IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [tamper-resistance]

31 questions
41
votes
2 answers

How can it be easy to write but "impossible" to extract the private key from a crypto token?

A number of crypto-dongles make the claim that it is impossible to extract the stored private key once written. Yubico: The YubiKey AES Key information can never be extracted from a YubiKey device – only programmed to it. Nitrokey: Other than…
Praxeolitic
  • 603
  • 6
  • 11
38
votes
8 answers

How to know whether a textfile has been edited or tampered with?

Is it possible to know whether a textfile, e.g. in XML format, has been edited or tampered with over time? The context to my question follows: I am a scientist in industry using a technology called 'mass spectrometry (MS)'. MS is an analytical…
Drew Gibson
  • 507
  • 4
  • 6
16
votes
6 answers

Mitigating forensic memory acquisition when an attacker has physical access to a workstation

My question regards whether or not the mitigations I use are appropriate for my threat model. Please don't jump to conclusions and say "you need to use locks" or "you can't leave your computer unattended" without first reading at least my threat…
forest
  • 64,616
  • 20
  • 206
  • 257
14
votes
2 answers

Securing a Laptop from a Foreign Intelligence Agency

What would be the best practices for securing a single-purpose Windows laptop against a determined foreign intelligence agency from tampering with data on the machine? The machine would be used several times per year by two individuals who…
RogerMKE
  • 243
  • 1
  • 5
12
votes
2 answers

Is there any Linux distro or kernel patch that wipes a process memory space after the process exits?

An application runs on an embedded battery-powered PC, accessible to some restricted public, that stores secrets in RAM. To prevent cold boot attacks and that the PC is stolen to extract its secrets, it has temper-proof sensors. If tampering is…
SDL
  • 223
  • 2
  • 5
9
votes
1 answer

Physical security - responsible disclosure

I recently discovered a way to bypass a commonly used security seal system, requiring no special equipment and taking only a matter of seconds. I feel obliged to disclose this, so as to avoid the possibility of users of that seal system harbouring a…
sampablokuper
  • 1,961
  • 1
  • 19
  • 33
9
votes
2 answers

How does one evaluate tamper-resistant envelopes/packaging?

In contrast to digital cryptographic algorithms and protocols where many qualified high-IQ individuals dig into the details and specifics, physical tamper resistance for low-tech packages is not pentested as much. There are some folks out there who…
Deer Hunter
  • 5,297
  • 5
  • 33
  • 50
8
votes
4 answers

Must a system be insecure against physical access? If so, why?

Inspired by: Why don't OSes protect against untrusted USB keyboards? Related: What can a hacker do when he has physical access to a system? (I address the points of its main answers below.) There seems to be an old adage "if the bad guy gets…
PyRulez
  • 2,937
  • 4
  • 15
  • 29
5
votes
1 answer

What use does a TPM have for accurate timekeeping?

I stumbled across this image and something immediately stood out to me. This is a photograph of a discrete TPM card. That silver cylinder on the left is a crystal oscillator, used to tell time with very high precision. At first I thought it must be…
forest
  • 64,616
  • 20
  • 206
  • 257
4
votes
3 answers

Tamper proof hardware - not resistant

Can you make a TPM (or any piece of hardware) Completely tamper-proof? The “regular” tamper resistant hardware has various physical attacks http://www.milinda-perera.com/pdf/EKKLP12a.pdf I have been told that conducting-, air-tight-, pressurised-…
user3711518
  • 41
  • 4
4
votes
1 answer

safely changing distribution, is there a strategy to get an distro iso image untampered?

I can check that an Ubuntu iso file is indeed untampered using the public keys already present and trusted in my Ubuntu system. Now I want to switch from Ubuntu to Arch and I wonder how I can start trusting that the image downloaded for setting up…
humanityANDpeace
  • 1,412
  • 1
  • 12
  • 24
4
votes
2 answers

Protecting hidden form fields

The scenario is as follows: An application has a web interface through which data can be configured. The data to consider for this question is Users with a many-to-many relationship with Groups. Each Group has one or more Admin Users. Multiple…
user3337410
  • 103
  • 1
  • 7
3
votes
2 answers

How do you keep someone from changing hidden values in an HTML form?

If I have an HTML form, and it has hidden inputs for ID numbers and the like (so I know the id key of of table x to update), how can I secure it so the person can't just change it and screw up database entries? I have a modal bootstrap "popup," for…
johnny
  • 641
  • 1
  • 7
  • 13
2
votes
3 answers

is there a way to indirectly uncharge rapidly a coin cell to defeat an anti tampering mechanism?

An anti tampering mechanism of a device relay on detect tampering mechanism when the device is powered down using the energy provided internally by a coin cell. Is there a way to uncharge rapidly a coin cell contained in a device without having…
boos
  • 1,066
  • 2
  • 10
  • 21
2
votes
1 answer

Tamper Protected VS. Tamper Proof for write-protected memories

I read in the answer here by Marcus that ROM is Tamper-proof. What is the difference between tamper-proof, tamper protected and tamper-resistant? Now, there are some re-writable memory (eg. eNVM) that can be configured to have some of its pages as…
Lavender
  • 259
  • 1
  • 9
1
2 3