Re: [Discuss-gnuradio] USRP Structure

[Chris Kuethe]

This isn't a relevant concern for general purpose / experimental
hardware like bladerf, hackrf, or usrp hanging off a PC. They're
intended to be user programmable. If someone roots your box, they can
replace your FPGA image, usb, or microcontroller firmware ... but to
what end? The platform is already wide open.

If you're shipping a product, your regulatory agencies are going to
ask you some questions about what you've done to ensure that your
equipment only operates in its intended manner. I don't feel like
writing a big rant about trying to lock down a general purpose
machine. Instead, let me just point you at a whitepaper on secure
booting the Zynq. After that, you should read about how ChromeOS (or
other mobile platforms) do secure boot and ensure application
integrity.

I bet if you offered Ettus or Corgan a barrel of money they might be
interested in building a secure booted E310. Actually, if you offered
me a barrel of money, I'd be all over that project...

http://www.xilinx.com/support/documentation/white_papers/wp426-zynq-7000-secure-boot.pdf


On Wed, Sep 9, 2015 at 11:51 AM, Logan Wu  wrote:
> Hello,
>
> Recently I read a paper on cognitive radio security (Secure
> reconfiguration of software-defined radio). It highlights that the
> operating system of cognitive radio node may be compromised as the
> malware can exploit software vulnerabilities. I am wondering if the FPGA
> and firmware are part of the OS? And can they be compromised during
> runtime by malware?
>
> Thank you,
> Logan
>
> --
> Posted via http://www.ruby-forum.com/.
>
> ___
> Discuss-gnuradio mailing list
> Discuss-gnuradio@gnu.org
> https://lists.gnu.org/mailman/listinfo/discuss-gnuradio



-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

___
Discuss-gnuradio mailing list
Discuss-gnuradio@gnu.org
https://lists.gnu.org/mailman/listinfo/discuss-gnuradio

Re: [Discuss-gnuradio] USRP Structure

[Marcus D. Leech]

On 09/09/2015 08:24 PM, Chris Kuethe wrote:

This isn't a relevant concern for general purpose / experimental
hardware like bladerf, hackrf, or usrp hanging off a PC. They're
intended to be user programmable. If someone roots your box, they can
replace your FPGA image, usb, or microcontroller firmware ... but to
what end? The platform is already wide open.

If you're shipping a product, your regulatory agencies are going to
ask you some questions about what you've done to ensure that your
equipment only operates in its intended manner. I don't feel like
writing a big rant about trying to lock down a general purpose
machine. Instead, let me just point you at a whitepaper on secure
booting the Zynq. After that, you should read about how ChromeOS (or
other mobile platforms) do secure boot and ensure application
integrity.

I bet if you offered Ettus or Corgan a barrel of money they might be
interested in building a secure booted E310. Actually, if you offered
me a barrel of money, I'd be all over that project...

http://www.xilinx.com/support/documentation/white_papers/wp426-zynq-7000-secure-boot.pdf


I will comment, having been involved in the whole TPM thing in the IETF, 
and in private research, that since there's no way to guarantee correctness,
  no amount of digitally-signing chains of stuff-we-can't-trust is 
going to help you.  If you think that you have achieved "security" that 
way, against
  an adversary who has the device in his/her hands, then you are in a 
state of sin.  Cryptography cannot help you here.  You're running up against
  the halting problem.  A machine that "attests" at time (t) that it is 
notionally "secure" could be notionally cracked all to heck at time(t+1).


Until *significant* swaths of software can be automatically "proven to 
be correct", then none of this "layered attestation" nonsense makes any 
sense.


IMHO, of course, etc, etc, etc.



___
Discuss-gnuradio mailing list
Discuss-gnuradio@gnu.org
https://lists.gnu.org/mailman/listinfo/discuss-gnuradio

Re: [Discuss-gnuradio] USRP Structure

[mleech]

 

Since most SDRs out there have fully reconfigurable-by-the-end-user FPGA
and firmware images, I don't think the notion of "compromise"
 has much meaning in this context, further because access to the devices
is freely available to ordinary user-level processes, they can ask the
radio to do whatever they want. 

Most SDRs that we discuss here are used in R, and only a very few in
"services" where type-acceptance is required. Presumably, in the
fullness of time, getting type acceptance would require the integrator
to demonstrate some kind of "protection" for the radio. But SDRs as we
know them here are just "dumb" components. It's a bit like asking a
mixer or RF amplifier or synthesizer to "tamper-proof itself". 

My personal opinion is that asking general-purpose hardware to enforce
some arbitrary notion of regulatory compliance in this area is silly,
unproductive, and ultimately doomed to failure, quite apart from the
wide-reaching implications for the industry in general. 

My "day job" is at a company where we "tamper proof" software on
general-purpose computers at the behest of the Media Industry. It
amounts to building perpetual-motion machines--it cannot be done in the
strictest theoretical sense. In a practical sense, you can keep the 
casually-curious out of your "stack", but you cannot protect against the
determined--they have infinite access to the hardware and software, and
will eventually find a way around any "safeguards" you put in place. So,
in the first instance, the "lockdown" software is utterly unnecessary,
and in the second instance, it is woefully inadequate... 

On 2015-09-09 14:51, Logan Wu wrote: 

> Hello,
> 
> Recently I read a paper on cognitive radio security (Secure
> reconfiguration of software-defined radio). It highlights that the
> operating system of cognitive radio node may be compromised as the
> malware can exploit software vulnerabilities. I am wondering if the FPGA
> and firmware are part of the OS? And can they be compromised during
> runtime by malware?
> 
> Thank you,
> Logan
 ___
Discuss-gnuradio mailing list
Discuss-gnuradio@gnu.org
https://lists.gnu.org/mailman/listinfo/discuss-gnuradio

[Discuss-gnuradio] USRP Structure

[Logan Wu]

Hello,

Recently I read a paper on cognitive radio security (Secure
reconfiguration of software-defined radio). It highlights that the
operating system of cognitive radio node may be compromised as the
malware can exploit software vulnerabilities. I am wondering if the FPGA
and firmware are part of the OS? And can they be compromised during
runtime by malware?

Thank you,
Logan

-- 
Posted via http://www.ruby-forum.com/.

___
Discuss-gnuradio mailing list
Discuss-gnuradio@gnu.org
https://lists.gnu.org/mailman/listinfo/discuss-gnuradio