On 01/11/2016 09:33 AM, coderman wrote:
friend and i had discussed tamper evident shipping strategies to experiment with.
has anyone had success with such experiments, and what technique used?
Joanna's recent Stateless x86 Laptop also addresses this, chapter 7: http://blog.invisiblethings.org/2015/12/23/state_harmful.html ---snip--- The physical protections mentioned above do not, however, resolve the problem of the attackers subverting the laptop hardware at manufacturing or shipment stages. This includes, naturally, a potentially conspiring laptop vendor. In order to address this latter problem we – the industry – need to come up with reliable and simple methods for comparing PCBs with each other. A tool analogical to ‘diff’, only working for PCBs rather than on files. Such a tool, implemented as a software, could e.g. take two (sets of) photos taken by the user of the two boards to compare. The photos might be taken with an ordinary camera, or, in a more sophisticated setup, using X-ray imaging to reveal also the internal layer wiring. This inititive has already been proposed by other researchers recently (e.g. [3]), so it is not unreasonable to expect some progress in this area in the near future. Admittedly such an approach would not be able to detect sophisticated attacks which replace the original laptop board with identically looking one (connection- and chip-geometry-wise), yet with different chips. The author thinks that such attacks might be very difficult to pull off in practice, probably extremely pricey due to the need of manufacturing small series of custom integrated circuits. ---snip---