0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/654 Thanks! 1 00:00:18,380 --> 00:00:20,599 I'm going to talk to 2 00:00:20,600 --> 00:00:22,699 you about an idea, arhats on 3 00:00:22,700 --> 00:00:24,799 how we can kind of regain a 4 00:00:24,800 --> 00:00:26,959 little bit of trust in 5 00:00:26,960 --> 00:00:29,059 the everyday computers we 6 00:00:29,060 --> 00:00:30,060 use. 7 00:00:30,650 --> 00:00:32,779 So what is the 8 00:00:32,780 --> 00:00:33,799 problem? 9 00:00:33,800 --> 00:00:35,719 Well, the problem is basically these guys 10 00:00:36,890 --> 00:00:39,019 I mean, the thing 11 00:00:39,020 --> 00:00:40,020 is, 12 00:00:41,450 --> 00:00:43,609 like we all use computers in our lives. 13 00:00:43,610 --> 00:00:45,079 We use them for 14 00:00:46,490 --> 00:00:48,829 like I don't know what use them for, but 15 00:00:48,830 --> 00:00:51,139 I use the most important thing I think 16 00:00:51,140 --> 00:00:52,669 I'm doing with my computer is actually 17 00:00:52,670 --> 00:00:54,149 talking to other people. 18 00:00:54,150 --> 00:00:55,549 I mean, yes, we are all watching videos, 19 00:00:55,550 --> 00:00:58,219 but, you know, talking to other people. 20 00:00:58,220 --> 00:01:00,319 And we do have quite a 21 00:01:00,320 --> 00:01:02,569 problem there because even though we 22 00:01:02,570 --> 00:01:04,969 have developed quite a lot of solutions 23 00:01:04,970 --> 00:01:07,219 to make this talking to other people 24 00:01:07,220 --> 00:01:09,799 more secure and to actually 25 00:01:09,800 --> 00:01:11,449 hide from these guys what we are talking 26 00:01:11,450 --> 00:01:12,450 about, 27 00:01:13,670 --> 00:01:15,499 like all of these solutions, like, for 28 00:01:15,500 --> 00:01:17,719 example, or TIAR 29 00:01:17,720 --> 00:01:19,339 or signal, 30 00:01:21,170 --> 00:01:23,689 like executing in. 31 00:01:25,210 --> 00:01:27,369 A like basically this 32 00:01:27,370 --> 00:01:29,469 so this is a block diagram of a modern 33 00:01:29,470 --> 00:01:31,629 computer, in this case the Lenovo Extra 34 00:01:31,630 --> 00:01:33,699 30 I'm using to show this presentation to 35 00:01:33,700 --> 00:01:34,700 you. 36 00:01:35,020 --> 00:01:37,119 It's a kind of 37 00:01:37,120 --> 00:01:40,149 three year old or something laptop 38 00:01:40,150 --> 00:01:41,949 based on an Intel CPU. 39 00:01:41,950 --> 00:01:44,109 And like as you can see from this 40 00:01:44,110 --> 00:01:46,389 block diagram, the thing is super 41 00:01:46,390 --> 00:01:47,769 complex. 42 00:01:47,770 --> 00:01:50,019 And the thing is that 43 00:01:50,020 --> 00:01:52,479 on this machine, I'm executing my GPG 44 00:01:52,480 --> 00:01:53,679 and everything is encrypted and 45 00:01:53,680 --> 00:01:54,669 everything is fine. 46 00:01:54,670 --> 00:01:56,979 The only problem is like the plain text 47 00:01:56,980 --> 00:01:58,839 of my emails, which I'm decrypting, even 48 00:01:58,840 --> 00:02:01,299 if I'm using something like a smart card, 49 00:02:01,300 --> 00:02:03,609 it's going all over the place. 50 00:02:03,610 --> 00:02:05,109 So A 51 00:02:06,220 --> 00:02:08,349 we have like a super complex system. 52 00:02:08,350 --> 00:02:10,599 We have like also in this case, the 53 00:02:10,600 --> 00:02:12,009 red highlighted things are 54 00:02:13,090 --> 00:02:15,279 like subsystems that contain some form 55 00:02:15,280 --> 00:02:17,139 of proprietary firmware, which we cannot 56 00:02:17,140 --> 00:02:18,140 audit. 57 00:02:18,730 --> 00:02:21,459 And all of this makes. 58 00:02:21,460 --> 00:02:23,469 I would say pretty easy for a 59 00:02:23,470 --> 00:02:25,360 sufficiently well-funded attacker 60 00:02:27,400 --> 00:02:29,110 to actually attack that system. 61 00:02:30,280 --> 00:02:32,559 So now, if we want to consider 62 00:02:32,560 --> 00:02:34,899 this system and like 63 00:02:34,900 --> 00:02:37,029 what we ultimately want from it, I mean, 64 00:02:37,030 --> 00:02:39,339 ultimately, I want to talk to 65 00:02:39,340 --> 00:02:41,529 my friend about computers because 66 00:02:41,530 --> 00:02:43,599 I like computers and 67 00:02:43,600 --> 00:02:45,879 I generally use a keyboard to 68 00:02:45,880 --> 00:02:47,139 like type stuff. 69 00:02:47,140 --> 00:02:49,329 And then I click send and then get 70 00:02:49,330 --> 00:02:51,559 send and encrypted and 71 00:02:51,560 --> 00:02:53,679 decrypted. And on the other end it's 72 00:02:53,680 --> 00:02:55,809 displayed on a screen as 73 00:02:55,810 --> 00:02:57,989 worts and my friend reads it. 74 00:02:57,990 --> 00:03:00,129 Now, the thing 75 00:03:00,130 --> 00:03:02,259 is that as 76 00:03:02,260 --> 00:03:03,849 you can see from my plot diagram of 77 00:03:03,850 --> 00:03:06,309 highlighted, like the parts that I like, 78 00:03:06,310 --> 00:03:07,959 I actually need for that communication 79 00:03:07,960 --> 00:03:10,339 and green like keyboard and display. 80 00:03:10,340 --> 00:03:11,340 Um. 81 00:03:12,110 --> 00:03:14,389 If we say that, OK, 82 00:03:14,390 --> 00:03:16,009 at the display and at the keyboard, I 83 00:03:16,010 --> 00:03:18,019 basically need to use plaintext because 84 00:03:18,020 --> 00:03:19,819 Krypto glasses are not you have to think. 85 00:03:19,820 --> 00:03:21,949 And also I cannot really 86 00:03:21,950 --> 00:03:23,689 type in hours or something. 87 00:03:23,690 --> 00:03:25,819 So in the end, I kind 88 00:03:25,820 --> 00:03:28,039 of need to have plaintext there. 89 00:03:28,040 --> 00:03:29,719 But on the other hand, I don't really 90 00:03:29,720 --> 00:03:32,059 want to trust all of that other stuff, 91 00:03:32,060 --> 00:03:34,069 especially like these things running 92 00:03:34,070 --> 00:03:35,479 unflustered firmware, like the things 93 00:03:35,480 --> 00:03:37,849 we've read. What is the problem 94 00:03:37,850 --> 00:03:40,009 in that case? It's like since a couple 95 00:03:40,010 --> 00:03:42,289 of years now, Intel has 96 00:03:42,290 --> 00:03:44,899 gifted us something, namely CPU's 97 00:03:44,900 --> 00:03:47,299 and basically 98 00:03:47,300 --> 00:03:48,859 the platform controller, which is 99 00:03:48,860 --> 00:03:50,419 containing the integrated graphics, which 100 00:03:50,420 --> 00:03:52,609 are both running proprietary, 101 00:03:52,610 --> 00:03:54,859 a pretty robust engineering 102 00:03:54,860 --> 00:03:56,119 resistant firmware. 103 00:03:56,120 --> 00:03:58,639 So I have to use 104 00:03:58,640 --> 00:04:00,859 this CPU. I kind of need that because 105 00:04:00,860 --> 00:04:02,299 I want to encrypt stuff and decrypt 106 00:04:02,300 --> 00:04:04,429 stuff, but I 107 00:04:04,430 --> 00:04:06,319 don't really want that thing to be 108 00:04:06,320 --> 00:04:07,669 handling plaintext. But on the other 109 00:04:07,670 --> 00:04:09,259 hand, like, I have no choice because 110 00:04:09,260 --> 00:04:11,149 there you see all the arrows are pointing 111 00:04:11,150 --> 00:04:13,669 to it. There's no way, no way around it. 112 00:04:13,670 --> 00:04:15,889 So we need to 113 00:04:15,890 --> 00:04:18,139 like, think about where can 114 00:04:18,140 --> 00:04:20,509 we place that kind of trust boundary. 115 00:04:20,510 --> 00:04:22,609 And I think realistically, 116 00:04:22,610 --> 00:04:24,679 there's really only one choice, 117 00:04:24,680 --> 00:04:26,569 and that is basically to place this trust 118 00:04:26,570 --> 00:04:28,699 boundary like up to where do 119 00:04:28,700 --> 00:04:30,799 I want my plaintext to be and where do I 120 00:04:30,800 --> 00:04:32,209 want my ciphertext to start 121 00:04:34,040 --> 00:04:36,139 right at the input and output devices. 122 00:04:36,140 --> 00:04:38,389 Because realistically, I don't 123 00:04:38,390 --> 00:04:40,579 think there's a really high chance that 124 00:04:40,580 --> 00:04:43,129 we will be like reverse engineering 125 00:04:43,130 --> 00:04:44,629 into management engine and then better 126 00:04:44,630 --> 00:04:47,149 control of firmware for any 127 00:04:47,150 --> 00:04:49,309 any for any practical 128 00:04:49,310 --> 00:04:51,409 number of platforms and keep it 129 00:04:51,410 --> 00:04:53,659 open for any number of years. 130 00:04:53,660 --> 00:04:57,139 So the places 131 00:04:57,140 --> 00:04:59,269 where we need to put this 132 00:04:59,270 --> 00:05:01,459 kind of encryption or 133 00:05:01,460 --> 00:05:03,619 something that makes it happen is 134 00:05:03,620 --> 00:05:06,229 a in the display plus or display busses 135 00:05:06,230 --> 00:05:07,309 and the laptop. 136 00:05:07,310 --> 00:05:09,589 That's primarily a Alvidrez bus, 137 00:05:09,590 --> 00:05:11,809 which is a digital display based on 138 00:05:11,810 --> 00:05:13,279 more modern devices you would use and 139 00:05:13,280 --> 00:05:15,379 better display port, which is basically 140 00:05:15,380 --> 00:05:17,479 very similar to everyday, just with added 141 00:05:17,480 --> 00:05:18,589 protocol layers. 142 00:05:19,910 --> 00:05:21,769 It's like very high speed, but it's just 143 00:05:21,770 --> 00:05:22,819 plain pixel data. 144 00:05:22,820 --> 00:05:24,499 So there's not much encoding happening 145 00:05:24,500 --> 00:05:26,539 there, no video codecs or anything like 146 00:05:26,540 --> 00:05:27,540 that. 147 00:05:28,160 --> 00:05:30,229 And on the keyboard side of things, that 148 00:05:30,230 --> 00:05:32,449 is basically the 149 00:05:32,450 --> 00:05:34,309 and that is like this laptop. 150 00:05:34,310 --> 00:05:37,159 And I think most of our lenno 151 00:05:37,160 --> 00:05:39,589 devices, the embedded controller, 152 00:05:39,590 --> 00:05:41,839 which is some kind of management thing, 153 00:05:41,840 --> 00:05:43,289 which is doing basically everything that 154 00:05:43,290 --> 00:05:44,360 couldn't fit somewhere else, 155 00:05:45,500 --> 00:05:48,319 is basically scanning the keyboard 156 00:05:48,320 --> 00:05:50,029 continuously. And the keyboard is just 157 00:05:50,030 --> 00:05:51,889 really a dumb matrix of switches. 158 00:05:51,890 --> 00:05:53,959 So pretty much no active 159 00:05:53,960 --> 00:05:55,969 devices there except for a couple of 160 00:05:55,970 --> 00:05:58,279 LAT's for like muite and polla. 161 00:05:59,960 --> 00:06:02,089 So from this 162 00:06:02,090 --> 00:06:04,159 point of view, we need something 163 00:06:04,160 --> 00:06:06,799 in between of these components that 164 00:06:06,800 --> 00:06:08,899 will be receiving hopefully only 165 00:06:08,900 --> 00:06:11,639 unflustered ciphertext from 166 00:06:11,640 --> 00:06:13,309 klavern controller Hape, which contains 167 00:06:13,310 --> 00:06:15,499 the integrated graphics and the embedded 168 00:06:15,500 --> 00:06:17,899 controller, which contains 169 00:06:17,900 --> 00:06:20,179 the basic keyboard, 170 00:06:20,180 --> 00:06:22,819 keyboard, matrix scanning and forword 171 00:06:22,820 --> 00:06:24,439 like do some decryption there and 172 00:06:24,440 --> 00:06:26,059 encryption on the reverse path and 173 00:06:26,060 --> 00:06:29,239 forward that to display and keyboard, 174 00:06:29,240 --> 00:06:31,459 which fortunately are 175 00:06:31,460 --> 00:06:32,629 pretty simple devices. 176 00:06:32,630 --> 00:06:34,789 So there's not much logic happening 177 00:06:34,790 --> 00:06:37,079 in there yet if we 178 00:06:37,080 --> 00:06:38,989 ignore and but at this report and 179 00:06:40,160 --> 00:06:41,389 so on. 180 00:06:41,390 --> 00:06:43,549 So the thing is now if we 181 00:06:43,550 --> 00:06:45,769 look at that looked like CPU and better 182 00:06:45,770 --> 00:06:47,869 controller platform controller hub, 183 00:06:47,870 --> 00:06:49,999 the intercept to display keyboard 184 00:06:50,000 --> 00:06:53,019 and these two pretty simple basses. 185 00:06:53,020 --> 00:06:54,669 That has a nice side effect of 186 00:06:54,670 --> 00:06:56,169 implementing a system that way, and that 187 00:06:56,170 --> 00:06:58,479 is that these two simple busses 188 00:06:58,480 --> 00:07:00,369 are used pretty widely. 189 00:07:00,370 --> 00:07:03,459 For example, this is a block diagram 190 00:07:03,460 --> 00:07:04,939 of what's in this case. 191 00:07:04,940 --> 00:07:06,309 Texas Instruments would like your 192 00:07:06,310 --> 00:07:07,310 smartphone to look like 193 00:07:08,560 --> 00:07:09,669 it's pretty much the same for the 194 00:07:09,670 --> 00:07:11,949 windows. They basically just 195 00:07:11,950 --> 00:07:13,269 exchange, like who makes the parts. 196 00:07:13,270 --> 00:07:15,339 They all do this basically the same thing 197 00:07:15,340 --> 00:07:16,899 you have, like the CPU in the middle of 198 00:07:16,900 --> 00:07:18,969 this application processor, which in 199 00:07:18,970 --> 00:07:21,249 fact it's a huge system on a chip like 200 00:07:21,250 --> 00:07:22,599 modern ones even include like packet 201 00:07:22,600 --> 00:07:24,099 switched memory boxes and stuff like 202 00:07:24,100 --> 00:07:26,229 that's a really advanced stuff. 203 00:07:26,230 --> 00:07:27,969 But in the end, that thing is only 204 00:07:27,970 --> 00:07:30,339 talking to your display 205 00:07:30,340 --> 00:07:32,529 via something 206 00:07:32,530 --> 00:07:33,639 very similar to Alvidrez. 207 00:07:33,640 --> 00:07:35,169 Some are even using embedded display 208 00:07:35,170 --> 00:07:37,539 port. So like a high speed protocol, but 209 00:07:37,540 --> 00:07:38,540 still pretty dumb. 210 00:07:39,550 --> 00:07:41,199 And I mean, you don't have a keyboard and 211 00:07:41,200 --> 00:07:43,239 most smartphones, but you have like 212 00:07:43,240 --> 00:07:45,279 touchscreen. And these touch screens are 213 00:07:45,280 --> 00:07:47,589 generally also controlled over like a 214 00:07:47,590 --> 00:07:49,719 simple super protocol, like 215 00:07:49,720 --> 00:07:52,089 ICSE. So we can definitely 216 00:07:52,090 --> 00:07:54,429 adapt the solution from before to 217 00:07:54,430 --> 00:07:56,229 also work. In a case like this, you will 218 00:07:56,230 --> 00:07:57,639 obviously have like poor management 219 00:07:57,640 --> 00:07:59,739 issues and form factor issues, but. 220 00:08:00,770 --> 00:08:02,389 Purely technically, from the electronic 221 00:08:02,390 --> 00:08:04,759 and computer science side of things, 222 00:08:04,760 --> 00:08:05,760 this should work. 223 00:08:06,800 --> 00:08:08,959 Um, so if 224 00:08:08,960 --> 00:08:11,029 we look at this block 225 00:08:11,030 --> 00:08:13,489 diagram of of this 226 00:08:13,490 --> 00:08:15,349 general idea on how we could organize all 227 00:08:15,350 --> 00:08:18,109 computers, we have this intercept 228 00:08:18,110 --> 00:08:19,129 device. 229 00:08:19,130 --> 00:08:21,019 So it needs to kind of do something with 230 00:08:21,020 --> 00:08:23,479 words like receive that 231 00:08:23,480 --> 00:08:25,669 process and send it back out and 232 00:08:25,670 --> 00:08:27,769 do something with the keyboard switch 233 00:08:27,770 --> 00:08:28,770 matrix scanning. 234 00:08:29,840 --> 00:08:32,599 Like how does this like how 235 00:08:32,600 --> 00:08:34,339 how would you actually control that from 236 00:08:34,340 --> 00:08:36,079 an application point of view from 237 00:08:36,080 --> 00:08:38,889 software running on the host machine? 238 00:08:38,890 --> 00:08:41,178 Um, basically this is the general 239 00:08:41,179 --> 00:08:42,889 idea I have for that. 240 00:08:42,890 --> 00:08:45,379 This is a diagram of what a frame 241 00:08:45,380 --> 00:08:47,719 sends from a basically 242 00:08:47,720 --> 00:08:49,399 basically any moniteau standard today. 243 00:08:49,400 --> 00:08:51,769 Looks like you have like this vertical 244 00:08:51,770 --> 00:08:53,869 and horizontal sync signals, 245 00:08:53,870 --> 00:08:55,489 which basically are framing information 246 00:08:55,490 --> 00:08:57,469 stemming from back when Vijay was a 247 00:08:57,470 --> 00:08:59,569 thing. And then you have like 248 00:08:59,570 --> 00:09:02,029 the actual content area, the 249 00:09:02,030 --> 00:09:03,799 where most of the time you have some kind 250 00:09:03,800 --> 00:09:06,169 of desktop desktop environment running 251 00:09:06,170 --> 00:09:08,749 and then you have like a application 252 00:09:08,750 --> 00:09:11,479 window inside that desktop, 253 00:09:11,480 --> 00:09:13,429 which may contain something worth 254 00:09:13,430 --> 00:09:14,430 protecting. 255 00:09:17,570 --> 00:09:19,879 As an example, think, for example, 256 00:09:19,880 --> 00:09:21,959 of Thunderbirds, where you want 257 00:09:21,960 --> 00:09:24,109 where I want to send encrypted email 258 00:09:24,110 --> 00:09:25,999 to my friend or I want to receive an 259 00:09:26,000 --> 00:09:27,469 encrypted email from my friend. 260 00:09:27,470 --> 00:09:29,629 So in that case, Thunderbird is like 261 00:09:29,630 --> 00:09:32,029 running on my Linux system, 262 00:09:32,030 --> 00:09:33,319 displaying a window. 263 00:09:33,320 --> 00:09:35,269 So if I'm receiving an encrypted email, 264 00:09:35,270 --> 00:09:38,119 that window is displaying, like 265 00:09:38,120 --> 00:09:39,979 basically if I would not have like an 266 00:09:39,980 --> 00:09:41,389 e-mail or something installed, it would 267 00:09:41,390 --> 00:09:43,789 basically display ASCII Ahmad 268 00:09:43,790 --> 00:09:44,870 GBG Binary. 269 00:09:46,700 --> 00:09:49,039 Now, what we need to do in 270 00:09:49,040 --> 00:09:51,109 this to make this work in this 271 00:09:51,110 --> 00:09:53,299 scenario is we have some kind of add 272 00:09:53,300 --> 00:09:55,519 on which which recognizes 273 00:09:55,520 --> 00:09:57,559 that I'm just playing like GBG Armored 274 00:09:59,300 --> 00:10:01,369 cipherText and which will 275 00:10:01,370 --> 00:10:04,219 take this Fujiyama 276 00:10:04,220 --> 00:10:06,769 like convert it back to binary form 277 00:10:06,770 --> 00:10:09,679 and then formatted it as a simple bitmap, 278 00:10:09,680 --> 00:10:11,569 a bitmap that contains a special header 279 00:10:11,570 --> 00:10:13,819 at the front that tells 280 00:10:13,820 --> 00:10:16,939 the intercept a device something like the 281 00:10:16,940 --> 00:10:19,459 width and half a height of the bitmap 282 00:10:19,460 --> 00:10:21,679 and contains a authentication code. 283 00:10:21,680 --> 00:10:23,959 So I can't just 284 00:10:23,960 --> 00:10:26,449 cannot just anybody go and a business 285 00:10:26,450 --> 00:10:28,639 which would work with my incepted device. 286 00:10:28,640 --> 00:10:30,619 And then I need to display that bitmap, 287 00:10:30,620 --> 00:10:32,539 which fortunately I can do on basically 288 00:10:32,540 --> 00:10:35,119 any operating system, any platform. 289 00:10:35,120 --> 00:10:37,189 And this bitmap is then 290 00:10:37,190 --> 00:10:38,749 interpreted by the interceptor 291 00:10:41,480 --> 00:10:43,579 and decrypted 292 00:10:43,580 --> 00:10:45,819 on the fly with 293 00:10:45,820 --> 00:10:47,509 the intercept. Since it has access to the 294 00:10:47,510 --> 00:10:49,549 keyboard and this may ask me to input a 295 00:10:49,550 --> 00:10:51,919 passphrase or two, 296 00:10:51,920 --> 00:10:53,299 I don't know, insert a smartcard or 297 00:10:53,300 --> 00:10:55,069 something depending on the 298 00:10:55,070 --> 00:10:56,209 implementation. 299 00:10:56,210 --> 00:10:58,549 And the decrypted plaintext 300 00:10:58,550 --> 00:11:00,739 is then rendered into a 301 00:11:00,740 --> 00:11:02,809 pixel buffer which is inserted 302 00:11:02,810 --> 00:11:04,969 in the life display 303 00:11:04,970 --> 00:11:07,039 data stream, basically at the same 304 00:11:07,040 --> 00:11:09,529 place where this payload was communicated 305 00:11:09,530 --> 00:11:11,779 before. So basically, if I'm running 306 00:11:11,780 --> 00:11:13,039 Thunderbird, I would make this. 307 00:11:13,040 --> 00:11:15,109 And also the entire window 308 00:11:15,110 --> 00:11:17,239 where I'm reading my email would be 309 00:11:17,240 --> 00:11:19,609 this payload area and containing the 310 00:11:19,610 --> 00:11:20,509 ciphertext. 311 00:11:20,510 --> 00:11:22,849 And this interceptor would exchange that 312 00:11:22,850 --> 00:11:24,830 by the decrypted data in flight. 313 00:11:26,630 --> 00:11:28,909 Now, how would you actually make 314 00:11:28,910 --> 00:11:30,169 that work? 315 00:11:30,170 --> 00:11:32,209 The thing is, this interceptor needs to 316 00:11:32,210 --> 00:11:34,609 be able to process 317 00:11:34,610 --> 00:11:36,950 this really high speed display, places 318 00:11:38,180 --> 00:11:40,399 like Elwood's and do 319 00:11:40,400 --> 00:11:42,349 like in-flight transformation on it. 320 00:11:42,350 --> 00:11:44,299 So that's a pretty hard task. 321 00:11:44,300 --> 00:11:46,609 And also we want it to be like 322 00:11:46,610 --> 00:11:48,739 somewhat not too complex so 323 00:11:48,740 --> 00:11:51,469 we can actually secure the thing itself. 324 00:11:51,470 --> 00:11:53,959 So we don't just replace like one huge 325 00:11:53,960 --> 00:11:56,119 attack surface with another huge attack 326 00:11:56,120 --> 00:11:57,120 surface. 327 00:11:58,400 --> 00:12:00,679 Now, the like, 328 00:12:00,680 --> 00:12:02,539 to me, the most obvious way to do a way 329 00:12:02,540 --> 00:12:04,669 to do this would be to use an FPGA 330 00:12:04,670 --> 00:12:06,919 for most of stuff, because these 331 00:12:06,920 --> 00:12:07,920 things are 332 00:12:09,050 --> 00:12:11,119 basically very nicely suited for 333 00:12:11,120 --> 00:12:12,439 this application, because they're really 334 00:12:12,440 --> 00:12:14,659 good at handling large bandwidth, 335 00:12:14,660 --> 00:12:17,029 high bandwidth, high frequency 336 00:12:17,030 --> 00:12:18,529 data like and display bars. 337 00:12:20,150 --> 00:12:22,399 And yeah, this is basically how I would 338 00:12:22,400 --> 00:12:24,919 imagine a such an FPGA 339 00:12:24,920 --> 00:12:27,199 based interceptor to work. 340 00:12:27,200 --> 00:12:28,729 By the way, sorry for the non-plan on 341 00:12:28,730 --> 00:12:29,730 graphing. 342 00:12:31,220 --> 00:12:33,379 So like without looking too 343 00:12:33,380 --> 00:12:35,089 much into it, we can already see that we 344 00:12:35,090 --> 00:12:37,549 have an advantage against like 345 00:12:37,550 --> 00:12:39,979 this eighty six, uh, platform 346 00:12:39,980 --> 00:12:42,139 like Vilanova X to thirty here in 347 00:12:42,140 --> 00:12:44,269 that we have like we do still 348 00:12:44,270 --> 00:12:46,189 have a lot of components, but they are 349 00:12:46,190 --> 00:12:48,439 not like that, they are not that 350 00:12:48,440 --> 00:12:49,519 centralized. 351 00:12:49,520 --> 00:12:52,189 There is like some some factor 352 00:12:52,190 --> 00:12:54,769 of combat combat compartmentalization 353 00:12:54,770 --> 00:12:56,929 there. So 354 00:12:56,930 --> 00:12:59,090 I have, for example, a 355 00:13:00,350 --> 00:13:02,509 I will for example, if 356 00:13:02,510 --> 00:13:04,939 you consider the display data path, 357 00:13:04,940 --> 00:13:07,159 if my display signal does not contain any 358 00:13:07,160 --> 00:13:09,409 payload, any headers, any special 359 00:13:09,410 --> 00:13:11,359 markers, and it's just regular display 360 00:13:11,360 --> 00:13:13,579 data, then 361 00:13:13,580 --> 00:13:14,929 it will like it will go in. 362 00:13:14,930 --> 00:13:17,449 This diagram would go up, go in on the 363 00:13:17,450 --> 00:13:19,679 bottom right side, which is basically 364 00:13:19,680 --> 00:13:21,799 the from the untrusted domain, 365 00:13:21,800 --> 00:13:23,319 from the platform controller up on into 366 00:13:23,320 --> 00:13:25,879 platforms, it will go through a Ovid's 367 00:13:25,880 --> 00:13:27,889 serializer, which spacer converts it into 368 00:13:27,890 --> 00:13:30,259 a smaller frequency, lower frequency 369 00:13:30,260 --> 00:13:31,789 signal for F.J. 370 00:13:31,790 --> 00:13:33,979 internal use that would go into a pattern 371 00:13:33,980 --> 00:13:36,199 detector. Now, if that pattern detector 372 00:13:36,200 --> 00:13:38,239 does not detect like this special mocha 373 00:13:38,240 --> 00:13:40,339 header I put in front of my jpg 374 00:13:40,340 --> 00:13:41,340 payload, 375 00:13:42,830 --> 00:13:43,759 it will not do anything. 376 00:13:43,760 --> 00:13:45,200 It will just pass on the signal. 377 00:13:46,400 --> 00:13:48,349 The signal will then go through a frame 378 00:13:48,350 --> 00:13:51,709 buffer for like Klok reasons. 379 00:13:51,710 --> 00:13:54,019 Then it will go through a buffer switch, 380 00:13:54,020 --> 00:13:55,999 which in this case also does nothing 381 00:13:56,000 --> 00:13:57,829 because there's no payload there. 382 00:13:57,830 --> 00:13:59,809 So there's nothing to replace. 383 00:13:59,810 --> 00:14:01,189 And then back to serializer. 384 00:14:01,190 --> 00:14:03,109 And the interesting thing is that at no 385 00:14:03,110 --> 00:14:05,629 point this high bandwidth 386 00:14:05,630 --> 00:14:07,879 display data signal, which may contain 387 00:14:07,880 --> 00:14:09,499 like other sensitive information, I don't 388 00:14:09,500 --> 00:14:11,450 want the interceptor to know. 389 00:14:12,950 --> 00:14:15,439 At no point does it even touch 390 00:14:15,440 --> 00:14:16,609 anything. 391 00:14:16,610 --> 00:14:19,879 Apart from some relatively 392 00:14:19,880 --> 00:14:21,979 simple parts 393 00:14:21,980 --> 00:14:23,959 of like digital logic, so that it's not 394 00:14:23,960 --> 00:14:26,209 going through any kind of CPU or 395 00:14:26,210 --> 00:14:27,889 higher level processing, it's basically 396 00:14:27,890 --> 00:14:30,049 just a bunch of schist registers, pattern 397 00:14:30,050 --> 00:14:31,910 matching and a couple of Paphos. 398 00:14:33,830 --> 00:14:36,079 So in this way, I can organize 399 00:14:36,080 --> 00:14:38,689 the system. So that's 400 00:14:38,690 --> 00:14:40,819 like sensitive data is really 401 00:14:40,820 --> 00:14:42,949 only touching parts that absolutely needs 402 00:14:42,950 --> 00:14:45,169 to touch, like from an electrical 403 00:14:45,170 --> 00:14:46,909 point of view. This like on the Fuge 404 00:14:46,910 --> 00:14:49,250 separate busses for this kind of data. 405 00:14:51,110 --> 00:14:53,299 And this way I can kind of 406 00:14:53,300 --> 00:14:55,439 reduce the attack surface of that 407 00:14:55,440 --> 00:14:58,009 somehow somewhat. 408 00:14:59,390 --> 00:15:01,489 So let's consider now 409 00:15:01,490 --> 00:15:03,949 the case of a frame 410 00:15:03,950 --> 00:15:05,779 that contains actual encrypted payload 411 00:15:05,780 --> 00:15:06,769 data. 412 00:15:06,770 --> 00:15:08,929 Now, the key for this data is in 413 00:15:08,930 --> 00:15:10,789 the like, depending on the 414 00:15:10,790 --> 00:15:12,919 implementation, even the FPGA itself or 415 00:15:12,920 --> 00:15:15,139 in a external access module. 416 00:15:15,140 --> 00:15:16,400 So basically the smart card 417 00:15:18,140 --> 00:15:20,689 and the CPU and 418 00:15:20,690 --> 00:15:22,399 graphics processor, which format of that 419 00:15:22,400 --> 00:15:24,499 data for me do not know that key. 420 00:15:24,500 --> 00:15:26,179 So that can decrypt it. 421 00:15:26,180 --> 00:15:28,069 They are just running a basically a 422 00:15:28,070 --> 00:15:30,559 bitmap graphic and 423 00:15:30,560 --> 00:15:32,749 now the pattern detector and this 424 00:15:32,750 --> 00:15:34,279 device will, when it's receiving this 425 00:15:34,280 --> 00:15:36,529 data, recognize that header 426 00:15:36,530 --> 00:15:38,659 which was previously formatted and that 427 00:15:38,660 --> 00:15:40,969 it will go on and write the payload. 428 00:15:40,970 --> 00:15:43,819 In this case, like the A probably 429 00:15:43,820 --> 00:15:46,429 probably some lightweight protocol 430 00:15:46,430 --> 00:15:48,859 and then the actual JPEG data 431 00:15:48,860 --> 00:15:50,839 into a payload Tafa. 432 00:15:50,840 --> 00:15:52,939 And upon completion, it will 433 00:15:52,940 --> 00:15:55,189 notify something I called 434 00:15:55,190 --> 00:15:56,689 the application processor because 435 00:15:56,690 --> 00:15:58,279 basically I think you will probably need 436 00:15:58,280 --> 00:15:59,280 something like that. 437 00:16:00,350 --> 00:16:02,359 And this application processor will then 438 00:16:02,360 --> 00:16:03,639 do processing on that. 439 00:16:03,640 --> 00:16:05,809 Like, in fact, what it will do in the 440 00:16:05,810 --> 00:16:07,939 case is it will 441 00:16:07,940 --> 00:16:09,860 probably do some protocol decoding, 442 00:16:11,390 --> 00:16:13,309 then extract the actual 443 00:16:14,450 --> 00:16:16,969 cryptographic payload, send that onto 444 00:16:16,970 --> 00:16:19,579 the to a Cryptochrome processor. 445 00:16:19,580 --> 00:16:21,469 I think it makes sense to distinguish 446 00:16:21,470 --> 00:16:23,599 these two things here because A, 447 00:16:23,600 --> 00:16:25,909 the application process, like for 448 00:16:25,910 --> 00:16:27,889 most things you don't need like any kind 449 00:16:27,890 --> 00:16:30,469 of cryptographic acceleration. 450 00:16:30,470 --> 00:16:32,329 And on the other hand, maybe you don't 451 00:16:32,330 --> 00:16:33,769 want the thing that is handling all the 452 00:16:33,770 --> 00:16:35,809 complex protocol logic to actually also 453 00:16:35,810 --> 00:16:37,309 do the encryption, decryption and 454 00:16:37,310 --> 00:16:38,310 handling of plaintext. 455 00:16:39,770 --> 00:16:41,449 And this Cryptochrome processor would 456 00:16:41,450 --> 00:16:43,820 then decrypt this payload, 457 00:16:45,710 --> 00:16:48,019 possibly with the help of a smart card, 458 00:16:48,020 --> 00:16:50,089 secure access module, and 459 00:16:50,090 --> 00:16:52,249 then for the plaintext via a 460 00:16:52,250 --> 00:16:54,049 separate data path to the renderer. 461 00:16:55,250 --> 00:16:57,799 So physically, the application processor 462 00:16:57,800 --> 00:16:59,659 in this scenario would never be in 463 00:16:59,660 --> 00:17:00,949 possession of a plain text. 464 00:17:00,950 --> 00:17:03,109 So even if you compromise it through 465 00:17:03,110 --> 00:17:05,179 some way, some means you would not be 466 00:17:05,180 --> 00:17:07,459 able to access plaintext data there. 467 00:17:07,460 --> 00:17:09,949 And the render would be a piece of 468 00:17:09,950 --> 00:17:12,049 basically prolly another processor 469 00:17:12,050 --> 00:17:13,578 realistically probably running something 470 00:17:13,579 --> 00:17:15,919 like free type that is converting 471 00:17:15,920 --> 00:17:18,289 like UTF eight inputs into 472 00:17:18,290 --> 00:17:20,568 pixel data, which as it turns 473 00:17:20,569 --> 00:17:21,769 out is a really complex problem. 474 00:17:21,770 --> 00:17:23,809 But I will be coming back to that later. 475 00:17:25,609 --> 00:17:27,769 And this renderer is then outputting 476 00:17:27,770 --> 00:17:29,839 a bitmap and to render buffer 477 00:17:29,840 --> 00:17:32,179 and this render buffer 478 00:17:32,180 --> 00:17:34,669 is then dynamically switched into 479 00:17:34,670 --> 00:17:36,859 the inflight leader. 480 00:17:36,860 --> 00:17:39,199 So I am at a display signal by this 481 00:17:39,200 --> 00:17:40,759 uSwitch thing. So the buffer switch 482 00:17:40,760 --> 00:17:42,289 basically just needs like the position 483 00:17:42,290 --> 00:17:44,719 where to flip between 484 00:17:44,720 --> 00:17:47,119 upstream display content and the above 485 00:17:47,120 --> 00:17:49,189 and into account 486 00:17:49,190 --> 00:17:51,139 the position and X and Y coordinates and 487 00:17:51,140 --> 00:17:52,849 then switch over and switch back. 488 00:17:55,860 --> 00:17:57,959 Now, the nice 489 00:17:57,960 --> 00:17:59,009 thing about like this entire 490 00:17:59,010 --> 00:18:01,769 compartmentalization thing is that 491 00:18:01,770 --> 00:18:03,449 it enables also some kind of 492 00:18:04,740 --> 00:18:05,939 some neat security features. 493 00:18:05,940 --> 00:18:09,029 For example, one thing you can do is 494 00:18:09,030 --> 00:18:11,219 for the you see, 495 00:18:11,220 --> 00:18:12,929 the retina has to inputs like a the 496 00:18:12,930 --> 00:18:15,149 application processor may want to render 497 00:18:15,150 --> 00:18:17,459 some kind of some kind 498 00:18:17,460 --> 00:18:18,509 of user interface. 499 00:18:18,510 --> 00:18:21,329 So like a password prompt or 500 00:18:21,330 --> 00:18:24,269 a I don't notice a message. 501 00:18:24,270 --> 00:18:25,979 On the other hand, like the crypto 502 00:18:25,980 --> 00:18:27,659 processor wants to render like plaintext 503 00:18:27,660 --> 00:18:29,700 data. So in this case, 504 00:18:30,720 --> 00:18:32,939 the renderer is getting two different 505 00:18:32,940 --> 00:18:34,499 data streams. It could, for example, 506 00:18:34,500 --> 00:18:35,489 color coded. 507 00:18:35,490 --> 00:18:37,589 So to ask to make 508 00:18:37,590 --> 00:18:40,019 like spoofing of, 509 00:18:40,020 --> 00:18:41,699 for example, the application process of 510 00:18:41,700 --> 00:18:44,069 messages from a 511 00:18:44,070 --> 00:18:46,289 from Bii, like having a cipher text 512 00:18:46,290 --> 00:18:48,389 decrypted in the device a little harder. 513 00:18:48,390 --> 00:18:50,819 So you kind of know that if the Texas 514 00:18:50,820 --> 00:18:53,129 v. Texas blue, it's the application 515 00:18:53,130 --> 00:18:54,959 process, the interceptor directly talking 516 00:18:54,960 --> 00:18:56,999 to you. And it exists like Ratto 517 00:18:57,000 --> 00:18:59,219 something. It's the it's 518 00:18:59,220 --> 00:19:01,019 like a decrypted email you're reading 519 00:19:02,730 --> 00:19:04,889 now if in this this 520 00:19:04,890 --> 00:19:06,569 scenario. So now I kind of like to 521 00:19:06,570 --> 00:19:08,879 decrypt and securely display 522 00:19:08,880 --> 00:19:10,769 GPG immense. 523 00:19:10,770 --> 00:19:12,959 Now, assuming I want to actually write 524 00:19:12,960 --> 00:19:14,150 an email, how would I do that 525 00:19:15,300 --> 00:19:16,709 when this case basically what you would 526 00:19:16,710 --> 00:19:18,749 have is you have this keyboard, DeCota 527 00:19:18,750 --> 00:19:20,849 and emulator on the top and 528 00:19:20,850 --> 00:19:22,289 bottom. So you have like the DeCota, 529 00:19:22,290 --> 00:19:23,759 which is reading all of my physical 530 00:19:23,760 --> 00:19:25,889 mechanical keyboard, and the 531 00:19:25,890 --> 00:19:28,289 emulator is then simulating another 532 00:19:28,290 --> 00:19:30,419 mechanical keyboard to the rest 533 00:19:30,420 --> 00:19:32,729 of his system, like 534 00:19:32,730 --> 00:19:34,619 implementation detail for two thirty 535 00:19:34,620 --> 00:19:36,119 would be that you can have like the 536 00:19:36,120 --> 00:19:37,949 function key, which is wired into the 537 00:19:37,950 --> 00:19:40,859 rest of the system as a physical 538 00:19:40,860 --> 00:19:43,229 data line instead of like multiplexed 539 00:19:43,230 --> 00:19:44,129 data lines. 540 00:19:44,130 --> 00:19:46,739 You could have that like, say, electrical 541 00:19:46,740 --> 00:19:49,199 override so that this keyboard emulator 542 00:19:49,200 --> 00:19:51,329 can only actually emulate 543 00:19:51,330 --> 00:19:53,429 the keyboard when you are pressing that 544 00:19:53,430 --> 00:19:55,499 key so as to like, still make 545 00:19:55,500 --> 00:19:57,479 it a little harder to exploit. 546 00:19:57,480 --> 00:19:59,219 That's an order, too, like, I don't know, 547 00:19:59,220 --> 00:20:01,079 and a command center or something. 548 00:20:02,700 --> 00:20:04,199 And the refillable would basically be 549 00:20:04,200 --> 00:20:06,509 like this. I would press 550 00:20:06,510 --> 00:20:08,339 like I would sort of start writing an 551 00:20:08,340 --> 00:20:10,469 email and then when my cursor is 552 00:20:10,470 --> 00:20:12,689 in the editing field, I would, 553 00:20:12,690 --> 00:20:13,979 for example, press a certain key 554 00:20:13,980 --> 00:20:16,349 combination which tells 555 00:20:16,350 --> 00:20:18,509 this interceptor device to and 556 00:20:18,510 --> 00:20:20,669 the application process within it 557 00:20:20,670 --> 00:20:23,069 to display me a like basically 558 00:20:23,070 --> 00:20:24,499 a very simple text. 559 00:20:24,500 --> 00:20:26,639 It just needs to be complex enough that I 560 00:20:26,640 --> 00:20:28,979 can enter like text 561 00:20:28,980 --> 00:20:32,579 in a language of my choice and 562 00:20:32,580 --> 00:20:34,829 to be like internally representing 563 00:20:34,830 --> 00:20:36,479 that Texas, some kind of like you'd have 564 00:20:36,480 --> 00:20:38,879 eight. Now I enter my email 565 00:20:38,880 --> 00:20:41,369 message into this application processor 566 00:20:41,370 --> 00:20:43,529 and then I would press on this case 567 00:20:43,530 --> 00:20:45,419 a certain key combination 568 00:20:46,800 --> 00:20:48,869 to, for example, I could like choose 569 00:20:48,870 --> 00:20:51,119 the recipient key ID, or I could 570 00:20:51,120 --> 00:20:52,469 possibly also communicate that 571 00:20:52,470 --> 00:20:54,359 information about extension that is 572 00:20:54,360 --> 00:20:55,499 highly implementation dependent. 573 00:20:55,500 --> 00:20:57,359 But in the end, the application processor 574 00:20:57,360 --> 00:20:59,099 would send the plaintext to the crypto 575 00:20:59,100 --> 00:21:01,319 processor, which would then input 576 00:21:01,320 --> 00:21:03,390 the encrypted ASCII Ahmed 577 00:21:04,410 --> 00:21:06,479 ciphertext via the 578 00:21:06,480 --> 00:21:08,369 keyboard emulator into my actual email 579 00:21:08,370 --> 00:21:09,370 client. 580 00:21:11,170 --> 00:21:13,329 Now, another interesting thing is 581 00:21:13,330 --> 00:21:15,489 that here the krypto, like nobody but 582 00:21:15,490 --> 00:21:17,079 the cryptococcal processor, doesn't need 583 00:21:17,080 --> 00:21:18,819 any access whatsoever to the keyboard 584 00:21:18,820 --> 00:21:21,009 emulator because basically I don't 585 00:21:21,010 --> 00:21:22,809 I can't think of a reason why the 586 00:21:22,810 --> 00:21:24,879 application process of what would want to 587 00:21:24,880 --> 00:21:26,380 push keys on my keyboard. 588 00:21:29,910 --> 00:21:32,039 So in this case, I kind 589 00:21:32,040 --> 00:21:33,969 of have like the cryptochrome process of 590 00:21:33,970 --> 00:21:36,119 having exclusive access to the keyboard 591 00:21:36,120 --> 00:21:38,339 emulator and then it is entering 592 00:21:38,340 --> 00:21:40,619 this ciphertext as if I was be 593 00:21:40,620 --> 00:21:42,510 like typing GPG really fast. 594 00:21:43,680 --> 00:21:46,139 And my clients in this case wouldn't even 595 00:21:46,140 --> 00:21:48,239 necessarily have to know about 596 00:21:48,240 --> 00:21:50,579 that, because for it's for it. 597 00:21:50,580 --> 00:21:52,289 It's just a keyboard. 598 00:21:52,290 --> 00:21:54,539 Also nice thing about it is like 599 00:21:54,540 --> 00:21:56,519 there's no you don't need any operating 600 00:21:56,520 --> 00:21:58,259 system level drivers. 601 00:21:58,260 --> 00:22:01,019 You may not even need 602 00:22:01,020 --> 00:22:02,849 like application level support, for 603 00:22:02,850 --> 00:22:04,919 example, you could maybe you 604 00:22:04,920 --> 00:22:07,349 could have like parts of this like office 605 00:22:07,350 --> 00:22:09,539 bitmap, formatting, running in the cloud 606 00:22:09,540 --> 00:22:11,009 or something like on a different machine, 607 00:22:11,010 --> 00:22:12,010 which you trust more. 608 00:22:15,220 --> 00:22:17,409 So now we have like a physical device 609 00:22:17,410 --> 00:22:19,689 which can do some kind of encoding, 610 00:22:19,690 --> 00:22:21,699 like encrypting and decrypting of data, 611 00:22:21,700 --> 00:22:23,889 and which in order to do that, has 612 00:22:23,890 --> 00:22:25,359 to do key management. 613 00:22:25,360 --> 00:22:27,069 And I mean, putting a smart card next to 614 00:22:27,070 --> 00:22:29,379 it, I don't think it's a terrible idea. 615 00:22:29,380 --> 00:22:30,460 But still. 616 00:22:31,480 --> 00:22:33,789 That doesn't look too secure to me. 617 00:22:34,930 --> 00:22:37,149 Also, I have the advantage that's like 618 00:22:37,150 --> 00:22:39,729 compared to a full 619 00:22:39,730 --> 00:22:42,009 six mainboard, 620 00:22:42,010 --> 00:22:44,199 this system is pretty simple, like the 621 00:22:44,200 --> 00:22:45,729 you could probably do it with like a four 622 00:22:45,730 --> 00:22:46,730 layer PCB. 623 00:22:48,340 --> 00:22:50,529 So this is actually within the realm 624 00:22:50,530 --> 00:22:52,599 of possibility for a hobby is too like 625 00:22:52,600 --> 00:22:53,889 Soldo themselves. 626 00:22:53,890 --> 00:22:56,019 So I think one thing we should 627 00:22:56,020 --> 00:22:58,359 seriously consider that is making 628 00:22:58,360 --> 00:23:00,279 that taking that concept and making this 629 00:23:00,280 --> 00:23:02,499 device into an actual security 630 00:23:02,500 --> 00:23:04,719 module, as they are usually 631 00:23:04,720 --> 00:23:06,549 used to like stole SSL certificates and 632 00:23:06,550 --> 00:23:08,769 so on, because they are not 633 00:23:08,770 --> 00:23:10,869 actually that complex to build, I think. 634 00:23:10,870 --> 00:23:13,149 And that would present a 635 00:23:13,150 --> 00:23:15,339 much higher hurdle for an attacker to 636 00:23:15,340 --> 00:23:17,439 actually pull any plaintext or 637 00:23:17,440 --> 00:23:18,969 key data out of that system. 638 00:23:18,970 --> 00:23:20,859 The call suddenly and like not prosecute 639 00:23:20,860 --> 00:23:23,469 anybody is basically you have a 640 00:23:23,470 --> 00:23:25,539 intrusion detection feature on the 641 00:23:25,540 --> 00:23:27,639 circuit whereby the circuit detects when 642 00:23:27,640 --> 00:23:29,769 you open the case or drill holes in it 643 00:23:29,770 --> 00:23:32,019 or remove it from the device 644 00:23:32,020 --> 00:23:33,769 and you have like a backup battery that 645 00:23:33,770 --> 00:23:36,939 keeps that online no matter what happens. 646 00:23:36,940 --> 00:23:38,629 And the interesting thing about making an 647 00:23:38,630 --> 00:23:40,569 officer out of that would be that you 648 00:23:40,570 --> 00:23:42,849 could like, for example, have it 649 00:23:42,850 --> 00:23:44,949 wipe actively wipe a key 650 00:23:44,950 --> 00:23:47,109 when it detects that the case is being 651 00:23:47,110 --> 00:23:49,569 opened over the case of the prosecution 652 00:23:49,570 --> 00:23:51,099 itself or even just the laptop. 653 00:23:53,020 --> 00:23:54,020 So. 654 00:23:54,710 --> 00:23:57,649 Talking about how a security modules like 655 00:23:57,650 --> 00:23:59,959 how would we actually do that now, I have 656 00:23:59,960 --> 00:24:01,639 actually just assembled a couple of those 657 00:24:01,640 --> 00:24:04,339 myself. So generally 658 00:24:04,340 --> 00:24:06,439 most of the security modules that I 659 00:24:06,440 --> 00:24:08,749 actually use today basically consist of 660 00:24:08,750 --> 00:24:10,879 a some kind of CPU and 661 00:24:10,880 --> 00:24:13,009 some memory and some SRM, which is used 662 00:24:13,010 --> 00:24:14,689 for storage. 663 00:24:14,690 --> 00:24:16,909 And all of that is put in a box. 664 00:24:16,910 --> 00:24:19,399 And on the inside of that case box, 665 00:24:19,400 --> 00:24:21,469 there is like a so-called mesh 666 00:24:21,470 --> 00:24:23,689 printer. This is basically just to 667 00:24:23,690 --> 00:24:25,759 like PCB tracks 668 00:24:25,760 --> 00:24:27,799 printed on the inside of a case making 669 00:24:27,800 --> 00:24:29,089 their way all around it, 670 00:24:30,200 --> 00:24:32,299 contacting the main PCB at like a 671 00:24:32,300 --> 00:24:33,199 couple of points. 672 00:24:33,200 --> 00:24:35,329 And now the there's a part 673 00:24:35,330 --> 00:24:36,889 of the circuit inside the hardware 674 00:24:36,890 --> 00:24:38,509 security module that is continuously 675 00:24:38,510 --> 00:24:40,639 monitoring these traces, whether 676 00:24:40,640 --> 00:24:42,379 they are broken. 677 00:24:42,380 --> 00:24:44,089 And the idea is that in order to get to 678 00:24:44,090 --> 00:24:45,889 the keys, which are in the memory inside, 679 00:24:45,890 --> 00:24:47,659 you need to first open the case. 680 00:24:47,660 --> 00:24:49,279 And to do that, you need to break these 681 00:24:49,280 --> 00:24:50,599 tracks because they are all over the 682 00:24:50,600 --> 00:24:52,339 place and you can drill a hole in it 683 00:24:52,340 --> 00:24:54,349 without breaking them. 684 00:24:54,350 --> 00:24:56,509 Now, I think that can 685 00:24:56,510 --> 00:24:58,129 be done pretty easily and is pretty 686 00:24:58,130 --> 00:24:59,839 effective. For example, one of the more 687 00:24:59,840 --> 00:25:02,209 effective approaches I've seen 688 00:25:02,210 --> 00:25:04,339 in practice so far is like a basically 689 00:25:04,340 --> 00:25:07,309 a flex flexible plastic foil, 690 00:25:07,310 --> 00:25:09,259 which is printed with some kind of silver 691 00:25:09,260 --> 00:25:11,479 ink. It's basically exactly the same 692 00:25:11,480 --> 00:25:13,939 material you find inside really cheap 693 00:25:13,940 --> 00:25:16,099 keyboards, you know, on this rubber 694 00:25:16,100 --> 00:25:17,420 dumb things. And 695 00:25:18,740 --> 00:25:20,989 that stuff was just wrapped 696 00:25:20,990 --> 00:25:23,419 around the PCB on all corners. 697 00:25:23,420 --> 00:25:25,699 And then everything was puttered with a 698 00:25:25,700 --> 00:25:28,159 little flexible but really chemically 699 00:25:28,160 --> 00:25:30,649 resistant potting material like epoxy 700 00:25:30,650 --> 00:25:32,959 resin. And now as soon as you would 701 00:25:32,960 --> 00:25:35,059 try to remove that, it would totally 702 00:25:35,060 --> 00:25:37,399 rip apart these 703 00:25:37,400 --> 00:25:40,339 sensible traces on that 704 00:25:40,340 --> 00:25:42,019 on that plastic foil. 705 00:25:44,230 --> 00:25:45,489 I think that's a nice approach. 706 00:25:45,490 --> 00:25:47,409 I think there's a couple of other things 707 00:25:47,410 --> 00:25:48,679 I would kind of like to try. 708 00:25:48,680 --> 00:25:51,279 So like one thing is RF interference. 709 00:25:51,280 --> 00:25:53,379 So you have like a metal can instead of 710 00:25:53,380 --> 00:25:55,899 plastics and you have, like, just wire 711 00:25:55,900 --> 00:25:57,219 randomly stuffed into it. 712 00:25:57,220 --> 00:25:58,569 So you can't really predict where the 713 00:25:58,570 --> 00:26:00,309 wire is. And then you have it puttered 714 00:26:00,310 --> 00:26:03,099 and then you continuously measure the 715 00:26:03,100 --> 00:26:06,159 frequency response basically of the 716 00:26:06,160 --> 00:26:08,259 of different wires and traces within 717 00:26:08,260 --> 00:26:10,359 that case against each other, 718 00:26:10,360 --> 00:26:12,669 the coupling between them 719 00:26:12,670 --> 00:26:14,949 and measure when that significantly 720 00:26:14,950 --> 00:26:15,939 changes. 721 00:26:15,940 --> 00:26:17,349 Now, whether that works in practice, I 722 00:26:17,350 --> 00:26:18,639 don't know. It would probably be pretty 723 00:26:18,640 --> 00:26:20,709 expensive, but it might be worthwhile 724 00:26:20,710 --> 00:26:22,899 to at least explore what 725 00:26:22,900 --> 00:26:24,849 I could also imagine, like using a some 726 00:26:24,850 --> 00:26:27,319 kind of ultrasonic measurement. 727 00:26:27,320 --> 00:26:28,869 So you have like a positive bias. 728 00:26:28,870 --> 00:26:30,699 And on the main circuit board, you have a 729 00:26:30,700 --> 00:26:33,339 couple of small ultrasonic 730 00:26:33,340 --> 00:26:35,649 pixel transducers and you are sending 731 00:26:35,650 --> 00:26:38,529 like ultrasonic through the physical, 732 00:26:38,530 --> 00:26:40,389 like the the the potting material. 733 00:26:40,390 --> 00:26:42,999 And you are measuring if that response 734 00:26:43,000 --> 00:26:44,140 does change at all, 735 00:26:45,160 --> 00:26:46,569 I think that might actually be pretty 736 00:26:46,570 --> 00:26:48,969 effective, because in order to, like, 737 00:26:48,970 --> 00:26:50,799 open it or do anything to it, you would 738 00:26:50,800 --> 00:26:52,689 actually need to, like, touch it. 739 00:26:52,690 --> 00:26:55,329 And if you like, 740 00:26:55,330 --> 00:26:56,889 maybe you could use a laser against 741 00:26:56,890 --> 00:26:59,439 something like 742 00:26:59,440 --> 00:27:00,939 Advanceable. That would be that would be 743 00:27:00,940 --> 00:27:02,229 pretty cheap, though. 744 00:27:02,230 --> 00:27:03,999 This may come with like high current 745 00:27:04,000 --> 00:27:05,229 consumption. 746 00:27:05,230 --> 00:27:07,359 Another approach that I would like to try 747 00:27:07,360 --> 00:27:08,989 out is like tribal luminescence. 748 00:27:08,990 --> 00:27:11,169 So basically you put a couple 749 00:27:11,170 --> 00:27:12,579 of photo diodes through like really 750 00:27:12,580 --> 00:27:14,199 sensitive light detectors on the PSP 751 00:27:14,200 --> 00:27:15,200 itself, 752 00:27:16,330 --> 00:27:18,099 and then you encase everything with a 753 00:27:18,100 --> 00:27:20,379 clear potting material that is 754 00:27:20,380 --> 00:27:22,539 like mixed with like 755 00:27:22,540 --> 00:27:24,879 so-called like friction glow or smash 756 00:27:24,880 --> 00:27:26,469 glow crystals like that. 757 00:27:26,470 --> 00:27:28,239 Certain chemical substances, which in 758 00:27:28,240 --> 00:27:30,489 crystal form will emit a 759 00:27:30,490 --> 00:27:33,069 bright flash when you break the crystal 760 00:27:33,070 --> 00:27:34,749 or when you wrap two crystals against 761 00:27:34,750 --> 00:27:35,799 each other. 762 00:27:35,800 --> 00:27:37,909 And now if you would have that inside of 763 00:27:37,910 --> 00:27:39,369 your potting material, I think it would 764 00:27:39,370 --> 00:27:41,529 be really hard to like in some 765 00:27:41,530 --> 00:27:43,059 way if the potting material is like 766 00:27:43,060 --> 00:27:44,709 chemically resistant in some way, like 767 00:27:44,710 --> 00:27:46,329 remove the potting material without 768 00:27:46,330 --> 00:27:47,919 exerting mechanical force on these 769 00:27:47,920 --> 00:27:49,779 crystals, which would cause them to 770 00:27:49,780 --> 00:27:51,549 flash. And you could detect that before 771 00:27:51,550 --> 00:27:52,550 to dilute and wipe all. 772 00:27:53,800 --> 00:27:55,089 Um, yeah. 773 00:27:55,090 --> 00:27:57,219 So these are like just ideas, 774 00:27:57,220 --> 00:27:59,319 what you could do in order to make this 775 00:27:59,320 --> 00:28:01,539 security model, like at least moderately 776 00:28:01,540 --> 00:28:03,729 resistant against an attacker. 777 00:28:03,730 --> 00:28:05,889 I mean, they are not bulletproof, like 778 00:28:05,890 --> 00:28:08,319 any helpful security module 779 00:28:08,320 --> 00:28:11,349 out that can be breached with sufficient 780 00:28:11,350 --> 00:28:13,149 resources. But the thing is, from all 781 00:28:13,150 --> 00:28:15,279 I've seen, this would probably already be 782 00:28:15,280 --> 00:28:17,439 like more than that, 783 00:28:17,440 --> 00:28:19,659 at least like most 784 00:28:19,660 --> 00:28:21,339 commercially available hardware security 785 00:28:21,340 --> 00:28:22,419 modules provide. 786 00:28:22,420 --> 00:28:23,949 I know some military stuff then like 787 00:28:23,950 --> 00:28:25,089 detonate the device. 788 00:28:25,090 --> 00:28:26,799 But yeah, we kind of don't want to do 789 00:28:26,800 --> 00:28:27,800 that. I think 790 00:28:29,410 --> 00:28:31,599 so. Now, I like praise, like 791 00:28:31,600 --> 00:28:33,729 this new idea for a device I have, 792 00:28:33,730 --> 00:28:35,439 which I want to put into a laptop. 793 00:28:35,440 --> 00:28:37,569 Now, one thing we need to consider 794 00:28:37,570 --> 00:28:39,639 that is like 795 00:28:39,640 --> 00:28:41,769 you are adding a and additional 796 00:28:41,770 --> 00:28:44,019 piece of like complex piece of circuitry 797 00:28:44,020 --> 00:28:46,299 inside a thing 798 00:28:46,300 --> 00:28:48,489 in order to, in the end, reduce 799 00:28:48,490 --> 00:28:50,649 attack surface. So like what 800 00:28:50,650 --> 00:28:52,839 attack surface does this device itself 801 00:28:52,840 --> 00:28:53,840 provides? 802 00:28:56,350 --> 00:28:58,479 So, like, this is not an exhaustive 803 00:28:58,480 --> 00:29:00,609 list, but is like things that I think 804 00:29:00,610 --> 00:29:02,759 are probably pretty critical, 805 00:29:02,760 --> 00:29:03,760 like one is. 806 00:29:05,750 --> 00:29:07,489 You need some kind of protocol decoding 807 00:29:07,490 --> 00:29:08,989 that thing, you need to, like find this 808 00:29:08,990 --> 00:29:11,449 head and the in-flight display signal, 809 00:29:11,450 --> 00:29:13,819 you need to like pass GPG payloads, 810 00:29:13,820 --> 00:29:14,820 you need to 811 00:29:15,950 --> 00:29:18,229 do some state handling on top of that. 812 00:29:18,230 --> 00:29:19,230 So 813 00:29:21,590 --> 00:29:23,779 that would definitely be a complex part. 814 00:29:23,780 --> 00:29:25,789 And there is some potential there to like 815 00:29:27,410 --> 00:29:29,449 construct Inverloch payloads, which may 816 00:29:29,450 --> 00:29:31,519 affect the state of the system and on 817 00:29:31,520 --> 00:29:32,869 some unintended way. 818 00:29:34,220 --> 00:29:36,019 Now, the countermeasure I would propose 819 00:29:36,020 --> 00:29:37,939 for that is a keeping it as simple as 820 00:29:37,940 --> 00:29:38,899 possible. 821 00:29:38,900 --> 00:29:41,029 The nice thing is sensors in hardware, 822 00:29:41,030 --> 00:29:42,769 we can kind of do that. 823 00:29:42,770 --> 00:29:44,539 We don't need to, like, configure Emilian 824 00:29:44,540 --> 00:29:46,909 registers in order to make some 825 00:29:46,910 --> 00:29:49,099 some some like video input, call 826 00:29:49,100 --> 00:29:50,569 on some system on chip. 827 00:29:50,570 --> 00:29:52,879 We can just exactly put into 828 00:29:52,880 --> 00:29:55,339 this piece of like fabric 829 00:29:55,340 --> 00:29:57,049 what we need and nothing more. 830 00:29:58,490 --> 00:30:00,559 And also we have like some 831 00:30:00,560 --> 00:30:02,419 of that protocol handling running in like 832 00:30:02,420 --> 00:30:04,249 not really running, but implementing 833 00:30:04,250 --> 00:30:06,769 physical hardware circuits. 834 00:30:06,770 --> 00:30:08,329 And these are generally like you can't 835 00:30:08,330 --> 00:30:10,009 really, like, fuzz around with the state 836 00:30:10,010 --> 00:30:11,329 there, but you can probably not, 837 00:30:12,500 --> 00:30:14,509 or it will probably be harder than on a 838 00:30:14,510 --> 00:30:16,609 CPU to actually persistently 839 00:30:16,610 --> 00:30:18,799 modify the state in any useful way for 840 00:30:18,800 --> 00:30:19,800 an attacker. 841 00:30:20,660 --> 00:30:22,609 That's the social engineering rechter 842 00:30:22,610 --> 00:30:25,069 now. Yeah, the thing is, 843 00:30:25,070 --> 00:30:27,439 this would definitely be targeted as 844 00:30:27,440 --> 00:30:29,749 at like 845 00:30:29,750 --> 00:30:32,539 Fredi, capable people like not 846 00:30:32,540 --> 00:30:34,940 really like not really 847 00:30:37,010 --> 00:30:39,109 average users, so 848 00:30:39,110 --> 00:30:40,939 like people like you. So I guess in the 849 00:30:40,940 --> 00:30:43,159 end, social engineering will probably 850 00:30:43,160 --> 00:30:45,259 not be a terribly, 851 00:30:45,260 --> 00:30:47,539 terribly large, 852 00:30:47,540 --> 00:30:49,669 important attack scenario since 853 00:30:49,670 --> 00:30:50,670 my experience like. 854 00:30:51,720 --> 00:30:54,359 People like sufficiently 855 00:30:54,360 --> 00:30:56,789 knowledgeable about computers, 856 00:30:56,790 --> 00:30:59,289 somewhat decree's, and they're 857 00:30:59,290 --> 00:31:00,359 they're there 858 00:31:01,500 --> 00:31:03,509 in like they're being susceptible to 859 00:31:03,510 --> 00:31:04,740 social engineering attacks. 860 00:31:07,830 --> 00:31:09,450 Compromise is obviously an issue 861 00:31:10,650 --> 00:31:12,929 like what happens if somebody can, 862 00:31:12,930 --> 00:31:14,809 like, open the security module without 863 00:31:14,810 --> 00:31:16,379 admitting noticing? 864 00:31:16,380 --> 00:31:18,599 Yeah, well, the thing is, 865 00:31:18,600 --> 00:31:20,579 um, I think we can not 866 00:31:21,810 --> 00:31:23,519 eliminate that, but we can at least make 867 00:31:23,520 --> 00:31:25,499 it a little harder with this limited 868 00:31:25,500 --> 00:31:27,149 security model stuff. 869 00:31:27,150 --> 00:31:29,489 Um, I put in effigy back on 870 00:31:29,490 --> 00:31:31,679 up there because it was kind of like a 871 00:31:32,750 --> 00:31:35,549 like highly published topic, 872 00:31:35,550 --> 00:31:36,989 at least in, like, security research 873 00:31:36,990 --> 00:31:39,389 there. Now, the thing is, I don't think a 874 00:31:39,390 --> 00:31:41,759 pacto back to in this instance 875 00:31:41,760 --> 00:31:43,859 is super realistic because I 876 00:31:43,860 --> 00:31:45,449 think it would be really hard to make 877 00:31:45,450 --> 00:31:47,819 something into an FPGA that 878 00:31:47,820 --> 00:31:51,059 will actually provide any useful 879 00:31:51,060 --> 00:31:53,909 like compromise in that scenario. 880 00:31:53,910 --> 00:31:55,889 Um, logic, flaws. 881 00:31:55,890 --> 00:31:57,869 Well, obviously, you can have like logic 882 00:31:57,870 --> 00:31:59,159 flaws within the device. 883 00:31:59,160 --> 00:32:01,379 So I think 884 00:32:01,380 --> 00:32:03,479 we can do some stuff against that. 885 00:32:03,480 --> 00:32:05,999 So, um, 886 00:32:06,000 --> 00:32:08,099 the the thing is that since 887 00:32:08,100 --> 00:32:10,559 we we are implementing 888 00:32:10,560 --> 00:32:13,349 our own hardware there, we can do some 889 00:32:13,350 --> 00:32:15,419 more countermeasures than you can 890 00:32:15,420 --> 00:32:16,799 do purely in software. 891 00:32:16,800 --> 00:32:18,899 We can't, for example, have the code 892 00:32:18,900 --> 00:32:21,089 in a physically read only memory. 893 00:32:21,090 --> 00:32:23,309 So it cannot be modified no matter what. 894 00:32:24,690 --> 00:32:27,119 We can have, uh, like 895 00:32:27,120 --> 00:32:28,829 independence memories for different 896 00:32:28,830 --> 00:32:31,019 things, like memory, for a memory, for 897 00:32:31,020 --> 00:32:33,329 heve memory, for codes and like have lots 898 00:32:33,330 --> 00:32:35,789 of arrows. If you try to do accessors 899 00:32:35,790 --> 00:32:38,429 across state boundaries, um, 900 00:32:38,430 --> 00:32:40,499 we can do some, we can do some 901 00:32:40,500 --> 00:32:42,749 like primitive separation of tasks 902 00:32:42,750 --> 00:32:45,299 into different use like crypto and 903 00:32:45,300 --> 00:32:47,309 application and rendering is I think like 904 00:32:47,310 --> 00:32:48,990 three major areas I can think of. 905 00:32:50,250 --> 00:32:51,869 We can do some hardware level access 906 00:32:51,870 --> 00:32:54,479 enforcements on places where 907 00:32:54,480 --> 00:32:55,589 we need to share resources. 908 00:32:55,590 --> 00:32:57,719 For example, in the FPGA 909 00:32:57,720 --> 00:32:59,369 implementation, we will probably have a 910 00:32:59,370 --> 00:33:01,589 common dirham external for 911 00:33:01,590 --> 00:33:02,999 all the pixel data. 912 00:33:03,000 --> 00:33:05,129 And we but we can like 913 00:33:05,130 --> 00:33:07,259 securely separate that by like 914 00:33:07,260 --> 00:33:09,489 hardware level access 915 00:33:09,490 --> 00:33:11,789 enforcement. So like the different 916 00:33:11,790 --> 00:33:13,319 components cannot write into their 917 00:33:13,320 --> 00:33:15,239 respective address spaces. 918 00:33:15,240 --> 00:33:17,339 Um, we can generally keep it 919 00:33:17,340 --> 00:33:19,499 simple. So if it's like too 920 00:33:19,500 --> 00:33:21,599 complex, it will, I think, really hard 921 00:33:21,600 --> 00:33:23,129 to keep it secure. 922 00:33:23,130 --> 00:33:25,289 Um, but if we keep this 923 00:33:25,290 --> 00:33:27,569 super, super simple, at least compared 924 00:33:27,570 --> 00:33:29,909 to a full blown platform, 925 00:33:29,910 --> 00:33:32,039 I think we can actually keep the attack 926 00:33:32,040 --> 00:33:34,289 surface within the manageable area 927 00:33:34,290 --> 00:33:36,029 and actually all the thing to a 928 00:33:36,030 --> 00:33:38,219 meaningful extent. 929 00:33:38,220 --> 00:33:39,220 Um. 930 00:33:40,220 --> 00:33:42,109 Like, one thing I would like to note here 931 00:33:42,110 --> 00:33:44,029 is that, for example, for the CPU's, one 932 00:33:44,030 --> 00:33:45,799 thing that would really lend itself to it 933 00:33:45,800 --> 00:33:48,019 would be the risk we project, which are 934 00:33:48,020 --> 00:33:50,599 who are currently actively working on 935 00:33:50,600 --> 00:33:52,729 a basically entirely 936 00:33:52,730 --> 00:33:54,949 open source CPU that is pretty 937 00:33:54,950 --> 00:33:57,319 well specified, pretty well tested, 938 00:33:57,320 --> 00:33:59,299 like they are even some efforts to 939 00:33:59,300 --> 00:34:01,369 actually prove it, that it works 940 00:34:01,370 --> 00:34:02,839 like logic, logically proof the 941 00:34:02,840 --> 00:34:03,840 functioning of it. 942 00:34:04,730 --> 00:34:06,049 And that's also some work on, for 943 00:34:06,050 --> 00:34:07,609 example, tact, memory and other like 944 00:34:07,610 --> 00:34:10,039 hardware level security mechanisms. 945 00:34:10,040 --> 00:34:12,169 They have like 946 00:34:12,170 --> 00:34:13,759 another thing I would like to point out 947 00:34:13,760 --> 00:34:15,919 is that since all of these parts 948 00:34:15,920 --> 00:34:18,198 of this system are operating 949 00:34:18,199 --> 00:34:20,299 at a very low level, we 950 00:34:20,300 --> 00:34:22,039 can just reset everything really 951 00:34:22,040 --> 00:34:23,509 frequently. 952 00:34:23,510 --> 00:34:24,979 It's not bulletproof, but it can at least 953 00:34:24,980 --> 00:34:27,440 make attackers life lives harder, 954 00:34:28,460 --> 00:34:30,408 because if we, like, reset the entire 955 00:34:30,409 --> 00:34:32,629 state of the system like everything but 956 00:34:32,630 --> 00:34:34,849 the actual keys, every frame 957 00:34:34,850 --> 00:34:36,799 or something or every time a new payload 958 00:34:36,800 --> 00:34:38,988 is received, it will be much 959 00:34:38,989 --> 00:34:40,729 harder for an attacker to actually 960 00:34:40,730 --> 00:34:43,399 compromise the state and bring it to any 961 00:34:43,400 --> 00:34:45,888 to any new state that is useful 962 00:34:45,889 --> 00:34:46,889 to the attacker. 963 00:34:48,110 --> 00:34:49,939 It will not prevent anything, but it will 964 00:34:49,940 --> 00:34:52,189 at least like make the practical 965 00:34:52,190 --> 00:34:54,559 exploitation harder now. 966 00:34:55,719 --> 00:34:57,459 Considering this attack surface, like 967 00:34:57,460 --> 00:34:59,380 what would be practical scenarios 968 00:35:01,420 --> 00:35:03,489 with this device and a laptop 969 00:35:03,490 --> 00:35:05,559 and with the same laptop without 970 00:35:05,560 --> 00:35:07,029 that device. 971 00:35:07,030 --> 00:35:09,399 So I just wrote down a couple of those 972 00:35:09,400 --> 00:35:11,529 little made like little colorful 973 00:35:11,530 --> 00:35:14,109 tick marks on how it would perform. 974 00:35:14,110 --> 00:35:15,639 Obviously, this is not absolute. 975 00:35:15,640 --> 00:35:17,439 It like depends on the implementation and 976 00:35:17,440 --> 00:35:19,659 on the how you are particularly using 977 00:35:19,660 --> 00:35:20,660 it. 978 00:35:21,250 --> 00:35:24,279 But I think as a general guidance, 979 00:35:24,280 --> 00:35:25,749 this should perform quite well. 980 00:35:25,750 --> 00:35:27,339 So like in the last device case, for 981 00:35:27,340 --> 00:35:29,409 example, if you don't have 982 00:35:29,410 --> 00:35:31,029 this kind of interceptor inside the 983 00:35:31,030 --> 00:35:33,189 device, you 984 00:35:33,190 --> 00:35:35,589 can already get pretty secure 985 00:35:35,590 --> 00:35:36,489 solutions. 986 00:35:36,490 --> 00:35:38,439 If you are using secure but correctly, if 987 00:35:38,440 --> 00:35:39,849 you are encrypting a hard disk, if you 988 00:35:39,850 --> 00:35:41,979 are soaring your keys 989 00:35:41,980 --> 00:35:44,049 in some kind of secure memory 990 00:35:44,050 --> 00:35:45,050 and so on. 991 00:35:45,820 --> 00:35:47,260 But it depends on the implementation. 992 00:35:49,090 --> 00:35:51,219 And like with this intercept device, I 993 00:35:51,220 --> 00:35:53,589 think it will be a little easier 994 00:35:53,590 --> 00:35:55,389 to actually make sure that if you lose 995 00:35:55,390 --> 00:35:57,609 the device, you like 996 00:35:57,610 --> 00:35:59,799 the idea that neither 997 00:35:59,800 --> 00:36:01,959 the keys themselves nor any plaintext 998 00:36:01,960 --> 00:36:03,219 can leak the device. 999 00:36:05,260 --> 00:36:07,239 Now, second scenario is like unlock 1000 00:36:07,240 --> 00:36:09,309 device stolen. So somebody comes and 1001 00:36:09,310 --> 00:36:11,169 takes your laptop away while you're 1002 00:36:11,170 --> 00:36:13,449 working at it and you don't have time 1003 00:36:13,450 --> 00:36:14,769 to lock the screen. 1004 00:36:14,770 --> 00:36:17,319 Now, the thing is, fundamentally, 1005 00:36:17,320 --> 00:36:19,209 you will have the same problem if you 1006 00:36:19,210 --> 00:36:21,269 kind of unlock this intercept 1007 00:36:21,270 --> 00:36:22,810 device over a period of time. 1008 00:36:23,980 --> 00:36:25,869 But the thing is that since you only need 1009 00:36:25,870 --> 00:36:27,489 this interceptor device in order to 1010 00:36:27,490 --> 00:36:29,409 decrypt and encrypt MS and you don't do 1011 00:36:29,410 --> 00:36:31,339 that all the time, you can have it 1012 00:36:31,340 --> 00:36:33,279 blocked most of the time that your screen 1013 00:36:33,280 --> 00:36:34,280 is unlocked. 1014 00:36:37,570 --> 00:36:39,789 Also, some since this intercepted 1015 00:36:39,790 --> 00:36:41,229 device like Hotfoot, we are building 1016 00:36:41,230 --> 00:36:43,299 ourselves, we can 1017 00:36:43,300 --> 00:36:45,309 include additional security features that 1018 00:36:45,310 --> 00:36:47,779 are not offered in Off-The-Shelf laptops, 1019 00:36:47,780 --> 00:36:48,939 for example, we could have like some 1020 00:36:48,940 --> 00:36:51,009 capacitive sensor in the Palmeiras 1021 00:36:51,010 --> 00:36:53,379 that is detecting when, like, your hands 1022 00:36:53,380 --> 00:36:55,239 are removed from it. And that will just 1023 00:36:55,240 --> 00:36:56,889 wipe the keys in that case. 1024 00:36:56,890 --> 00:36:58,059 And then you need to reenter your 1025 00:36:58,060 --> 00:36:59,829 password. That would be too annoying for 1026 00:36:59,830 --> 00:37:01,239 something that would lock the screen. 1027 00:37:01,240 --> 00:37:03,549 But like for Weiping, 1028 00:37:03,550 --> 00:37:05,949 like a clearing, a 1029 00:37:05,950 --> 00:37:08,079 hearing, for example, that might be 1030 00:37:08,080 --> 00:37:11,199 a adequate like a tradeoff. 1031 00:37:11,200 --> 00:37:13,389 Now, target to attack what 1032 00:37:13,390 --> 00:37:15,459 I described as a targeted attack 1033 00:37:15,460 --> 00:37:17,529 is basically somebody with a 1034 00:37:17,530 --> 00:37:19,719 lot of money really doesn't like 1035 00:37:19,720 --> 00:37:21,669 you. So, for example, somebody 1036 00:37:21,670 --> 00:37:24,219 specifically wants your email 1037 00:37:24,220 --> 00:37:26,649 now, Vodoun Interceptive, 1038 00:37:26,650 --> 00:37:28,539 you really have a problem, because even 1039 00:37:28,540 --> 00:37:30,249 if you are using locutions and you 1040 00:37:30,250 --> 00:37:32,409 encrypting everything with GPG, in the 1041 00:37:32,410 --> 00:37:34,509 end you have a off the shelf 1042 00:37:34,510 --> 00:37:36,399 Linux operating system with X and 1043 00:37:36,400 --> 00:37:38,649 hypervisor running on a 1044 00:37:38,650 --> 00:37:40,929 platform with lots of proprietary 1045 00:37:40,930 --> 00:37:43,089 firmware and many places that are 1046 00:37:43,090 --> 00:37:44,090 handling 1047 00:37:45,220 --> 00:37:47,169 plaintext data. 1048 00:37:47,170 --> 00:37:49,659 And also this system, 1049 00:37:49,660 --> 00:37:52,329 the entire stack is so complex 1050 00:37:52,330 --> 00:37:54,609 that I think it's practically 1051 00:37:54,610 --> 00:37:56,469 guaranteed for every part of it that 1052 00:37:56,470 --> 00:37:57,849 there will be flaws. 1053 00:37:57,850 --> 00:37:59,469 And we see that all the time. 1054 00:37:59,470 --> 00:38:01,809 For example, Apple's iPhone has a really 1055 00:38:01,810 --> 00:38:03,669 good security architecture, but it's 1056 00:38:03,670 --> 00:38:05,829 still pretty complex and people 1057 00:38:05,830 --> 00:38:07,389 are getting around us. 1058 00:38:07,390 --> 00:38:09,489 Also fix the X and hypervisor, which is 1059 00:38:09,490 --> 00:38:11,949 on Hueso s, which is the primary 1060 00:38:11,950 --> 00:38:13,210 isolation feature there. 1061 00:38:14,380 --> 00:38:15,999 That thing is also highly regarded. 1062 00:38:16,000 --> 00:38:18,129 Still, there have been flaws found in it 1063 00:38:18,130 --> 00:38:20,050 because it is a huge, complex thing. 1064 00:38:21,640 --> 00:38:23,799 And I think we can lower 1065 00:38:23,800 --> 00:38:25,869 that attack surface by 1066 00:38:25,870 --> 00:38:27,549 basically concentrating it on this 1067 00:38:27,550 --> 00:38:29,649 interceptive device, which really 1068 00:38:29,650 --> 00:38:31,989 only prevents very simple interfaces 1069 00:38:31,990 --> 00:38:34,119 to the outside world, which I think we 1070 00:38:34,120 --> 00:38:36,249 might be using, 1071 00:38:36,250 --> 00:38:38,319 which I think might be easier to 1072 00:38:38,320 --> 00:38:39,520 actually audit. 1073 00:38:40,600 --> 00:38:42,909 Now, an obvious failsafe 1074 00:38:42,910 --> 00:38:45,099 scenario for like both things like 1075 00:38:45,100 --> 00:38:46,539 a laptop with or without this device 1076 00:38:46,540 --> 00:38:48,219 would be like you are blocked. 1077 00:38:48,220 --> 00:38:50,319 So like somebody places a camera behind 1078 00:38:50,320 --> 00:38:52,209 you and your flat, your apartment or 1079 00:38:52,210 --> 00:38:54,279 something, because like 1080 00:38:54,280 --> 00:38:56,589 since you need plaintext data 1081 00:38:56,590 --> 00:38:58,959 coming out of your screen at your eyes, 1082 00:38:58,960 --> 00:39:00,340 since we don't have krypto glasses. 1083 00:39:02,760 --> 00:39:04,799 Like anybody in the same room will be 1084 00:39:04,800 --> 00:39:06,599 able to kind of foom that, like even if 1085 00:39:06,600 --> 00:39:07,829 you're using like one of these privacy 1086 00:39:07,830 --> 00:39:09,929 filter things, like at 1087 00:39:09,930 --> 00:39:11,459 the right angle, people will be able to 1088 00:39:11,460 --> 00:39:13,829 read it. So in that scenario, 1089 00:39:13,830 --> 00:39:16,079 obviously, any mechanism 1090 00:39:16,080 --> 00:39:18,949 that still uses a display will fail. 1091 00:39:18,950 --> 00:39:19,950 Um. 1092 00:39:20,760 --> 00:39:23,069 You may like you some kind of Snowden 1093 00:39:23,070 --> 00:39:24,719 cloak or something, but, yeah, 1094 00:39:25,950 --> 00:39:27,150 I think that would be really hard 1095 00:39:28,650 --> 00:39:29,579 physical access. 1096 00:39:29,580 --> 00:39:32,339 So like somebody has temporary 1097 00:39:32,340 --> 00:39:35,069 physical access to your device, like 1098 00:39:35,070 --> 00:39:36,629 during shipping or at the border 1099 00:39:36,630 --> 00:39:37,919 checkpoint. 1100 00:39:37,920 --> 00:39:40,019 In that case, I think it depends 1101 00:39:40,020 --> 00:39:42,209 on any in any instance, because 1102 00:39:42,210 --> 00:39:44,219 without intercept, well, maybe they can, 1103 00:39:44,220 --> 00:39:45,869 like, install a rootkit exchange. 1104 00:39:45,870 --> 00:39:47,969 It would flash or something 1105 00:39:47,970 --> 00:39:49,199 with the intercept. 1106 00:39:49,200 --> 00:39:51,119 Well, maybe they can place an interceptor 1107 00:39:51,120 --> 00:39:53,069 in front of the interceptor or something, 1108 00:39:53,070 --> 00:39:55,109 you know, like there's really nothing you 1109 00:39:55,110 --> 00:39:57,119 can do that if you you don't even know 1110 00:39:57,120 --> 00:39:59,549 whether you getting the same laptop back 1111 00:39:59,550 --> 00:40:01,769 or whether it's like a I 1112 00:40:01,770 --> 00:40:03,869 don't know, some simple device, which 1113 00:40:03,870 --> 00:40:06,149 is just like which includes 1114 00:40:06,150 --> 00:40:08,429 like monitoring for CPU and, uh, 1115 00:40:08,430 --> 00:40:10,709 for keyboard and display. 1116 00:40:10,710 --> 00:40:12,839 So I think in that in that case, 1117 00:40:12,840 --> 00:40:14,879 like, we can make it a little bit harder 1118 00:40:14,880 --> 00:40:16,499 by having, like, these sort of security 1119 00:40:16,500 --> 00:40:18,719 modules, features to like detect 1120 00:40:18,720 --> 00:40:20,839 when the case is open so we can 1121 00:40:20,840 --> 00:40:22,619 provide some incentive against, like 1122 00:40:22,620 --> 00:40:24,719 opening the case and messing around in 1123 00:40:24,720 --> 00:40:25,649 the system there. 1124 00:40:25,650 --> 00:40:28,139 But it won't be bulletproof, um, 1125 00:40:28,140 --> 00:40:30,629 like total communications surveillance 1126 00:40:30,630 --> 00:40:32,369 as it is happening in practice. 1127 00:40:33,750 --> 00:40:35,340 I guess that's 1128 00:40:36,810 --> 00:40:38,939 that's like any 1129 00:40:38,940 --> 00:40:40,169 system is pretty secure. 1130 00:40:40,170 --> 00:40:42,509 And the way that we are leaking metadata, 1131 00:40:42,510 --> 00:40:44,489 we are leaking metadata is really hard to 1132 00:40:44,490 --> 00:40:45,749 avoid that. 1133 00:40:45,750 --> 00:40:47,159 The difference is with the intercept. 1134 00:40:47,160 --> 00:40:49,019 You're also just leaking metadata instead 1135 00:40:49,020 --> 00:40:50,789 of plain text to your operating system. 1136 00:40:50,790 --> 00:40:53,279 But that might not be like 1137 00:40:53,280 --> 00:40:55,069 for communications. So that's irrelevant. 1138 00:40:56,220 --> 00:40:57,599 Now, what needs to be considered, of 1139 00:40:57,600 --> 00:40:59,999 course, is that by placing an additional 1140 00:41:00,000 --> 00:41:02,520 device in your laptop, you are actually 1141 00:41:04,440 --> 00:41:05,849 from a whole system point of view. 1142 00:41:05,850 --> 00:41:07,709 You are increasing attack surface. 1143 00:41:08,940 --> 00:41:11,159 And if that device 1144 00:41:11,160 --> 00:41:12,269 like this interceptor would be 1145 00:41:12,270 --> 00:41:13,829 compromised, that would be totally game 1146 00:41:13,830 --> 00:41:15,869 over because it has access to your two 1147 00:41:15,870 --> 00:41:17,579 most privileged things and the laptop 1148 00:41:17,580 --> 00:41:19,889 like the display output and the keyboard 1149 00:41:19,890 --> 00:41:20,939 input. 1150 00:41:20,940 --> 00:41:23,549 Um, so basically any secrets 1151 00:41:23,550 --> 00:41:25,709 you communicate to your computer are 1152 00:41:25,710 --> 00:41:27,899 there on these busses. 1153 00:41:27,900 --> 00:41:30,209 So I think 1154 00:41:30,210 --> 00:41:32,339 that we need to be really careful 1155 00:41:32,340 --> 00:41:34,109 implementing this in order to not make 1156 00:41:34,110 --> 00:41:36,359 this an actual security, 1157 00:41:36,360 --> 00:41:38,579 a security 1158 00:41:38,580 --> 00:41:40,229 threat instead of a security feature. 1159 00:41:41,790 --> 00:41:43,919 Major tasks I have, 1160 00:41:43,920 --> 00:41:46,169 like I think we have we 1161 00:41:46,170 --> 00:41:48,149 need to solve in order to actually make 1162 00:41:48,150 --> 00:41:50,669 this practical are basically 1163 00:41:50,670 --> 00:41:52,619 disassembling and reassembling this, I 1164 00:41:52,620 --> 00:41:54,689 might add, this report and stuff, because 1165 00:41:54,690 --> 00:41:56,010 as it turns out, it's not easy 1166 00:41:57,450 --> 00:41:58,529 if you have some expertize. 1167 00:41:58,530 --> 00:42:00,569 And that's I'm really interested in 1168 00:42:00,570 --> 00:42:02,789 feedback and suggestions there. 1169 00:42:02,790 --> 00:42:04,649 I think rendering Unicode will be hard. 1170 00:42:04,650 --> 00:42:06,719 I mean, we want to we want people to 1171 00:42:06,720 --> 00:42:07,979 actually be able to communicate in any 1172 00:42:07,980 --> 00:42:10,829 number of languages with this device and 1173 00:42:10,830 --> 00:42:12,479 actually supporting Unicode font 1174 00:42:12,480 --> 00:42:14,399 rendering on a embedded thing. 1175 00:42:14,400 --> 00:42:16,169 And that in a secure way. 1176 00:42:16,170 --> 00:42:18,419 I don't think that be trivial. 1177 00:42:18,420 --> 00:42:20,309 Then we need to define this packet's 1178 00:42:20,310 --> 00:42:21,809 payload format in a secure way. 1179 00:42:21,810 --> 00:42:23,849 So like it cannot doesn't provide too 1180 00:42:23,850 --> 00:42:24,850 much complexity. 1181 00:42:26,100 --> 00:42:27,509 We need to get the keyboard passed 1182 00:42:27,510 --> 00:42:28,439 through semantics. Right. 1183 00:42:28,440 --> 00:42:30,539 So don't accidentally input sensitive 1184 00:42:30,540 --> 00:42:32,819 data into your host machine 1185 00:42:32,820 --> 00:42:34,679 without you really noticing it. 1186 00:42:35,880 --> 00:42:37,829 We need to split like this and do this 1187 00:42:37,830 --> 00:42:39,229 entire process. 1188 00:42:39,230 --> 00:42:41,039 Separation like cryptochrome process was 1189 00:42:41,040 --> 00:42:43,409 application for processing in some sense 1190 00:42:43,410 --> 00:42:45,599 of a way that we actually gain something 1191 00:42:45,600 --> 00:42:47,759 by it and we don't have 1192 00:42:47,760 --> 00:42:49,859 like a huge amount of code running in 1193 00:42:49,860 --> 00:42:52,319 the process of, for example. 1194 00:42:52,320 --> 00:42:54,479 And I think the if he if 1195 00:42:54,480 --> 00:42:56,369 we want to implement this with the smart 1196 00:42:56,370 --> 00:42:58,709 card as a Keystart like long term 1197 00:42:58,710 --> 00:43:00,959 storage, it will probably 1198 00:43:00,960 --> 00:43:03,119 also be hard to get that 1199 00:43:03,120 --> 00:43:05,219 right, because 1200 00:43:05,220 --> 00:43:07,439 I don't think as a private citizen, 1201 00:43:07,440 --> 00:43:09,299 you can just go out there, buy a smart 1202 00:43:09,300 --> 00:43:11,519 card software development kit 1203 00:43:11,520 --> 00:43:13,769 and write your own as a 1204 00:43:13,770 --> 00:43:15,959 force for forty nine to six 1205 00:43:15,960 --> 00:43:18,419 like geeky handling 1206 00:43:18,420 --> 00:43:19,420 on the smart card. 1207 00:43:20,700 --> 00:43:22,739 So we need we may need to figure 1208 00:43:22,740 --> 00:43:25,079 something out that if we want to do that 1209 00:43:25,080 --> 00:43:26,999 now, I don't know. 1210 00:43:27,000 --> 00:43:29,699 I hope I could actually 1211 00:43:29,700 --> 00:43:31,889 like I could make 1212 00:43:31,890 --> 00:43:33,629 you interested in that idea if you have 1213 00:43:33,630 --> 00:43:36,449 like any feedback, any suggestions, 1214 00:43:36,450 --> 00:43:37,450 any ideas 1215 00:43:38,670 --> 00:43:40,859 or like some expertize, even in 1216 00:43:40,860 --> 00:43:42,179 the relevant fields. 1217 00:43:42,180 --> 00:43:44,249 I'm really interested in feedback 1218 00:43:44,250 --> 00:43:46,499 and help 1219 00:43:46,500 --> 00:43:47,500 with this. 1220 00:43:48,210 --> 00:43:50,759 I'm reachable like that email address. 1221 00:43:50,760 --> 00:43:52,259 The key is below. 1222 00:43:52,260 --> 00:43:54,659 And this talk like the slides 1223 00:43:54,660 --> 00:43:58,169 will be on the GitHub repository 1224 00:43:58,170 --> 00:44:00,479 up there. So you can also 1225 00:44:00,480 --> 00:44:02,669 just give feedback as by raising 1226 00:44:02,670 --> 00:44:05,459 an issue that if you have something, 1227 00:44:05,460 --> 00:44:07,500 um, thank you for listening. 1228 00:44:18,790 --> 00:44:21,069 Everybody that who I haven't 1229 00:44:21,070 --> 00:44:23,139 bought to heart you, I think 1230 00:44:23,140 --> 00:44:25,189 we can do a question and answer session 1231 00:44:25,190 --> 00:44:26,190 now. 1232 00:44:27,760 --> 00:44:29,319 Yeah, thank you very much. 1233 00:44:29,320 --> 00:44:30,369 That was enlightening. 1234 00:44:31,510 --> 00:44:33,009 That takes us to the Q&A. 1235 00:44:33,010 --> 00:44:35,649 There are two microphones 1236 00:44:35,650 --> 00:44:37,449 set up here. Please form an orderly 1237 00:44:37,450 --> 00:44:38,829 queue. 1238 00:44:38,830 --> 00:44:39,830 I'll try to 1239 00:44:41,440 --> 00:44:43,749 make sure that I realize who's 1240 00:44:43,750 --> 00:44:45,999 first. And we would just 1241 00:44:46,000 --> 00:44:48,009 wait for the people filing out for a 1242 00:44:48,010 --> 00:44:50,259 second, I think, because 1243 00:44:50,260 --> 00:44:52,799 we we got enough time, don't we? 1244 00:44:52,800 --> 00:44:53,739 I think so. 1245 00:44:53,740 --> 00:44:54,949 Great. 1246 00:44:54,950 --> 00:44:55,950 Ten minutes. 1247 00:45:16,860 --> 00:45:18,719 Q&A answer, I think, will pick me. 1248 00:45:28,440 --> 00:45:30,509 OK, we started that, 1249 00:45:30,510 --> 00:45:32,729 Mike, and then ping pong to 1250 00:45:32,730 --> 00:45:33,579 the room. 1251 00:45:33,580 --> 00:45:35,909 Yeah, so as far as I 1252 00:45:35,910 --> 00:45:38,279 understand, the idea of the interceptor 1253 00:45:38,280 --> 00:45:40,409 on the keyboard side is that plaintext 1254 00:45:40,410 --> 00:45:42,360 goes in, ciphertext comes out. 1255 00:45:43,380 --> 00:45:44,519 Yes. All right. 1256 00:45:44,520 --> 00:45:47,129 So I would like to edit all of my emails 1257 00:45:47,130 --> 00:45:49,259 in Emacs or vem with 1258 00:45:49,260 --> 00:45:51,729 all of the fancy packages on line. 1259 00:45:51,730 --> 00:45:54,089 Obviously, we will need to compromise 1260 00:45:54,090 --> 00:45:56,429 like some amount of usability there, 1261 00:45:56,430 --> 00:45:58,439 except if you want like a full imex 1262 00:45:58,440 --> 00:46:00,089 instance running in that intercept. 1263 00:46:00,090 --> 00:46:01,659 I mean, technically it's possible. 1264 00:46:01,660 --> 00:46:04,169 Yeah, you can like in these refugees 1265 00:46:04,170 --> 00:46:05,609 who can actually make the development 1266 00:46:05,610 --> 00:46:07,169 system and using you can actually run a 1267 00:46:07,170 --> 00:46:08,279 full Linux in there. 1268 00:46:08,280 --> 00:46:09,629 But I don't think you would want that 1269 00:46:09,630 --> 00:46:11,729 because it would pose like some attack, 1270 00:46:11,730 --> 00:46:12,179 as I think. 1271 00:46:12,180 --> 00:46:14,489 Yeah, but generally the benefits 1272 00:46:14,490 --> 00:46:16,679 of having your applications in software 1273 00:46:16,680 --> 00:46:17,969 rather than hardware is that you can 1274 00:46:17,970 --> 00:46:20,129 update them. Also, new crypto protocols, 1275 00:46:20,130 --> 00:46:21,900 better encodings than UTF eight. 1276 00:46:23,250 --> 00:46:25,379 All of that is lost in your design. 1277 00:46:25,380 --> 00:46:26,339 Yes. 1278 00:46:26,340 --> 00:46:28,469 Or could you maybe 1279 00:46:28,470 --> 00:46:29,789 make the monitors a little louder? 1280 00:46:29,790 --> 00:46:31,529 I can barely understand them. 1281 00:46:31,530 --> 00:46:32,760 So I repeat, 1282 00:46:33,990 --> 00:46:36,119 shall I repeat the question or you got 1283 00:46:36,120 --> 00:46:37,829 to, like, update ability of the phone? 1284 00:46:37,830 --> 00:46:39,209 Yeah, yeah. 1285 00:46:39,210 --> 00:46:41,399 I mean, the thing is, you can like 1286 00:46:41,400 --> 00:46:43,499 if it is implemented in the FPGA, not 1287 00:46:43,500 --> 00:46:45,749 in an ASIC, you can actually 1288 00:46:45,750 --> 00:46:48,059 easily update it. I think it is 1289 00:46:48,060 --> 00:46:50,219 very sensible to make it as hard 1290 00:46:50,220 --> 00:46:51,479 as possible to actually do that in 1291 00:46:51,480 --> 00:46:52,739 practice. Like you need to open the 1292 00:46:52,740 --> 00:46:55,019 hardware security module and like flip 1293 00:46:55,020 --> 00:46:56,669 some switch or place a jumper or 1294 00:46:56,670 --> 00:46:58,799 something as to make it impossible 1295 00:46:58,800 --> 00:47:00,989 to do that via a software only 1296 00:47:00,990 --> 00:47:03,029 attack, for example. 1297 00:47:03,030 --> 00:47:05,149 And like, if you do that. 1298 00:47:05,150 --> 00:47:06,570 Well, yeah, you could update us. 1299 00:47:10,860 --> 00:47:12,449 OK, yeah. 1300 00:47:12,450 --> 00:47:14,549 OK, how do you actually know that what 1301 00:47:14,550 --> 00:47:15,749 you're seeing is coming from the 1302 00:47:15,750 --> 00:47:17,429 interceptor and how do we know that when 1303 00:47:17,430 --> 00:47:18,809 you're typing it's actually being 1304 00:47:18,810 --> 00:47:20,799 intercepted and not going to the 1305 00:47:20,800 --> 00:47:21,599 hardware? 1306 00:47:21,600 --> 00:47:22,859 That question. So 1307 00:47:23,970 --> 00:47:25,589 I don't actually know that what I'm 1308 00:47:25,590 --> 00:47:26,819 seeing. Oh, OK. 1309 00:47:26,820 --> 00:47:28,289 Well, it depends. Like, I cannot 1310 00:47:28,290 --> 00:47:30,509 absolutely know it because somebody could 1311 00:47:30,510 --> 00:47:32,129 have placed like an interceptor between 1312 00:47:32,130 --> 00:47:33,130 me and the interceptor. 1313 00:47:34,920 --> 00:47:37,469 Now, just like I 1314 00:47:37,470 --> 00:47:39,509 think the other way to talk about it is 1315 00:47:39,510 --> 00:47:41,669 like what I 1316 00:47:41,670 --> 00:47:43,769 want to have is I don't want a 1317 00:47:43,770 --> 00:47:45,509 application on my operating system being 1318 00:47:45,510 --> 00:47:47,570 able to spoof intercept output. 1319 00:47:48,690 --> 00:47:51,029 I think one way to make that is 1320 00:47:51,030 --> 00:47:52,160 to have the 1321 00:47:53,270 --> 00:47:55,709 urge to have a 1322 00:47:55,710 --> 00:47:57,779 like the easiest way to implement that in 1323 00:47:57,780 --> 00:47:59,069 practice would be to have just the 1324 00:47:59,070 --> 00:48:01,199 intercept always and full screen 1325 00:48:01,200 --> 00:48:03,839 and use one of the physical LEDs 1326 00:48:03,840 --> 00:48:06,299 on the keyboard of a pat 1327 00:48:06,300 --> 00:48:08,489 in order to like, signify 1328 00:48:08,490 --> 00:48:10,649 where the input and output is going 1329 00:48:10,650 --> 00:48:12,839 is coming from and going in to the 1330 00:48:12,840 --> 00:48:15,239 interceptor or from the underlying 1331 00:48:15,240 --> 00:48:17,099 device. So you have like the you could 1332 00:48:17,100 --> 00:48:19,319 repurpose them, you'd make muite led of 1333 00:48:19,320 --> 00:48:21,179 immutability for that. 1334 00:48:22,770 --> 00:48:24,839 Other possibilities would be like for the 1335 00:48:24,840 --> 00:48:27,119 output case to like draw a border around 1336 00:48:27,120 --> 00:48:29,609 the screen. And if it's red means like 1337 00:48:29,610 --> 00:48:31,799 Linux talking, if it's green, it means 1338 00:48:31,800 --> 00:48:34,139 like interceptive talking for the input. 1339 00:48:34,140 --> 00:48:35,159 Basically the same thing. 1340 00:48:35,160 --> 00:48:37,379 You could have some like visual 1341 00:48:37,380 --> 00:48:38,399 clue. 1342 00:48:38,400 --> 00:48:40,829 I think the input case will be pretty 1343 00:48:40,830 --> 00:48:43,139 like in order to get that right 1344 00:48:43,140 --> 00:48:45,209 would be pretty hard because we don't 1345 00:48:45,210 --> 00:48:46,979 want you to accidentally input a 1346 00:48:46,980 --> 00:48:49,049 password. And if you input 1347 00:48:49,050 --> 00:48:50,759 a password often you don't necessarily 1348 00:48:50,760 --> 00:48:52,769 care that much about the screen. 1349 00:48:52,770 --> 00:48:54,629 Why? Look why you were typing it. 1350 00:48:54,630 --> 00:48:56,909 So I think a visual clue might 1351 00:48:56,910 --> 00:48:58,380 even be not enough in that case. 1352 00:49:00,620 --> 00:49:02,839 Well, I guess we finally found a good 1353 00:49:02,840 --> 00:49:04,369 use for the think bondage button. 1354 00:49:06,170 --> 00:49:07,849 Well, except that one can be controlled 1355 00:49:07,850 --> 00:49:09,199 from the CPU. 1356 00:49:09,200 --> 00:49:12,299 Yeah, somebody mapped it to Newt Newt on 1357 00:49:12,300 --> 00:49:14,359 whether they did the 1358 00:49:14,360 --> 00:49:15,559 signal. 1359 00:49:15,560 --> 00:49:17,059 The Internet is talking to us. 1360 00:49:17,060 --> 00:49:19,329 Yeah. So the first question is, would 1361 00:49:19,330 --> 00:49:21,739 the interceptor work in a way cavium 1362 00:49:21,740 --> 00:49:23,659 does? So instead of adding a chip to the 1363 00:49:23,660 --> 00:49:25,369 main board, you put a box next to the 1364 00:49:25,370 --> 00:49:27,799 computer to which you plug the keyboard 1365 00:49:27,800 --> 00:49:30,169 and the display and the box just presents 1366 00:49:30,170 --> 00:49:32,029 the encrypted input to the computer. 1367 00:49:32,030 --> 00:49:34,169 Definitely like in a desktop use case. 1368 00:49:34,170 --> 00:49:35,689 That would definitely be how I would 1369 00:49:35,690 --> 00:49:37,759 implement it in the laptop use 1370 00:49:37,760 --> 00:49:39,409 case. Obviously, it's tempting to 1371 00:49:39,410 --> 00:49:41,479 actually include it in inside the 1372 00:49:41,480 --> 00:49:43,729 actual case 1373 00:49:43,730 --> 00:49:44,969 for some extra 30. 1374 00:49:44,970 --> 00:49:47,059 We could just replace the hard 1375 00:49:47,060 --> 00:49:49,399 disk with a smaller SSD and use the 1376 00:49:49,400 --> 00:49:50,449 free space there 1377 00:49:51,470 --> 00:49:53,269 because it's already quite close to 1378 00:49:53,270 --> 00:49:55,190 display and keyboard connections. 1379 00:49:58,340 --> 00:50:00,899 OK, I really like 1380 00:50:00,900 --> 00:50:02,779 I really like the creative idea, but 1381 00:50:03,980 --> 00:50:05,539 I was wondering how you feel about I 1382 00:50:05,540 --> 00:50:07,999 mean, you touched upon the 1383 00:50:08,000 --> 00:50:09,020 open the risk 1384 00:50:10,640 --> 00:50:12,889 C.P.U implementation that we 1385 00:50:12,890 --> 00:50:14,959 not open risk, so risk 1386 00:50:14,960 --> 00:50:16,389 the risk fee. 1387 00:50:17,390 --> 00:50:18,319 OK, I'm not sure. 1388 00:50:18,320 --> 00:50:20,419 But the university in England, where 1389 00:50:20,420 --> 00:50:22,909 they are doing research on an open 1390 00:50:22,910 --> 00:50:25,009 architecture and if 1391 00:50:25,010 --> 00:50:27,199 you go into towards that 1392 00:50:27,200 --> 00:50:29,899 direction, wouldn't how do you feel about 1393 00:50:29,900 --> 00:50:32,389 having a system on its own 1394 00:50:32,390 --> 00:50:35,159 that you can trust instead of having 1395 00:50:35,160 --> 00:50:37,399 an implementation in a regular 1396 00:50:37,400 --> 00:50:38,400 machine? 1397 00:50:39,170 --> 00:50:40,579 I think that would be really interesting. 1398 00:50:40,580 --> 00:50:42,529 Like the that that is one of the more 1399 00:50:42,530 --> 00:50:44,749 interesting points of actually 1400 00:50:44,750 --> 00:50:46,489 doing this. I mean, the thing is, we can 1401 00:50:46,490 --> 00:50:48,259 still you can still use, like all the 1402 00:50:48,260 --> 00:50:50,089 amenities of your operating system with 1403 00:50:50,090 --> 00:50:52,669 like Compiz wobbly windows 1404 00:50:52,670 --> 00:50:54,779 and like windows 1405 00:50:54,780 --> 00:50:56,239 hourglass depending on the operating 1406 00:50:56,240 --> 00:50:57,319 system. 1407 00:50:57,320 --> 00:50:59,739 But you also get like this trust 1408 00:50:59,740 --> 00:51:01,819 it, the trust aspect from 1409 00:51:01,820 --> 00:51:04,549 the C.P.U implemented in the FPGA. 1410 00:51:04,550 --> 00:51:06,679 So like for a start, 1411 00:51:06,680 --> 00:51:08,239 I would definitely keep the firmware 1412 00:51:08,240 --> 00:51:09,919 running inside. It's as simple as 1413 00:51:09,920 --> 00:51:10,920 possible 1414 00:51:12,080 --> 00:51:14,509 in order to avoid like making the crash 1415 00:51:14,510 --> 00:51:16,759 and like avoid like adding a khattak 1416 00:51:16,760 --> 00:51:18,589 surface there. But yeah, of course, like 1417 00:51:18,590 --> 00:51:20,689 long term, you might want to add 1418 00:51:20,690 --> 00:51:22,789 more functionality into it with 1419 00:51:22,790 --> 00:51:23,839 sufficient isolation. 1420 00:51:23,840 --> 00:51:24,840 Of course. 1421 00:51:25,520 --> 00:51:26,520 Thank you. 1422 00:51:27,020 --> 00:51:29,209 OK, the Internet is at 1423 00:51:29,210 --> 00:51:30,210 it again. 1424 00:51:30,740 --> 00:51:31,759 Just a short question. 1425 00:51:31,760 --> 00:51:34,249 What about USB keyboards? 1426 00:51:34,250 --> 00:51:35,269 Yeah, well, it depends. 1427 00:51:35,270 --> 00:51:36,889 Like if you have some means of plugging 1428 00:51:36,890 --> 00:51:38,719 that into the intercept on an issue like 1429 00:51:38,720 --> 00:51:40,849 USB is still simple enough 1430 00:51:40,850 --> 00:51:43,099 that you could implement it with some 1431 00:51:43,100 --> 00:51:45,439 effort on an FPGA like both hosts 1432 00:51:45,440 --> 00:51:46,760 and device parts 1433 00:51:47,780 --> 00:51:49,579 in the laptop use case. 1434 00:51:49,580 --> 00:51:50,929 I don't think it will be that easy 1435 00:51:50,930 --> 00:51:52,489 because you would need to intercept like 1436 00:51:52,490 --> 00:51:53,570 all the USB ports. 1437 00:51:59,170 --> 00:52:01,029 I understand that the whole point of a 1438 00:52:01,030 --> 00:52:03,159 device like this is 1439 00:52:03,160 --> 00:52:05,319 to bring about something like 1440 00:52:05,320 --> 00:52:06,729 the Krypto goggles you mentioned at the 1441 00:52:06,730 --> 00:52:08,799 beginning, but in a more limited 1442 00:52:08,800 --> 00:52:09,759 fashion. 1443 00:52:09,760 --> 00:52:11,259 However, it does seem like there's 1444 00:52:11,260 --> 00:52:13,329 opportunity for the 1445 00:52:13,330 --> 00:52:14,739 solution that you've proposed to have 1446 00:52:14,740 --> 00:52:16,599 integration points for operating systems 1447 00:52:16,600 --> 00:52:18,759 like Genard and Cupolas and so on and 1448 00:52:18,760 --> 00:52:19,760 so forth. 1449 00:52:21,180 --> 00:52:23,129 Is do you think that there's another 1450 00:52:23,130 --> 00:52:24,569 angle, this a different thing that you 1451 00:52:24,570 --> 00:52:26,669 can isolate, or is this the 1452 00:52:26,670 --> 00:52:28,559 only way in which it can be done? 1453 00:52:28,560 --> 00:52:30,369 And if it's this is the only way which 1454 00:52:30,370 --> 00:52:31,649 can be done to the things that you 1455 00:52:31,650 --> 00:52:32,909 propose that should be done? 1456 00:52:34,420 --> 00:52:36,189 Are there any integration points for 1457 00:52:36,190 --> 00:52:37,839 operating systems like that? 1458 00:52:37,840 --> 00:52:39,759 I mean, I don't think this is the only 1459 00:52:39,760 --> 00:52:41,499 way you could do something like this. 1460 00:52:41,500 --> 00:52:43,689 For example, you could also like for a 1461 00:52:43,690 --> 00:52:45,759 much like from a implementation point 1462 00:52:45,760 --> 00:52:47,229 of view, much simpler architecture. 1463 00:52:47,230 --> 00:52:49,179 You could just have a device packed into 1464 00:52:49,180 --> 00:52:51,219 your USB port, which has a display and a 1465 00:52:51,220 --> 00:52:53,319 keyboard like separate to 1466 00:52:53,320 --> 00:52:55,179 your regular displaying keyboard. 1467 00:52:55,180 --> 00:52:56,649 Like the only difference would be it 1468 00:52:56,650 --> 00:52:58,840 would be a little less convenient to use. 1469 00:53:00,010 --> 00:53:02,859 So I think there will be there are other 1470 00:53:02,860 --> 00:53:03,849 many other ways. 1471 00:53:03,850 --> 00:53:05,829 It I think the intercepting the actual 1472 00:53:05,830 --> 00:53:07,989 display data thing is kind of interesting 1473 00:53:07,990 --> 00:53:09,819 because it's pretty portable across 1474 00:53:09,820 --> 00:53:10,820 platforms. 1475 00:53:12,220 --> 00:53:13,929 As for integration points for like the 1476 00:53:13,930 --> 00:53:15,339 operating system, especially something 1477 00:53:15,340 --> 00:53:17,019 like Huff's, I think there's a lot of 1478 00:53:17,020 --> 00:53:19,480 potential. I mean, I would I didn't 1479 00:53:20,560 --> 00:53:22,419 think about that much yet because think 1480 00:53:22,420 --> 00:53:23,679 about like A.I.M. 1481 00:53:23,680 --> 00:53:25,329 made being integrated with the system 1482 00:53:25,330 --> 00:53:26,259 that you're talking about. 1483 00:53:26,260 --> 00:53:28,659 You made for a pretty resistant 1484 00:53:28,660 --> 00:53:30,549 system that cannot be spoofed. 1485 00:53:30,550 --> 00:53:32,589 Yeah. I mean, you could also, for 1486 00:53:32,590 --> 00:53:34,389 example, you could even like in case of 1487 00:53:34,390 --> 00:53:36,639 cubes, you could integrate that. 1488 00:53:36,640 --> 00:53:38,019 Some of that. I think you could actually 1489 00:53:38,020 --> 00:53:39,909 integrate into the display manager in 1490 00:53:39,910 --> 00:53:41,349 order to have like both Qs and the 1491 00:53:41,350 --> 00:53:42,879 interceptor cooperating. 1492 00:53:42,880 --> 00:53:44,769 So like Cubes knows what the interceptor 1493 00:53:44,770 --> 00:53:47,199 is doing and can actually, for example, 1494 00:53:47,200 --> 00:53:49,269 you could maybe handle the inputting 1495 00:53:49,270 --> 00:53:51,639 your password into the wrong 1496 00:53:51,640 --> 00:53:54,009 device. The thing 1497 00:53:54,010 --> 00:53:56,379 there, OK, whatever. 1498 00:53:56,380 --> 00:53:57,400 That was my screensaver. 1499 00:54:00,270 --> 00:54:01,499 OK, there's another one from the 1500 00:54:01,500 --> 00:54:02,789 Internet. 1501 00:54:02,790 --> 00:54:04,889 Yeah, what about ciphertext that 1502 00:54:04,890 --> 00:54:06,749 are longer than would then what would 1503 00:54:06,750 --> 00:54:06,959 fit? 1504 00:54:06,960 --> 00:54:09,059 Almost nice Christian like the same thing 1505 00:54:09,060 --> 00:54:10,859 goes, by the way, for plaintext that is 1506 00:54:10,860 --> 00:54:12,270 longer than what fits on the screen. 1507 00:54:13,290 --> 00:54:15,569 Like, I didn't touch upon that too much. 1508 00:54:15,570 --> 00:54:17,009 But basically what it would do is you 1509 00:54:17,010 --> 00:54:19,589 would spread across different frames 1510 00:54:19,590 --> 00:54:22,559 since the like the actual pixel 1511 00:54:22,560 --> 00:54:24,719 bandwidth, the bandwidth for pixel data 1512 00:54:24,720 --> 00:54:27,149 on a like even on a low resolution 1513 00:54:27,150 --> 00:54:29,399 display, like the display of that laptop 1514 00:54:29,400 --> 00:54:31,259 is like already in the gigabit per second 1515 00:54:31,260 --> 00:54:33,329 range. So no matter 1516 00:54:33,330 --> 00:54:35,399 how long your emails are or what amount 1517 00:54:35,400 --> 00:54:37,529 of ciphertext you are outputting there, 1518 00:54:37,530 --> 00:54:39,689 you will be able to stuff 1519 00:54:39,690 --> 00:54:41,189 it into consecutive frames. 1520 00:54:41,190 --> 00:54:43,739 You will have some processing limitations 1521 00:54:43,740 --> 00:54:46,139 on the FPGA because it's like trolly 1522 00:54:46,140 --> 00:54:48,239 clock pretty slowly and you will 1523 00:54:48,240 --> 00:54:50,219 have some like memory limitations also. 1524 00:54:51,390 --> 00:54:53,940 But like, I think for a general system 1525 00:54:55,050 --> 00:54:57,089 at the cost of a slightly higher 1526 00:54:57,090 --> 00:54:59,129 complexity of the protocol handling in 1527 00:54:59,130 --> 00:55:01,109 the intercept, this can be solved. 1528 00:55:01,110 --> 00:55:03,059 And for the outputs case, like you just 1529 00:55:03,060 --> 00:55:05,339 scroll, you just need to wire like 1530 00:55:05,340 --> 00:55:07,409 the up and down arrows, all a screen up 1531 00:55:07,410 --> 00:55:09,659 and screen down keys to like 1532 00:55:09,660 --> 00:55:10,829 the renderer or something. 1533 00:55:12,390 --> 00:55:13,390 Thank you. 1534 00:55:14,510 --> 00:55:16,579 OK, so your 1535 00:55:16,580 --> 00:55:18,709 main argument was that your system 1536 00:55:18,710 --> 00:55:20,929 is less complex and therefore less 1537 00:55:20,930 --> 00:55:23,109 attackable, but then I wonder why 1538 00:55:23,110 --> 00:55:25,339 you make the effort 1539 00:55:25,340 --> 00:55:27,799 of intercepting your traffic? 1540 00:55:27,800 --> 00:55:29,899 Like from my experience, 1541 00:55:29,900 --> 00:55:31,999 I guess about 90 percent of 1542 00:55:32,000 --> 00:55:34,279 the complexity of that system will 1543 00:55:34,280 --> 00:55:36,439 be on intercepting the display 1544 00:55:36,440 --> 00:55:38,989 data. So if you want to have something 1545 00:55:38,990 --> 00:55:41,059 plain and simple and with a 1546 00:55:41,060 --> 00:55:44,179 low attack surface, 1547 00:55:44,180 --> 00:55:46,429 why you don't use is just a standard four 1548 00:55:46,430 --> 00:55:48,499 times 20 LCD display 1549 00:55:48,500 --> 00:55:50,569 and just intercepted 1550 00:55:50,570 --> 00:55:51,859 the keyboard line. 1551 00:55:51,860 --> 00:55:53,989 And this would be doable and like 1552 00:55:53,990 --> 00:55:56,239 one or two days and you could even 1553 00:55:56,240 --> 00:55:58,459 let it run on SDM thirty two point 1554 00:55:58,460 --> 00:55:59,509 FPGA. 1555 00:55:59,510 --> 00:56:00,709 But that would be boring. 1556 00:56:00,710 --> 00:56:03,079 No, seriously, I think the 1557 00:56:03,080 --> 00:56:05,539 V.V. like doing the life interception 1558 00:56:05,540 --> 00:56:07,789 of display data has a serious usability 1559 00:56:07,790 --> 00:56:09,919 advantage in that you can 1560 00:56:09,920 --> 00:56:11,989 like in my laptop use case 1561 00:56:11,990 --> 00:56:14,329 I have this laptop looks exactly 1562 00:56:14,330 --> 00:56:16,459 the same as before, except for 1563 00:56:16,460 --> 00:56:18,439 providing me this high assurance for like 1564 00:56:18,440 --> 00:56:20,689 certain operations, like 1565 00:56:20,690 --> 00:56:22,669 with any kind of external device. 1566 00:56:22,670 --> 00:56:24,469 I would need to carry that around, need 1567 00:56:24,470 --> 00:56:26,479 to have it, and then like use two 1568 00:56:26,480 --> 00:56:28,099 different keyboards and two different 1569 00:56:28,100 --> 00:56:29,539 displays of different things. 1570 00:56:29,540 --> 00:56:31,789 And like 1571 00:56:31,790 --> 00:56:33,769 I think for serious email reading, at 1572 00:56:33,770 --> 00:56:35,479 some point you would want, like a serious 1573 00:56:35,480 --> 00:56:37,639 display on that thing and on that 1574 00:56:37,640 --> 00:56:39,289 at that point, it gets just as 1575 00:56:39,290 --> 00:56:40,309 complicated. Also 1576 00:56:41,360 --> 00:56:43,429 the like 1577 00:56:43,430 --> 00:56:44,989 considering the development time. 1578 00:56:44,990 --> 00:56:46,879 Yes, intercepting leads and embeddedness 1579 00:56:46,880 --> 00:56:48,709 report is a lot of work, but that's not 1580 00:56:48,710 --> 00:56:50,779 because it's super complex, but because 1581 00:56:50,780 --> 00:56:52,159 it needs to be tuned. Pretty. 1582 00:56:52,160 --> 00:56:53,149 Pretty, exactly. 1583 00:56:53,150 --> 00:56:55,159 Because you need to take care of a lot of 1584 00:56:55,160 --> 00:56:57,379 details there, like face alignment 1585 00:56:57,380 --> 00:56:58,380 and stuff like that. 1586 00:57:02,830 --> 00:57:04,420 OK, thanks, next question. 1587 00:57:06,670 --> 00:57:09,039 How exactly do you think 1588 00:57:09,040 --> 00:57:11,499 there's going to be something 1589 00:57:11,500 --> 00:57:13,599 on the CPU sending your 1590 00:57:13,600 --> 00:57:16,029 text away or whatever, doing 1591 00:57:16,030 --> 00:57:17,030 with it? 1592 00:57:19,480 --> 00:57:21,309 And if there would be something like 1593 00:57:21,310 --> 00:57:23,529 that, why do you think it would 1594 00:57:23,530 --> 00:57:25,749 pass something like Wireshark 1595 00:57:25,750 --> 00:57:27,190 listening on the network? 1596 00:57:28,820 --> 00:57:30,859 I mean, if you have, like a some kind of 1597 00:57:30,860 --> 00:57:33,139 spyware running on your operating system, 1598 00:57:33,140 --> 00:57:34,400 intercepting, for example, 1599 00:57:35,900 --> 00:57:38,150 all encrypted emails before encryption, 1600 00:57:39,560 --> 00:57:41,659 you might not actually be able to discern 1601 00:57:41,660 --> 00:57:43,849 that on why even using 1602 00:57:43,850 --> 00:57:46,189 Wireshark, if the if 1603 00:57:46,190 --> 00:57:48,169 that spyware is any good, like if it's 1604 00:57:48,170 --> 00:57:49,999 any good, it would probably be using like 1605 00:57:50,000 --> 00:57:51,889 some steganography techniques in order to 1606 00:57:51,890 --> 00:57:54,619 hide its own traffic inside 1607 00:57:54,620 --> 00:57:56,839 your usual traffic 1608 00:57:56,840 --> 00:57:58,820 so you can't easily detect it. 1609 00:58:00,540 --> 00:58:02,299 OK, thank you. 1610 00:58:02,300 --> 00:58:04,899 OK, OK, so I understood 1611 00:58:04,900 --> 00:58:07,539 your proposal for writing email. 1612 00:58:07,540 --> 00:58:09,669 And with that, so if 1613 00:58:09,670 --> 00:58:12,879 you're hitting on a key, it's 1614 00:58:12,880 --> 00:58:15,009 doing something and it encrypting 1615 00:58:15,010 --> 00:58:17,229 it and putting it into a buffer for 1616 00:58:17,230 --> 00:58:18,789 the operating system to pick it up, to 1617 00:58:18,790 --> 00:58:20,559 place it in the application buffer. 1618 00:58:20,560 --> 00:58:22,959 Right. So if 1619 00:58:22,960 --> 00:58:24,280 if that is correct, 1620 00:58:25,510 --> 00:58:27,459 what kind of encryption do you plan to do 1621 00:58:27,460 --> 00:58:29,169 on the actual keep pressing? 1622 00:58:29,170 --> 00:58:31,679 So if it's your own 1623 00:58:31,680 --> 00:58:33,709 publicly, how do you. 1624 00:58:33,710 --> 00:58:35,659 How do you actually send an encrypted 1625 00:58:35,660 --> 00:58:38,149 email to somebody else with their 1626 00:58:38,150 --> 00:58:39,150 public key 1627 00:58:40,460 --> 00:58:41,569 that highly depends on the 1628 00:58:41,570 --> 00:58:42,229 implementation? 1629 00:58:42,230 --> 00:58:44,359 Like my first approach would 1630 00:58:44,360 --> 00:58:46,549 be to try to extend 1631 00:58:46,550 --> 00:58:48,769 an email. So the if 1632 00:58:48,770 --> 00:58:50,389 you open an email, you're typing like the 1633 00:58:50,390 --> 00:58:52,369 recipient and plaintext because that is 1634 00:58:52,370 --> 00:58:53,629 metadata anyway. 1635 00:58:53,630 --> 00:58:55,879 And then in email will use 1636 00:58:55,880 --> 00:58:58,189 like the same payload format in order 1637 00:58:58,190 --> 00:59:00,079 to provide the public key of the 1638 00:59:00,080 --> 00:59:01,080 recipient. 1639 00:59:03,370 --> 00:59:05,559 Ideally, with the signature of your own 1640 00:59:05,560 --> 00:59:07,540 private key to the interceptor, 1641 00:59:09,370 --> 00:59:11,649 so that thing can actually then display 1642 00:59:11,650 --> 00:59:13,979 the V.V., 1643 00:59:13,980 --> 00:59:16,579 the key, like the kid of the recipient 1644 00:59:16,580 --> 00:59:19,449 asked, validated by your own signature 1645 00:59:19,450 --> 00:59:21,819 with the key that it's private 1646 00:59:21,820 --> 00:59:23,979 with the with the private key that 1647 00:59:23,980 --> 00:59:25,839 is only contained within the interceptor. 1648 00:59:25,840 --> 00:59:28,029 It's a little awkward, but I 1649 00:59:28,030 --> 00:59:29,019 suppose it can be done. 1650 00:59:29,020 --> 00:59:31,239 Another way would be to do the entire key 1651 00:59:31,240 --> 00:59:32,739 management in the interceptor. 1652 00:59:32,740 --> 00:59:34,839 So you kind of press a key combination 1653 00:59:34,840 --> 00:59:36,819 and a menu pops up and you then like 1654 00:59:36,820 --> 00:59:39,039 choose the recipient's email address 1655 00:59:39,040 --> 00:59:40,040 by typing in their. 1656 00:59:43,490 --> 00:59:46,099 OK, we got one more question. 1657 00:59:46,100 --> 00:59:48,289 Not really a question, just like I 1658 00:59:48,290 --> 00:59:50,809 think you have found a 1659 00:59:50,810 --> 00:59:53,329 good use case for the 1660 00:59:53,330 --> 00:59:54,330 dodgeball, 1661 00:59:56,370 --> 00:59:57,879 but it's good for Newt. 1662 00:59:57,880 --> 00:59:58,880 Newt to 1663 01:00:00,080 --> 01:00:01,219 one more serious question. 1664 01:00:03,840 --> 01:00:04,840 Right. 1665 01:00:05,570 --> 01:00:06,769 I missed the beginning of the talk. 1666 01:00:06,770 --> 01:00:08,959 So is this already, like, ready? 1667 01:00:08,960 --> 01:00:10,129 Do you have a prototype ready? 1668 01:00:10,130 --> 01:00:12,199 I wish I guess at this 1669 01:00:12,200 --> 01:00:14,509 point I have two small Raspberry 1670 01:00:14,510 --> 01:00:16,279 Pi zeros in my laptop and I'm able to 1671 01:00:16,280 --> 01:00:17,479 close it perfectly. 1672 01:00:17,480 --> 01:00:18,619 And so this is what I'm trying to do 1673 01:00:18,620 --> 01:00:19,879 exactly what you're doing. 1674 01:00:19,880 --> 01:00:22,519 But I'm planning on having one control 1675 01:00:22,520 --> 01:00:24,559 or control of the keyboard and then want 1676 01:00:24,560 --> 01:00:26,749 to control the network so I can separate 1677 01:00:26,750 --> 01:00:27,779 those out. 1678 01:00:27,780 --> 01:00:29,299 So have you thought about, you know, 1679 01:00:29,300 --> 01:00:30,239 maybe something like that? 1680 01:00:30,240 --> 01:00:31,819 Yeah. I mean, the thing is, I would like 1681 01:00:31,820 --> 01:00:34,099 to avoid, like, arms talks like Sussman 1682 01:00:34,100 --> 01:00:36,259 or Chips, because all of them, like 1683 01:00:36,260 --> 01:00:38,329 Broadcom, Qualcomm, Texas Instruments, 1684 01:00:38,330 --> 01:00:39,919 I've seen some of the insides of them. 1685 01:00:39,920 --> 01:00:41,689 And it's not pretty like it's super 1686 01:00:41,690 --> 01:00:43,399 complex. And I don't think they're any 1687 01:00:43,400 --> 01:00:45,319 easier to secure than the Linux. 1688 01:00:45,320 --> 01:00:46,789 You are running like Qualcomm, for 1689 01:00:46,790 --> 01:00:48,859 example, making arms talks, just had 1690 01:00:48,860 --> 01:00:51,019 like several serious breaches 1691 01:00:51,020 --> 01:00:53,089 of their hypervisor and trust 1692 01:00:53,090 --> 01:00:54,799 and security in the last months. 1693 01:00:54,800 --> 01:00:56,899 So I think we can basically rule out 1694 01:00:56,900 --> 01:00:58,659 like any modern arms. 1695 01:00:58,660 --> 01:01:00,859 OK, well, 1696 01:01:00,860 --> 01:01:01,860 thanks, everybody.