09-11, 14:05–14:35 (Europe/Stockholm), Main hall
The Tillitis TKey security device uses a novel way of helping
guarantee hardware supply chain security to the end-user. During the
end-phase of production we run a device app, where the TKey
automatically creates a unique identity inspired by TCG DICE and then
sign and publish data about this identity. The identity and the
signature can be independently verified at any time by a user to help
verify that the TKey hasn't been tampered with.
In this talk I will go through how this verification works, introduce
the concepts behind both the TKey measurement and the verification as
well as as the actual security protocol we follow. I will also explain
why I think this can be useful for other products.
MC has been programming professionally since 1995 and recreationally since 1985. At Tillitis he's doing research and programming on all software parts: the emulator, the firmware, the device apps, and the client apps, as well as helping define the hardware/software interface. In his spare time he enjoys retro-computing, practising longsword fighting in the German tradition, and biking around on minimalist single-speeds.