I was thinking about possibilities of physical tampering with Anelok, and ways to prevent them.
Possible attacks would include: - replacing the entire device, - replacing the PCB, - modifying the circuit. Modifying the circuit could for instance mean the addition of some sniffer chip (e.g., to record the unlock code or to capture any of the MCU's outputs), or to change some element of the circuit to make the device less safe (e.g., reroute the CC2543's reset signal to some other pin, so that the RF chip could better lie to the MCU.) Replacing device or PCB would allow the use of a compromised MCU. If Freescale's protection mechanisms work, then that wouldn't allow impersonating the original device but the device could still try to collect the unlock code and then fake some defect. These are complex attacks but still something a determined attacker could pull off with relatively few resources. One idea for making it possible to detect a replaced MCU would be to have the device answer challenges by using a unique secret internal key. That way, a user could prepare one or more challenges, have them answered by the device while still in a known to be good state, and write down the responses. If a suspicious condition occurs, the same challenges could be tried and compared with the results that are only known to the user. One idea for mitigating physical attacks would be to seal the circuit. The problem: how to prevent the attacker from just sealing the replaced or tampered-with device, too ? I just had an idea for this: how about mixing a transparent resin with some paint (or or multiple colors) that does not dissolve in the resin and that forms strings, and sealing the board with that resin ? It's likely that such a paint pattern would be unique and very difficult to reproduce. Furthermore, it should often be possible to remember characteristic patterns in one's own devices and this way recognize them by simply looking at the PCBs. This could also help with the "how to make sure only pristine devices reach customers" problem: when ordering, the customer could be sent images of the device's sealed PCB, and could therefore identify it after arrival. How does this sound ? Would anybody know a resin and paint combination with suitable properties ? - Werner _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
