[Cryptech Tech] offline attacks on open hardware vs secure chips

[Vasily Dolmatov]

I see reincarnation of «security through obscurity» thesis.
It has been discussed for years, from first breaking of «closed» crypto and still is sometimes being revived by vendors. ;)

The underlying idea of this movement is quite clear, AFAIS, to «close» not the device itself, but market.

Happy hunting for Yubikey guys. ;)

dol@

> 17 сент. 2017 г., в 16:40, Antoine Beaupré <lwn at anarc.at> написал(а):
> 
> Hi,
> 
> I'm writing a review of OpenPGP keycards (yubikey, FST-01, Nitrokey,
> etc) for LWN.net and one of the things I need to cover is the question
> of the "closing" of the Yubikey 4, switching from a partially closed to
> a fully-closed model. Their rationale is explained here:
> 
> https://www.yubico.com/2016/05/secure-hardware-vs-open-source/
> 
> In particular, I find this paragraph interesting:
> 
>> Given these developments, we, as a product company, have taken a clear
>> stand against implementations based on off-the-shelf components and
>> further believe that something like a commercial-grade AVR or ARM
>> controller is unfit to be used in a security product. In most cases,
>> these controllers are easy to attack, from breaking in via a
>> debug/JTAG/TAP port to probing memory contents. Various forms of fault
>> injection and side-channel analysis are possible, sometimes allowing
>> for a complete key recovery in a shockingly short period of time. In
>> this specific context (fault injection and side-channel analysis), an
>> open source strategy would provide little or no remedy to a serious
>> and growing industry problem. One could say it actually works the
>> other way. In fact, the attacker’s job becomes much easier as the code
>> to attack is fully known and the attacker owns the hardware
>> freely. Without any built-in security countermeasures, the attacker
>> can fully profile the behavior in a way that is impossible with a
>> secure chip.
> 
> In effect, this is a reasonable point: open hardware *may* just be more
> vulnerable to such attacks than a "secure chips" (whatever that
> means). Now, I personally feel this argument isn't so great: you just
> shift the trust into proprietary hardware, and you have no garantees
> that is doing anything you actually need it to do - I think I have
> plenty of resources to articulate that fundamental free vs closed design
> argument on my own.
> 
> However, I wonder if there is a less theoritical argument to be
> made. For example, I notice that in the 3G design here:
> 
> https://trac.cryptech.is/wiki/Hardware
> 
> There is a "tamper detection" chip that I guess is designed to work
> around physical tampering? Is that something that could address the
> concerns of the Yubico people above? Or is this just protection against
> physical tampering?
> 
> I guess another way to ask the question is: how exactly does that
> "secure hardware" work that it makes it so attractive to the Yubico
> people? Why can't that be implemented in an open design? Yubico seem to
> say there are no "major players" providing such a chip design - but
> couldn't such a system be designed with multiple commodity hardware
> components without putting all the trust in a single chip?
> 
> Is that what the Cryptech designs are trying to do?
> 
> Thanks for any comments or feedback,
> 
> A.
> 
> --
> Antoine Beaupré
> LWN.net
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.cryptech.is/archives/tech/attachments/20170918/2be29831/attachment.sig>