Author

Topic: Ensuring valid OS image for offline computer (Read 244 times)

legendary
Activity: 1232
Merit: 1094
December 05, 2017, 06:49:03 PM
#1
When using a micro-computer for offline signing, the first step is to burn an SD card with the required image.

If your computer is compromised, then the OS for you offline computer could be compromised.  You might have lost before you start.

I was reading about a solution the Trusting Trust problem called "Diverse Double-Compiling".

The key insight was that even suspect computers can perform cross checks.  If even 1 of the suspect computers is not compromised, then it can detect a problem.  In many cases, even if all the computers are compromised but with different malware, they may still detect the problem.

That tells you you have a problem even if it can't tell you where it is.

I was thinking that something similar for OS images.

A computer is "secure" if it can read USB drives without auto-running anything and that it has no malware trying to corrupt the image.  It purely does an image check.

The process would be to have 1 computer designated the writer and all the remaining computers the readers.

You have the writer write the image to multiple SD cards.  You pick one and then have the remaining checked by random checker computers.  If the writer writes a bad image, then it will be detected if at least one computer is secure.

You can do this serially too.  You can write an image to the SD card and then have a random checker check it.  You can do as many loops as you want for security.

Malware would have to guess which round you are going to stop at.  If you do 100 loops, then it only has a 1% chance of guessing right.

This doesn't help with SD card firmware viruses though.
Jump to: