Questions tagged [tamper-resistance]
The tamper-resistance tag has no summary.
35 questions
4
votes
4
answers
649
views
What advantage do hardware tamper-resistance provide in HSM?
Roughly speaking HSM is supposed to ingest or generate some secret material (key) and then never export them through the command interface. The keys can only be used according to their configured ...
- 41
0
votes
2
answers
643
views
Is encrypting a query parameter within a URI a security best practice?
Assumption a customer is sitting in a public area connected to a public wifi. A threat actor can access the customer's browser and read all Javascript variables.
Step 1. example.com server sends the ...
- 309
1
vote
1
answer
195
views
Since JTAG can be authenticated and encrypted, which key is used? I read that Secure Boot is used, but what is the key?
Since JTAG can be authenticated and encrypted, which key is used? I read that Secure Boot is used, but what is the key? Me, owner of this laptop, how can I know the key to use to access my own laptop ...
- 547
0
votes
1
answer
799
views
Preventing Windows from seeing/tampering with linux drive
Is there a way to prevent a Windows 10/11 system to access/modify/delete data from a secondary linux drive?
I understand I can encrypt the linux drive, but wouldn't the windows system be still able to ...
- 1
37
votes
8
answers
8k
views
How to know whether a textfile has been edited or tampered with?
Is it possible to know whether a textfile, e.g. in XML format, has been edited or tampered with over time?
The context to my question follows:
I am a scientist in industry using a technology called ...
- 497
0
votes
0
answers
261
views
How smart cards store their secrets? [duplicate]
How smart cards technically store their secrets?
I know smart card is whole computer on chip and it respond only to challenges. I know their software/firmware doesn't allow (it doesn't have the ...
- 1
12
votes
3
answers
4k
views
Is there any Linux distro or kernel patch that wipes a process memory space after the process exits?
An application runs on an embedded battery-powered PC, accessible to some restricted public, that stores secrets in RAM. To prevent cold boot attacks and that the PC is stolen to extract its secrets, ...
- 223
43
votes
2
answers
8k
views
How can it be easy to write but "impossible" to extract the private key from a crypto token?
A number of crypto-dongles make the claim that it is impossible to extract the stored private key once written.
Yubico:
The YubiKey AES Key information can never be extracted from a YubiKey
...
- 623
14
votes
2
answers
2k
views
Securing a Laptop from a Foreign Intelligence Agency
What would be the best practices for securing a single-purpose Windows laptop against a determined foreign intelligence agency from tampering with data on the machine? The machine would be used ...
- 243
1
vote
2
answers
1k
views
Tactics to ensure payload has not been modified
When sending a request (POST, PUT, etc). I have a security requirement to ensure that the data in the payload has not been tampered with.
In other words I need to know with certainty that the data ...
- 211
3
votes
2
answers
528
views
Is the Ethereum blockchain truly a tamper-proof way to deploy distributed applications?
The Ethereum website says that it provides a "cryptographically secure, decentralized, tamper-proof network" on which applications written in the Solidity contract language could be deployed. (https://...
- 89
0
votes
1
answer
191
views
Preventing printed data interception using origami or other technique?
Suppose I want to print a human readable 10 digit serial using ordinary day today printer but the printer is communal printer and manned. My intention is for the person manning the printer to not read ...
- 101
3
votes
2
answers
7k
views
How do you keep someone from changing hidden values in an HTML form?
If I have an HTML form, and it has hidden inputs for ID numbers and the like (so I know the id key of of table x to update), how can I secure it so the person can't just change it and screw up ...
- 651
2
votes
1
answer
3k
views
Is the security seal on samsung phones proof that the phone has not been tampered with?
Samsung phones come with a security seal that says you should not buy the phone if it is broken. Is this proof that no one has tampered with the phone?
Is there some way to take off the seal and ...
- 261
3
votes
5
answers
3k
views
Prove log files weren't tampered with?
Say I have some Apache logs that show brute force attempts on a login page. I've singled out the IP, and found out who the culprit was. How can I show to a third party that I didn't makeup the entries ...
- 33