@matthewdgreen.bsky.social Hey Matthew, I hope you don’t mind a quick question about one of your old blog posts (blog.cryptographyengineering.com/2016/08/13/i...) Do you have any idea how Apple could upgrade their HSMs without alerting their users? (Their modules won‘t last forever.) - ThreadSky

defence-osint.bsky.social • 34 days ago

@matthewdgreen.bsky.social

Hey Matthew, I hope you don’t mind a quick question about one of your old blog posts (https://blog.cryptographyengineering.com/2016/08/13/is-apples-cloud-key-vault-crypto/)

Do you have any idea how Apple could upgrade their HSMs without alerting their users?
(Their modules won‘t last forever.)

Comments

matthewdgreen.bsky.social•34 days ago

The way I understand it, they deploy in clusters. They expect that some units within the clusters will go down over time. And then when it’s time to switch clusters, the client re-uploads data. I will admit that this could all use a lot more detail and color!

matthewdgreen.bsky.social•34 days ago

Keep in mind the only data you need is one (or a few) small keys. Every other piece of encrypted data just lives on an ordinary server.

defence-osint.bsky.social•34 days ago

Thank you very much for your fast reply.
Wouldn‘t the device now have to encrypt the keys with a new RSA 2048 key? Because the „old“ private key still resides securely in the now defunct HSMs?

matthewdgreen.bsky.social•34 days ago

Yes. The idea is that the private key can never ever leave the device, not even for “authorized” replication. If it could, then Apple could be coerced to extract it.

Of course the new threat vector is that you can spin up a new fake cluster and have the device upload to it.

matthewdgreen.bsky.social•34 days ago

The real problem here is that Apple is both the potential threat actor and also the trust anchor for the system. They build the devices but could also be compelled to exploit them. It’s a very dangerous game.

defence-osint.bsky.social•34 days ago

Thanks 👍

defence-osint.bsky.social•34 days ago

Ah ok, so the next time your device asks for your passcode (iCSC) it’s either an upgrade of the infrastructure or an extremely sophisticated attack with no way of knowing which one it is?

matthewdgreen.bsky.social•34 days ago

Yeah. And it asks for your passcode once per day anyway so honestly if Apple becomes malicious you’re in trouble. A lot of human integrity standing in for technical defenses.

Posting Rules

Be respectful to others
No spam or self-promotion
Stay on topic
Follow Bluesky's terms of service

Comments

Posting Rules

Reply