[Freedombox-discuss] PSN, ARM's Trust Zone and TPM

Thu Jun 28 01:37:16 UTC 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On June 27, 2012, Ben the Pyrate asked:

I'm a little confused about all this concern I've been seeing
about UUIDs. Could someone explain this to me? How exactly does it
hurt your privacy/anonymity if your CPU has a UUID?

Or, asked another way, what is the attack vector? What would a
hacker or government or other adversary need to do in order to
track someone by their UUID? Please help me to understand this
threat.
Best regards,
Ben the Pyrate

My answer:

In 1999, Intel announced that its Pentium III processors have a
processor serial number (PSN). Whereas, Intel had concealed that
its  earlier processor, the Pentium II had a PSN. See:
http://findarticles.com/p/articles/mi_m0BNO/is_2000_June/ai_62263364
/ and http://bigbrotherinside.org/ and
http://www.theregister.co.uk/1999/03/16/finding_your_pentium_ii_psn/
.

Intel installed a PSN for digital rights management. I will discuss
digital rights management under my paragraph on Trusted Platform
Module (TPM).

"It (PSN) allows software manufacturers and websites to identify
individuals more precisely." From:
http://www.geek.com/glossary/P/psn-processor-serial-number/

"But what I thought was the most interesting was that the processor
serial number still gets reported to the Windows operating system."
From: http://discussions.virtualdr.com/archive/index.php/t-
100736.html

"Pentium III's serial number could be read by external programs."
http://www.hardwarecentral.com/archive/index.php/t-52051.html

Privacy groups protested against the PSN's invasion of privacy. The
EU and China intended to ban Pentium III. See
http://en.wikipedia.org/wiki/Pentium_III

Therefore, Intel developed software that would disable the PSN for
users who's BIOS did not give an option to disable PSN. Disabling
means that the PSN would not be visible online. Whereas, the BIOS
option and Intel's software did not work. The PSN leaked and was
visible online. See: http://articles.cnn.com/keyword/pentium-iii
and http://bigbrotherinside.org/.

The PSN also leaked because malware hacked Intel's disabling. Intel
asked Symantec for a patch. The patch did not work.

Intel's misrepresented that it would discontinue inserting PSN and
in its place use TPM (Trusted Platform Module). Whereas, Intel
continued to insert PSN in its next processor, the Pentium 4. See
http://www.hardwarecentral.com/archive/index.php/t-49252.html

TPM's invasion of privacy is discussed at
http://www.gnu.org/philosophy/can-you-trust.html and see section on
How can TC be abused? at http://www.cl.cam.ac.uk/~rja14/tcpa-
faq.html

TPM is a 1 GB microchip on the motherboard. TPM is not in the
processor. TPM has an universally unique identifier (UUID). In
addition to its own visible UUID, TPM creates a composite UUID
containing the serial numbers of other hardware such as the
internal hard drive. Websites, government, IT administrators and
hackers can see these UUIDs.

For example, if a consumer purchases an e-book or software and
changes his or her internal hard drive or copies it onto another
computer, the e-book will not play.

Government, hackers and information brokers can track the activity
and geolocation of computers by their UUIDs. Websites that read the
UUIDs can sell this tracking information along with other tracking
information to information brokers who resell it to investigators
who resell it to abusers.

There is more than version of TPM. "Meanwhile, there are spin-offs
and enhancements whose security characteristics were embedded even
more strictly. Examples are Intel's LaGrande Technology, ARM's
TrustZone, and starting in 2006, AMD's Presidio is expected to hit
the market."

Besides being tracked by use of a credit card, consumers can be
tracked by the UUID when they do online banking.

ARM's TrustZone
Secured PIN entry for enhanced user authentication in mobile
payments & banking
• Anti-malware that is protected from software attack
• Digital Right Management
• Software license management
• Loyalty-based applications
• Access control of cloud-based documents
• e-Ticketing Mobile TV

http://mobile.arm.com/products/processors/technologies/trustzone.php
?tab=Why+TrustZone?

Marvell uses ARM processors. ARM processors supporting TrustZone
include: ARM Cortex-A15, ARM Cortex-A9, ARM Cortex-A8, ARM Cortex-
A7, ARM Cortex-A5 and ARM1176. I could not tell by reviewing
Marvell's website which ARM the Kirkwood 88F6281 or the Sheva
processor in DreamPlug has. Could you please ask Marvell?

Hackers had it easy when one OS dominated the world. One article
discussed that hackers are performing less software attacks and
instead attacking processors. Hacking the processor at the kernel
level gives complete remote control of the computer. A PSN makes
the processor visible online. A PSN makes the processor vulnerable
to hacks.

Firmware rootkits that infect the BIOS are not always erased by
flashing the BIOS. See articles on the mebromi firmware rootkit.

A mesh network and OpenVPN and proxies, such as TOR, do not fully
grant privacy. The PSN and/or TPM's UUID are visible offline. I
cannot cite references on this. I have been hacked offline, first
by my wifi card and after I removed my wifi card and bluetooth
card, by my PSN.  Yes, computers can be hacked via their wifi cards
even though the computers are offline. See
http://www.usatoday.com/tech/news/computersecurity/hacking/2006-08-
02-wireless-hackable_x.htm

There are plenty of articles on hacking bluetooth due to
bluetooth's MAC address being visible.

The old methods of tracking computers were IP address and MAC
address of the wifi card. If this were completely sufficient, there
would be no reason for PSN and TPM. The fact that they exist means
that they enable tracking of computers via hardware.

Don't give a false sense of security by promising privacy unless
you are also offering hardware privacy. Except for MAC address on
wifi cards, we had hardware privacy prior to Pentium II's PSN.
FreedomBox can ask Marvell and/or other manufacturer to "down
grade" to the early 1990s and give us back our hardware privacy.
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wsBcBAEBAgAGBQJP67VMAAoJEMry4TZLOfxm9YAH/RRVV+M52JUhjH6deNF4NuOSTFcU
/65DRVoplKsGYpM4G7SBcc7oIN1/xG2C5P8CGusEqZ/IKYcgFur5oJ9ixRC0X9ssuTQ4
zSXtlNSujFP+fIBSaSMTanJ/fpIN0f8UF02XsymhHnXI/nidAkEkC2vbPiwDo+x9+Hvx
VEL7Yhybwfqt4JmbZDiBSes3x0/gXQwYbIvg+QqPKvJnugVv7LX8AflvftaxWrsQSjCC
SHSyaelIJaf6D663NdkHCB7pYipEBoywRKrODS2TQDNTgEeeCdMdhqx51TNLFCNfmIxc
XMqqsV4maHFsWONHMRhBJ/BqHD0E3RZHeHpevA69Bco=
=QIA5
-----END PGP SIGNATURE-----