[Cryptech Tech] arm

[Bernd Paysan]

Am Sonntag, 18. Januar 2015, 16:09:32 schrieb Peter Gutmann:
> Fredrik Thulin <fredrik at thulin.net> writes:
> >The conversation in Stockholm as I interpreted it sort of pointed towards
> >possibly moving the external interface (USB / Ethernet / other) to a
> >separate processor outside the tamper boundary but inside a fictional HSM
> >"box" in the future.
> 
> The problem is that no matter what you do you're at some point going to be
> dealing with a device that's actually a general-purpose CPU emulating a dumb
> wire.  So one possibility is to use something like a USB-to-SPI bridge
> (there's lots of these, FTDI, Microchip, Cypress, Silicon Labs, etc) so
> that an attacker can target the USB device but that'll only get them to the
> SPI bus rather than straight onto the host CPU.  In effect you're adding a
> USB firewall between the main CPU and an attacker... OK, not really a
> firewall since an attacker who fully controls the bridge can then try and
> attack the host CPU over the SPI bus, but at least you're getting some
> level of isolation from standard USB attacks.

I'm not sure how this applies when the device is an USB slave - the USB slave 
demands which protocol to use.  Apart from the device enumerating process USB 
from the slave perspective is just sending packets around; and if you define 
your interface simple enough, you aren't open to attacks.

A generic USB host with tons of drivers enabled for all the weird protocols 
out there is for sure an attack vector. USB host is only relevant if you want 
to use an USB stick to store data on.  My recommendation: use an SD card 
instead.  That's a simple, single-purpose interface (especially the slow SPI 
part is really simple, and would be fast enough to store keys).

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/
net2o ID: kQusJzA;7*?t=uy at X}1GWr!+0qqp_Cn176t4(dQ*