Fashion and astronomy lead the way to cost effective tamper protection

library
crime | hacking | security

You’re no doubt familiar with Pluto, the planet that got relegated.

If you’re an adult, you probably learned at school that Pluto was the ninth, and smallest, and faintest, planet in the solar system.

(It wasn’t always the most distant, as Neptune is sometimes further from the sun, but Pluto was very much the far-flung baby of the solar system.)

Indeed, Pluto was the ninth planet, until a kerfuffle broke out when a larger object, known as Eris, was found to be orbiting the sun about three times further out than tiny Pluto.

Eris, as it happened, only made it to dwarf planet status, which seemed anomalous.

Either Eris had to get promoted to the Premiership and become the tenth planet, or Pluto had to be dropped to the lower leagues – as, in the end, it was, leaving just eight planets for today’s schoolchildren to memorise.

But that’s not the most interesting thing about Pluto.

What’s interesting (at least, it’s interesting because it happens to fit neatly into this article, but bear with me) is how Pluto was found.

In the 1930s, the state of the art celestial body finder was the blink comparator, which is how astronomers looked for subtle changes between images in the days before CCD cameras and digital image processing.

Two images of the same piece of sky, taken some time apart, were presented in turn to an eagle-eyed astronomer, whose job was to identify points of light that seemed to flick back and forth as the comparator flipped between the carefully-aligned photographic plates.

Distant objects like stars would not move perceptibly in images separated by a matter of days or weeks, but closer objects in space – comets, for example, and hitherto unknown planets and dwarf planets – would have moved between exposures, giving an observer a fighting chance of spotting them as they “blinked” before their eyes in the comparator.

The actual plates from which discoverer Clyde Tombaugh spotted the tiny dot of Pluto, flicking across the field of space, are shown above.

Blink comparison revisited

According to Wired magazine, reporting on a paper delivered yesterday at the famous Chaos Computer Congress in Berlin, Germany, the blink comparator inspired researchers Eric Michaud and Ryan Lackey to propose a fascinatingly low-tech solution to tamper detection.

The idea is simple, even though it sounds complicated when described in generic terms:

Physically Unclonable Functions (PUFs), combined with a trusted mobile device and a network service, can be used to mitigate [the risks of covert tampering]. We present a novel open-source mobile client and network service which can protect arbitrary hardware from many forms of covert modification and attack, and which when integrated with software, firmware, and policy defenses, can provide greater protection to users and limit potential attack surface.

Loosely put, if you are on the road with your laptop, especially overseas where you don’t know the ropes too well, you’d probably like some way to tell whether local law enforcement, intelligence services, hotel staff, cybercrooks, or any other inquisitive individuals, have been digging around inside your computer.

After all, if they’ve opened up the case, who knows what secret surveillance systems they may have hidden inside?

So you need a PUF: some characteristic measurement you can easily take of your device that would almost certainly change if someone fiddled with it intrusively.

What we’re talking about is something like one of those WARRANTY VOID IF REMOVED stickers, but much harder to clone and replace.

Ideally, you want some product – a laquer, or paint, for example – that has all sorts of unpredictable disorder all of its own (but immutable, once the paint has dried), and that can easily be used to coat key parts of your devices.

The unpredictability means that if an attacker disturbs the original marker – for example, a tell-tale coating that detects whether a screw has been turned or a clip opened – then a photograph of the replacement marker will fail a modern-day blink comparison with the original.

Coating? Laquer? Paint?

What to use?

According to Michaud and Lackey, there’s an excellent product on the market that can be deployed for just this purpose.