[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Needs more hardware hacking dox

I'm working on influencing security in embedded, e.g., writing and
designing secure systems (comprehensively, starting with arch & code.) It's
an educational effort with embedded ISVs and OEMs at every step, you can
presume the market, if they're thinking of security at all, is currently
buying into 'fire-walling' and 'obfuscation' approaches.

There are some interesting groups like We Are the Cavalry working on that
as well.

Some fun uses of Raspberry Pi computers as air-gapped PGP / KeyStores and
Hardware Tor routers. DIY info-theoretic secure communications platforms
(opto-isolators and so on.)

On the topic of HWSec, I'm interested in detecting in-sil modification,
allowing end-users to simply and easily verify their hardware in the same
way that the OS community has become entranced with 'deterministic
verifiable builds'.


On Wed, Apr 27, 2016 at 2:15 PM, Steve Kinney <[email protected]> wrote:

> Annual token on-topic post:
> Hardware considerations are inherent to the creation and solution of
> practical crypto problems, because good crypto is best solved by
> attacking the platforms it runs on.  The 'internet of things' creates a
> massive comms attack surface, also best solved at the platform level
> i.e. signals discipline.  When the scope of a project includes
> non-attribution by 3rd parties, hit and run network access via tightly
> controlled hardware is the only thing that can work against a well
> funded State adversary.
> I don't see much about hardware hacking on CPunks. I know that folks who
> have worked on digital circuit design and manufacture are lurking out
> there, also a bunch of ham radio people. Things they take for granted
> are utterly mysterious to lesser mortals, including "computer experts"
> focused on software and networking.
> Field tested cheat sheets on security oriented, low tech DIY hardware
> mods are among the most subversive things that can be published on the
> technical front. CPunks subscribers may or may not personally need those
> docs for the Nameless Mission or Big Show in our lifetimes, but others
> do need them now.
> How many lusers put tape over their laptop camera lens, but neglect to
> cut the pins on the microphone?  How many people even know their shiny
> new car has a GPS receiver and an IP capable two-way radio enabling
> remote sabotage, and of these, how many know where the antenna
> connections are?  There's a lot of room to educate a justifiably
> paranoid public on practical aspects of these and similar matters, if
> anyone has the time and interest to make that a Thing.
> :o)

Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20160427/15e81224/attachment.html>