[Cryptech Tech] arm

Jakob Schlyter jakob at kirei.se
Mon Jan 19 07:55:55 UTC 2015


On 18 jan 2015, at 04:09, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> 
> So one possibility is to use something like a USB-to-SPI bridge
> (there's lots of these, FTDI, Microchip, Cypress, Silicon Labs, etc) so that
> an attacker can target the USB device but that'll only get them to the SPI bus
> rather than straight onto the host CPU.  In effect you're adding a USB
> firewall between the main CPU and an attacker... OK, not really a firewall
> since an attacker who fully controls the bridge can then try and attack the
> host CPU over the SPI bus, but at least you're getting some level of isolation
> from standard USB attacks.

Would you consider that bridge to be inside or outside the security boundary of the HSM?

Would the same considerations apply to the planned USB host interface (used to connect mass storage for key material backup, SO authentication etc). Are there any good examples on attacks on a USB host from something like a USB mass storage device or a USB HID?


	jakob



More information about the Tech mailing list