On Thu, 2016-05-19 at 14:12 -0400, Dave Tian wrote:
> > The Chaoskey device explicitly does not address physical
> > attacks. Assuming physical security makes things a lot easier, and
> > one
> > of the simplifications is that we can assume that any physical
> > device
> > connected to the machine which has the right USB IDs will be the
> > correct
Unfortunately we have seen a string of CVEs with forged device IDs.
> > device. I have taken the trouble to register a "real" USB ID for
> > this
> > device, so in theory, we shouldn't ever see an accidental collision.
The problem with that is "accidental".
>
>
> 1. Disable the firmware update from the manufacturer
That will not work if the attacker starts with his own gadget.
> 2. Sign the firmware - I have no idea where the signature is saved on
> the device and how the host retrieves the signature from the device
That won't work as the signature could be sniffed and forged.
> 3. USBTPM - a tpm embedded in the USB device which can measure the
> firmware, and the measurement can be retrieved by the host. (There
> seems no real implementation yet)
How do we know the claimed TPM is a genuine TPM?
I think we would need to use a form of public key cryptography
in the same manner used to verify authorship of emails. The host
would provide a nonce value that the device encrypts and returns.
The host would verify the signature.
Regards
Oliver
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
