diff --git a/docs/getting-started/features/tamper-detection.en.md b/docs/getting-started/features/tamper-detection.en.md index 076693e2..469c2553 100644 --- a/docs/getting-started/features/tamper-detection.en.md +++ b/docs/getting-started/features/tamper-detection.en.md @@ -1,5 +1,5 @@ # Tamper Detection Mechanism (Experimental) -Krux's tamper detection tool combines cryptographic hashes, a *Tamper Check Code*, and camera-generated entropy to create a tamper indicator that is unique to each device, represented by a memorable image and four words. +Krux's tamper detection tool combines cryptographic hashes, a *Tamper Check Code (TC Code)*, and camera-generated entropy to create a tamper indicator that is unique to each device, represented by a memorable image and two sets of two words. Before we get into details, let's start with some limitations and necessary prerequisites to allow the feature to work. @@ -9,108 +9,105 @@ To secure your Krux device, always verify firmware authenticity before installat ### Firmware Verification Methods -- **Using OpenSSL Command-Line Tool:** Follow the Krux documentation to verify the firmware's signature manually. This method provides a high level of assurance but requires familiarity with command-line operations. +- **Using OpenSSL Command-Line Tool:** Follow [from pre-built official release](../installing/from-pre-built-release.md/#verify-the-files) instructions to verify the firmware's signature manually. This method provides a high level of assurance but requires familiarity with command-line operations. + +- **Using Krux-Installer:** Our [Krux-Installer GUI](../installing/from-gui/index.md) can facilitate this process by downloading our firmware from Github and verifying its signature. It also guides you through manual verification if desired. Just don't forget to verify the integrity of the Krux-Installer as well. -- **Using Krux-Installer:** For a more user-friendly experience, verify the Krux-Installer's signature using GPG. Graphical interfaces like Sparrow Wallet can facilitate this process. Krux-Installer automatically downloads the firmware from Github, verifies the firmware signature, informs you of the results, and guides you through manual verification if desired. ### Recommendations -- **Learn Verification Tools:** Familiarize yourself with verification methods and tools to maintain control over your device's security. +- **Build from Source:** Consider building the firmware [from source code](../installing/from-source.md) and verifying its [reproducibility](../installing/from-source.md/#reproducibility) for maximum assurance. -- **Build from Source:** Consider building the firmware from source code and verifying its [reproducibility](../installing/from-source.md#reproducibility) for maximum assurance. +- **Use SD Card for Updates:** After the initial flash through USB, perform subsequent [updates via the SD card](../features/sd-card-update.md). This keeps your device air-gapped and allows the existing firmware to verify the new one before installation. -- **Use SD Card for Updates:** After the initial flash through USB, perform subsequent updates via the SD card. This keeps your device air-gapped and allows the existing firmware to verify new updates before installation. +Note: The effectiveness of *TC Flash Hash* tamper detection feature relies on running legitimate, uncompromised firmware and safely protecting your *TC Code*. -Note: The effectiveness of the *TC Flash Hash* tamper detection feature relies on running legitimate, uncompromised firmware and safely protecting your *Tamper Check Code*. +### Setting Up Tamper Detection +To help ensure the integrity of your device’s firmware, you can set up tamper detection tools, called *Tamper Check (TC) Flash Hash* and a *Tamper Check (TC) Code*. The *TC Code* must be at least six characters long, and for best security, should include a mix of letters, numbers, and special characters. You can create or change your *TC Code* by going to `Settings -> Security -> Tamper Check Code`. -## Tamper Check Code (TC Code) -A *Tamper Check Code*, composed of numbers, letters and special characters, with a minimum length of six characters, can be stored and required to execute *Tamper Check (TC) Flash Hash* tamper verification before Krux boots at the main application, or optionally as a feature available in `Tools -> Flash Tools`. +Ensure that your *TC Code* remains confidential and challenging to guess, as its security directly influences the effectiveness of your tamper detection. -Before being stored in the device’s flash, the *TC Code* is hashed together with the K210 chip’s unique ID and stretched using PBKDF2. This ensures the *TC Code* is not retrievable via a flash dump and can only be brute-forced outside the device if the attacker also has access to the device’s unique ID. By allowing letters, special characters, and running 100k iterations of PBKDF2, brute-forcing the *TC Code* from dumped data becomes more time-consuming and resource-intensive. +Once configured, your *TC Code* will be required to run *TC Flash Hash*. You can run TC Flash Hash at any time by navigating to `Tools -> Flash Tools -> TC Flash Hash`. Alternatively, enable automatic checks on every boot by selecting `Settings -> Security -> TC Flash Hash at Boot`. -### Enhancing Tamper Detection -After setting the *TC Code*, you are prompted to fill empty flash memory blocks with random entropy from the camera. This process ensures that attackers cannot exploit unused memory space. +When you enable the *TC Flash Hash at Boot* feature, the device will require you to enter your TC Code at each startup, ensuring routine integrity checks. This also prevents device usage unless the correct code is entered. -## Tamper Check (TC) Flash Hash - A Tamper Detection Tool -### Introduction +*TC Flash Hash* produces a unique visual and verbal signature (an image and two sets of words) that helps you instantly recognize unauthorized changes. See below for details on how it works and what to expect from its output. -The "TC Flash Hash" tool enables you to verify if the flash memory content has been altered. +### How Krux Tamper Detection Works -### How It Works +## Tamper Check Code (TC Code) +Before being stored in the device’s flash, the *TC Code* is hashed together with the K210 chip’s unique ID and stretched using PBKDF2. This ensures the *TC Code* is not retrievable via a flash dump and can only be brute-forced outside the device if the attacker also has access to the device’s unique ID (UID). By allowing letters, special characters, and running 100k iterations of PBKDF2, brute-forcing the *TC Code* from dumped data becomes more time-consuming and resource-intensive. -The tool generates a unique image and four tamper detection words based on a hash of your *TC Code*, the device's UID, and the flash content. The flash memory is divided into two regions: +### Enhancing Tamper Detection +After setting the *TC Code*, you are prompted to fill empty flash memory blocks with random entropy from the camera. This process ensures that attackers cannot exploit unused memory space. -- **Firmware Region:** Generates the image and the first two words. +## Tamper Check Flash Hash (TC Flash Hash) - A Tamper Detection Tool -- **User's Region:** Generates the last two words. +The *TC Flash Hash* tool enables you to verify if the device's internal flash memory content has been altered. This tool generates a unique image and two sets of two tamper detection words based on a hash of your *TC Code*, the device's UID, and its internal flash content. The flash memory is divided into two regions: + +- **Firmware Region:** The area only filled with firmware code. It generates the memorable image and the first set of two words. + +- **User's Region:** The area used to stored encrypted mnemonics, settings and TC Code. It generates the last set of two words.
TC Flash Hash
-*Example: The blue symbol and words 'tail monkey' represent the firmware region, while 'wrestle over' reflects the user region.* +*Example: The blue symbol and words 'tail monkey' represent the firmware region, while 'wrestle over' user's region.* -Any change in the flash content results in a different image or words: +Any change in the flash content results in a different image and words: -- **Firmware Changes:** Alterations in the firmware region, including the bootloader, change the image and the first two words. +- **Firmware Changes:** Alterations in the firmware region, including the bootloader, change the image and the first set of two words. -- **User's Data Changes:** Modifications in the user's region, such as new settings or stored mnemonics, change the last two words. +- **User's Data Changes:** Changes in the user's region, such as new settings or stored mnemonics, change the last set of two words. -- ***TC Code* Changes:** Replacing the *TC Code* alters the image and all four words. +- ***TC Code* Changes:** Replacing the *TC Code* alters the image and all sets of words. -### Filling Empty Flash Blocks +### Filling Empty Flash Memory Blocks -Krux performs a memory sweep while simultaneously capturing a live feed from the camera. Whenever an empty block is found in the flash memory, Krux estimates the image's entropy by evaluating its color variance. Krux waits until minimum threshold is met, then uses the data from the image to fill these empty spaces with rich, random entropy. +Use this to enhance tamper detection. Krux performs a memory sweep while capturing a live feed from the camera. Whenever an empty block is found in the flash memory, it uses the data from the image to fill these empty spaces with rich, random entropy. It estimates the image's entropy by evaluating its color variance waiting until a minimum threshold is met. ### Ensuring Tamper Detection -The TC Flash Hash function securely hashes the combination of the *TC Code*, UID, and flash content: - -`hash(TC Code,UID,Flash content)` -> Image + Words - -Hash properties ensure that without knowing the *TC Code*, UID, and flash content, an attacker cannot reproduce the TC Flash Hash results. +The *TC Flash Hash* function securely hashes the combination of the *TC Code*, device's UID, and flash memory contents. The hash properties ensure that without knowing these three elements, an attacker will not be able to reproduce the *TC Flash Hash* results. ## Executing *TC Flash Hash* After setting a *TC Code* user can use the *TC Flash Hash* feature, available in `Tools -> Flash Tools -> TC Flash Hash`. -By navigating to `Settings -> Security -> TC Flash Hash at Boot`, you can set Krux to always require *TC Flash Hash* verification after device is turned on. - -If a wrong *TC Code* is typed at boot, the device will turn off. As storing code typing attempts count on flash would change its contents, there will be no consequences if wrong *TC Code* is typed multiple times. - -As *TC Code* verification data is stored in the user's region of memory, *TC Flash Hash* and *TC Code* requirement is disabled if the user wipes the device. Flashing an older firmware version will also disable the feature. +By navigating to `Settings -> Security -> TC Flash Hash at Boot`, users can set Krux to always require *TC Flash Hash* verification after device is turned on. If a wrong *TC Code* is typed at boot, the device will turn off. Nothing else will happen if the wrong *TC Code* is entered multiple times. As *TC Code* verification data is stored in the user's region of memory, the requirement to type at boot is disabled if the user [erases user's data](../features/tools.md/#erase-users-data) or [wipe device](../installing/from-gui/usage.md/#wipe-device). Flashing an older firmware version, prior to *TC Flash Hash* support, will also disable this feature. ## Potential Attack Scenarios and Their Mitigation ### Challenge for an Attacker An attacker faces major challenges in replacing the firmware: -- **Lack of Original Flash Data:** Without the exact original flash content, the attacker cannot reproduce the correct hash. +- **Lack of Original Flash Data:** Without the exact original flash content, attackers cannot reproduce the correct hash. -- **Sequential Hash Dependency:** The hash function processes data sequentially (*TC Code*, UID, flash content), preventing the attacker from injecting or rearranging data to produce the same hash. +- **Sequential Hash Dependency:** The hash function processes data sequentially (*TC Code*, device's UID, and flash memory contents), preventing the attacker from injecting or rearranging data to produce the same hash. - **One-Way Hash Functions:** Cryptographic hash functions like SHA-256 are one-way, making it infeasible to reverse-engineer or manipulate the hash without the original inputs. ### Why Tampered Firmware Cannot Bypass Verification -- **Cannot Reconstruct the Hash:** Without the original flash data, the attacker cannot generate the correct hash, even if they know the UID and *TC Code* after the user enters it. +- **Cannot Reconstruct the Hash:** Without the original flash data, attackers cannot generate the correct hash, even if they know the device's UID and the *TC Code* (after the user enters it). -- **Hash Sensitivity:** Any alteration in the flash content changes the hash output, which will be evident through a different image or tamper detection words. +- **Hash Sensitivity:** Any alteration in the flash content changes the hash output, which will be evident through a different image and words. - **Entropy Filling:** Filling empty flash blocks with camera-generated entropy leaves no space for malicious code and any changes to these blocks will alter the hash. ### Possible Attack Strategies and Failures -- **Precomputing Hashes:** The attacker cannot precompute the correct hash without the *TC Code*, UID, and exact flash content. +- **Precomputing Hashes:** The attacker cannot precompute the correct hash without the *TC Code*, device's UID, and exact contents of the flash memory. -- **Storing Hashes:** Storing `hash(flash content)` is ineffective because the overall hash depends on the sequential combination of *TC Code*, UID, and flash data. +- **Storing Hashes:** Storing `hash(flash_content)` is ineffective because the overall hash depends on the sequential combination of *TC Code*, device's UID, and the flash data. -- **Inserting Malicious Code:** Attempting to insert code into empty spaces fails because the entropy filling process and hash verification will detect any changes. +- **Inserting Malicious Code:** Attempting to insert code into empty spaces fails because after the entropy filling process, the hash verification will detect any changes. -- **Using an SD Card to Store a Copy of Original Flash Content:** An attacker could extract an exact copy of the flash contents to an SD card and subsequently install malicious firmware. This firmware could capture the chip's UID and the user's TC Code, then hash the content of the SD card instead of the flash memory. Although this would make the verification process slower, it introduces a potential security risk. To mitigate this vulnerability, it is advisable to avoid performing verifications while an SD card is inserted. +- **Using an SD Card to Store a Copy of Original Flash Content:** An attacker could extract an exact copy of the flash contents to an SD card and subsequently install malicious firmware. This firmware could read the device's UID and the *TC Code* (after the user enters it), then hash the content of the SD card instead of the flash memory. Although this would make the verification process slower, it introduces a potential security risk. To mitigate this vulnerability, it is advisable to avoid performing verifications while an SD card is inserted. ## Conclusion -The *TC Flash Hash* tool significantly enhances security by making it infeasible for attackers to tamper with the firmware without detection. By combining *TC Code* hashing, filling empty memory with random entropy, and verifying flash integrity through unique images and words, Krux significantly enhances the detection of any tamper attempts. +The *TC Flash Hash* tool significantly enhances security by making it infeasible for attackers to tamper with firmware without being detected. By combining *TC Code* hashing, filling empty memory with random entropy, and verification of the the unique image and set of words, Krux allows the detection of any tamper attempts. -Note: The strength of this defense strategy depends on maintaining a strong, confidential *TC Code* and following secure practices when unlocking the device. +Note: The strength of this defense strategy depends on maintaining a strong, confidential *TC Code*, removing the SD card before running *TC Flash Hash* and following usual security and privacy practices. diff --git a/docs/getting-started/features/tools.en.md b/docs/getting-started/features/tools.en.md index 96896496..8267553a 100644 --- a/docs/getting-started/features/tools.en.md +++ b/docs/getting-started/features/tools.en.md @@ -66,7 +66,7 @@ Learn more about *Tamper Check Flash Hash* on [Tamper Detection](tamper-detectio -This option permanently removes all stored encrypted mnemonics, settings and `TC Code` from the device's internal flash memory. It ensures that the data is irrecoverable, making it an adequate measure to take if any important mnemonics were stored with a weak encryption key. +This option permanently removes all stored encrypted mnemonics, settings and `TC Code` from the device's internal flash memory. It ensures that the data is irrecoverable, making it an adequate measure to take if any important mnemonics were stored with a [weak encryption key](https://www.hivesystems.com/blog/are-your-passwords-in-the-green).
@@ -77,6 +77,6 @@ This option permanently removes all stored encrypted mnemonics, settings and `TC This option allows you to remove any stored encrypted mnemonic from the device's internal memory or an SD card. For more information, see [Krux Encrypted Mnemonics](./encrypted-mnemonics.md). -When mnemonics are removed from the device's flash memory, Krux will no longer be able to access them. However, as with most operating systems, the data may still be recoverable using specialized tools. If you stored any important keys with a weak encryption key, it is recommended to use the "Wipe Device" feature below to ensure that the data is irrecoverable. +When mnemonics are removed from the device's flash memory, Krux will no longer be able to access them. However, as with most operating systems, the data may still be recoverable using specialized tools. If you stored any important keys with a [weak encryption key](https://www.hivesystems.com/blog/are-your-passwords-in-the-green), it is recommended to use the "Wipe Device" feature below to ensure that the data is irrecoverable. When mnemonics are removed from an SD card, Krux will overwrite the region where the encrypted mnemonic was stored with empty data. This makes it more secure to delete mnemonics from SD cards using Krux rather than a PC or another device. However, Krux does not have a "Wipe" feature for SD cards; you can find this feature in third-party applications.