Crypto device where I need to confirm every operation?

Thu Jan 22 19:44:12 CET 2015

> To prevent such an attack, I imagine a device where I have to
> confirm every transaction with a simple push on a hardware button.

This attack can't be prevented.

Once the attacker has control over your hardware, you're done.  Game
over.  People keep on trying to invent ways to do crypto even on
compromised hardware, but it's a completely lost cause.  The attacker
has too many options at that point for you to make any sort of effective
defense.

If I were Eve and I wanted to defeat your pushbutton setup, here's what
I'd do:

1.  Figure out exactly your operating system
2.  Figure out which forums you look for help on
3.  Start posting messages on forums for your operating system, saying I
was having problems with your specific card reader and how it wasn't
responding to a pushbutton
4.  Post answers, under a different name, saying this was a known
problem with your model of card reader under the most recent USB driver
update, and that unplugging and replugging the device was usually enough
to reboot the card reader and make it work
5.  Under yet more fake account names, upvote the answer and talk about
how it works for me
6.  Repeat #s 3-5 over several different web forums
7.  A couple of weeks later, subvert your machine
8.  Replace your copy of GnuPG with one that caches the PIN.  When you
enter your PIN and push the button, it silently substitutes my message
for yours.  You sign it, and this compromised GnuPG deposits the signed
message in some hidden file/directory somewhere awaiting my later collection
9.  You'd be understandably concerned.  You'd check web forums and see,
"ah, this bug has been reported by five different people, and a lot of
people are confirming that unplugging and replugging the USB device
solves the problem."
10. You unplug and replug the card reader.  My malware detects the
unplug/replug and uses that as its "clean up and get out of there"
trigger.  It erases itself and leaves behind a clean GnuPG in its wake.
11. You re-try signing your message.  It works correctly.  However,
you've already signed a message of my choosing, and I can pick it up off
your machine at my leisure.

... I understand the wish to make a system that's secure even if the
underlying hardware is compromised.  I really do.  But it's a fantasy.
Can't be done.  Once you lose control over the hardware the attacker has
a near-limitless number of possible attacks, and there's absolutely no
way for you to defend against all of them, or even to effectively
anticipate what it will be.

Please don't tell me how, "well, to defend against your attack I'd
just..."; that misses the point.  The point is there are literally
*hundreds*, if not *thousands*, of attacks like this that could be
levied against you, and there is absolutely no way for you to anticipate
or defend against even a significant fraction of them.

Once you lose control of the hardware, you're done.