[149332] in cryptography@c2.net mail archive
Re: [Cryptography] The crypto behind the blackphone
daemon@ATHENA.MIT.EDU (Jason Cooper)
Mon Feb 3 17:12:06 2014
X-Original-To: cryptography@metzdowd.com
X-Report-Abuse-To: abuse@dyndns.com (see
http://www.dyndns.com/services/sendlabs/outbound_abuse.html for
abuse reporting information)
Date: Mon, 3 Feb 2014 14:59:47 -0500
From: Jason Cooper <cryptography@lakedaemon.net>
To: Jon Callas <jon@callas.org>
In-Reply-To: <90C99BDF-BDA5-4D04-9C79-CF5AA2D91629@callas.org>
Cc: cypherpunks@cpunks.org, Cryptography <cryptography@metzdowd.com>,
grarpamp <grarpamp@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1730305571475226979==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx"
Content-Disposition: inline
--dDRMvlgZJXvWKvBx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jan 31, 2014 at 01:13:10PM -0800, Jon Callas wrote:
> > Note some open phone HW projects are selling hardware
> > to which you apply your droid SW rom. Though we're likely
> > at least a handful of years away from seeing a genuinely
> > 'open design' baseband HW layer in a phone, they are
> > talking about approaching it.
>=20
> If/when they do, I'd love to see it. I don't have time to make an
> open, secure baseband, but want to include one. The world needs one.
> Maybe we can arrange some sort of trade.
It'd be a shame if we had to wait for an open, secure baseband in order
to trust our phones.
There are things which can be done today to mitigate a lot of concerns
without needing the full monty of open source baseband. Unfortunately,
the economic incentives aren't there for most phone manufacturers to do
so.
Traditionally, on the board, the BP has been king. It is the first
thing to light up and has read/write access to all of flash/RAM. Hence
the problem. :) Instead, one could design a phone more like a laptop
system with a USB broadband card.
iow, the AP would be king, and the BP would be just a peripheral with no
privileged access to anything other than it's own resources. When the
user puts the phone into airplane mode, the OS could actually toggle a
GPIO regulator controlling power to the BP.
Instead, I know many people, including myself, that frequently enable
the pin on the SIM card. Then reboot without typing in the correct pin.
Alternatively, one can physically remove the SIM. It'd be nice if
airplane mode did what people think it does/should do.
The are many peripherals on embedded ARM which already use out-of-band
signalling like this, typically they're wifi/bt chips attached via
sd/mmc. So this isn't anything new.
For the highly security-conscious, the AP could have read access to the
BP's flash. A user (or startup script) could cryptographically sign the
image when they first turn on the phone. From then on, it would be
checked before allowing the BP to load and execute. Not perfect, and no
replacement for a full audit. But at least you would know when your
baseband has been changed.
thx,
Jason.
--dDRMvlgZJXvWKvBx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJS7/UwAAoJEP45WPkGe8ZnKFsP/2h3N/26gqFwFETQx1D1Z7ap
w2/N+5hsreztL3/JkQr5eRGJQUdUVmmjxKMUx19t89mWQH7eaQPzIp/2xy/S5yl6
sji9JK5An69kXMMTsek17r8KK2phPU+QI0fkywOroVOUiQcXEG8kyUgNr0xegoe/
qQrM5Oh9z3Ov0ClOmOsq9YclUU+kfiynjqRUt4bc6F04FeHNZ25+UXlDmqW/PNd4
K9OCIY+xAa1Gi1uK5Pas4BFMfowykCu5KLQzJRu97aud0sWg9Zd017niflOv1PZf
8xpUraU0yOPMJwEL94a1tqQlyYzw1ZrX0f6ntw3F7TruJ1htJJnqS994jAfFYDFY
zsm1+b3GAnUa/mLzExkjxKiJ6hvPHayQIkSZIuZ8DLa9w7eKx/DJbDIFbtFP/RUr
ZStCmWEj7O48/FOBfSB55G5nUwh5kXaxwOjNYP+leMAhGVKokvlTSQ3mj5p7Gcpo
dZud5uptIBmAmUa+sHv8UaLkDo7aSfqCa7CpoA/J81BxdR6BqGX4BU02D94BWsAp
NgKFCVcaLs+a0ly9UM0/wMATOiPJJ6hFxK1GWiaB7zyK7w9d2kaCjpXlxZwYay2U
td45XHCqZqwhkbTa/LUhRK/fgMO1WCsOCTR2ButA1qbw4naHu24F48uyn81+C5Pd
2w7/q29wXIlYe4wwkElV
=/ahv
-----END PGP SIGNATURE-----
--dDRMvlgZJXvWKvBx--
--===============1730305571475226979==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1730305571475226979==--
