Hardware YOU can (Audit and then) Trust presented at Troopers 2015

by Benedikt Stockebrand,

Summary : While it is long known to the security community that attacks against hardware are among the hardest threats to deal with, some work is under way to create cryptographic hardware that is designed to be difficult to subvert in real world scenarios. While it remains true that an attacker with unlimited resources can't be stopped, the IT industry has for decades made large scale "sweeping" attacks ridiculously easy for "intelligence" agencies and other entities alike. But stopping to ask "how can we prevent this technically" -which we can't anyway - and starting to ask "how can we make this so expensive that it isn't affordable even to THEM" is a change in strategy which is both promising and long overdue. Both the speaker's personal pet project, a cryptographically secure hardware random number generator, and the much larger Cryptech project aiming to build a full-blown hardware security module (HSM), have already provided exciting insight into the possiblities and limitations of these approaches.