Tamperproof devices and backdoors

Jaap-Henk Hoepman hoepman at cs.utwente.nl
Fri May 25 05:00:30 EDT 2001

You could use a cut and choose technique. The manufacturer delivers
a batch of bare devices (without tamperproof measures) to the independent
evaluator. The evaluator chooses half of the batch and checks these for
backdoors. The other half are made tamperproof. Of these, half are again
checked to verify the quality of the tamperproof protection layer.
A manufacturer wishing to get a reasonable amount of fielded devices with a
backdoor, stands a real risk of being detected (assuming finding backdoors 
is possible at all).

The real question is how to check for backdoors. I don't think, based on the
above technique, tamperproofness makes this problem harder.


On Fri, 25 May 2001 03:34:20 +0200 Enzo Michelangeli <em at who.net> writes:
> On another mailing list, someone posted an interesting question: how to
> ascertain that a tamperproof device (e.g., a smartcard) contains no
> hidden
> backdoors? By definition, anything open to inspection is not
> tamperproof. Of
> course, one can ask the manufacturer to disclose the design, but there
> is no
> way of verifying that the actual device really implements the design
> that
> was disclosed, because the act of inspecting its innards could remove
> the
> backdoor, and also the code thet implement the removal itself.
> Any idea, besides relying on the manufacturer's reputation?
> Enzo
> [In the general case, Goedel, Turing and Rice come to our "rescue" by
> telling us it is impossible. As you know, Rice's theorem (an easy
> extention of Goedel and Turing) tells us any non-trivial property of
> the recursively enumerable sets is undecidable.
> Now, in practice, you would think things are better, but I refer
> everyone to Ken Thompson's ACM Turing Award lecture "Reflections on
> Trusting Trust"...
> On the Other Other Hand, I vaguely remember a neat paper by Matt Blaze
> some years ago that shows that certain classes of back doors, like
> "good" back doors in conventional crypto systems, are equivalent in
> difficulty to building a public key system. Anyone remember the name
> of the paper and the exact content?
> 		--Perry, stepping way out of the usual moderator role.]
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at wasabisystems.com

Jaap-Henk Hoepman             | Come sail your ships around me
Dept. of Computer Science     | And burn your bridges down
University of Twente          |       Nick Cave - "Ship Song"
Email: hoepman at cs.utwente.nl === WWW: www.cs.utwente.nl/~hoepman
Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590
PGP ID: 0xF52E26DD  Fingerprint: 1AED DDEB C7F1 DBB3  0556 4732 4217 ABEF

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list