"Designing and implementing malicious hardware"
James A. Donald
jamesd at echeque.com
Tue Apr 29 16:34:59 EDT 2008
Assume the hook works by waiting for a very specific sequence of bits to
arrive along a wire, then causing an interrupt giving ring zero
control to the memory location following that which the bits came from.
No amount of testing is going to reveal the hook until it is used by the
attacker.
The hardware can be obfuscated, as in the innocent looking vote count
programs. Correctly reverse engineering every gate, and making sure
that it does in fact work as directed is likely to be hard, particularly
as it is easy to unintentionally build chips that do not function as one
would expect, chips where no one can figure out why they behave the way
they do.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list