shipping hardware through mail
Blibbet
blibbet at gmail.com
Mon Jan 11 10:13:23 PST 2016
On 01/11/2016 09:33 AM, coderman wrote:
> friend and i had
> discussed tamper evident shipping strategies to experiment with.
>
> has anyone had success with such experiments, and what technique used?
Joanna's recent Stateless x86 Laptop also addresses this, chapter 7:
http://blog.invisiblethings.org/2015/12/23/state_harmful.html
---snip---
The physical protections mentioned above do not, however, resolve the
problem
of the attackers subverting the laptop hardware at manufacturing or shipment
stages. This includes, naturally, a potentially conspiring laptop vendor.
In order to address this latter problem we – the industry – need to come up
with reliable and simple methods for comparing PCBs with each other. A tool
analogical to ‘diff’, only working for PCBs rather than on files. Such a
tool,
implemented as a software, could e.g. take two (sets of) photos taken by the
user of the two boards to compare. The photos might be taken with an
ordinary
camera, or, in a more sophisticated setup, using X-ray imaging to reveal
also the
internal layer wiring. This inititive has already been proposed by other
researchers
recently (e.g. [3]), so it is not unreasonable to expect some progress
in this area
in the near future.
Admittedly such an approach would not be able to detect sophisticated
attacks
which replace the original laptop board with identically looking one
(connection-
and chip-geometry-wise), yet with different chips. The author thinks
that such
attacks might be very difficult to pull off in practice, probably
extremely pricey
due to the need of manufacturing small series of custom integrated circuits.
---snip---
More information about the cypherpunks
mailing list