Explore the limitations of open source hardware in solving trust problems and learn about potential solutions in this conference talk from the 36th Chaos Communication Congress. Delve into the time-of-check/time-of-use (TOCTOU) problem in hardware security, examining supply chain vulnerabilities and various types of hardware implants. Discover approaches to close the TOCTOU gap, including the Betrusted project, an open source mobile communications platform designed to enhance trust and security. Gain insights into the trade-offs between system complexity and user verification, and understand why open source alone is insufficient for ensuring hardware trustworthiness. Consider the implications for high-risk individuals and the potential for developing more secure open platforms.
Overview
Syllabus
36C3 - Open Source is Insufficient to Solve Trust Problems in Hardware
Taught by
media.ccc.de
Related Courses
-
HAL - The Open-Source Hardware Analyzer
-
Linux on Open Source Hardware with Open Source Chip Design
-
Understanding Trust and Security Processes in the Open Source Software Ecosystem
-
TOCTOU Attacks Against Secure Boot and BootGuard
-
Securing the Open Source Software Supply Chain
-
A More Open Trust Protocol - Leveraging Hardware-Backed Security for IoT
