[Cryptography] Making secure devices.

Peter Todd pete at petertodd.org
Sat Oct 24 21:49:59 EDT 2015


On Sat, Oct 24, 2015 at 03:00:16PM -0700, Ray Dillinger wrote:
> I found a supplier for PROMs!!

So the big question is, are PROMs actually more secure than just getting
a standard EEPROM (or FLASH) with a write-enable pin?

Scenarios:

1) Perfect physical security

Let's assume the threat model is only software threats; we assume the
hardware itself is kept perfectly secure and there's no way someone can
physically tamper with it. We'll also assume that the hardware is
actually built to specifications.

In this circumstance, once that write-enable pin is physically disabled
(maybe by removing a jumper at the last state of manufacturing) we can
rest assured that the contents of the EEPROM chip will remain unchanged.
Heck, quite likely the write-enable pin will be part of the charge pump
circuit that generates the internal write voltage - it's essentially
impossible to change even a single bit if you don't have sufficient
voltage to overcome the floating gate's insulation.


2) Post-manufacturing evil maid attack

Here we start with a device actually made to specifications, and then
leave it under physical control of an attacker. (e.g. an evil maid)

What specifically is the PROM actually getting us here? Even in a very
optimistic scenario, desoldering the PROM and replacing it with another
one isn't all that hard. What's the marginal benefit of the PROM vs. a
EEPROM with a write-enable pin? You're probably screwed either way,
modulo tamper-resistant/evident techniques that have nothing to do with
whether you used a PROM or an EEPROM.


3) Manufacturing/supply-chain attack

Let's assume the attacker is part of your manufacturing and/or parts
supply chain. For instance, a crooked supplier might replaced the PROMs
you ordered with identically marked chips that are actually EEPROMs with
built-in radio receivers to act as backdoors. (remember that we know the
NSA has done this with ethernet ports!)

Here non-standard parts made resisting attacks significantly more
difficult in many circumstances. With a standard EEPROM chip I can
easily order my parts from dozens if not hundreds of different
suppliers, and can probably even arrange to order those parts through
pseudonyms. This makes it hard for the adversary to backdoor the parts
you ordered without having to backdoor the worlds entire supply chain -
very expensive, or even impossible if you make a habit of buying
old-stock parts.

Meanwhile, how many people order PROMs these days? You'll stick out like
a sore thumb. Particularly since one of the remaining markets for them
is keeping old military electronics in service...


My recommendation would be to stick with bog-standard low-profit-margin
EEPROM/FLASH chips, preferably with industry standard pinouts/electrical
interfaces if available for your application. Switch suppliers
frequently and get your parts through trusted intermediaries to prevent
those suppliers from learning about what you're doing and targetting
you. If possible, do a lifetime buy prior to designing the hardware and
keep that stock of parts in a safe place - even the NSA doesn't have
time machines! Finally, try to use parts that are made on older fabs
with larger geometries so you can send sample parts to get decapped and
reverse engineered (what chipsworks does) to look for non-standard
'customer specific' dies with backdoors added.


Incidentally, it's actually quite easy to buy USB drives with
write-protect switches. For instance I have one of these Kanguru
FlashBlu30's: http://amzn.com/B00JJIEHJE

I've never taken one part to see if the write-protect switch was
actually wired up to the FLASH chips' write-enable pins though...

-- 
'peter'[:-1]@petertodd.org
0000000000000000066dc6b040d8be42153f784df37745b46c4ad667e0788781
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151024/2da2b058/attachment.sig>


More information about the cryptography mailing list