Benlog

crypto and public policy

iPod Shuffle as a Trusted Device?

Filed under: Security & Crypto February 28, 2005 @ 4:49 pm

My sister just got me an iPod Shuffle for my birthday, which is really nice. I’m surprised by how light and convenient it is. For all of those people who are worried about using an ipod for working out, this is your solution.

But it got me thinking. If this iPod does on-the-fly decryption of DRM’ed songs like other iPods, then it’s got enough computing power to perform AES encryption. It’s got its own input mechanism (those buttons). Of course, it has no display, but maybe that’s not immediately necessary.

How about storing your private key on your iPod Shuffle, where the key is unlocked by a secret sequence of button presses? This may be the tiniest and cheapest secure storage device out there. 512 megs of secure storage with trusted inputs. I wonder how difficult it would be to write new firmware for this functionality….

3 Comments

  1. Julian:

    This sounds like an interesting project. Have you read this article on iPod firmware?

    http://www.ipodlinux.org/stories/piezo/

  2. Oliver Roup:

    How many bits of passphrase entropy do you think you’re going to get out of the “random” button presses?

    Also, are you sure that AES decryption is happening on the device – they could just be decrypting the content on the Mac and then trasmitting the cleartext over an obfuscated channel. Is there any indication that the encryption is based on AES?

  3. Geoff:

    I would think that it’s the lack of display that lets the Shuffle be so small, not a reduction in computation power, so it should be able to act as any other Ipod model.

    By the way, how foolish do I feel for spending a good 5 minutes panning the Shuffle when you had just gotten one for your birthday. Oh and I feel even more foolish for not even knowing it was your birthday. So Happy Birthday!

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.