Magnesium-bulb Analogue Memory add-on to the Tamper-evident box
You never know if your MCU itself has been tampered with on a hardware level - you can never trust it 100%. Obsolete analogue technology comes in to rescue again - Eve can surely recover info from internal SRAM after power-down, so why not try the same with burnt ashes of paper or a cassette tape?
The Tamper-evident Paper-mail Box will surely warn Bob if it has been opened by Eve along the way - because Eve won't be able to restore codes in MCU's SRAM and the state of the travel timer (also in SRAM) after it is all zeorized. Codes in SRAM are bit-wise inverted every two seconds - so we did everything to avoid residual burn-in on SRAM cells..
Alice and Bob are fully secure now - or maybe... Eve won't be able to recover and restore the SRAM,- unless Mallory steps in beforehand! All she actually has to do is to plant a pre-rigged variant of ATmega328P to Alice's mailbox the next time Alice makes an order from RS!
Unless Alice has access to very high-end lab equipment, she can't know if her ATM328P is original or tampered variant. Take a look here and you will see that Mallory can add hardware backdoors without even changing the MCU silicon dye microcircuit blueprints! She can actually do it solely by manipulating dopant levels, leaving the microcircuits look intact, even to Alice's super-microscope!.
So Alice and Bob better stop spying low-profile on DIY budget and seek employment at some major 3-letter agency or... Maybe they still stand some chance if they redesign the papermail box to operate with East German cold war clone of Zilog Z80 ("Ux880D" by VEB Mikroelektronik "Karl Marx" from Erfurt) - they can reasonably presume that they were not pre-rigged by STASI simply because it was way too expensive to pull off in mid-1980s even for them. This would, however, work only if Alice has already kept a stash of U880s since 1980s, securely stored in her safe. "ZMC" project here:
https://www.elektormagazine.com/labs/crypto-dev-shield-for-zmc-zilog-z80-system-1
may be a good starting point, but this is definitely very impractical for this purpose :)
Well, they still have a chance to continue their low-budget operations, thanks to this circuit! It will work both against general-purpose and application-specific hardware Trojans, still on a shoestring budget. Firing the magnesium photo-flash bulb will burn a piece of cassette tape or thin paper wrapped around it, so the information on it (i.e. an additional response code) can't be recovered by Eve after she opens the box.
See the videos below. Note how the sheet of paper with the schematic printed on it below the flash bulb does not catch fire.
Alice and Bob are fully secure now - or maybe... Eve won't be able to recover and restore the SRAM,- unless Mallory steps in beforehand! All she actually has to do is to plant a pre-rigged variant of ATmega328P to Alice's mailbox the next time Alice makes an order from RS!
Unless Alice has access to very high-end lab equipment, she can't know if her ATM328P is original or tampered variant. Take a look here and you will see that Mallory can add hardware backdoors without even changing the MCU silicon dye microcircuit blueprints! She can actually do it solely by manipulating dopant levels, leaving the microcircuits look intact, even to Alice's super-microscope!.
So Alice and Bob better stop spying low-profile on DIY budget and seek employment at some major 3-letter agency or... Maybe they still stand some chance if they redesign the papermail box to operate with East German cold war clone of Zilog Z80 ("Ux880D" by VEB Mikroelektronik "Karl Marx" from Erfurt) - they can reasonably presume that they were not pre-rigged by STASI simply because it was way too expensive to pull off in mid-1980s even for them. This would, however, work only if Alice has already kept a stash of U880s since 1980s, securely stored in her safe. "ZMC" project here:
https://www.elektormagazine.com/labs/crypto-dev-shield-for-zmc-zilog-z80-system-1
may be a good starting point, but this is definitely very impractical for this purpose :)
Well, they still have a chance to continue their low-budget operations, thanks to this circuit! It will work both against general-purpose and application-specific hardware Trojans, still on a shoestring budget. Firing the magnesium photo-flash bulb will burn a piece of cassette tape or thin paper wrapped around it, so the information on it (i.e. an additional response code) can't be recovered by Eve after she opens the box.
See the videos below. Note how the sheet of paper with the schematic printed on it below the flash bulb does not catch fire.
Updates vom Autor