I see reincarnation of «security through obscurity» thesis. It has been discussed for years, from first breaking of «closed» crypto and still is sometimes being revived by vendors. ;)
The underlying idea of this movement is quite clear, AFAIS, to «close» not the device itself, but market. Happy hunting for Yubikey guys. ;) dol@ > 17 сент. 2017 г., в 16:40, Antoine Beaupré <l...@anarc.at> написал(а): > > Hi, > > I'm writing a review of OpenPGP keycards (yubikey, FST-01, Nitrokey, > etc) for LWN.net and one of the things I need to cover is the question > of the "closing" of the Yubikey 4, switching from a partially closed to > a fully-closed model. Their rationale is explained here: > > https://www.yubico.com/2016/05/secure-hardware-vs-open-source/ > > In particular, I find this paragraph interesting: > >> Given these developments, we, as a product company, have taken a clear >> stand against implementations based on off-the-shelf components and >> further believe that something like a commercial-grade AVR or ARM >> controller is unfit to be used in a security product. In most cases, >> these controllers are easy to attack, from breaking in via a >> debug/JTAG/TAP port to probing memory contents. Various forms of fault >> injection and side-channel analysis are possible, sometimes allowing >> for a complete key recovery in a shockingly short period of time. In >> this specific context (fault injection and side-channel analysis), an >> open source strategy would provide little or no remedy to a serious >> and growing industry problem. One could say it actually works the >> other way. In fact, the attacker’s job becomes much easier as the code >> to attack is fully known and the attacker owns the hardware >> freely. Without any built-in security countermeasures, the attacker >> can fully profile the behavior in a way that is impossible with a >> secure chip. > > In effect, this is a reasonable point: open hardware *may* just be more > vulnerable to such attacks than a "secure chips" (whatever that > means). Now, I personally feel this argument isn't so great: you just > shift the trust into proprietary hardware, and you have no garantees > that is doing anything you actually need it to do - I think I have > plenty of resources to articulate that fundamental free vs closed design > argument on my own. > > However, I wonder if there is a less theoritical argument to be > made. For example, I notice that in the 3G design here: > > https://trac.cryptech.is/wiki/Hardware > > There is a "tamper detection" chip that I guess is designed to work > around physical tampering? Is that something that could address the > concerns of the Yubico people above? Or is this just protection against > physical tampering? > > I guess another way to ask the question is: how exactly does that > "secure hardware" work that it makes it so attractive to the Yubico > people? Why can't that be implemented in an open design? Yubico seem to > say there are no "major players" providing such a chip design - but > couldn't such a system be designed with multiple commodity hardware > components without putting all the trust in a single chip? > > Is that what the Cryptech designs are trying to do? > > Thanks for any comments or feedback, > > A. > > -- > Antoine Beaupré > LWN.net > _______________________________________________ > Tech mailing list > Tech@cryptech.is > https://lists.cryptech.is/listinfo/tech
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
