Questions tagged [tamper-resistance]
The tamper-resistance tag has no summary.
35 questions
43
votes
2
answers
8k
views
How can it be easy to write but "impossible" to extract the private key from a crypto token?
A number of crypto-dongles make the claim that it is impossible to extract the stored private key once written.
Yubico:
The YubiKey AES Key information can never be extracted from a YubiKey
...
- 623
37
votes
8
answers
8k
views
How to know whether a textfile has been edited or tampered with?
Is it possible to know whether a textfile, e.g. in XML format, has been edited or tampered with over time?
The context to my question follows:
I am a scientist in industry using a technology called ...
- 497
18
votes
6
answers
4k
views
Mitigating forensic memory acquisition when an attacker has physical access to a workstation
My question regards whether or not the mitigations I use are appropriate for my threat model. Please don't jump to conclusions and say "you need to use locks" or "you can't leave your computer ...
- 67.9k
14
votes
2
answers
2k
views
Securing a Laptop from a Foreign Intelligence Agency
What would be the best practices for securing a single-purpose Windows laptop against a determined foreign intelligence agency from tampering with data on the machine? The machine would be used ...
- 243
12
votes
3
answers
4k
views
Is there any Linux distro or kernel patch that wipes a process memory space after the process exits?
An application runs on an embedded battery-powered PC, accessible to some restricted public, that stores secrets in RAM. To prevent cold boot attacks and that the PC is stolen to extract its secrets, ...
- 223
9
votes
2
answers
3k
views
How does one evaluate tamper-resistant envelopes/packaging?
In contrast to digital cryptographic algorithms and protocols where many qualified high-IQ individuals dig into the details and specifics, physical tamper resistance for low-tech packages is not ...
- 5,368
9
votes
1
answer
455
views
Physical security - responsible disclosure
I recently discovered a way to bypass a commonly used security seal system, requiring no special equipment and taking only a matter of seconds. I feel obliged to disclose this, so as to avoid the ...
- 2,081
8
votes
4
answers
1k
views
Must a system be insecure against physical access? If so, why?
Inspired by: Why don't OSes protect against untrusted USB keyboards?
Related: What can a hacker do when he has physical access to a system? (I address the points of its main answers below.)
There ...
- 2,947
5
votes
3
answers
3k
views
Tamper proof hardware - not resistant
Can you make a TPM (or any piece of hardware) Completely tamper-proof?
The “regular” tamper resistant hardware has various physical attacks http://www.milinda-perera.com/pdf/EKKLP12a.pdf
I have been ...
- 51
5
votes
1
answer
1k
views
What use does a TPM have for accurate timekeeping?
I stumbled across this image and something immediately stood out to me. This is a photograph of a discrete TPM card. That silver cylinder on the left is a crystal oscillator, used to tell time with ...
- 67.9k
4
votes
2
answers
5k
views
Protecting hidden form fields
The scenario is as follows:
An application has a web interface through which data can be configured.
The data to consider for this question is Users with a many-to-many relationship with Groups.
Each ...
- 103
4
votes
4
answers
649
views
What advantage do hardware tamper-resistance provide in HSM?
Roughly speaking HSM is supposed to ingest or generate some secret material (key) and then never export them through the command interface. The keys can only be used according to their configured ...
- 41
4
votes
1
answer
123
views
safely changing distribution, is there a strategy to get an distro iso image untampered?
I can check that an Ubuntu iso file is indeed untampered using the public keys already present and trusted in my Ubuntu system.
Now I want to switch from Ubuntu to Arch and I wonder how I can start ...
- 1,472
3
votes
2
answers
7k
views
How do you keep someone from changing hidden values in an HTML form?
If I have an HTML form, and it has hidden inputs for ID numbers and the like (so I know the id key of of table x to update), how can I secure it so the person can't just change it and screw up ...
- 651
3
votes
5
answers
3k
views
Prove log files weren't tampered with?
Say I have some Apache logs that show brute force attempts on a login page. I've singled out the IP, and found out who the culprit was. How can I show to a third party that I didn't makeup the entries ...
- 33