Talk:End-user Computer Security/Main content/Miscellaneous notes

On 31.3.2020, I 'raked' the entire National Cyber Security Centre (NCSC) website.....
On 31.3.2020, I 'raked' the entire National Cyber Security Centre (NCSC) website (www.ncsc.gov.uk) for material relevant to this book. Hyperlinks to all relevant material have now been appropriately incorporated into this book.

MarkJFernandes (discuss • contribs) 14:18, 21 May 2020 (UTC)

== Using unrepeatable-patterns security and deep-fake-resistant videos, to induce user trust regarding the manufacture of an acquired unit ==

Unrepeatable-patterns security can be leveraged, together with `deep-fake-resistant video` technologies (see talk-page note here regarding security ideas concerning deep-fake-resistant-video technologies) to induce such trust. What would happen, is that the manufacturer would use 'unrepeatable patterns'-security patterns in the workshop/factory during the manufacturing of the said unit. The patterns could be in the equipment, as well as on the walls and floor. They should though, importantly be on the unit being constructed. The whole manufacturing process of the unit would then be videoed using deep-fake-resistant technologies. The final video could additionally be cryptographically signed by the manufacturer, perhaps additionally with an 'authentication cryptocurrency coinage' blockchain to increase trust even more. The video would be securely sent to the receiver of the unit. Such video would serve as some amount of proof of the integrity of the manufacturing process used in the manufacture of the particular unit received by the receiver.

JTAG might help in overcoming deep hardware hacking; mention it in §⟪Deep hardware hacking?⟫ ?
According to Wikipedia, JTAG is an industry standard for testing PCBs post manufacture and for verifying designs. It seems that it might be possible to leverage the standard to detect when certain microchips are not what they should be (especially in respect of the JTAG boundary scan technology), and so to overcome certain deep-hardware-hacking attacks. So it may in fact be advantageous for JTAG technology to be present in a computer system, so as to be able potentially to do such verification. In such regard, using a motherboard/mainboard that has a JTAG port may in fact be a good idea. In regard to the security risks associated with being able to inject malware into firmware via a JTAG port, perhaps the firmware can just be wiped and then reinstalled via the JTAG port (thereby overcoming any pre-existing malware).

In respect of the aforementioned, mention of JTAG should perhaps be made in §⟪Deep hardware hacking?⟫.

Perhaps mention IEC 61508 in §⟪Cybersecurity standards⟫?
Raspberry Pi Forums user karrika implied that studying the IEC 61508 standard, might be good in respect of establishing security. Perhaps mention it in §⟪Cybersecurity standards⟫? Not sure whether the standard is already adequately covered through the link to the Wikipedia page on cybersecurity standards.