Tamper-Evident electronic device: (was: [Cryptography] Dumb idea: open-source hardware USB key for crypto)
From: stef <s@ctrlc.hu> On Sat, Jan 11, 2014 at 02:35:39AM -0500, grarpamp wrote:
On Fri, Jan 10, 2014 at 5:53 PM, Bill Cox <waywardgeek@gmail.com> wrote:
I've been noodling the idea of a USB stick designed in a way that we can trust the crypto that goes on there. It's a hard problem, but there seems to be some guidelines that could help:
as hinted earlier in the pcp/pbp discussion, i'm working on such a beast: https://www.ctrlc.hu/~stef/PITCHFORK.pdf
Anyway, it's just a fun idea. I'd love to have such a device in my pocket. There's a lot of applications I can think of that could benefit from it, from electronic voting to microtransactions.
PITCHFORK will allow you to develop your own extensions, so indeed i expect a lot of experiments and innovation if this gets off.
currently some of my code has licensing problems and needs to be reimplemented before publication :/
Many of these open hardware ideas come down to the fab level... indeed, there's a lot of trust in things we have limited resources to validate. turtles all the way down.
One thing that's needed is a way to determine if said device has been tampered with or replaced. I suggest that such devices contain a pc board with a few (16 or so?) solder-bumps in a bare area (easily made using surface-mount soldering techniques) onto which would be pressed a carbon-fiber weave of cloth, itself impregnated with epoxy adhesive and held in place (over the solder bumps) until the epoxy is cured. Each connection between a bump and the carbon-fiber weave would have an impossible (?) to replicate resistance. Each solder bump would connect to a lead of a chip, said chip containing analog switches and an A/D convertor. In operation, the resistance between these solder-bumps would be measured by the chip; also, perhaps two or more different solder bumps could be driven by the chip to different voltages (Vcc and Gnd), and the voltages of the rest of the solder bumps would be measured. These as-measured values could be transmitted through the USB (possibly in encrypted or hashed form) and stored by a connected computer. The entire device would be potted in a clear potting material, probably clear epoxy. Any tampering would be automatically detectable electronically, and it would be exceedingly difficult to replicate the results of the large number of possible separate measurements which could be made. There would be (16x15/2)= 120 two-terminal resistance values; Each such measured value could be accompanied by measuring the voltage of the other 14 terminals, or 120 x 14 = 1680 values. Jim Bell
participants (1)
-
Jim Bell