This is done by inserting into the normal instructions the processor should be receiving, bogus instructions that lead to the processor erroneously spewing out information it should not.

Why doesn’t that all happen with a trusted core? Actually, it could, and that’s why there are several layers of defense inside a secure core. They are all based on establishing trust in both the processes of building the secure core and in its physical integrity. The programs that are loaded in a secure core at the factory have been validated and verified using standards of security. When there is a need to load a program that has not been so validated and verified, it is not allowed to directly instruct the processor. It can only talk to an intermediate interpreter that checks that each instruction is acceptable, and not one that threatens the integrity of processing. Since the trusted core is physically protected, once all this apparatus in on board, there is no easy way to physically affect it. By controlling with equal strength the sensori-motor elements of the secure core, the critical keys are protected and the digital signature can be trusted as being unique to the personal electronic device containing the trusted core.

Now comes the deception. If my personal electronic device does not have a secure core, and consequently its secret key is stolen by another computer as we have seen is possible, then this other computer can masquerade as my device, which as we also know is supposed to represent me on the network. When the digital signature of my personal electronic device is copied, it is, in the very legal sense, my signature which is compromised. When the offending computer now starts to use my digital signature to purchase goods or to sign tax documents, or to perform any other electronic transaction of importance, the level of trust assigned by the institution receiving the information is very high if that institution believes that the key used for the signature was protected. Trust extends by causality; it conveys deception as well as it conveys honest credentials. What went wrong? As we suggested earlier, trust applies recursively in the full causality chain. This means it applies also to causality itself. The receiving computer should question if causality is warranted, which means it should question whether the original trust is warranted.

Subsequently, the proper way for an institution to accept a digital signature is to first get assurance that it comes from a trusted core. This is done by first checking the digital signature of the trusted core itself. Or course, to enable this, there must be a trusted core in my personal electronic device. As you may be wondering how we’d know that the digital signature of a trusted core is not itself compromised, we need to explain that part of the intricate security procedures of the trusted core is the way to load an identification key. The proper way to do it is to let the secure core itself generate its own keys, so that they never appear anywhere outside of the secure core. The way it is done is a little bit too involved for this discussion, but we can observe that it has to do with the mathematics of large prime number generation. Now, while trust can be imbued to secure cores, it can not be imbued to a personal electronic device without a secure core. So trusting a non protected personal electronic device without checking that it has a secure core is more threatening than would initially be considered. Once trust is assigned to the wrong device, it can extend in many directions, thus propagating the deception to great length. If we trust the priest, then the priest can abuse that trust. So we have to be sure that we select our priests carefully. It’s the same for personal electronic devices.

As we have said, trust is recursive. Trust applies to trust, and therefore we would expect deception to apply to deception. For example, let us consider a personal electronic device with a secure core, regularly doing transactions on the Web using its digital signature facility. We can consider someone who, observing so many successful transactions might make the natural assumption that commercial and other entities trust the personal electronic device because it has a secure core.

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)