Intel's Processor ID
By Bruce Schneier
January 26, 1999
Last month Intel Corp. announced that its new processor chips would come equipped with ID numbers, a unique serial number burned into the chip during manufacture. Intel said that this ID number will help facilitate e-commerce, prevent fraud and promote digital content protection.
Unfortunately, it doesn't do any of these things.
To see the problem, consider this analogy: Imagine that every person was issued a unique identification number on a national ID card. A person would have to show this card in order to engage in commerce, get medical care, whatever. Such a system works, provided that the merchant, doctor, or whoever can examine the card and verify that it hasn't been forged. Now imagine that the merchants were not allowed to examine the card. They had to ask the person for his ID number, and then accept whatever number the person responded with. This system is only secure if you trust what the person says.
The same problem exists with the Intel scheme.
Yes, the processor number is unique and cannot be changed, but the software that queries the processor is not trusted. If a remote Web site queries a processor ID, it has no way of knowing whether the number it gets back is a real ID or a forged ID. Likewise, if a piece of software queries its processor's ID, it has no way of knowing whether the number it gets back is the real ID or whether a patch in the operating system trapped the call and responded with a fake ID. Because Intel didn't bother creating a secure way to query the ID, it will be easy to break the security.
As a cryptographer, I cannot design a secure system to validate identification, enforce copy protection, or secure e-commerce using a processor ID. It doesn't help. It's just too easy to hack the software that queries the hardware.
This kind of system puts us in the same position we were in when the government announced the Clipper chip: Those who are engaged in illicit activities will subvert the system, while those who don't know any better will find their privacy violated. I predict that patches that randomize the ID number will be available on hacker Web sites within days of the new chips hitting the streets.
The only positive usage for processor IDs is the one usage that Intel said they would not do: stolen processor tracking. Pentium II chips are so valuable that trucks are hijacked on the highways, sometimes resulting in drivers being killed. A database of stolen processor IDs would drop the market for stolen CPUs to zero: board manufacturers, computer companies, resellers and customers could simply query the database to ensure that their particular CPU wasn't stolen. (This is the primary usage for automobile VINs.) This same system could be used to prevent manufacturers from overclocking their CPUs -- running them faster than Intel rated them for -- another thing that Intel would love to prevent.
The real question is whether computers are a dangerous technology, and need to be individually tracked like handguns and automobiles. During the Cold War many Eastern European countries required mimeograph machines to be individually licensed; I have a hard time believing that computers need the same sorts of controls.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..