182 lines
10 KiB
Markdown
182 lines
10 KiB
Markdown
|
# Tamper Evidence Methods
|
||
|
|
||
|
There are different methods which can be used to ensure that objects have not been tampered between uses. This is especially relevant for equipment such as laptops. Each method comes with tradeoffs, and in the context of high assurance security it is instrumental to understand the tradeoffs in order to achieve an adequate level of confidence that supplies such as computers used for high risk operations retain their integrity.
|
||
|
|
||
|
There are a number of common methods which appear to provide a reasonable level of tamper evidence, but in fact do not. It is worth noting a few examples of these such as using tamper evident tape, or even glitter if done improperly. This document will focus on illustrating adequate methods, rather than enumerating ones that are inadequate.
|
||
|
|
||
|
## Properties
|
||
|
|
||
|
Tamper evident methods need to be:
|
||
|
|
||
|
* Difficult to circumvent
|
||
|
|
||
|
* Simple to set up
|
||
|
|
||
|
* Simple to verify
|
||
|
|
||
|
There are three reasonably secure methods which have been identified and are explored in this document that can be used in different contexts:
|
||
|
|
||
|
* Vacuum sealed bags along with colored filler
|
||
|
|
||
|
* Glitter on screws
|
||
|
|
||
|
* Heads / Pureboot for secure boot
|
||
|
|
||
|
## Vacuum Sealed Bags With Filler
|
||
|
|
||
|
One of the most reliable methods for ensuring tamper evidence relies on the randomness and difficulty of placing small objects henceforth referred to as "filler" (colored rice, lentils, confetti) in a transparent bag to encase an object which is then vacuum sealed. By placing an object in a transparent, vacuum sealable bag and surrounding it with filler, an arrangement of the colored objects around the object in the bag can be achieved which is difficult to reproduce. Upon sealing the object in this manner, photos can be taken to use as a reference once the object is accessed again.
|
||
|
|
||
|
### Threat Model
|
||
|
|
||
|
There are no known attacks for this type of tamper proofing method when executed properly. The main sources of risk stem from consistent and repeatable photography and comparison of photographs to ensure that any changes can be detected.
|
||
|
|
||
|
The reason this method is effective is because unlike with many other methods that tamper proof a specific part of an object, such as applying glitter to screws which leaves device ports exposed, or using cryptographic signing to verify the hardware has not been modified, still leaving the door to physical modifications, vacuum sealing with colored filler encases the entire object in a tamper evident manner.
|
||
|
|
||
|
### Adequate Filler
|
||
|
|
||
|
To achieve the best level of randomness and difficulty of reproducing the arrangement of filler in a vacuum sealed bag, a variety of beads of different sizes and color should be used.
|
||
|
|
||
|
### Additional Considerations
|
||
|
|
||
|
* This strategy may be layered, for example if one chooses to apply it to a hardware token, the sealed hardware token can be placed inside of a bigger bag, along with a laptop.
|
||
|
|
||
|
* A similar method can be used but with a bin that the object is placed into. The main disadvantage here is that this type of tamper proofing is not resistant to seismic activity, air movement, or other sourced of vibration which could shift filler around.
|
||
|
|
||
|
### Procedure
|
||
|
|
||
|
#### Requirements
|
||
|
|
||
|
* Vacuum sealer
|
||
|
* Sealing bags of standard size objects which need to be protected can fit in. The bags should be perfectly see through, rather than with writing or any irregularities in the plastic which can obfuscate the view of the inside of the bag.
|
||
|
* Variety of beads of different sizes and colors
|
||
|
|
||
|
#### Sealing
|
||
|
|
||
|
1. Insert object into plastic bag
|
||
|
2. Fill bag with enough plastic beads that all of the object is surrounded
|
||
|
3. Use vacuum sealer to remove air from the bag until the beads are no longer able to move
|
||
|
4. Use the [Tamper Proofing Station](#tamper-proofing-station) to take a photograph of both sides of the sealed object using both the digital and polaroid camera
|
||
|
5. Take the SD card to an online connected device and commit the photograph to a repository, ensuring the commit is signed
|
||
|
|
||
|
#### Unsealing
|
||
|
1. Retrieve photographs which were taken of the sealed object and print them out, one copy for each operator
|
||
|
2. Use the photographs and compare them to the sealed object, ensuring the arrangement of the filler in the sealed bag is the same on both sides of the object
|
||
|
3. If there is no noticeable difference, proceed with unsealing the object, otherwise initiate an incident response process.
|
||
|
|
||
|
## Glitter on Screws
|
||
|
|
||
|
Glitter can be used as an additional control to provide tamper evidence on specific parts of hardware such as laptop screws - in case an adversary attempts to open the laptop and introduce a malicious chip, antenna or otherwise. While glitter allows to detect physical tampering of the hardware, it does not provide tamper evidence of the firmware and software that runs on the computer, and as such is not sufficient for adequate tamper proofing of laptops on its own.
|
||
|
|
||
|
### Procedure
|
||
|
|
||
|
#### Requirements
|
||
|
|
||
|
* 2 or 3 different types of glitter, ideally with small and large pieces of glitter of different colors
|
||
|
|
||
|
#### Sealing
|
||
|
|
||
|
1. Clean the surface the glitter will be applied to
|
||
|
|
||
|
2. Apply a thin layer of the first type of glitter
|
||
|
|
||
|
3. Wait for it to dry
|
||
|
|
||
|
4. Repeat steps 2, 3 with the different types of glitter being used
|
||
|
|
||
|
5. Take a photograph of the laptop, preferably using the [tamper proofing station](TODO)
|
||
|
|
||
|
#### Verification
|
||
|
|
||
|
There is no "unsealing" procedure as the glitter used on screws, or in other similar contexts is meant as a more permanent control. As such the primary action that's performed is the verification of the integrity of the tamper proofing seal.
|
||
|
|
||
|
To verify that the seal has not been tampered, compare the glitter arrangement to a photograph which had been previously signed and stored. Both operators should have a copy of the picture and use it to verify the integrity of the seal.
|
||
|
|
||
|
## Pureboot / Heads
|
||
|
|
||
|
This tamper proofing method is designed to protect the secure boot process of a computer. It does not protect the computer from physical tampering which can be used to ad
|
||
|
|
||
|
### Procedure
|
||
|
|
||
|
Refer to the [PureBoot Setup](./enable-pure-boot-restricted-boot.md) document
|
||
|
|
||
|
## Tamper Proofing Station
|
||
|
|
||
|
The Tamper Proofing Station is a simple structure used to make it easy to take photographs which have consistent lightning, consistent angle, and consistent distance from the object being photograph. In this manner, photographs can be taken which ensure that any differences in the sealed object can be easily detected.
|
||
|
|
||
|
### Instructions
|
||
|
|
||
|
To construct an appropriate Tamper Proofing Station, the simplest setup consists of:
|
||
|
|
||
|
* Overhead camera mounting rig
|
||
|
|
||
|
* Powerful LED light which can be attached to the mounting rig
|
||
|
|
||
|
* Camera which does not have radio cards in it and
|
||
|
* Has >10MP
|
||
|
* Uses SD cards for storing photographs
|
||
|
|
||
|
* Polaroid camera which can be attached to the mounting rig
|
||
|
|
||
|
Pick a location for the station, and attach the LED light and the camera to the overhead camera mounting rig. Set up the camera so that when it's turned on, a 14" laptop is perfectly framed without having to zoom in or out if possible.
|
||
|
|
||
|
|
||
|
|
||
|
---
|
||
|
|
||
|
### One Time Use Device
|
||
|
|
||
|
#### Threat Model
|
||
|
One time use laptops are specially prepared for using in field operation but can also be used inside of a secure facility. The primary objective of this setup is that the laptop is provisioned ahead of time, and is considered to be secure for use, but is to be destroyed afterwards.
|
||
|
|
||
|
- [ ] Destroying hardware
|
||
|
- [ ] isn't the only difference between this and portable multi use that the laptop is resealed?
|
||
|
|
||
|
---
|
||
|
|
||
|
### Portable Multi-Use Device
|
||
|
|
||
|
This type of device is essentially just a "One Time Use" device, with the added caveat that the operator has a tamper proofing method available to protect the device between uses. The device can not be trusted by other individuals, but only by the individual who used the device, as there are no other witnesses.
|
||
|
|
||
|
---
|
||
|
|
||
|
### Fixed Location Device
|
||
|
|
||
|
This device is intended for use in a secure facility such as a [SCIF](TODO) which has the added assurances of protecting the environment from a wide range of side-channel attacks, as well as protection from physical attacks, and more comprehensive tamper proofing controls.
|
||
|
|
||
|
The fixed location should include a work-station which makes it easy to perform the [tamper proofing](todo) procedure. This station may consist of a simple frame which holds a LED light, for consistent lightning, as well as a camera stand above it which can be used to take pictures. The camera should have an SD card that easily slides out of it so that the device doesn't leave and re-enter the room, only the SD card does.
|
||
|
* TODO: this is actually not necessary for the fixed location device, but it's good to have this setup in the same facility maybe for processing/setting up the one time use laptops
|
||
|
|
||
|
The primary tamper proofing methods for the fixed location device are:
|
||
|
|
||
|
* Heads firmware protection (TODO link to document which explains how to set up Purism)
|
||
|
|
||
|
* Glitter to prevent physical access to hardware (TODO link to how to properly use glitter for tamper proofing)
|
||
|
|
||
|
* On-premises audio and visual monitoring (TODO select appropriate equipment)
|
||
|
|
||
|
* Physical vault (TODO find adequate vaults)
|
||
|
|
||
|
#### Procedure
|
||
|
|
||
|
If at any moment one of the individual has to leave, the Sealing procedure should be performed and both parties should exit the room. For prolonged sessions consider having 3 operators present in order to be able to have 1 individual leave while still having 2 witnesses present in the operating room.
|
||
|
|
||
|
##### Unsealing
|
||
|
* TODO (before entering room review monitoring video / audio to see if there was intrusion)
|
||
|
1. Ensure that there are at least 2 individuals present who are authorized present before entering the facility
|
||
|
2. Ensure that nobody is carrying any type of electrical device on them. To achieve this a metal detection gate or a hand-held metal detector may be used
|
||
|
3. Gain access to the safe, and take out a laptop which will be used for performing cryptographic actions
|
||
|
4. Check the screws on the bottom of the laptop to ensure that they have not been removed
|
||
|
4. Use the hardware token set up for that laptop in order to verify that the laptop firmware has not been tampered
|
||
|
5. Proceed with [booting sequence](TODO) depending on the type of action being performed
|
||
|
|
||
|
##### Sealing
|
||
|
1. Shut down machine
|
||
|
2. Remove and store the hardware token in it's appropriate location
|
||
|
3. Place the laptop in the safe and lock it
|
||
|
4. Exit the facility.
|
||
|
|
||
|
## References
|
||
|
|
||
|
* [Blog About Tamper Evident Protection Methods](https://dys2p.com/en/2021-12-tamper-evident-protection.html)
|
||
|
|