Open Source is Insufficient to Solve Trust Problems in Hardware

Explore the limitations of open source hardware in solving trust problems and learn about potential solutions in this conference talk from the 36th Chaos Communication Congress. Delve into the time-of-check/time-of-use (TOCTOU) problem in hardware security, examining supply chain vulnerabilities and various types of hardware implants. Discover approaches to close the TOCTOU gap, including the Betrusted project, an open source mobile communications platform designed to enhance trust and security. Gain insights into the trade-offs between system complexity and user verification, and understand why open source alone is insufficient for ensuring hardware trustworthiness. Consider the implications for high-risk individuals and the potential for developing more secure open platforms.

36C3 - Open Source is Insufficient to Solve Trust Problems in Hardware