AnsweredAssumed Answered

Using lockbox

Question asked by nire on May 27, 2014
Latest reply on Jul 21, 2014 by Suraj

Hi,

 

I studies and tried the lockbox example without overlays. I ran it on BF518-EZ-KIT lite.

I saw that after authenticating of the secure_function there is a call to log_authentication_results function. This second function isn't authenticated, therefor can create a security breach, as it runs in secure mode but can be changed by attacker.

Generally speaking, the example shows how a single function can be authenticated but not a full application (or even two function application).

Can someone explain the security breach in the example app? and how can I authenticate a full application?

 

thanks,

Nir.

Outcomes