 Thank you very much. Today we'll be talking about Windows 8 and it's a dangerous time travel which we'll be doing. Since Trusted Computing has been following us, chasing us for a long time. But what is Trusted Computing? Well, there's the definition by Ron Regis. What is it all about? It's about the industry is trying to sell us a new security model architecture. In this architecture, every computer should have a box where there is a key inside over which you have no control, but the industry will take care of it for you. It even goes to the point where the industry can pull it from the net to check that it's still an integer integrity. The whole architecture of the whole personal computing is taken over. There have been a lot of discussions on this. It's quite interesting. It's also a bit of the topic on the C3. On the 33 C3, there was quite a bit about it in the Apple world. There was quite a few good things, a few bad things. The worst thing was the best thing was that Apple finally decided through this not to use a TPM chip and 2009 it sort of died a quiet death. However, the whole thing has become worse since recently in Windows 8 Microsoft has a massive price to the market and they want to and ARM devices with Windows will be delivered where this is turned on and cannot be turned on easily. So Microsoft is really trying to press this into the market and they are risking and it risks their, you know, it leads to discussions with governments and industry manufacturers. The most entertaining one was shortly after inserting revelations about this new trust infrastructure since even regular people in the sort of government were asking themselves, is this really such a good idea to base the whole infrastructure of our digital economy on a private organization which depends on a different jurisdiction, namely the U.S. one. And after snow in the third point came, well, how trusted, you know, how too much do we trust the U.S. judicial system in states? Well, a lot of people are wondering about this and there was a report on the media which I gladly cite from it. They say the media say IT experts of the federal state think Windows 8 is dangerous, is even dangerous. And they carry on saying the relevant experts in the economy ministry and they think that unmistakably that it is, you know, they warn unmistakably from using this device in government. And Microsoft continued doing massive pressure. And then something happened which reminded me of the fact that the BSI is a federal republic and it depends on the interim ministry and it's, you know, a bit too much to expect something which is not political. And there's the all sort of Dilbert law that engineers have, you know, have a hard time lying when it's, you know, we're talking about technical things. Since the BSI, through political pressure, they do not warn Windows 8 to use Windows 8, but... A few critical experts think that in combination with Windows 8, the combination of Windows 8 and TPM 20 is somewhat problematic. Well, they've let engineers say something. Well, let's read what comes next. And then we had, in particular, on a hardware which uses a TPM 2.0 with using Windows 8, with using unintended errors of the hardware and OS developers, you can get into error systems states which do not allow you to run the system anymore. So in such a way, the whole hardware cannot be used. So this is not a great situation for an entity, government entity. So the situation is not really sanctioned by the engineers' point of view. And in addition, there are possibilities that third parties can sabotage it. Well, I thought that that's amazing that people, even in political areas, can say things so clearly. And so people who can read it can really have a shock. So my first thought was they are too afraid to say that the US government could force Microsoft to put something in there. And therefore, they add an unrealistic scenario that could be something wireless and could break the whole infrastructure. Well, it's political, but not very realistic. Until a few weeks ago. And then I had to rewrite my whole talk. Well, it's difficult, especially when it's a 30-minute talk. And even if I aside the 60 slides just from high security, well, it's all about people who are not Windows administrators and who are not as cynical about Microsoft as like me. Well, we're just after Christmas. Let's have a look what these patient people from high security have said in the last few weeks. Well, I'll say from the beginning, it's quite amusing and it will carry on. So this is just an intermediate report. Well, it started in November the 12th. And suddenly they said the Windows Server admins and users have to take action drastically. Well, I probably have to talk about this in my talk. There's a gap. There's a flaw in the infrastructure of the crypto infrastructure of Windows. Well, it sounds interesting. There are two additional patches. Zero-day expose above Internet Explorer. So there's only people who, you know, serve the Internet. So that's not that important, really. Well, it carried on. Now they, you know, there are details about the patch of the security floor. All right, I could use this in my other talk as well. Well, apparently elliptic curves are so hard that even, well, even, you know, it's so hard that even when you're checking the signature of ECDSA, you can make a mistake. Well, that's what Microsoft did. Well, suddenly high security became a bit more alarmist and said, well, it's possible to open the gates for malware. So therefore it's important to immediately implement these patches so that the crypto infrastructure is not used as a weapon against the system. Well, apparently a few Windows updates were important. Well, it quickly carried on. The update was distributed. And then Microsoft said, in similar situations, Microsoft distributed the update via Windows Update. However, it became even stranger. The next patch will repair the crypto a little bit, but suddenly the servers weren't working. And currently the update is distributed. But it got withdrawn for the second time. Well, the heizer people seem to be guessing there's something coming. All right. Yeah, here we are. Ah, they corrected again. Well, secretly, there was another update out of order to patch another thing. And we sort of heartily recommend that everyone who has installed this installs the next thing. And don't wait. Wait, it'll become even better. Wait, just wait. So that was the November. Now we're in December. Oh, suddenly, strangely, there were again problems. And even heizer became somewhat stressed since apparently with the update, they did something with a root certificate they made, you know, unusable. Well, suddenly there was a big crisis. Well, I suddenly my crypto depression hit me. Well, people, you know, will fix everything with you. We just need a little bit of secrets. Oh, so without a secret, you can't distinguish yourself from an attacker. So we just need a few bits. Just take care of them. You know, don't leave them alone. If someone does a hard bleed request, you know, don't don't tell them the whole key and so on and so forth. All right. Well, other programs are prevented from starting. Well, I wonder what's coming next. And this in my 30 or 14 years of doing seminars is my first face palm actual face palm picture. It's also creative comments. So it's completely legal. Long speech. What I was to point out, Windows Defender is this antivirus system for Windows. The funniest thing is, it is not updating anymore. They broke their certificate and broke their update update function. They were a little bit uneasy by because they did that. I stopped counting how many updates they did in the total. We're at four. It is kind of, it's a little bit keeps being funny. Also, the certificate structure is damaged. And here I got really excited. It doesn't matter what slides I would have to kick. But this was important. The update would have to be downloaded and installed manually. Automatically system that are not used by people. It's a little bit difficult to install the update manually. But everything is going to be fine. Or not really, because they are not finished. After they announced they broke the update function. They worked again for what reason I don't know. And also the announcement was only in English. And so a couple of German users were scared. They would have problems with their German system. But the message was from Microsoft. So let's keep going. So and this is, I think, the last folder. I think that's the last slide to that problem. And the message is that the root certification from is not completed yet. And we're still waiting for the January patch. And I think I will have a couple slides for my next talk at the Easter hack or just to take a look back. Not to be too sarcastic. And also, there's still the serial export in there. Internet Explorer that is has not been patched yet. What I did not mention that they broke Cerberus and other infrastructure. The pros that you entrust with such people, your security infrastructure. We have one guy here that was brave enough to yell yes. Well, while it's being discussed, if German government should warn, before Windows 8, it is, yeah, they have not handed out a warning. There are other countries where the decisions are a little bit different. And in China, they decided to just ban it. That is something that I think Microsoft took not as well as some news. Okay. Since China are not the people that you want to quote, let's quote American millionaire that said that you should trust tech companies from the US. You can't really want, can't really like when they're in front of the door, it is a normal reaction. If it is sensible to say no, because you have to do it for the national security, it is a basic problem. Where I'm not really completely sure, and I don't want to doubt it, if Microsoft is not taking legal steps, but since they can't announce it. Yeah. So, yeah, in North Korea. Well, what if they meet in a Cuban camp and they say, you know, we don't, we can't really expect that from them. So without being cynical, in all the impossible understanding with Microsoft, well, we really have to ask ourselves, do you really want to be dependent from that kind of environment? Well, there we, there's another citation, which is slightly older. It's simply the following. If Microsoft controls these keys, then they can control the market. Well, the market, you know, Microsoft is not that impressive anymore. But if you know that all our Linux servers only work on sort of reworked window systems, and, you know, if one of these, you know that hardware manufacturers, the Windows 8 logo is pretty key, then a lot of things can change that even sort of the free running of free programs can be impeded. So, Woodfield Diffie summed this up quite nicely. You know, he doesn't want to risk learning, but he sees the need to hold the keys to your own computer. And so you can decide what you want. And the decision could also be, I go into a Microsoft secured world. That's a completely fair enough, which is fair enough to a choice. But with it, so, you know, so when you're forced, that's where the problem is. So once again, the BSI, it's, you know, did quite clearly say that there could be, you know, security problems for the people who need to take care of this PC. What if they say, you know, I trust Microsoft. Well, after those patch day slides, they should, you know, double check that decision. But it is, you know, your free decision. And in my eyes, it's a definition of freedom that people can really do and, you know, go into slavery if they want. And, you know, in that way, it's, you know, completely legitimate. All right. So we arrived at the point where the BSI statement is pretty weird. And the following user scenario, it has to be transparent. It, you know, has to give the possibility of decision. And exactly this thing in Windows 8 was in particular in ARM systems is being prevented. So exactly this decision, whether or not I want to enter the security world is, you know, being prevented from the user. It cannot make the decision. So it's, you know, you have to automatically activate. There's no opt-in. There's no decision I want to take part in it. It's just you have to do it. And the possibility of opting out is massively impeded. So we know that for ARM systems, it's very difficult. Additional problems where I'm also have been talking for ages is, you know, it's contemporary cryptography. It's impossible that you can't believe it can keep using SHA1. Well, I can't believe, I mean, I'm a mathematician. So realistic real-world situations and, you know, economical enforcement should be other people's problems. So let's just imagine the following scenario. We're a producer. We have a chip, which is complete. It uses SHA1. Well, you know, the cryptographer says it's unsecure. Well, the marketing guy says it costs 500,000 euros and to, you know, to 2 pimp plans, to have 6, well, the honest cryptographer has to say, yes. Well, then they, you know, they say, well, it's, you know, follow standards and there's some random crazy cryptographer. It's, you know, he wants a stronger one. Well, we just say we don't need it. This possibility of arguing of massively saving money, then it's not that unrealistic to say that in many situations, well, we just keep using SHA1. And, you know, this is once again, you know, copied from Dean, this criticism in the international authorizations body. We'll see if this, there's some sensitivity for these types of problems. Well, you know, you know, standard is to use 2048 big cryptography, which is at best for the medium term, acceptable. Additional problem is the production. Well, once upon a new, that the secret keys cannot be changed by the users, then obviously this knowledge of the private key is extremely powerful. So if, if I, as a producer, I have the secret key of all the TPMs, then I can do whatever mischief I want. So this question, who makes these keys? And they're very practical problems. Usually these problems are made by an external computer. And then transferred. So what, if I sit there and just copy the, the digital, the key file, well, then suddenly have a, you know, general master key for all the instructors. So really there have to be some bureaucratic controls to, you know, make sure this is done in a proper way. And, you know, once again, to speak realistically, the producers are in the US or in China. These are not the types of things that really fill me with a lot of confidence and so in that sense, something really has to happen here and has to be, you know, open source and it has to be certified how Windows 8 approaches this problem. And if that doesn't help, we should, you know, we should use Carta law. And if, you know, if this is legal, you know, the Microsoft has had a lot of problems in the EU due to the Internet Explorer thing. But honestly, this is not even close to the kind of access that this whole new infrastructure would imply. All right, just to be very clear here, this is not a theoretical construct. Just to be, you know, just to reiterate, you know, I don't want to be the guy satting hyzer all the time. But in June and also December 2013, Microsoft just disabled a boot module by other producers with the judgment which was not there initially. But then there was the explanation, well, this system we don't use, we don't really know what we just did. So very, you know, very calming, really. So, you know, they suddenly, you know, pull something out and you don't really know why. And there's no, and the more explanation they give, the more the less clear it becomes. Just to be once again reiterate, it's the same company that hasn't been able until today to, you know, generate this kind of security infrastructure for Windows 7. Just to remind you, 65% market share is still Windows 7. What I just showed you, what I just showed you is not Windows XP, this is the main trunk of Windows that is being, that is floating. So the funny thing is, about this whole manual install thing that I talked about, we can only do it automatically, we can't do it anymore. If we did this with a trust, combined with a trusty computer chip, well, we can't hack around it. If that's broken, then we're, through the lack of knowledge of the private key, in the trust computer chip, we have great difficulty to, you know, work around it in any way, shape or form. So it's really not an acceptable situation. All right, so, you know, just reiterate what we just demanded. Well, in principle, we love as cryptographers hardware support, we would love to have a key store and, you know, such things are included in TPM standard. And now, since we're hackers, we're not the happy that the TPM chip is there. But, you know, once it's there, we can do fun things with it. So in that sense, the question is, what could you do with it? So one key question is, oh, well, we could put our own keys in. Then suddenly we're no longer in the trusted infrastructure of Siemens, but maybe we're in a trusted infrastructure that we trust more. So that's, you know, depends. It could be the BSI, it could be an IS, it could be an SA, it could be the Russian standard body. You can choose. So the point is, once you have, you know, if you want a certain infrastructure, you need to have the possibility to choose it. So the key demand is to be, replace the key. So we need open source hardware. It's, you know, it's a fun exercise for cryptographers. If you have a system where you look in, you can find out so many things through the side channel attacks. Strictly, if it has a, you know, random number generator, you can modulate a channel and you can figure things out. So I could just tell the TPM chip if some certain package arrives, then I just, you know, secretly leak the key information. And there it is. So really we need open source hardware, we need open source software, at least APIs. And we should think once again if this TPM system should not be replaced with smart cards. Well, it's, it's quite easy to do technically since TPM is not just, not more than just a bunch of smart cards soldered together. So also the question is, you know, there is also smart cards that you can just put in your pocket. It's, you know, fairly common for people that it's a key, they understand it. It's fairly good protection, compared to other things. So let's think about them again. All right, final point. We need an alternative digital framework. Well, European one. We need, might need a European trust infrastructure. It's just a question of choice. So who do we, who do we trust? And so given the current developments, I would prefer to trust European entities than the NSA or Chinese entities. Other people might think differently, but, you know, it's a question of freedom. The other thing that's important which I also mentioned in my last talk is, you know, with cryptography we can get to the levels of security where, you know, states fail. You know, states can't get secure that we can't be but once we begin encrypt all of our main channels it's not a, you know, hacker lyrics. That's the same thing that Google has been doing. Well, in this way with maths we can implement or force, you know, certain things. So in the community there's this direct anonymous registration thing, which is quite legitimate to say I would like to come in my network you ask about trust well, trust me that you have you know, show me that you have all the patches which is a, it's not that legitimate thing to ask for. However, it's nice. Well, if you say you have all these things that, you know, you have, once you have this all you should be able to show it. It's a question of, you know, showing this doing this without being identified is possible in the mathematical thing. So, you know, once you trust maths which is difficult, you do not have this barrier. We can say we have these security tools. The other thing that I also talked about in a paper with Lux in 2006. You can do a very fine grained security management that even with these requirements to be able to show the entity that they mostly don't want to do that. But even if you have to do that, you can mathematically model it. So, if you want to have a look at it it's quite an interesting thing. However, the DAS unfortunately is no longer currently being talked about as much as before. All right, let's come to get to the last slides where I once again summarize the key problems. The key question is who decides what boots. So, let's think about a scenario. Let's use the first buzzword industry 4.0 embedded systems. We went in the industry infrastructure what we don't want. We don't want an unfortunate error by the developers that it no longer boots. Well, if you talk to the entity representatives, well, there's all my all powerful fantasy. Well, if there's a hacker say I want a 2048 bit signature I put your I block your whole system. I'll just revoke the scrim loader for Linux with one message. I get the Microsoft key and I send an update and has this signature and it says the signature is revoked for this bootloader. So, if Microsoft does this then suddenly no Linux system is booting anymore. Well, currently it uses this workaround using this thing with the manual install I talked about with a Microsoft guy and it's not even the original key with the original key but it's just some random other key. Do we have the other key? I asked them. Well, I'm not sure if we still do have the other key. And I want to point out again that it's not a real reason to prevent somebody from blowing up his infrastructure because Microsoft did that in the last eight weeks. Yeah. They have reorganized their certificate structure. But in the last ten years I had not as much fun looking at security vulnerabilities than in the last couple weeks with the Microsoft vulnerabilities. Microsoft learned a lot. They're not looking at open source as an enemy and if I look at privacy violations from Apple and Microsoft is really the good guy here. With other words, it is not okay that it could happen that nothing is able to boot. So if Microsoft if a catastrophe happens, Microsoft is probably legally and monetarily broke. So I would suggest