Tamperproof devices and backdoors
David Honig
honig at sprynet.com
Thu May 24 23:35:05 EDT 2001
At 09:34 AM 5/25/01 +0800, Enzo Michelangeli wrote:
>On another mailing list, someone posted an interesting question: how to
>ascertain that a tamperproof device (e.g., a smartcard) contains no hidden
>backdoors? By definition, anything open to inspection is not tamperproof.
But you can change its openness after you inspect it. Epoxy can be useful.
So can software tools that prevent or detect changes to system files.
Of
>course, one can ask the manufacturer to disclose the design, but there is no
>way of verifying that the actual device really implements the design that
>was disclosed, because the act of inspecting its innards could remove the
>backdoor, and also the code thet implement the removal itself.
The problem is 1. acquire the skills needed to analyze or synthesize the
artifact or
2. acquire other people with those skills who you trust.
Once you've verified that the artifact is 'secure' from inspection, you then
immediately 'seal' it ---epoxy the case, checksum the system files.
>
>Any idea, besides relying on the manufacturer's reputation?
>
>Enzo
Suggestion 2. can be practically implemented by dedicated labs (e.g., the
crypto
underwriters lab) IFF you trust said labs, and IFF their tamper-evident
procedures
work.
dh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list