Please create an account to participate in the Slashdot moderation system


Forgot your password?

IBM Hardwires Encryption Into Chips 244

zenwarrior writes "Reported by CNET, a new chip technology termed Secure Blue by IBM will keep users' data encrypted and secured at virtually every moment on essentially anything in which the chip can be used. Data is even encrypted in RAM, leaving display for users' viewing as almost the last place it isn't encrypted. This has to be considered decidedly anti-Homeland Defense by the current administration. If so, when will we see it if ever?"
This discussion has been archived. No new comments can be posted.

IBM Hardwires Encryption Into Chips

Comments Filter:
  • Clipper Chip??? (Score:5, Insightful)

    by DAldredge ( 2353 ) <SlashdotEmail@GMail.Com> on Monday April 10, 2006 @12:11PM (#15099264) Journal
    Like the last adminstration would have liked this tech? Face it - neiter party in DC likes anything that takes power away from them.
    • Why are we speculating here? We've had encryption for a long time now, and it's not going away. If the powers that be don't like this, wouldn't they not like GnuPG?

      The poster made the political comment with absolutely no backing at all. I wouldn't be surprised if IBM was not allowed to export this to Iran, but again, nothing new. And you don't have much justification that Clinton would have tried to do anything.

      • Re:Clipper Chip??? (Score:3, Informative)

        by Helios1182 ( 629010 )
        When public key crypto came out the government had a fit. Actually, the whole history of cryptography and the NSA is interesting. They fought it tooth and nail, but eventually had to come to terms with the public having strong crypto. Check out "Crypto, How the code rebels beat the government - saving privavy in teh digital age," by Steven Levy for some history in an interesting storylike format.
        • My point was that the cat is out of the bag. Until we see the government try some funny stuff, let's not assume they will just because there is some incremental achievement in cryptography.
          • Re:Clipper Chip??? (Score:3, Interesting)

            by networkBoy ( 774728 )
            In a way this is not so incremental.
            The fact that the entire system is encrypted, with the exception of the output device and in-CPU communication, electronic wiretapping can be made inpractable. Yes the crypto can be broken, but if the crypto holds up for either the statute of limitations &&|| the perps lifetime then you might as well not wiretapped at all.

            Yes you can still get at teh output device, but if that device is a digital earphone (or better yet a bone conduction transducer) that decrypts
    • I'm amazed the article was posted with such a decidedly partisan jab. I don't see how the 'administration' has really affected technology available to the public or influenced domestic product availability. In fact, I'm pretty sure this would be a new power never weilded by the white house. Speaking then, from experience, the government wouldn't hinder this technology from being available throughout the US. Just don't expect to see it available for export anytime soon. It would actually strengthen homeland
    • Re:Clipper Chip??? (Score:3, Insightful)

      by Doc Ruby ( 173196 )
      We're talking about the current administration, the one we've got, the one we can do something about. Not just partisan politics. But actual politics that go way beyond elections, to actually governing the country.

      I know partisans want to do nothing but win elections, get the bribes and power. But we need politicians who can also run the country. And people who can communicate with them to ensure they represent us.

      When Democrats have some power, even when balanced by a Republican other branch, the only bad
      • Other than trying to talk around it and obsfucate the question what are you saying? That the Dems would embrace this with open arms or not? here's a hint: if past history means anything look up the clipper chip
        • Wnat are you, illiterate? I'm saying what I'm saying: "the current administration, the one we've got, the one we can do something about".

          So I will slap your obfuscation, talking around, and other insistence we talk about the dead past. right out of your hands.

          The question is "will Bush stop IBM from supplying Americans with strong, easy encryption"?

          It's not "can I think of something irrelevant to say about an administration from the past decade because it diverts attention from my favorite president".
    • Communications between the monitor and graphics cards are now going to be encrypted thanks to HDMI. Keyboards with encrypted communications to the computer are available. File system based encryption courtesy of Microsoft and encrypted tunnels via SSL. Soon RFID and Biometric devices for user login. Going to be interesting to see what the alphabet soup guys will be using to get into computer systems.
  • by magetoo ( 875982 ) on Monday April 10, 2006 @12:11PM (#15099270)
    My guess: In media center PCs in 3... 2... 1...
    • by frovingslosh ( 582462 ) on Monday April 10, 2006 @02:06PM (#15099939)
      Yup, mod parent up. Some might call this anti-homeland defense (particularly if the childishly believe the feds can't get your data this way), but the reality is that it is a maror shove in the DRM direction. With DRM already in the SATA hard drives, this is another way to fence the user away from their data. And what happens when Windows does it's all too common trick of refusing to boot and let you at your existing files? Well just reinstall everything (from the CDs that the major OEMs like Dell no longer even bother to give you) and retype it, because you sure are not going to recover it any longer. This is called trusted computing.
  • Pretty cool (Score:5, Insightful)

    by liliafan ( 454080 ) * on Monday April 10, 2006 @12:11PM (#15099271) Homepage
    Interesting report but I would like to see more details, what type of encryption is being used? I think this would be a great thing, however, I can see it being blocked from ever reaching the market due to home security risks, unless there is a backdoor installed which really makes it kinda pointless in the first place.

    Regardless it is very interesting that they say this technology can be used on any chip and not just powerPC's, also is the encrypted data tied to the chip or the system, how would this effect SMP systems, or virtual partitions?

    • by c0l0 ( 826165 ) on Monday April 10, 2006 @12:28PM (#15099385) Homepage
      From what I've heard the encryption scheme to be implemented by the "Secure Blue" chip is supposed to be based on a sophisticated algorithm called "Triple-ROT52", developed at an university in Australia. Neat stuff, indeed!

      Now let's lean back and see how long it takes for the Inquirer to pick this up...

      • by jd ( 1658 )
        That's an extension of the Russian Vodka GutROT-105% algorithm.
    • Re:Pretty cool (Score:2, Interesting)

      by magetoo ( 875982 )

      Interesting report but I would like to see more details, what type of encryption is being used?

      From TFA:

      Secure Blue requires a few circuits to be added to a microprocessor, taking up a small percentage of the overall silicon real estate, according to IBM. The encryption and decryption happens on-the-fly, without any processor overhead, the company said.

      (emphasis added by me)

      It would seem to me that the highlighted phrases above would set some sort of bound on how sophisticated this encryption can b

  • DRM (Score:5, Insightful)

    by Ingolfke ( 515826 ) on Monday April 10, 2006 @12:12PM (#15099277) Journal
    This can help you, the end-user secure your data, but is also a necessary component of a DRM hardware solution.
  • by MooseByte ( 751829 ) on Monday April 10, 2006 @12:13PM (#15099282)

    "This has to be considered decidedly anti-Homeland Defense by the current administration."

    Unless they designed the backdoor to be inserted....

    • by Anonymous Coward
      well thats not even funny to joke about! start fighting back, heres a quote from somone on anonet for why they do what they do:

      Because everyday more and more of our freedoms (it doesn't matter where you are in the world) are taken away. Now they are starting in on the internet. So I figured it was time to build something "they" don't control and start it sooner rather than later.

      thats good enough for me, [] - it might be seen as an advert, but it wasn't intended to be

    • this administration is far too prudish to get involved in back door insertion
  • by Jumbo Jimbo ( 828571 ) on Monday April 10, 2006 @12:14PM (#15099296)
    This has to be considered decidedly anti-Homeland Defense by the current administration. If so, when will we see it if ever?

    Anti-Homeland Defense, maybe, but avoiding data leakage will make it very attractive to RIAA / MPAA and other copyright protection lobby groups.

    So Maybe we get to see what happens when the RIAA face off against the Department for Homeland Security and the CIA - that would be one I would like to see (Maybe we should just watch them fight them nuke them both from orbit - only way to be sure).

    • What's to stop the government from seizing both you and your computer, flying you out of the country, and then torturing you until you give up the password?

      Besides which, I'm pretty sure the RIAA and the MPAA will get behind this, and they've got Congress in their pocket.
      • Assuming their interest in your data's justified, doing that takes time they might not have, and might alert others they're onto you. Assuming their interest isn't justified (eg, "got the wrong person", "misinterpreted evidence", "magic 8ball got stuck"), I'd rather they hack in to find out that I've got nothing of interest to them, than them flying me out somewhere and torturing me for the password, THEN find out I had nothing of interest to them, and deciding /what/ to do with me?

        Or even better, I'm just
      • What's to stop the government from seizing both you and your computer, flying you out of the country, and then torturing you until you give up the password?

        Well, the obvious one being that installing a pinhole camera, keystroke logger, or parking a tempest van outside would be infinitely cheaper and easier.

        The second one being your brain, and a rubber-hose: c/review.html []

    • Business vs. security? No contest. Why do you think security regulations that supposedly protect us from terrorists also help companies hide bad behavior from citizens, and the Pentagon's budget is filled with boondoggle projects it doesn't even want? The military and the security complex aren't political power centers -- yet.
    • we get to see what happens when the RIAA face off against the Department for Homeland Security and the CIA

      These outfits are the same side of the same coin, so there will be no "face off." They're all in cahoots together and you can rely on the fact that the RIAA or any other *AA will fall all over themselves attempting to give the DHS or whomever, any little thing their hearts desire, including whatever keys to whatever algorithm they may be interested in at any given time. It's YOU AND I who are on the

  • by voice_of_all_reason ( 926702 ) on Monday April 10, 2006 @12:16PM (#15099306)
    Cliche, yes. But true. Throwing up more doors is only going to add another layer of UI headache, and it won't do anything to address the issue of say, FBI agents losing their laptops in bars...( i_loses_hundreds_of_laptops/ [])
    • wow, you posted a link that states that British security services left laptops in bars. Good one.
    • by TheRaven64 ( 641858 ) on Monday April 10, 2006 @12:44PM (#15099491) Journal
      The VM on my laptop is encrypted, as is my home directory. When I boot, a decryption key for the VM is stored in RAM. If the machine is turned off, this is lost and it is impossible (well, very hard) to recover the contents of the swap. My home directory key is generated from my password, which must be entered when I log in.

      All of this encryption is done in hardware. I was considering, for my next laptop purchase, getting one with a MiniPCI slot that could have a crypto accelerator inserted (even a cheap one can handle over 300MB/s throughput, which is faster than my hard disk can do). Having this on-chip or even on the motherboard would be a huge incentive for me.

      • What vendor's hardware dongle are you using to make this work? I presume you're not using the onboard machine's/laptop's encryption chipset, so which one ARE you using? I'm curious to see how you're auto-generating the keys from an algo, without storing the nature of that algo on the system proper, prior to mounting your home directory... do tell.

        • Sorry, type. It was meant to be 'all this is done in software,' and I would like it to be done in hardware. OpenBSD supports a number of hardware crypto devices, and I was thinking of getting one of the Soekris ones for my next machine, which could then be used to offload this.

          My current machine is a PowerBook, and there are several weaknesses in the implementation of the security mechanisms, although the principle seems sound.

  • by DARKFORCE123 ( 525408 ) on Monday April 10, 2006 @12:16PM (#15099307)
    This article is short on details about the encryption, and it says nothing at all about the current Homeland Security opinion on said technology. I sure know people care about having their data safe and that is a huge problem. Ask the FTC about that. Discussing this further without more facts could just be a waste of time. This is a simple technology "We done it!" announcement. Nothing more.
    • Makes me wonder how much 'assistance' IBM got from the NSA.
      • Makes me wonder how much 'assistance' IBM got from the NSA.

        What, you mean like back when they were developing DES, and they got visited by the NSA? It went something like this (totally made-up, aside from the fact that the basic scenario happened):

        IBM: So, this is our new crypto algorithm! Isn't it neat?
        NSA: Yeah, neat. Umm, you should add a little something here. [points to a segment of the chart, indicating that they should include the "S-Box []"]
        IBM: But why?
        NSA: Because. M'kay?

    • The submitter is using "anti-Homeland Security" as a way of testing the intelligence of Slashdot users. See, this technology is (quite transparently) for digital restrictions enforcement*, which the general population of Slashdot is against. However, the general population of Slashdot is also against the invasions of privacy perpetrated (or attempted to be perpetrated) on US citizens by various agencies with "Homeland Security" agencies**; so the submitter is attempting to skew the conversation (and perha
  • by s0l3d4d ( 932623 ) on Monday April 10, 2006 @12:23PM (#15099352) Homepage
    And what will happen if you will replace the logic board of those computers? Will all your data be gone even for you?
  • by towsonu2003 ( 928663 ) on Monday April 10, 2006 @12:23PM (#15099354)
    Secure Blue by IBM will keep users' data encrypted and secured at virtually every moment on essentially anything in which the chip can be used. ... This has to be considered decidedly anti-Homeland Defense by the current administration.
    I don't get the reference to Homeland Security? Is this the result of the newest US social scare, or is it really relevant?

    Anyway, this could be bad news in two ways:
    1. It will be used for DRM for sure
    2. You won't be able to see what's going on on your employee's computer (which is good news for the employee)

    But how does the Homeland Security gets injected into this issue? I mean, will some poor encryption (of which the specs can be supoeaned under the patriot act) stop the Department of Homeland Security from getting into our hard drives and data? I wish someone could clarify this...

    • But how does the Homeland Security gets injected into this issue?
      Drug dealers, organized crime &/or terrorists would find this technology very appealing.

      Not just terrorists, but any foreign government really. Saddam & Osama both would have benefited from hardware level heavy duty encryption, as the U.S. has gotten computers from both of 'em that were completely unencrypted, yet contained sensitive information.
    • 2. You won't be able to see what's going on on your employee's computer (which is good news for the employee)

      I'm sure there would be some kind of key escrow or a known seed to generate the passphrase if not for the surveillance aspect, but for support. It wouldn't take long at all for the first support call to come in for a forgotten passphrase. What would you tell the client, the data is gone with no hope of recovery?
  • by bigberk ( 547360 )
    But I looked through the IBM Press Room [] and didn't see anything about this technology. Why post a story about "IBM planning to release on Monday..." when you can just wait for a real release from the company to happen. At the moment I'd like to share this info with colleagues who do research in hardware security but can't find a good source to send them to.
  • by Anonymous Coward
    This technology is clearly meant to keep consumers from getting to data they (thought they) bought. If every link in the chain is encrypted, right up to the tamper proof screen and speakers (which will destroy their keys as soon as one attempts to open it, rendering them useless), digital copies of protected media aren't possible anymore.

    One small step for IBM, one giant leap for DRM...

    However, there's still hope: making tamper proof hardware is very difficult. Making hardware that's not vulnerable to side
  • no back door? (Score:3, Interesting)

    by argoff ( 142580 ) on Monday April 10, 2006 @12:37PM (#15099441)

    ...This has to be considered decidedly anti-Homeland Defense by the current administration. If so, when will we see it if ever?"

    Well, unless I can varify the code or make the chip from a copy of it's mask myself - I am pretty much taking it on faith from IBM that it is secure from the eyes of the government. (no offense IBM, but I prefer the security of open review) Untill independent sources can take the chip and put it under an electron microscope and say: Yes it's designed secure - then it's pretty much not secure. An if it's firmware that can be re-programmed, then it is especially not secure if the governments hands get on it anywhere in the distribution chain.

  • And what happens when something is exploited...?

    The question with encryption is never if but always when it will be hacked.

    Oh well, I'd guess you'd have to buy newer hardware without the exploit (but with the backdoor of course)

  • by Chas ( 5144 ) on Monday April 10, 2006 @12:43PM (#15099481) Homepage Journal
    Hey man. What's that encryption on that thing?

    Double ROT26.

    Woo. That's gonna be TOUGH to crack!
  • They have had this for sometime now on mainframes. The biggest reason this is is alot of mainframes for a long time did not even have floating point processors! They had a separate chip to do any encryption. The application of it in this case IS new and it looks like, to me, that the OS has to have a driver for the chip and will have to be written such that it can decrypt the data on the fly. No easy task.
  • by quentin_quayle ( 868719 ) <quentin_quayle AT yahoo DOT com> on Monday April 10, 2006 @12:51PM (#15099538)

    Apparently what they're putting in the chips is, at least, encryption/decryption routines. Aside from the obvious questions (what happens when you want to change algorithms?), the important question is whether they're including digital keys as well.

    The single factor that makes "trusted computing" evil is that there's a digital key (the "attestation" or "endorsement" key) baked into the TPM which the owner of the machine is prevented from accessing or changing. If all the keys were accessible to the owner, it would be a purely beneficial technology. With the anti-owner feature, it becomes an engine of DRM, censorship, and vendor lock-in on a vast scale, and at a fundamental level absolutely prevents security and privacy for the computer owner.

    So the question is which category this IBM tech falls into. And that in turn depends on whether digital keys will be baked into the processor, or whether it's only a set of routines that any software can use under the owner's control.

  • "IBM has built a prototype of Secure Blue using its own PowerPC processor technology. However, the system will work with any processor design, including those from Intel and Advanced Micro Devices that are used in PCs. An IBM representative said the company has not had discussions with Intel or AMD on including Secure Blue in their processors."
  • It sounds like this is aimed at closing the analog hole, rather than at protecting users.
  • These people are less likely concerned with your security and more likely concerned with making it impossible for you to get at the bits of digital media content; that's because right now, you can still capture digital audio and video if you know where to look in memory.
  • Debugging (Score:2, Insightful)

    by jfclavette ( 961511 )
    Seriously, reading that core dump won't be easy...
  • Hardware encryption - bad
    Hardware DRM - good

    Since when "homeland security" became Big Brother? :(
  • That might make debugging a little more difficult.
  • Janek must have figured out a way to solve those problems without the key, and he hard wired it into that chip!
  • It's evolution (Score:2, Insightful)

    As people try harder and harder to control your information, those who seek to avoid that control are going to push that information into vaults and underground.

    My main fear is that the better part of the internet is going to be pushed underground because the gov't wants to read your email and the corps want to charge Google for letting you search for anything.

    If these people get their way, there will be no incentive for intelligent people to use an above-ground internet.

  • Regardless of whether Homeland Security likes it or not, there is definitely a market for the technology. In fact, the government (of the people by the people) might even mandate such technology directly or indirectly by punishing companies for allowing consumer data to be stolen. In a reasonable world the government (of the people by the people) shouldn't need too many more stories like the Fidelity data loss [] to start trying to legislate solutions to the laxity of companies around security. Another opti
  • Encrypted in Ram. Ok, I am not that paranoid, but maybe one of the paranoid people here might answer me how the HELL this should "increase my security". I can see the benefit of an encrypted HD. But Ram? Where do I gain securty from encrypted Ram?

    Unless I'm a content provider, of course, and don't want my customer to read it properly. Who're they trying to fool here?
    • You enter some codes to access an online bank or a login/password to a company site containing vital data. Do you think this somehow skips the RAM? OpenBSD actually goes a bit further, they have an option to encrypt the swap file.
      • Forgot to mention: your initial example is rather poor actually. If you are a content provider, serving say... movies. Reading gigantic video files from the RAM in order to steal them is not exactly feasible, at no point is the entire movie loaded into RAM, so you would not only have to process a huge amount of data, but you would also have to wait a lot of time to actually snatch every little loaded piece of the entire file as it gets loaded.
  • AFAIK, this technology would only address a number of physical security threats. Adversaries would be stopped from stealing hard drives, or trying to pick up any bits which leak into the environment (maybe through EM signals). While these problems are important to solve, this technology is far from a be-all end-all solution.

    Since the protection only occurs in hardware, one can still exploit the same software-based attack vectors that have been around for ages. Encryption is done even below the OS. If some

I THINK MAN INVENTED THE CAR by instinct. -- Jack Handley, The New Mexican, 1988.