Subscribe

Atom feed (Technology only)

Atom feed – Twitter Blog/Full

E-mail:

Jethro Beekman on
Technology & Policy

Articles filed under: Technology

English, F-1 OPT, F-1 Visa, Immigration, Lenovo ThinkPad, Policy, Reverse Engineering, SGX, SIMD, SSH, Security, Side-channel Attacks, Technology, UEFI

On the recent side-channel attacks on Intel SGX

by Jethro Beekman – Mar 1, 2017 . Filed under: English, Technology, Security, SGX, Side-channel Attacks.

Side-channel attacks are my favorite attack in computer security because they poke giant holes in the abstraction and security models that system designers are using. When I hear of a new attack avenue in this space, my first reaction often is “wow, that is so cool” and “I didn’t even think about that.” Continue reading…Comments

Intel has full control over SGX

by Jethro Beekman – Oct 13, 2015 . Filed under: English, Technology, Security, SGX.

Intel has full control over what software you can run in SGX. This might seem redundant: Intel makes the processor, so of course they have full control. Yet the truth is slightly more inconvenient. When Intel processors don’t run the instructions in your standard software (whether incorrectly or at all), that is a defect at best and a breach of contract at worst. Yet the SGX instruction set includes in its specification that Intel has the authority to make this go/no-go decision. Continue reading…Comments

SGX Hardware: A first look

by Jethro Beekman – Oct 8, 2015 – Updated: Dec 9, 2015. Filed under: English, Technology, Security, SGX.

Without much fanfare, Intel has released Software Guard Extensions (SGX) in Skylake. When I say “without much fanfare,” I mean practically only the following paragraph hidden on page 3 of a press fact sheet: Continue reading…Comments

On OpenSSH and Logjam

by Jethro Beekman – May 20, 2015 . Filed under: English, Technology, Security, SSH.

Recent work showing the feasibility of calculating discrete logarithms on large integers has put the Diffie-Hellman key exchange parameters we use every day in the spotlight. I have looked at what this means for SSH key exchange. In short, on your SSH server, do the following: Continue reading…Comments

Lenovo ThinkPad HDD Password

by Jethro Beekman – Mar 8, 2015 . Filed under: English, Technology, Security, Lenovo ThinkPad.

Modern SSDs (at least the ones made by Intel, Samsung) always encrypt all stored data using AES. The encryption key used is stored in nonvolatile memory on the SSD. One of the reasons for this is that to securely wipe the drive now you just need to overwrite the encryption key with a new random one. This way, you don’t need to erase every flash block, which is very bad for durability reasons. The encryption key can optionally be encrypted using a 32-byte “security password”, the configuration of which is overloaded on the ATA security feature set. If you trust the hardware manufacturer to actually implement this securely, this would seem to provide a very solid and fast option for encrypted persistent storage. Continue reading…Comments