[Cryptech Tech] arm

Basil Dolmatov dol at reedcat.net
Sun Jan 18 08:21:12 UTC 2015



dol@ с iPad

> 18 янв. 2015 г., в 6:09, Peter Gutmann <pgut001 at cs.auckland.ac.nz> написал(а):
> 
> Fredrik Thulin <fredrik at thulin.net> writes:
> 
>> The conversation in Stockholm as I interpreted it sort of pointed towards
>> possibly moving the external interface (USB / Ethernet / other) to a separate
>> processor outside the tamper boundary but inside a fictional HSM "box" in the
>> future.
> 
> The problem is that no matter what you do you're at some point going to be
> dealing with a device that's actually a general-purpose CPU emulating a dumb
> wire.  So one possibility is to use something like a USB-to-SPI bridge
> (there's lots of these, FTDI, Microchip, Cypress, Silicon Labs, etc) so that
> an attacker can target the USB device but that'll only get them to the SPI bus
> rather than straight onto the host CPU.  In effect you're adding a USB
> firewall between the main CPU and an attacker... OK, not really a firewall
> since an attacker who fully controls the bridge can then try and attack the
> host CPU over the SPI bus, but at least you're getting some level of isolation
> from standard USB attacks.
Following some set of design rules and protocols on the bus will make this vector of attack us feasible. 
> 
> Peter.
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech


More information about the Tech mailing list