Skip to main content

36C3: Open Source is Insufficient to Solve Trust Problems in Hardware

With open source software, we’ve grown accustomed to a certain level of trust that whatever we are running on our computers is what we expect it to actually be. Thanks to hashing and public key signatures in various parts in the development and deployment cycle, it’s hard for a third party to modify source code or executables without us being easily able to spot it, even if it travels through untrustworthy channels.

Unfortunately, when it comes to open source hardware, the number of steps and parties involved that are out of our control until we have a final product — production, logistics, distribution, even the customer — makes it substantially more difficult to achieve the same peace of mind. To make things worse, to actually validate the hardware on chip level, you’d ultimately have to destroy it.

On his talk this year at the 36C3, [bunnie] showed a detailed insight of several attack vectors we could face during manufacturing. Skipping the obvious ones like adding or substituting components, he’s focusing on highly ambitious and hard to detect modifications inside an IC’s package with wirebonded or through-silicon via (TSV) implants, down to modifying the netlist or mask of the integrated circuit itself. And these aren’t any theoretical or “what if” scenarios, but actual possible options — of course, some of them come with a certain price tag, but in the end, with the right motivation, money is only a detail.

Sure, none of this is particularly feasible or even much of interest at all for a blinking LED project, but considering how more and more open source hardware projects emerge to replace fully proprietary components, especially with a major focus on privacy, a lack of trust in the hardware involved along the way is surely worrying to say the least. At this point, there is no perfect solution in sight, but FPGAs might just be the next best thing, and the next part of the talk is presenting the Betrusted prototype that [bunnie] is working on together with [xobs] and [Tom Marble]. That alone makes the talk worth watching, in our view.



from Hackaday https://ift.tt/39xFgZA
Labels:

Comments

Post a Comment

Popular posts from this blog

Bill Gates steps down from Microsoft’s board to focus on philanthropy

In an announcement on Friday, Microsoft revealed that company co-founder Bill Gates has decided to step down from his role on its Board of Directors in order to focus on his philanthropic efforts at the Bill & Melinda Gates Foundation. This is Gate’s biggest change to his role at Microsoft since stepping down as company chairman in February 2014. According … Continue reading from SlashGear https://ift.tt/2We90Gu
Post a Comment
Read more

World Economic Forum launches Global AI Council to address governance gaps

The World Economic Forum is creating a series of councils that create policy recommendations for use of things like AI, blockchain, and precision medicine. Read More from VentureBeat http://bit.ly/2EKBjD4
Post a Comment
Read more

Rune raises $2 million to use AI to find friends for mobile gamers

Rune has raised $2 million in funding in its effort to use artificial intelligence to help find friends for mobile gamers. Read More from VentureBeat https://ift.tt/2oqnaFI
Post a Comment
Read more