[Cryptography] Anyone interested in a cheap security module for Raspberry Pi?

[Dirk-Willem van Gulik]

On 26 Jul 2017, at 23:18, Bill Cox <waywardgeek at gmail.com> wrote:

> The SC4-HSM does not have this, though it could be added.  However, this would undermine what I consider to be one of the SC4-HSM’s significant features: the ability to open the device and visually inspect the circuitry to insure that what is in the package is what is supposed to be there.  If you’re willing to trust your vendor then you might as well just use an iPod Touch.
> 
> I might want a semi-clear glitter paint or nail polish over the MCU, maybe just the leads.  This should not make it hard to verify that the MCU is what it is supposed to be, but make it hard to replace the MCU with a PWNed one, which could happen while I mail a pre-programmed HSM in DRP mode 2 to a customer.  There would be no way for the customer to verify the firmware isn't hacked once mode 2 is enabled, but they could compare the glitter paint to the picture on a web site.

You may want to have a quick look at `nuclear safeguard’ techniques for managing enclosures (Tamper detection for safeguards’, ’treaty monitoring'. While never perfect - it is fairly well understood and documented how `hard’ techniques such as (solder) splatter and steel-brush scratching are; and unlike the semi-clear glitter nail polish - they do not suffer from the parallax and shade issue that make automatic verification hard.

Dw

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170727/1f0d5f08/attachment.html>