc... etc... they run some sort of a system hardware scan to search for foriegn objects on the board that are'nt supposed to be there? And then take the aporopriate action?
sony has already something like that to prevent people from playing online with backups. it compares the serial or something like that with their database when a user is connected online
!eVo!-X Ant UK
Banned
hey69 said:
No i mean scanning the PS3 HW it-self and running tests to see if anything is there that is'nt suposed to be there, or if some components are behaving abnormally because of a foreign MOD chip.
Think of it like a Extreme version of Valve's VAC2, only its scans the hardware and not the memory process's for anything dodegey
hey69 said:
What can I say, I got to maybe the third or fourth paragraph and immediately I knew I would be seeing this at the bottom of the post. Maybe the alarmist article title should have alerted me? Ah well, it certainly is an interesting article and I think we might finally have an idea of what this 'OS reserved' SPE is being used for.
Me too.Mmmkay said:
I can tell an article from Ars, just like I can tell an article from Anand's... It's automatic.
I don't know if it's something positive though.
And yeah, the article while informative is quite alarmist. How can a CPU with numerous hardwired security functions running a software layer of other security checks could be any worse then a CPU without hardwired security relying on software only?
A modchip for the internal functions of a CPU? In other words, inside the CPU?
It will take more than one of these "aha!" moments, the article is talking about, to come up with a feasible method to bypass CPU hardwired functions with a hand soldered chip.
About the conclusion. Let me ask, what kind of conclusion is that?
Since other DRM systems can be cracked, there's no use for Sony to provide a better protection for their PS3? What type of logic is that...
!eVo!-X Ant UK said:No i mean scanning the PS3 HW it-self and running tests to see if anything is there that is'nt suposed to be there, or if some components are behaving abnormally because of a foreign MOD chip.
Think of it like a Extreme version of Valve's VAC2, only its scans the hardware and not the memory process's for anything dodegey
There is no need because the root-key is stored in hardware and you'll have to find someone with a very good forensics setup to retrieve the value.
If you do comprimise the root key, potentially, you can't do much. If they use PKC and the hardware root key is the public part you have to then back work the corresponding private part to have a pair that will allow you to encrypt/decrypt/verify arbitrary content. Now, unless you are a mathematical genius (and not yet been 'disposed' of by various parties) who can solve what is most likely problems in the field of discrete logarithms (ECC is the best bet for an on-chip solution) or numerical factorisation of large numbers (RSA) you're stuffed.
If, on the other hand, you are called Sony you can easily encrypt what you want with the secret ECC key and have it decrypt things straight into an SPE. Then you simply place another set of keys in your code and encrypt it all up and no one will be able to see them. This is cheap with ECC (even mobile phones can do this) and you very quickly set up a secure authentication system, as described in the original white paper, with whoever/whatever device you want. Things get even more complex if instead of the keys stored in the ROM being dynamic the ECC key is unique to each box also in which case you could crack one console but no more. So, to get your code to load you have to be signed and then you can quickly establish secure communication with any device on the system (and with things like Rambus bus probing will be tricky, also see how MS foiled it with the motherboard design with wires going everywhere) possibly using a OTP.
The Xbox360's only slip up in this plan was to leave the drive firmware unencrypted and allow you to patch the detection mechanism. MS can't fix this in old models (people can always emulate/patch around it) but in newer revisions they could easily put some secure loading mechanism (for a price) in the drive that prevents it.
Ars writes a few 'nice' articles for the masses occasionally but often there is a large helping of mis-understanding with a side order of bullshit on top which highlight his ignorance. It just so happens his 'nice' articles have gained him a reputation for being a credible technology informant.
EDIT:
Vysez said:
Because a CPU with hardwired public key cryptography can start itself into a known trusted state.
This is the problem with TSR rootkits now, the OS is essentially inside a VM (which the rootkit controls) and is at the whim of it. Simply loading code from some ROM and executing it gives you this kind of problem because, contrary to it's name and popular belief, you can modify the ROM image. By signing the ROM (and having hardware which you cannot tamper with because it's in the bowels of the chip) you can do this because you know the ROM can only have come from one place: you (unless, as I say, you've done some very clever maths).
The point of the TPM/TCM and the Fritz chip that has been touted (see any new Intel Mac) is the ability to use this to eliminate the rootkit problem. It is an unfortunate consequence that, as MS has told everyone, you get amazing DRM powers and properitery format lock-in capabilities if you do this. Most people don't object to the concept of further security but in an open platform (rather than the closed platform console world) these things have the potential to be extremely damaging to customer choice and competition. Though the activists have been vocal, this hardware is being rolled out and used in OSX (for verification of legitimate Apple hardware) and in the upcoming Vista in BitLocker (which will cause problems because even the NSA/CIA/Police will be unable to decrypt things though technically they can't now). Where it will go is anyones guess.
Last edited by a moderator:
It's completely ludicrous. PS3's security is no more an achilles heel than the 360s is, and considerably better than any previous console's.MfA said:
