[Cryptography] The crypto behind the blackphone

Jason Cooper cryptography at lakedaemon.net
Mon Feb 3 14:59:47 EST 2014 

On Fri, Jan 31, 2014 at 01:13:10PM -0800, Jon Callas wrote:
> > Note some open phone HW projects are selling hardware
> > to which you apply your droid SW rom. Though we're likely
> > at least a handful of years away from seeing a genuinely
> > 'open design' baseband HW layer in a phone, they are
> > talking about approaching it.
> 
> If/when they do, I'd love to see it. I don't have time to make an
> open, secure baseband, but want to include one. The world needs one.
> Maybe we can arrange some sort of trade.

It'd be a shame if we had to wait for an open, secure baseband in order
to trust our phones.

There are things which can be done today to mitigate a lot of concerns
without needing the full monty of open source baseband.  Unfortunately,
the economic incentives aren't there for most phone manufacturers to do
so.

Traditionally, on the board, the BP has been king.  It is the first
thing to light up and has read/write access to all of flash/RAM.  Hence
the problem. :)  Instead, one could design a phone more like a laptop
system with a USB broadband card.

iow, the AP would be king, and the BP would be just a peripheral with no
privileged access to anything other than it's own resources.  When the
user puts the phone into airplane mode, the OS could actually toggle a
GPIO regulator controlling power to the BP.

Instead, I know many people, including myself, that frequently enable
the pin on the SIM card.  Then reboot without typing in the correct pin.
Alternatively, one can physically remove the SIM.  It'd be nice if
airplane mode did what people think it does/should do.

The are many peripherals on embedded ARM which already use out-of-band
signalling like this, typically they're wifi/bt chips attached via
sd/mmc.  So this isn't anything new.

For the highly security-conscious, the AP could have read access to the
BP's flash.  A user (or startup script) could cryptographically sign the
image when they first turn on the phone.  From then on, it would be
checked before allowing the BP to load and execute.  Not perfect, and no
replacement for a full audit.  But at least you would know when your
baseband has been changed.

thx,

Jason.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140203/b771f27f/attachment.pgp>

More information about the cryptography mailing list