0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/1390 Thanks! 1 00:00:19,420 --> 00:00:21,879 So for the next talk on 2 00:00:21,880 --> 00:00:24,069 Cars West Stage, we go 3 00:00:24,070 --> 00:00:26,829 into the fast track, into the 4 00:00:26,830 --> 00:00:29,439 shorter talks, and nevertheless, 5 00:00:29,440 --> 00:00:32,169 this will be an interesting 6 00:00:32,170 --> 00:00:34,719 insight into something that 7 00:00:34,720 --> 00:00:37,029 has a lot of implications 8 00:00:37,030 --> 00:00:39,399 for transparency and systems. 9 00:00:39,400 --> 00:00:41,529 And that's why the talk is called 10 00:00:41,530 --> 00:00:43,719 system transparency, and it 11 00:00:43,720 --> 00:00:46,029 will be held by Kai and 12 00:00:46,030 --> 00:00:47,229 Kai as I got for both of them. 13 00:00:47,230 --> 00:00:48,879 And I give you the stage. 14 00:00:54,840 --> 00:00:55,840 All right. 15 00:00:56,680 --> 00:00:58,959 So the 16 00:00:58,960 --> 00:01:01,179 2020 is only a few days away, 17 00:01:01,180 --> 00:01:03,069 and while we do not have flight costs or 18 00:01:03,070 --> 00:01:05,318 sex robots, we do live in a dystopian 19 00:01:05,319 --> 00:01:07,389 nightmare, a dystopian 20 00:01:07,390 --> 00:01:09,459 nightmare that our computing is 21 00:01:09,460 --> 00:01:11,379 more and more controlled by unaccountable 22 00:01:11,380 --> 00:01:12,489 Silicon Valley companies. 23 00:01:14,410 --> 00:01:16,409 This way, there's no turning back. 24 00:01:16,410 --> 00:01:18,699 The centralization of computing and data 25 00:01:18,700 --> 00:01:20,859 will only continue into the cloud 26 00:01:20,860 --> 00:01:22,719 because this makes things cheaper and 27 00:01:22,720 --> 00:01:24,369 also allows us to do things we couldn't 28 00:01:24,370 --> 00:01:25,370 do before 29 00:01:26,770 --> 00:01:27,729 30 years ago. 30 00:01:27,730 --> 00:01:29,769 We were faced with a similar threat. 31 00:01:29,770 --> 00:01:32,449 Proprietary software stuff a competition 32 00:01:32,450 --> 00:01:34,509 prevents the extension of software. 33 00:01:34,510 --> 00:01:37,029 The result was the free software movement 34 00:01:37,030 --> 00:01:39,249 that freed openness 35 00:01:39,250 --> 00:01:40,810 and freedom as its core tenets. 36 00:01:42,730 --> 00:01:44,799 Today, we recognize that open and free 37 00:01:44,800 --> 00:01:46,479 software is a superior software 38 00:01:46,480 --> 00:01:47,480 development model. 39 00:01:48,670 --> 00:01:50,739 Ironically, free software won't help us 40 00:01:50,740 --> 00:01:52,719 this time, because free software is one 41 00:01:52,720 --> 00:01:54,849 of the reasons why these cloud companies, 42 00:01:54,850 --> 00:01:56,439 as a business model, works so well. 43 00:01:58,060 --> 00:02:00,009 What we need to do instead is to take one 44 00:02:00,010 --> 00:02:02,259 of the core ideas of free software 45 00:02:02,260 --> 00:02:04,599 transparency for the user and reimagine 46 00:02:04,600 --> 00:02:06,819 that for the worlds of power 47 00:02:06,820 --> 00:02:07,820 and SaaS. 48 00:02:08,770 --> 00:02:10,899 So, OK, and I'm 49 00:02:10,900 --> 00:02:12,609 from Belgium, and today I want to tell 50 00:02:12,610 --> 00:02:14,289 you about the system transparency project 51 00:02:14,290 --> 00:02:16,479 here. And of course, nothing 52 00:02:16,480 --> 00:02:18,969 I will tell you here is just my idea. 53 00:02:18,970 --> 00:02:21,189 I'm merely here to tell you about it. 54 00:02:21,190 --> 00:02:23,649 And this this transparency project mostly 55 00:02:23,650 --> 00:02:25,479 grew out of the Open-Source firmware 56 00:02:25,480 --> 00:02:26,529 community. 57 00:02:26,530 --> 00:02:28,299 You could fight here right behind the 58 00:02:28,300 --> 00:02:29,300 stage. 59 00:02:30,790 --> 00:02:33,189 So this transparency 60 00:02:33,190 --> 00:02:35,739 has the goal of making the software 61 00:02:35,740 --> 00:02:38,169 running on a remote server 62 00:02:38,170 --> 00:02:40,359 that processes third party data 63 00:02:40,360 --> 00:02:42,369 expectable. But that particular third 64 00:02:42,370 --> 00:02:44,559 party to do that, 65 00:02:44,560 --> 00:02:47,050 we proposed seven concepts. 66 00:02:48,100 --> 00:02:50,019 The first one being that we need some 67 00:02:50,020 --> 00:02:52,329 kind of provisioning ritual because 68 00:02:52,330 --> 00:02:54,489 these servers are 69 00:02:54,490 --> 00:02:56,559 hard to get get to handle by, 70 00:02:56,560 --> 00:02:58,239 right. So we have to do this in 71 00:02:58,240 --> 00:02:59,379 transparent clouds. 72 00:02:59,380 --> 00:03:01,389 And what we need to do is give every one 73 00:03:01,390 --> 00:03:03,579 of these servers and unique 74 00:03:03,580 --> 00:03:05,679 platform identity so we can 75 00:03:05,680 --> 00:03:07,989 decompose this cloud individual 76 00:03:07,990 --> 00:03:10,269 service, which allows us then 77 00:03:10,270 --> 00:03:12,369 to make specific statements about a 78 00:03:12,370 --> 00:03:13,370 specific service. 79 00:03:14,920 --> 00:03:16,959 Second, we need to make sure that the 80 00:03:16,960 --> 00:03:18,939 firmware the first and most previous 81 00:03:18,940 --> 00:03:21,129 courts that executed on the machine 82 00:03:21,130 --> 00:03:23,379 is known to us and can 83 00:03:23,380 --> 00:03:24,969 be changed by an attacker. 84 00:03:24,970 --> 00:03:27,099 To do that, we need to have some kind of 85 00:03:27,100 --> 00:03:28,689 integrity protection for the firmware 86 00:03:28,690 --> 00:03:29,690 running on the machine. 87 00:03:30,940 --> 00:03:32,199 Oh, sorry, I thought. 88 00:03:33,220 --> 00:03:34,899 Because we still have physical attackers, 89 00:03:34,900 --> 00:03:37,059 we need to make sure that the machine is 90 00:03:37,060 --> 00:03:39,159 somehow temple resistant or at least 91 00:03:39,160 --> 00:03:41,559 evidence so we can see when 92 00:03:41,560 --> 00:03:43,059 at least attackers try to change the 93 00:03:43,060 --> 00:03:45,489 former and thus 94 00:03:45,490 --> 00:03:46,490 try to protect the system, 95 00:03:47,710 --> 00:03:49,569 then we need some kind of platform 96 00:03:49,570 --> 00:03:51,729 attestation, meaning that when before 97 00:03:51,730 --> 00:03:53,619 I connect to a machine, I want to make 98 00:03:53,620 --> 00:03:55,599 sure that the software runs and the 99 00:03:55,600 --> 00:03:57,819 identity test is not to me before 100 00:03:57,820 --> 00:03:59,469 I send my data right. 101 00:03:59,470 --> 00:04:01,539 Otherwise, I have to problem that my 102 00:04:01,540 --> 00:04:03,579 data may be handled by a software I have 103 00:04:03,580 --> 00:04:04,509 no idea about. 104 00:04:04,510 --> 00:04:06,249 And maybe it's abused. 105 00:04:07,510 --> 00:04:10,089 And because all of this 106 00:04:10,090 --> 00:04:12,489 detection and also the protection 107 00:04:12,490 --> 00:04:14,319 I take, the protection of the former is 108 00:04:14,320 --> 00:04:15,819 done on the binaries. 109 00:04:15,820 --> 00:04:17,679 We can only, but we can only expect the 110 00:04:17,680 --> 00:04:19,778 source code. We just establish some 111 00:04:19,779 --> 00:04:21,729 strong link between the source code we 112 00:04:21,730 --> 00:04:22,719 were able to inspect. 113 00:04:22,720 --> 00:04:24,939 And the binary that actually handled 114 00:04:24,940 --> 00:04:27,579 by the special attestation mechanisms 115 00:04:27,580 --> 00:04:29,589 reproducible builds does exactly that 116 00:04:29,590 --> 00:04:31,749 right? Because I can recall Polish 117 00:04:31,750 --> 00:04:33,819 source code, I have inspectors and I will 118 00:04:33,820 --> 00:04:35,619 get the same binary that's running on the 119 00:04:35,620 --> 00:04:36,620 machine. 120 00:04:37,750 --> 00:04:40,359 Then we need to limit the system access 121 00:04:40,360 --> 00:04:42,159 because even if you have integrity 122 00:04:42,160 --> 00:04:43,779 protection from there and we know 123 00:04:43,780 --> 00:04:45,129 everything that has been executed as 124 00:04:45,130 --> 00:04:47,229 party boot, we can still 125 00:04:47,230 --> 00:04:50,049 have a malicious administrator 126 00:04:50,050 --> 00:04:51,729 locking into the system and changing 127 00:04:51,730 --> 00:04:54,729 things in ways we can't control. 128 00:04:54,730 --> 00:04:56,619 So we need to limit the system access. 129 00:04:56,620 --> 00:04:58,209 We need to have some kind of immutable 130 00:04:58,210 --> 00:04:59,210 infrastructure. 131 00:05:00,520 --> 00:05:02,859 And lastly, we need an transparency 132 00:05:02,860 --> 00:05:04,869 lock for all the software running on a 133 00:05:04,870 --> 00:05:07,089 particular server so we can 134 00:05:07,090 --> 00:05:09,219 monitor not only the current, but 135 00:05:09,220 --> 00:05:11,709 as the past actions of platform 136 00:05:11,710 --> 00:05:13,660 owners. So we can all of them 137 00:05:14,950 --> 00:05:16,959 somehow like the certificate transparency 138 00:05:16,960 --> 00:05:18,580 mechanisms we have if Pichai. 139 00:05:20,890 --> 00:05:23,409 So this intersperse is not just 140 00:05:23,410 --> 00:05:24,729 a bunch of concepts. 141 00:05:24,730 --> 00:05:27,339 It's an actually work implementation 142 00:05:27,340 --> 00:05:29,589 for that to use the Super 11 143 00:05:29,590 --> 00:05:31,929 as ETF, which is the midrange 144 00:05:31,930 --> 00:05:34,029 server bought from Super Micro, 145 00:05:34,030 --> 00:05:36,399 it has up to four cores, 64 146 00:05:36,400 --> 00:05:38,769 gigabytes of RAM to 147 00:05:38,770 --> 00:05:40,779 take you a bit Nicks and PCI Express. 148 00:05:41,830 --> 00:05:43,269 You can get these boards for less than a 149 00:05:43,270 --> 00:05:45,279 thousand euros on the market, and 150 00:05:46,630 --> 00:05:48,579 these can be used to use to do 151 00:05:48,580 --> 00:05:49,750 everything. I will tell you now. 152 00:05:52,270 --> 00:05:54,369 So in order to have some kind of 153 00:05:54,370 --> 00:05:56,469 unique platform identity we use and 154 00:05:56,470 --> 00:05:58,059 chip, that's already sold it onto this 155 00:05:58,060 --> 00:06:00,459 man, what's called a TPM 156 00:06:00,460 --> 00:06:03,489 that TPM contains and unique certificate 157 00:06:03,490 --> 00:06:05,079 and a private key for that certificate 158 00:06:05,080 --> 00:06:07,149 that's inside this ship that can 159 00:06:07,150 --> 00:06:08,199 never leave it. 160 00:06:08,200 --> 00:06:10,419 We can use that to use our unique 161 00:06:10,420 --> 00:06:11,739 platform identity. 162 00:06:11,740 --> 00:06:14,019 And also it allows us to record 163 00:06:14,020 --> 00:06:16,119 what's puttered, what's executes 164 00:06:16,120 --> 00:06:18,579 this policy, but say sorry, TPM 165 00:06:18,580 --> 00:06:20,679 has a special feature where it's 166 00:06:20,680 --> 00:06:22,689 because the cryptographic checksum of all 167 00:06:22,690 --> 00:06:24,279 the code was executed as part of the boot 168 00:06:24,280 --> 00:06:26,499 process. We can then later write that 169 00:06:26,500 --> 00:06:28,809 out and verify that, OK, it 170 00:06:28,810 --> 00:06:30,309 booted exactly what we expected, 171 00:06:30,310 --> 00:06:31,510 including the operating system. 172 00:06:33,700 --> 00:06:36,699 Our X11 runs open source firmware, 173 00:06:36,700 --> 00:06:38,859 so we have a stack of codes and 174 00:06:38,860 --> 00:06:41,169 Linux boots covered in the early 175 00:06:41,170 --> 00:06:43,149 initialization of the hardware and then 176 00:06:43,150 --> 00:06:45,489 later execute Linux boot, 177 00:06:45,490 --> 00:06:47,799 which puts into the operating system. 178 00:06:47,800 --> 00:06:49,869 We use our own bootloader 179 00:06:49,870 --> 00:06:52,059 Basilisk boot caught as tribute 180 00:06:52,060 --> 00:06:54,669 to all of the boot process, 181 00:06:54,670 --> 00:06:56,229 especially fetching a new operating 182 00:06:56,230 --> 00:06:58,269 system from the network, verifying it and 183 00:06:58,270 --> 00:06:59,270 then booting into it. 184 00:07:01,180 --> 00:07:03,699 And because we use cobalt 185 00:07:03,700 --> 00:07:05,769 and cobalt can be built reproducibly, we 186 00:07:05,770 --> 00:07:07,869 can use that as our secure initial 187 00:07:07,870 --> 00:07:09,160 states reboot from 188 00:07:10,180 --> 00:07:12,429 We Can Everybody, not only the platform 189 00:07:12,430 --> 00:07:14,589 owner captured the source codes they 190 00:07:14,590 --> 00:07:15,789 call the source code. We run on the 191 00:07:15,790 --> 00:07:18,159 machine, compile it and verify 192 00:07:18,160 --> 00:07:20,589 that this is the exact exact copy 193 00:07:20,590 --> 00:07:22,749 of that which has been recalled by 194 00:07:22,750 --> 00:07:24,879 the TPM as part of the process. 195 00:07:24,880 --> 00:07:27,039 So we can make sure that this is exactly 196 00:07:27,040 --> 00:07:29,259 what platform owner supposed 197 00:07:29,260 --> 00:07:30,260 to run on a machine. 198 00:07:33,090 --> 00:07:34,919 Yeah, as I said, we have a special 199 00:07:34,920 --> 00:07:37,019 bootloader called Sibert that 200 00:07:37,020 --> 00:07:39,779 does all the booting after the initial 201 00:07:39,780 --> 00:07:41,869 hardware set up 202 00:07:41,870 --> 00:07:44,309 be doing, but of course 203 00:07:44,310 --> 00:07:46,499 we don't do a signature verification 204 00:07:46,500 --> 00:07:48,089 and some other stuff and then boot into 205 00:07:48,090 --> 00:07:48,989 the operating system. 206 00:07:48,990 --> 00:07:51,599 We can pretty much any open source 207 00:07:51,600 --> 00:07:52,600 operating system. 208 00:07:54,840 --> 00:07:57,029 So not only our 209 00:07:57,030 --> 00:07:59,669 firmware, but also our operating system 210 00:07:59,670 --> 00:08:01,859 can be built reproducibly. 211 00:08:01,860 --> 00:08:04,399 In this case, we built teakettle, 212 00:08:04,400 --> 00:08:06,239 the initial ramdisk and the complete 213 00:08:06,240 --> 00:08:08,759 operating system to Waldrop. 214 00:08:08,760 --> 00:08:10,949 That is almost the exact copy 215 00:08:10,950 --> 00:08:13,859 of what everybody else has compiled. 216 00:08:13,860 --> 00:08:15,959 We then signed that and deployed for 217 00:08:15,960 --> 00:08:17,909 all signed this hash. 218 00:08:17,910 --> 00:08:19,619 It's like the hash of this, of this 219 00:08:19,620 --> 00:08:20,620 block. 220 00:08:21,420 --> 00:08:23,489 We can also configure as tybalt in a way 221 00:08:23,490 --> 00:08:25,559 that we require more than one 222 00:08:25,560 --> 00:08:27,359 signature. So, for example, if the 223 00:08:27,360 --> 00:08:30,539 platform owner has five administrator, 224 00:08:30,540 --> 00:08:32,279 researchers estimate it can be configured 225 00:08:32,280 --> 00:08:34,139 in a way that at least three of them have 226 00:08:34,140 --> 00:08:36,239 has to sign the image before it's 227 00:08:36,240 --> 00:08:37,240 then booted. 228 00:08:38,520 --> 00:08:40,259 Well, that's all nice. 229 00:08:40,260 --> 00:08:42,658 The core idea of system transparency 230 00:08:42,659 --> 00:08:44,549 is that everybody else writes. 231 00:08:44,550 --> 00:08:46,589 Users can verify what's running on the 232 00:08:46,590 --> 00:08:48,659 system and to do 233 00:08:48,660 --> 00:08:50,969 that. We also 234 00:08:50,970 --> 00:08:53,459 require the platform owner to request 235 00:08:53,460 --> 00:08:55,649 a new X five four nine certificate for 236 00:08:55,650 --> 00:08:57,689 every operating system in which he wants 237 00:08:57,690 --> 00:08:58,980 to deploy on a set of his. 238 00:09:00,120 --> 00:09:02,339 This certificates that contain 239 00:09:02,340 --> 00:09:04,349 the hash of the operating system image as 240 00:09:04,350 --> 00:09:05,999 part of the common name. 241 00:09:06,000 --> 00:09:08,189 And because DCA that issues 242 00:09:08,190 --> 00:09:09,960 the certificate is 243 00:09:11,100 --> 00:09:12,509 working with the certificate transparency 244 00:09:12,510 --> 00:09:13,739 lock. 245 00:09:13,740 --> 00:09:15,689 We have then the hash of the operating 246 00:09:15,690 --> 00:09:18,029 system inside the Appends Only Cert 247 00:09:18,030 --> 00:09:20,189 response lock that's run 248 00:09:20,190 --> 00:09:21,299 by culturelle. 249 00:09:21,300 --> 00:09:23,669 And now we have an open append only 250 00:09:23,670 --> 00:09:26,129 and public sort of 251 00:09:26,130 --> 00:09:28,199 transparency log of all the current 252 00:09:28,200 --> 00:09:30,239 and past operating system images that 253 00:09:30,240 --> 00:09:31,589 have been deployed on a particular 254 00:09:31,590 --> 00:09:32,590 system. 255 00:09:34,580 --> 00:09:37,099 And because as he put before, it puts 256 00:09:37,100 --> 00:09:39,259 checks, that's the certificate 257 00:09:39,260 --> 00:09:41,059 recipients locker contains such a 258 00:09:41,060 --> 00:09:42,049 certificate. 259 00:09:42,050 --> 00:09:43,669 You can make sure that everything that 260 00:09:43,670 --> 00:09:45,589 boots on a particular server has been 261 00:09:45,590 --> 00:09:46,590 verified by us. 262 00:09:47,780 --> 00:09:50,359 So in a nutshell, since the transparency 263 00:09:50,360 --> 00:09:52,579 partitions the entrance point cloud 264 00:09:52,580 --> 00:09:54,949 of servers into a set of individual 265 00:09:54,950 --> 00:09:57,099 servers, the unique 266 00:09:57,100 --> 00:09:58,100 and 267 00:10:00,620 --> 00:10:02,749 so as unique platform 268 00:10:02,750 --> 00:10:05,089 identities, which allows us to do 269 00:10:05,090 --> 00:10:06,889 a specific statements about specific 270 00:10:06,890 --> 00:10:08,419 servers, right? Because we are still 271 00:10:08,420 --> 00:10:10,309 connecting to specific servers. 272 00:10:17,350 --> 00:10:19,479 System transparency also makes 273 00:10:19,480 --> 00:10:20,949 all the code running on a particular 274 00:10:20,950 --> 00:10:23,349 staff visible to the users, 275 00:10:23,350 --> 00:10:25,419 which means that we force 276 00:10:25,420 --> 00:10:27,789 bad actors to lie about very specific 277 00:10:27,790 --> 00:10:29,889 things. So for example, if a 278 00:10:29,890 --> 00:10:31,959 VPN provider and they tell you, well, we 279 00:10:31,960 --> 00:10:34,059 don't keep any logs in order to 280 00:10:34,060 --> 00:10:35,829 verify that you have to ask for us to 281 00:10:35,830 --> 00:10:37,809 figure out, OK, what does keeping logs 282 00:10:37,810 --> 00:10:38,810 means? 283 00:10:39,670 --> 00:10:41,499 We'll resist the transparency. 284 00:10:41,500 --> 00:10:43,509 You can just get their operating system 285 00:10:43,510 --> 00:10:45,609 image, get this off court 286 00:10:45,610 --> 00:10:47,859 and inspect the source code and decide 287 00:10:47,860 --> 00:10:50,079 whether you consider the 288 00:10:50,080 --> 00:10:52,359 implementation of a VPN privacy 289 00:10:52,360 --> 00:10:54,549 respecting you and then compile 290 00:10:54,550 --> 00:10:56,639 that and verify that you get the 291 00:10:56,640 --> 00:10:58,809 exact exact copy of 292 00:10:58,810 --> 00:11:00,579 that. What has been inserted into Cert 293 00:11:00,580 --> 00:11:02,979 transparency lock and then can verify 294 00:11:02,980 --> 00:11:05,259 that OK. The thing of connecting to now 295 00:11:05,260 --> 00:11:07,359 hasn't had that doesn't have any kind of 296 00:11:07,360 --> 00:11:08,679 backdoors. 297 00:11:08,680 --> 00:11:10,839 Now, a malicious VPN provider has to 298 00:11:10,840 --> 00:11:13,149 lie about a very specific thing, 299 00:11:13,150 --> 00:11:15,429 which is this particular server with 300 00:11:15,430 --> 00:11:17,439 this particular unique idea runs this 301 00:11:17,440 --> 00:11:19,359 particular operating system image with 302 00:11:19,360 --> 00:11:21,729 this particular hash, right? 303 00:11:21,730 --> 00:11:23,859 And the more concrete these lies have to 304 00:11:23,860 --> 00:11:25,959 become that easier is to capture them. 305 00:11:27,100 --> 00:11:29,229 Not sorry as 306 00:11:29,230 --> 00:11:30,459 well, since the transparency provides a 307 00:11:30,460 --> 00:11:32,529 public log of everything that has 308 00:11:32,530 --> 00:11:34,389 been done as well in the past by the 309 00:11:34,390 --> 00:11:36,249 operating system provider. 310 00:11:36,250 --> 00:11:38,799 This means that we can 311 00:11:38,800 --> 00:11:41,799 audit and provide more thoroughly 312 00:11:41,800 --> 00:11:43,449 than what we can do before, right, 313 00:11:43,450 --> 00:11:45,729 because we can say, OK, what happens 314 00:11:45,730 --> 00:11:46,719 before we had that? 315 00:11:46,720 --> 00:11:48,190 We have used this machine. 316 00:11:49,390 --> 00:11:51,849 This also means that every platform 317 00:11:51,850 --> 00:11:54,489 owner, every provider has to commit 318 00:11:54,490 --> 00:11:56,679 publicly and irrevocably to every 319 00:11:56,680 --> 00:11:58,929 operations the image before it is 320 00:11:58,930 --> 00:12:01,029 deployed on a machine, which means 321 00:12:01,030 --> 00:12:03,219 we, as a concerned user, can monitor 322 00:12:03,220 --> 00:12:05,469 the certificate transparency log, see for 323 00:12:05,470 --> 00:12:07,059 new operating system images and then 324 00:12:07,060 --> 00:12:07,989 verify them. 325 00:12:07,990 --> 00:12:09,939 And when we decide, OK, there are some 326 00:12:09,940 --> 00:12:12,249 changes that we don't like, we can 327 00:12:12,250 --> 00:12:14,559 either stop using them the service 328 00:12:14,560 --> 00:12:15,669 or a lot of public. 329 00:12:16,990 --> 00:12:19,869 And lastly, system transparency 330 00:12:19,870 --> 00:12:21,819 works with open source firmware, 331 00:12:21,820 --> 00:12:24,459 bootloaders and operating systems. 332 00:12:24,460 --> 00:12:26,229 And this is important because this is the 333 00:12:26,230 --> 00:12:28,089 mechanism that actually allows us to 334 00:12:28,090 --> 00:12:30,429 inspect the source code and somehow close 335 00:12:30,430 --> 00:12:32,619 the gap between platform providers 336 00:12:32,620 --> 00:12:33,620 and platform users. 337 00:12:35,710 --> 00:12:36,789 So what's the future 338 00:12:37,920 --> 00:12:39,490 dystopian nightmare of 2020? 339 00:12:40,560 --> 00:12:42,639 We will hope to grow this as 340 00:12:42,640 --> 00:12:44,919 keyboard and transparency project 341 00:12:44,920 --> 00:12:47,139 into more major operators 342 00:12:47,140 --> 00:12:49,689 absolves project, which means 343 00:12:49,690 --> 00:12:51,879 hopefully that the 344 00:12:51,880 --> 00:12:54,039 as Typekit bootloader is maintained. 345 00:12:54,040 --> 00:12:56,139 We have better documentation, we have 346 00:12:56,140 --> 00:12:58,509 more features as also 347 00:12:58,510 --> 00:12:59,949 we want to support more hardware. 348 00:12:59,950 --> 00:13:01,899 So currently, we only support everything 349 00:13:01,900 --> 00:13:03,999 that cobalt and attribute supports, 350 00:13:04,000 --> 00:13:05,949 which isn't that much. 351 00:13:05,950 --> 00:13:08,559 So we want to grow, especially in the 352 00:13:08,560 --> 00:13:10,839 x86 market, to support 353 00:13:10,840 --> 00:13:12,399 most of us that actually used in 354 00:13:12,400 --> 00:13:13,400 practice. 355 00:13:14,680 --> 00:13:16,929 Speaking of practice, we actually want 356 00:13:16,930 --> 00:13:18,909 to have a first transparent server 357 00:13:18,910 --> 00:13:20,739 running a production by the end of next 358 00:13:20,740 --> 00:13:23,169 year to provide to the public that 359 00:13:23,170 --> 00:13:25,539 this idea can actually work with real 360 00:13:25,540 --> 00:13:26,830 VPN providers. For example, 361 00:13:28,600 --> 00:13:30,429 we are currently piggybacking on the 362 00:13:30,430 --> 00:13:32,109 certificate was part of the effort. 363 00:13:32,110 --> 00:13:34,299 We want to change that and develop our 364 00:13:34,300 --> 00:13:36,219 own certificate transparency lock. 365 00:13:36,220 --> 00:13:38,829 For example, this certificate is 366 00:13:38,830 --> 00:13:41,139 sorry. Suffer transparency can include 367 00:13:41,140 --> 00:13:43,229 then, for example, to source code off 368 00:13:43,230 --> 00:13:45,429 of the things we want to verify instead 369 00:13:45,430 --> 00:13:46,430 of just the pointer. 370 00:13:47,410 --> 00:13:49,539 And lastly, currently leave depending 371 00:13:49,540 --> 00:13:51,729 on the TPM, which runs most of the time 372 00:13:51,730 --> 00:13:53,499 proprietary software. 373 00:13:53,500 --> 00:13:55,299 We want to change that and figure out, 374 00:13:55,300 --> 00:13:57,819 OK, how we can use open trust echoes. 375 00:13:57,820 --> 00:13:59,799 For example, the open titled Project or 376 00:13:59,800 --> 00:14:01,929 something based on this five or something 377 00:14:01,930 --> 00:14:02,979 else. 378 00:14:02,980 --> 00:14:05,049 And lastly, we of course, want to invite 379 00:14:05,050 --> 00:14:07,419 you to join our effort. 380 00:14:07,420 --> 00:14:09,339 So in case you are interested in open 381 00:14:09,340 --> 00:14:12,249 source from the industry and 382 00:14:12,250 --> 00:14:14,109 transparency project, they may want to 383 00:14:14,110 --> 00:14:15,669 check us out. We are just right beyond 384 00:14:15,670 --> 00:14:18,159 the corner. The open source from somebody 385 00:14:18,160 --> 00:14:19,899 is always happy to help you. 386 00:14:19,900 --> 00:14:22,179 And I'm happy to help you 387 00:14:22,180 --> 00:14:23,919 with any hardware you have to, especially 388 00:14:23,920 --> 00:14:25,630 if it's about transparency. 389 00:14:27,340 --> 00:14:29,689 And so if you have a question 390 00:14:29,690 --> 00:14:31,749 now, you can either ask me 391 00:14:31,750 --> 00:14:33,579 or go to our website where you have all 392 00:14:33,580 --> 00:14:35,319 the documentation ready. 393 00:14:35,320 --> 00:14:37,509 And if if you want, just 394 00:14:37,510 --> 00:14:39,309 talk to us in person, you can go to the 395 00:14:39,310 --> 00:14:41,409 open source firmware somebody and catch 396 00:14:41,410 --> 00:14:42,459 up there. 397 00:14:42,460 --> 00:14:43,460 Thank you. 398 00:14:49,140 --> 00:14:51,509 Thank you, Kyra, for a very concise 399 00:14:51,510 --> 00:14:53,399 talk. So we have a bit of time for 400 00:14:53,400 --> 00:14:55,589 questions, you can queue up 401 00:14:55,590 --> 00:14:56,609 at the microphones. 402 00:14:56,610 --> 00:14:58,769 All we can see if there 403 00:14:58,770 --> 00:15:00,929 are internet questions. 404 00:15:02,520 --> 00:15:03,809 No internet questions. 405 00:15:04,890 --> 00:15:06,630 Are there onsite questions? 406 00:15:08,130 --> 00:15:09,130 Come on. 407 00:15:11,970 --> 00:15:13,049 Anyway, if you 408 00:15:14,430 --> 00:15:16,619 feel like, oh, we have questions from 409 00:15:16,620 --> 00:15:17,620 the internet, 410 00:15:18,480 --> 00:15:20,459 oh yeah, the internet, thanks you for the 411 00:15:20,460 --> 00:15:22,019 talk and wants to know. 412 00:15:22,020 --> 00:15:23,699 What about mobile phones? 413 00:15:23,700 --> 00:15:26,639 Now we can unlock bootloader, but no, 414 00:15:26,640 --> 00:15:27,689 I thought it was sorry. I don't trust 415 00:15:27,690 --> 00:15:29,519 that you can repeat it now. 416 00:15:29,520 --> 00:15:31,919 We can unlock bootloader, 417 00:15:31,920 --> 00:15:34,259 but not to lock again. 418 00:15:34,260 --> 00:15:35,260 Sorry. 419 00:15:35,790 --> 00:15:36,799 Yeah. 420 00:15:36,800 --> 00:15:37,800 Oh yeah. 421 00:15:40,020 --> 00:15:42,089 Sorry, give me a second. 422 00:15:42,090 --> 00:15:42,639 OK. 423 00:15:42,640 --> 00:15:43,709 OK. 424 00:15:43,710 --> 00:15:45,839 Maybe in the meantime, you 425 00:15:45,840 --> 00:15:47,099 are queuing up. OK? 426 00:15:47,100 --> 00:15:48,119 Yes. 427 00:15:48,120 --> 00:15:49,199 Thank you for the great talk. 428 00:15:49,200 --> 00:15:51,179 A very interesting project. 429 00:15:51,180 --> 00:15:52,469 I've got one question. 430 00:15:52,470 --> 00:15:54,779 One is, can you make 431 00:15:54,780 --> 00:15:56,879 sure you learn about any admin 432 00:15:56,880 --> 00:15:59,159 interaction with the cloud server 433 00:15:59,160 --> 00:16:00,209 in the end? 434 00:16:00,210 --> 00:16:01,979 Because that's one major concern I would 435 00:16:01,980 --> 00:16:04,109 have if I run it on a truck and a 436 00:16:04,110 --> 00:16:05,459 provider of hardware. 437 00:16:05,460 --> 00:16:06,460 Right? 438 00:16:06,870 --> 00:16:08,639 So first, you can expect your practice 439 00:16:08,640 --> 00:16:10,649 Democrats, and you can when you see, OK, 440 00:16:10,650 --> 00:16:12,989 there's an openness h 441 00:16:12,990 --> 00:16:14,879 server running, you know that the system 442 00:16:14,880 --> 00:16:16,559 isn't secure, strictly secure, right? 443 00:16:16,560 --> 00:16:18,359 Because everybody can log in and change 444 00:16:18,360 --> 00:16:19,799 everything. 445 00:16:19,800 --> 00:16:22,379 What we imagine is that either you 446 00:16:22,380 --> 00:16:25,469 forbid any access whatsoever, 447 00:16:25,470 --> 00:16:27,599 which makes debugging a bit complicated, 448 00:16:28,920 --> 00:16:30,839 then you would have to try to change. 449 00:16:30,840 --> 00:16:31,859 You want to do in the server you have to 450 00:16:31,860 --> 00:16:32,939 deploy in your practice system in 451 00:16:32,940 --> 00:16:34,319 Detroit. This makes things very 452 00:16:34,320 --> 00:16:37,169 transparent, but also very annoying. 453 00:16:37,170 --> 00:16:39,089 What we can imagine is that instead of 454 00:16:39,090 --> 00:16:41,249 dropping into bash, for example, 455 00:16:41,250 --> 00:16:43,129 you could have and restricted travel that 456 00:16:43,130 --> 00:16:45,239 drops if it's on some script that 457 00:16:45,240 --> 00:16:47,129 it does allow you some things like 458 00:16:47,130 --> 00:16:49,379 restart server, get some lock output 459 00:16:49,380 --> 00:16:50,380 or whatever. 460 00:16:51,300 --> 00:16:52,949 This, of course, only includes what the 461 00:16:52,950 --> 00:16:54,929 machine itself can do, right? 462 00:16:54,930 --> 00:16:56,309 If you are running in an in the 463 00:16:56,310 --> 00:16:58,649 hypervisor, you have maybe other ways 464 00:16:58,650 --> 00:17:00,509 to look into the system. 465 00:17:00,510 --> 00:17:02,669 This is the classic problem you have with 466 00:17:02,670 --> 00:17:04,739 trusted computing is you need to control 467 00:17:04,740 --> 00:17:06,868 everything or you need to say, OK, my 468 00:17:06,869 --> 00:17:08,969 hypervisor or my hardware running on 469 00:17:08,970 --> 00:17:10,019 it is secure, right? 470 00:17:10,020 --> 00:17:11,368 This is this learning and probably we 471 00:17:11,369 --> 00:17:12,369 can't really solve. 472 00:17:15,250 --> 00:17:16,809 Can I have a follow up question? 473 00:17:16,810 --> 00:17:18,399 Yes, concise question. 474 00:17:18,400 --> 00:17:19,400 Yes, sort. 475 00:17:20,710 --> 00:17:22,779 From what you said, I could imagine that 476 00:17:22,780 --> 00:17:25,358 is a big company side interests 477 00:17:25,359 --> 00:17:27,068 specifically like from large 478 00:17:27,069 --> 00:17:28,599 infrastructure companies from Europe. 479 00:17:28,600 --> 00:17:29,829 Is that the case or 480 00:17:31,360 --> 00:17:33,849 we try to convince some of them. 481 00:17:33,850 --> 00:17:35,919 But I mean, if you go to Google or 482 00:17:35,920 --> 00:17:37,269 Amazon and tell them, Hey, after this 483 00:17:37,270 --> 00:17:39,339 great idea about this transparency, 484 00:17:39,340 --> 00:17:40,510 it's hard to get it right. 485 00:17:41,740 --> 00:17:43,959 But yes, we know 486 00:17:43,960 --> 00:17:45,609 of some companies that do something 487 00:17:45,610 --> 00:17:47,679 similar. Right? So the ideas we have 488 00:17:47,680 --> 00:17:50,169 here, these seven concepts, they existed 489 00:17:50,170 --> 00:17:52,389 somewhere else to right. 490 00:17:52,390 --> 00:17:54,279 And this specific concepts were 491 00:17:54,280 --> 00:17:56,619 introduced to us by the more VODs 492 00:17:56,620 --> 00:17:58,689 VPN provider that 493 00:17:58,690 --> 00:18:00,909 they had this idea initially 494 00:18:00,910 --> 00:18:03,099 to somehow differentiate, differentiate 495 00:18:03,100 --> 00:18:05,349 themselves from the other VPN providers. 496 00:18:07,340 --> 00:18:08,889 OK. 497 00:18:08,890 --> 00:18:09,890 Segment, Andrew, 498 00:18:11,630 --> 00:18:13,760 could you repeat your internet question? 499 00:18:19,840 --> 00:18:21,909 OK. Question is gone. 500 00:18:21,910 --> 00:18:23,529 Is there another question from the 501 00:18:23,530 --> 00:18:24,530 microphone or 502 00:18:26,050 --> 00:18:27,279 no? 503 00:18:27,280 --> 00:18:29,469 OK. I think that's Lance 504 00:18:29,470 --> 00:18:31,539 as perfectly at the end of 505 00:18:31,540 --> 00:18:33,639 the talk. And as 506 00:18:33,640 --> 00:18:35,829 I said, you can visit them at their 507 00:18:35,830 --> 00:18:38,319 assembly and you can connect with them 508 00:18:38,320 --> 00:18:39,309 in any way. 509 00:18:39,310 --> 00:18:41,559 And yeah, I'm looking forward 510 00:18:41,560 --> 00:18:42,849 to next year. 511 00:18:42,850 --> 00:18:44,929 And yeah, round of applause for him. 512 00:18:44,930 --> 00:18:45,930 It's like a.