Re: question on trust in chaoskey

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Keith,

On Thu, May 19, 2016 at 9:23 PM, Keith Packard <keithp@xxxxxxxxxx> wrote:
> Dave Tian <dave.jing.tian@xxxxxxxxx> writes:
>
>> I am personally in favor of a TPM-like solution, since we probably
>> couldn’t/shouldn’t disable the firmware update anyway,
>> and we really need a hardware root of trust (with a key embedded) in
>> the device, like the TPM in the host.
>
> I don't think we need a true TPM in the hardware; the device is
> read-only in normal operation with firmware upgrades requiring physical
> presence. So, supply the private key with the firmware and then erase it
> From the host once programmed. Once the programming jumper is removed,
> only physical access would be sufficient to extract the private key.
>
> Here's more information about the hardware:
>
>         http://altusmetrum.org/ChaosKey/
>
> --

This is the first I have seen this gadget. The obvious use is with
encryption. The obvious problem is someone substituting a false USB
key for a genuine one. The classic "drop flash drives in a conference
lobby", and someone will use it and infect windows. A more
capitalistic attack for any system is someone offering a false USB
"key" for 10% less than anyone else. Any computer that allows any USB
device to be plugged in is at risk. That's why there is physical
protection for servers.

A clever attacker would provide a false USB key which is "almost"
random. This would allow them to decrypt messages based on the false
key, with nobody else knowing there was a vulnerability. An almost
random number simplifies cracking.

It is easy to exactly duplicate all the descriptors and functionality
in a false device. It could be easily done with a PIC, Arduino, or $9
CHIP. Who could tell a key is false or genuine? The false device could
do the same dance with public keys (or whatever secret handshake you
setup).

If a user cannot be sure a key is genuine, and a false key can leak
information, I don't see the point of anyone using such a USB device.

Regards, Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux