tillitis-key/doc/threat_model/threat_model.md

59 lines
2.2 KiB
Markdown
Raw Normal View History

2022-09-19 02:51:11 -04:00
# Threat model
## Introduction
The Tillitis TKey is a platform for running secure applications in a
restricted execution environment physically separate from the device
host. The secure applications provide functionality and controlled
access to derived secrets on the device. The purpose of the device is
to solve typical end user authentication problems.
2022-09-19 02:51:11 -04:00
This document describes the threat model for device. Based on the
2022-09-19 02:51:11 -04:00
system description and use cases, the threat model tries to capture and
describe the threats that needs to be mitigated in order for the
device to meet its purpose and objectives.
2022-09-19 02:51:11 -04:00
## Version information
The threat model will get updated and expanded for each release.
2022-09-19 02:51:11 -04:00
### engineering-release-1
This is an early release aimed at developers interested
in writing applications for Tillitis TKey. The design allows easy access to
the board, and is even shipped with a programmer to download new FPGA bitstreams.
2022-09-19 02:51:11 -04:00
#### Known weakneses
The bitstream, which includes the Unique Device Secret (UDS) as well as the firmware
implementing the measured boot are stored as part of the bitstream in an external
Flash memory connected to the FPFGA.
2022-09-19 02:51:11 -04:00
The CH552 MCU providing USB host communication contains FW that implements the UART
communication with the FPGA. The firmware can be updated by performing *port knocking*.
The knock sequence is to apply 3.3V through a 10k resistor to the D+ line,
while powering on the device.
2022-09-19 02:51:11 -04:00
There may be possible buffer overflows via the USB host interface to the FW of the CH552,
allowing both execution and modification of the FW CH552.
2022-09-19 02:51:11 -04:00
#### Out of scope
- All physical and electrical attacks applied to the board, including:
- Reading out of the UDS from the external Flash chip
- Triggering of the FPGA warm boot functionality
- Triggering FW update of the CH552 MCU, using the port knocking mechanism
2022-09-19 02:51:11 -04:00
- Glitching attacks including:
- Faulting of the execution by the CPU in the FPGA and the CH552 MCU
- Disturbance of the TRNG entropy generation
2022-09-19 02:51:11 -04:00
- EM leakage
2022-09-19 02:51:11 -04:00
#### In scope
(Attacks we really would like to have investigated.)
2022-09-19 02:51:11 -04:00
- Digital attacks from the host against the FW in the FPGA, and the FPGA design itself
via the host interface.
2022-09-19 02:51:11 -04:00
- Timing attacks on the FW in the FPGA.