[Cryptography] An alternative electro-mechanical entropy source (was 'We cannot trust' Intel and Via's chip-based crypto...)
Bear
bear at sonic.net
Fri Dec 13 11:28:59 EST 2013
> There may well be enough mechanical uncertainty and measurement noise
> just in combining [accelerometer & vibration motor], but for extra
> credit, one could attach to either item or to the circuit board on
> which they are mounted a "rattle" consisting of one or two loose
> objects in a small box, perhaps made of clear plastic or with a clear
> window for visual inspection. The objects might be a ball bearing or a
> small pebble of gravel, say, quartz, or one of each. A pebble would
> provide a physically un-cloneable element. The rattle would be
> completely mechanical, but could be designed with solderable leads for
> automatic part placement machines, or it could be epoxied in place. It
> would be possible to immobilize the rattle with a magnet if ferrous
> ball bearings are used, or in a centrifuge. This could be useful for
> testing and it should be possible for software to distinguish the
> proper operation of the rattle statistically.
>
>
> This entropy generator would be cheap, simple and low-tech, with
> little room to hide back doors.
>
It would also be a source of vibration which is deadly over the long
run to hardware, and annoying as hell to work in the same room with.
Sorry, but the cost of the components is irrelevant when it annoys your
staff and takes a year off the five year lifetime of your $N000
servers.
Bear
More information about the cryptography
mailing list