undefined | Better HN

0 pointsdane-pgp3y ago0 comments

Presumably mobile networks will be required to only grant internet service to phones that were bought in the UK (or that have been registered with a foreign network for more than N months).

I'm not sure how easy it is for networks to filter by IMEI (and presumably there would have to be a database for recording which IMEIs were sold with UK-compliant OSes) but eventually there would be a system which covered all access to the internet, not just from phones.

This means broadband ISPs doing a Remote Attestation check before routing any other packets from your device. A proof of concept for this has been implemented for some online games already.[0]

[0] https://arstechnica.com/gaming/2021/09/riot-games-anti-cheat...

0 comments

flangola73y ago

Even with attestation you could just daisy chain and use the attesting device as a proxy. Not to mentioned the billion of internet enabled devices that would never support it

dane-pgpOP3y ago

> Even with attestation you could just daisy chain and use the attesting device as a proxy.

But you'd need the attested device to run the proxy server software, which would obviously not be allowed in the app store, and would be blocked by the gatekeeper daemon or the OS-level firewall. Well, proxy software would be allowed, but it would have to perform its own attestation checks on the devices it proxies for.

> Not to mentioned the billion of internet enabled devices that would never support it

The billion internet enabled devices would be allowed onto a special "safe" segment of the internet, which companies could apply to add their static IPs to. So your internet connected fridge could still phone home, but the manufacturer would take liability for any data that a rooted fridge managed to send out to the internet.

There might still be millions of old devices that don't support TPMs and don't have manufacturers willing to apply to have their IPs whitelisted, but the government will say that kicking these insecure unpatched devices off their internet would be a huge win for cybersecurity. Making people buy a whole load of new devices would probably also give a temporary boost to the economy too.

flangola73y ago

I think you're missing the point. Attestation is just key signing and verification with more bells and whistles and overhead. DRM tries and fails for the same reason: you have to give the user both the key and the content. There has been 30 years of attempts to somehow obfuscate and keep them apart, all without success.

An attacker with physical access and unbounded time cannot be defeated.

1 more reply

j / k navigate · click thread line to collapse

0 pointsdane-pgp3y ago0 comments

Presumably mobile networks will be required to only grant internet service to phones that were bought in the UK (or that have been registered with a foreign network for more than N months).

This means broadband ISPs doing a Remote Attestation check before routing any other packets from your device. A proof of concept for this has been implemented for some online games already.[0]

[0] https://arstechnica.com/gaming/2021/09/riot-games-anti-cheat...

0 comments

flangola73y ago

Even with attestation you could just daisy chain and use the attesting device as a proxy. Not to mentioned the billion of internet enabled devices that would never support it

dane-pgpOP3y ago

> Even with attestation you could just daisy chain and use the attesting device as a proxy.

> Not to mentioned the billion of internet enabled devices that would never support it

flangola73y ago

An attacker with physical access and unbounded time cannot be defeated.

1 more reply

j / k navigate · click thread line to collapse