From: Günther Hutzl Sent: Friday, March 27, 2015 7:38 AM Subject: Re: [mooltipass] [Feedback request] Making sure the shipped device hasn't been tampered with during transport |
Hello Jesse,
Your suggestion wouldn't protect against a sniffer on the smart card data lines unfortunately.
Cheers
Option two is probably logistically the simplest. It guarantees original software. As for the hardware, we could just post some high quality reference photos on the mp website for the user to perform a physical inspection for modifications or parasite circuitry...?
Bjorn
--
I like option 2 also, but you'll need to add a disclaimer. Something along the lines of, not my fault if you install the screen upsidedown ;)
Though I can't help but think there should be a way of validating the devices using something soon to diffie-hellman or some such. The problem there, is that it has to be customized for for device
From: mathieu...@gmail.com Sent: Friday, March 27, 2015 8:20 AM To: Jesse Vallaro Cc: mooltipass; Günther Hutzl |
Subject: Re: [mooltipass] [Feedback request] Making sure the shipped device hasn't been tampered with during transport |
I was just about to say something along these lines. It's the only way I can see where option #2 will work any better than just shipping the thing sealed up, unless the enclosure was transparent or something.
--
Hello all,
Sniffed data could be sent via rf as well ;).
The only way to safely perform a device authentication would be to implement a challenge response routine on the device itself... Don't trust the computer!
Well copying the mechanical design isn't hard as well...
Serialized anti-tamper sticker over the seam. Reproduction of the label will take too long and will raise red flags for shipping time.
Two factor that can be verified via the web..
Serialized frangable label for the device
http://www.novavisioninc.com/pages/prd_security_labels.html
Shipping serialized package label:
http://m.uline.com/h5/r/www.uline.com/BL_3093/Security-Strips-on-a-Roll?keywords=
--
To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+...@googlegroups.com.
To post to this group, send email to moolt...@googlegroups.com.
- direct access to the microcontroller eeprom isn't possible, even using a programmer (fuses are set this way)
The PC based suggestion:Taking into account that:
- direct access to the microcontroller eeprom isn't possible, even using a programmer (fuses are set this way)
- the device will take less than 4 years to arrive (aha)Suggestion:- store a unique 128bits key per device- to gain access to the device UID this particular key needs to be showed- a 3 seconds delay is added before checking the presented key- half time brute force = 3*2^128 = 4*10^32 months- key & uid needs to be requested to the mooltipass team once the device is received- user checks the UID
Sorry I didn't answer you Richard: my suggestion actually implements the same functionality.
Option 3
Seal the device. Make it similar to the iron key. The device is filled with a reason that basicly requires you to destroy the pcb to open it. That is the only way you can be sure of no physical tampering.
It will then mean you need to mod your firmware loading to make or easier. So that the end user can flash it when they receive it. Or
Again go down the path of iron key and require a pub/private key combo to unlock the device first time with a key you create at manufacturing. The software then destroy this key and requires a new one to be set up. And used. Even if it's only for firmware changes?
Hardware security suxs it's hard and really unless you actually go to your factory. And pick up the device you can't be 100% sure.
Sounds like iron key is epoxy... I have worked with this stuff, it's weird and kinda nasty, but works sort of...
I know I only have one equal vote to everyone else... But I really like Mathieu 's 3 idea above that incorporates Richard' s method.
No method will ever be perfect, it seems the best way to go, with the balance / trade offs David brings up.
Charlie
Iron key uses potting
--
Agreed, you have to draw the line some where. It is like everything else, if some one wants to get into it, they will. ( ex: safes)
--