[Cryptography] You can't trust any of your hardware

[ianG]

On 4/08/2014 03:28 am, Jerry Leichter wrote:
> On Aug 2, 2014, at 8:54 PM, Nemo <nemo at self-evident.org> wrote:
>>> How many USB devices have ever been patched after sale?
...
> There are few sharp lines here, but there is a very broad, very heavily populated, set of "USB devices" that we commonly look at as having fixed functions based on code that will never be changed.  USB memory sticks are extremely cheap and produced in the hundreds of millions.  No one thinks of them as active devices.  And yet ... they are.  They contain significant processing power running non-trivial code - and that code can be replaced.  That's the big message here.  Yes, obvious in retrospect - but how much have *you* thought about defenses against legitimate memory sticks from major manufactures that have had their standard firmware replaced with attack code?

In CAcert we used the USB memory sticks for sneaker-packets in
key-signing ceremonys, and for later escrow.  We use 2 for each.  They
are to be purchased at a random retail street store on the day.  Those
not escrowed are destroyed afterwards.

We might need to rethink the approach, perhaps with open source designs?



iang