"Designing and implementing malicious hardware"

James A. Donald jamesd at echeque.com
Tue Apr 29 16:34:59 EDT 2008

Assume the hook works by waiting for a very specific sequence of bits to 
  arrive along a wire, then causing an interrupt giving ring zero 
control to the memory location following that which the bits came from.

No amount of testing is going to reveal the hook until it is used by the 

The hardware can be obfuscated, as in the innocent looking vote count 
programs.  Correctly reverse engineering every gate, and making sure 
that it does in fact work as directed is likely to be hard, particularly 
as it is easy to unintentionally build chips that do not function as one 
would expect, chips where no one can figure out why they behave the way 
they do.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list