grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

applied all relevant comments

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-09-28 08:54:18 -04:00
parent ea2c3fead6
commit 342a90ded3
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
BPV/qrs/main.typ
View file

@ -133,10 +133,14 @@ First, an attack can modify the firmware at the manufacturer level @BASNIGHT2013
Second, malware can bypass the verification @9065145. Second, malware can bypass the verification @9065145.
Finally, an attacker can forge the result of the test to report valid firmware, even with dedicated hardware @thrangrycats. Finally, an attacker can forge the result of the test to report valid firmware, even with dedicated hardware @thrangrycats.
Blockchain technology is also considered for guaranteeing firmware integrity @blockchain1. Blockchain technology is also considered for guaranteeing firmware integrity @blockchain1.
A blockchain is a cryptographic chain of trust where each link is integrated into the next to guarantee that the information in the chain has not been modified.
This technology could provide software integrity verification at each point where a supply chain attack is possible. This technology could provide software integrity verification at each point where a supply chain attack is possible.
However, the blockchain still needs to be verified at some point, and this verification can still be bypassed or forged. However, the blockchain still needs to be verified at some point, and this verification can still be bypassed or forged.
Overall, no security mechanism that requires interacting with the host machine can guarantee firmware integrity as a compromised machine can produce forged results. Overall, all the current methods follow the same design of a software or hardware component that verify the integrity of the firmware.
Overall, all the current methods follow the same design of a software or hardware component that verifies the integrity of the firmware.
The flaw of this design lies in how this component gets invoked.
As soon as the design requires the #acr("OS") or the firmware to use the verification component, the whole verification is exposed to bypass or forgery.
Overall, no security mechanism that requires interacting with the host machine can guarantee firmware integrity, as a compromised machine can produce forged results.
From this observation emerged the idea of using data that are not voluntarily created by the machine and do not require the machine's collaboration to acquire the side channel emissions.
// SCA provides a way to verify the integrity without interacting with the host. // SCA provides a way to verify the integrity without interacting with the host.
Historically, attackers leveraged #acr("SCA") in general and power analysis in particular @sca_attack. Historically, attackers leveraged #acr("SCA") in general and power analysis in particular @sca_attack.