Tamperproof devices and backdoors
David Honig
honig at sprynet.com
Fri May 25 12:48:19 EDT 2001
At 10:56 AM 5/25/01 +0200, Eugene.Leitl at lrz.uni-muenchen.de wrote:
>
>Less lunatic fringe and down to earth is: you buy an FPGA from a random
>manufacturer
Under an assumed name
, and download your FORTH CPU into the FPGA, including
>crypto code.
Both Altera and Xilinx have their own FPGA-embeddable soft CPUs,
as well as supporting other popular CPU designs (e.g., ARM) which are also
available in HDLs.
>> Now, in practice, you would think things are better, but I refer
>> everyone to Ken Thompson's ACM Turing Award lecture "Reflections on
>> Trusting Trust"...
Amen. But putting a trapdoor in a HDL synthesizer (analogous to
KT's evil compiler) would be a real chore. Though some easy holes,
like inserting a covert oscillator modulated by an interesting signal, could
be a covert RF-emission 'asset'. Those long cross-chip routing wires are
cm-sized antennae, no? Still, your (vendor-specific)
FPGA-specific place & route tool (analogous to an assembler) would show the
gates unless it too had been subverted.
And the test structures (JTAG? JEDEC? lets you read out
otherwise hidden internal state via a special test mode)
are almost always there ---even in crypto chips.
A real Achilles heel one imagines.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list