User avatar
SN
Posts: 1014
Joined: Mon Feb 13, 2012 8:06 pm
Location: Romiley, UK
Contact: Website

Re: Tamperproof Pi

Mon Mar 19, 2012 3:35 pm

One can forsee, ahem, applications where the raspi could be contributing logic to something that either a) must not be tampered with or b) contains proprietary algorithms whereby the raspi would need to eminate (cue Mission Impossible music) "This device will self destruct in five seconds…"

I suppose a combination of small speaker, a decent battery backup to the power source plus simple microswitch hooked into the GPIO would make this possible when combined with some fancy code.which would allow it to utter the famous words before committing hari kari…

Again I'm sure it isn't hard to apply 'frying' logic with a few components…
Steve N – binatone mk4->intellivision->zx81->spectrum->cbm64->cpc6128->520stfm->pc->raspi ?

rmm200
Posts: 259
Joined: Sat Mar 03, 2012 10:25 pm

Re: Tamperproof Pi

Mon Mar 19, 2012 3:52 pm

The RaspberryPi board is not capable of including proprietary algorithms, except those in Broadcom firmware. Your goal would be achieved by destroying any attached memory devices.

User avatar
ArborealSeer
Posts: 300
Joined: Tue Jan 24, 2012 9:48 am
Location: South West, UK

Re: Tamperproof Pi

Mon Mar 19, 2012 4:39 pm

or you use another method to enclose the pi that would mean it is destroyed if you mess with it.. kind of like those security tags used in shops and the like..
Pi Status > Farnell, Arrived 24/5- RS, Arrived 1/6

Ravenous
Posts: 1956
Joined: Fri Feb 24, 2012 1:01 pm
Location: UK

Re: Tamperproof Pi

Mon Mar 19, 2012 5:07 pm

Put in a large battery of Ni-Cads wired to fry all the electronics, including the SD card.  (Maybe.  Actually you'd only need to fry the storage itself, perhaps...)

Actually I saw one rack mounted device (of a financial services nature) that had the case edges covered with seals, an old fashioned physical method which at least warns you that the contractor has been tampering with it...

It you need ultra security then a RAM-only machine with a self contained battery, that must never be allowed to go flat, any tampering disconnects the power and it loses its memory.  Totally non-destructive, but you'd need to install it by hand ane ensure it's left powered up and charged.

(All just guesses, depends on the secrecy you need.)

tufty
Posts: 1456
Joined: Sun Sep 11, 2011 2:32 pm

Re: Tamperproof Pi

Mon Mar 19, 2012 5:18 pm

Istr reading about ram-sniffing to extract decrypted auth tokens a while back. Iirc, ram can still be read with a fairly high amount of certainty after a number of minutes of poweroff.

Here you go : http://tdistler.com/2008/02/21.....-power-off

SeanD
Posts: 121
Joined: Wed Sep 21, 2011 12:25 am
Contact: Website

Re: Tamperproof Pi

Mon Mar 19, 2012 7:21 pm

tufty said:


Istr reading about ram-sniffing to extract decrypted auth tokens a while back. Iirc, ram can still be read with a fairly high amount of certainty after a number of minutes of poweroff.

Here you go : http://tdistler.com/2008/02/21.....-power-off


Yes to do this properly you would either have to go with physical destruction or leverage overwrite techniques which can be time consuming "This device will self destruct in 20 minutes and counting ...."

Adding a secure element to hold the keys and running everything encrypted with some obfuscation, plus RAM re-writing could probably get you a long way, but at the end of the day anything that has an IP connection could have a vulnerability which enables exploitation so that is your real weak spot.

If the processor supported TrustZone then I would leverage the TEE for my algorithms, but I think I have seen somewhere that they do not and if they did I am not sure how the foundation would be able to work with a fee based TSM such as Gemalto or G&D.

Kernel
Posts: 395
Joined: Sat Mar 03, 2012 12:53 pm

Re: Tamperproof Pi

Mon Mar 19, 2012 7:40 pm

SN said:

which would allow it to utter the famous words before committing hari kari…
Eben or Liz could provide the recordings!

daveslee
Posts: 2
Joined: Tue Jan 10, 2012 9:05 am

Re: Tamperproof Pi

Mon Mar 19, 2012 7:40 pm


Ravenous said:

Actually I saw one rack mounted device (of a financial services nature) that had the case edges covered with seals, an old fashioned physical method which at least warns you that the contractor has been tampering with it…



Well the best form of security, after making sure there are no connections to external networks and the like is restricting physical access. They say that the most secure server is the one turned off, disconnected and inside a block of concrete. The Raspberry Pi Model A is going to be sufficiently cheap as to be considered by me as an "embedded processor" like a PIC. It is fanless so in a semi-secure embedded application I'll be going with the traditional – expose only the electrical connections needed for the application at hand and then liberal applications of black expoy potting compound to form a monolithic brick. If you really want my code *that* badly then either ask me (and I'll license you) or you will need the concentrated nitric acid and destructive dissassembly…

Brings back the heady days of scalpelling off all the 74LS chip numbers so everything on the board was anonymous 14 pin DIL, soldering everything direct (no sockets) after bending the legs on the solder side of the board once through the holes to make desoldering and removal shall we say "tricky" and sneaky track butchery on double sided boards hiding critical stuff underneath some of the chips and including tracks and vias that did absolutley nothing other than obfuscate the situation. Oh yes, don't forget to cross over a few of the data lines on the EPROMS so that reading the contents of them in a conventional programmer gives rather the wrong results. For added bonus points juggle the address lines too.

Happy days and miss-spent youth…

Harrkev
Posts: 22
Joined: Mon Feb 27, 2012 4:56 pm

Re: Tamperproof Pi

Mon Mar 19, 2012 8:53 pm

daveslee said:


... and then liberal applications of black expoy potting compound to form a monolithic brick...


Hmmm.  I know the pi only dissipates a few watts, but I am not sure about encasing it in a nice cozy winter blanket.  Could be thermal problems when surrounded by potting compound.

XAPBob
Posts: 91
Joined: Tue Jan 03, 2012 2:40 pm

Re: Tamperproof Pi

Mon Mar 19, 2012 9:20 pm

IIRC the problem would be thermal expansion - the epoxy would likely rip some components off the board as the board would move just a little more than the epoxy as heated by a few degrees.

SeanD
Posts: 121
Joined: Wed Sep 21, 2011 12:25 am
Contact: Website

Re: Tamperproof Pi

Mon Mar 19, 2012 10:25 pm

XAPBob said:


IIRC the problem would be thermal expansion - the epoxy would likely rip some components off the board as the board would move just a little more than the epoxy as heated by a few degrees.


I recall that potting has been discussed before and is very likely to be un-successful on the Pi due to the thermal spec of certain components.

@daveslee your comments brought back happy memories of my youth too although on the other end.  In one case trying to fix a very bespoke lighting desk hours before a gig.  This thing was part of a rig that had been brought in by a festival headline act, and their crew were having horrible problems with it.  So we opened it up and found all of the stuff you describe, but we had one advantage.  The PCB was autographed by the guy who made it. Name, signature and contact details.  The guy was half an hour down the road and one of my guys new him.  Car was dispatched.

Bloke turned up.  Took one look at the desk and uttered the term "oh f*ck, I hoped I would never see that one again.".  Turned out he had custom built the thing whilst on something of a bender. However a dope induced paranoia attack had induced him to scrape off the surfaces of all the ICs (his SOP) but before he had (a) written down what they were and (b) burned all of his designs and (c) remembered that the customer was also buying the rights to the design.  This explained why the half dozen or so pages of schematics we found taped to the inside of the cabinet showed very little resemblance to to what we found on the board itself.

However after the band's tour manager explained how using his massive luggable cell phone he could make a few calls and have some guys come and do so really nasty things to the guy he was like some kind of dervish with a logic probe.  Found the problem and managed to create some workable documentation, plus not only keep use of his legs but got a breakfast and a ride home the next day.

Return to “General discussion”