UC BERKELEY
EECS technical reports
TECHNICAL REPORTS


CSD-04-1363.pdf
CSD-04-1363.ps
Conditions of Use

Archive Home Page

Side Effects Are Not Sufficient to Authenticate Software

Authors:
Shankar, Umesh
Chew, Monica
Tygar, J. D.
Technical Report Identifier: CSD-04-1363
September 2004
CSD-04-1363.pdf
CSD-04-1363.ps

Abstract: Kennell and Jamieson recently introduced the Genuinity system for authenticating trusted software on a remote machine without using trusted hardware. Genuinity relies on machine-specific computations, incorporating side effects that cannot be simulated quickly. The system is vulnerable to a novel attack, which we call a substitution attack. We implement a successful attack on Genuinity, and further argue this class of schemes are not only impractical but unlikely to succeed without trusted hardware.