Tamperproof devices and backdoors

Eugene.Leitl at lrz.uni-muenchen.de Eugene.Leitl at lrz.uni-muenchen.de
Fri May 25 17:20:11 EDT 2001


David Honig wrote:
 
> Under an assumed name

SOP pp. 5-7.
 
> Both Altera and Xilinx have their own FPGA-embeddable soft CPUs,
> as well as supporting other popular CPU designs (e.g., ARM) which are also
> available in HDLs.

Unfortunately, I think here's another nucleus for future bloat growth,
and hence nooks and crannies to hide nasty nuggets.
 
> Amen.  But putting a trapdoor in a HDL synthesizer (analogous to
> KT's evil compiler) would be a real chore.  Though some easy holes,

It *is* more difficult, but why unnecessarily exposing attackable angles?

> like inserting a covert oscillator modulated by an interesting signal, could
> be a covert RF-emission 'asset'.  Those long cross-chip routing wires are
> cm-sized antennae, no?  Still, your (vendor-specific)

HF-tight packaging is another issue. Incidentally, tamperproof packages
with fiber optic I/O and power supply are extremely RF-silent, not susceptible
to EMP (of course, you have still protect the semiconductor laser
outside powering it as well as the external part of the system as 
a monocular display with drivers) and since you've got photonic coupling 
you can't analyze power fluctuations, so it is a far more opaque box. 
Plus galvanic separation, of course. It does really make a lot of sense, 
but I haven't seen any such system in the field yet. 

> FPGA-specific place & route tool (analogous to an assembler) would show the
> gates unless it too had been subverted.
> 
> And the test structures (JTAG? JEDEC? lets you read out
> otherwise hidden internal state via a special test mode)
> are almost always there ---even in crypto chips.
> 
> A real Achilles heel one imagines.

Chuck Moore (a lunatic twin of late Seymour Cray) makes interesting
excursions into minimalism. I think he has got lot to say, unfortunately
in an extremely personalized, quirky way. He doesn't care what people
think of him, nor seems he to be interested in eventually producing
a viable product but just runs around and having loads of fun. 
Essentially, he's bypassing the HDL level by using a roll-your-own silicon 
simulator (written in Forth, naturally, and running on the current
iteration of the stack CPU hardware he designs and tweaks stuff
at bare silicon level or only slightly above. He can afford so because he
can pack ridiculous amounts of functionality into a mere 12 kTranstor core, 
including analog I/O, high-speed networking and video (!). For instance, 
by tweaking the size of a critical (literally so) hot spot transistor 
he suddenly was capable to dramatically enhance the CPU clock while not
touching the rest. He doesn't advertize the current capabilities, but despite 
being forced to use obsolete fabbing processes for cost 
reasons (prototyping hardware is currently a very costly enterprise) 
his stuff seems to be very, very fast. For instance, he has made a counter
which uses a 1-wire keyboard, where the key pressed is detected by relativistic
TOF, in a process where this was supposedly impossible.
It would be a real shame if his set of skills would get lost, he's 
not exactly the youngest anymore. But he seems to be a rather difficult
fellow. I hope someone is looking over his shoulder, and taking notes.

I definitely think that -- provided inkjet circuit printers become 
available such extreme minimalism would be very useful for roll-your-own
deep crypto embedding. You sure can't hide anything in the hardware layer,
and you can read the OS (I've got a Novix 4k dev kit from mid-1980s, and it
came with the 2 kByte OS listing as printout -- you could read it as if was
a newspaper, and I don't even know Forth).



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list