Integrity checking NANOBSD images
Brett Glass
brett at lariat.net
Sun Jul 30 23:09:28 UTC 2006
At 03:22 PM 7/11/2006, Jonathan M Bresler wrote:
>If the box is subject to tampering and not in a tamper-proof container,
>then it may be impossible to know whether or not the device has been
>tampered with or modified.
It's true. Any attacker with sufficient knowledge of what you were doing and sufficient motivation could spoof the correct response. And of course relying upon the attacker not knowing what you're doing is "security by obscurity," which often works but might not provide the level of confidence you want.
It occurs to me that there are two ways to deal with this sort of problem.
One way is to make it unrewarding for the attacker to hack the boxes.
The other is to make it too logistically difficult for the attacker to bother.
For example, you could have two or more boxes in the same area checking one another in a sort of "tag team" arrangement. The communications links from all of them back to you might be slow, but the links between them could be lightning fast. If something odd happened (e.g. one of them suddenly did not respond or acted funny even for a millisecond) one or more of them could sound the alarm. The expense and difficulty of hacking them all simultaneously would go up exponentially with the number of "team mates."
--Brett Glass
More information about the freebsd-security
mailing list