Last modified: 11/10/01 12:05:52 PM
In case you were wondering about the "4758 Cracked" rumors...
The 4758 is a physically and logically secure computer, that can house applications. To date, the security of this platform has not been compromised.
However, what those applications do is up to them---the 4758 gives developers an armored car, but developers still have to lock the doors.
The Cambridge team found a hole in the CCA application that many folks use, not in the underlying platform.
4758s in general are not threatened. Neither is the ability of the owner of any CCA-loaded card to load something else---and then verify that their untampered card really has a new application.
It seems to be the media that's confusing things. The Cambridge team itself is honest about what they've done; the only misstatements on their site that I saw were:
What we validated was the "secure box with the burly guard." This process established---within the rubric of the standard---that box + guard does its job, no matter what app sw went inside and no matter what physical attacks happened outside. (This doesn't mean it's 100% secure... it just means that we strove to do the best job we could... and so far, it's held up.)
For the system consisting of an application executing inside the card to be validated, one needs to do a delta validation. IBM did part of the work with the Level 3 validation of the CPQ/++ OS inside the card: if you want to validate your app, and it's built on CP/Q, you only have to do the modelling and testing for your software. Some application developers did this. CCA did not.
The Cambridge team also has some issues with how IBM responded to their discovery of CCA flaws. Having been outside of IBM for 16 months now (but personally knowing many of the people), I'm not really in a position to comment one way or the other on that.
--Sean (who worked on building and validating the 4758 platform, but not on CCA)
|Back to home page||Maintained by Sean Smith, firstname.lastname@example.org|