Collaborate Disseminate
"PUF CRPs authentication requires trust in manufacturer since it’s him who performs the storage of CRPs".
So does it mean that we have to trust manufacturer, because he could replace the legit chip with a fake one and then calcul… Continue reading "PUF CRPs authentication requires trust in manufacturer since it’s him who performs the storage of CRPs"….?
Are PUFs used, EVERY time we power on the computer, to verify that nothing have been tampered (by using CRP authentication)?
Which element performs this authentication? (bios, secureboot, I don’t know)?
Where are CRPs stored? In which ele… Continue reading Is EVERY time we power on the computer verified that nothing have been tampered via PUF CRP authentication? By which component? Where are CRPs stored?
Are PUFs used, EVERY time we power on the computer to verify that nothing has been tampered with (by using CRP authentication)?
Which element performs this authentication? (bios, secureboot, I don’t know)?
Where are CRPs stored? In which … Continue reading Is PUF Challenge-Response Authentication applied on every power-up event? [closed]
Since JTAG can be authenticated and encrypted, which key is used? I read that Secure Boot is used, but what is the key? Me, owner of this laptop, how can I know the key to use to access my own laptop JTAG?
Suppose you need a laptop repair, so you bring it to
A big box store where you have some sort of coverage (who will have the computer for 2-3 weeks)
A small chain of repair shops
a small independent repair shop
All in the United States. … Continue reading Laptop Repair vs. Evil Maid
Assumption a customer is sitting in a public area connected to a public wifi. A threat actor can access the customer’s browser and read all Javascript variables.
Step 1. example.com server sends the following information to trustworthy.ext… Continue reading Is encrypting a query parameter within a URI a security best practice?
This document has a sequence diagram (annotated and shown below) explaining how Stripe handle’s a Checkout Session.
My question : When a customer is returned to the successUrl = www.example.com/some/specific/path, how can www.example.com (… Continue reading how should a web application verify a redirect comes from a trustworthy source?
In this scenario, the attacker is not trying to discover secret information or break the system. Instead, his objective is to create an exact replica of the card and sell it at a lower price.
This means that he does not have to know anythi… Continue reading How can a stolen computer card be protected from being re-manufactured and resold?
I am quite new in security world and I have an offline application that uses config file with values about application license. This is on remote computer that I don’t have access to.
I need to check if file content was not tampered.
I was… Continue reading How to check if file content was changed [closed]
I’m developing a HTTP web server. I’ve used HTTPS as the protocol between client and server but I know that HTTPS can’t prevent parameter tampering.
As we know, we can set parameters in URL, in HTTP header or in HTTP body. So clients could… Continue reading What is a proper way to prevent parameter tampering and to make parameter secure