What is required for trust?

Jerry Leichter leichter at lrw.com
Sat Jul 10 07:32:50 EDT 2010 

On Jun 3, 2010, at 10:39 AM, Sandy Harris wrote:

> India recently forbade some Chinese companies from bidding on some
> cell phone infrastructure projects, citing national security  
> concerns...
> The main devices to worry about are big infrastructure pieces --
> telephone switches, big routers and the like. However, those are by no
> means the only potential targets. Small home routers and various
> embedded systems are others.
>
> So, if one is building some sort of hardware that people may be
> reluctant to buy because of security concerns, what does it take to
> reassure them?...
Given the state of the art, there appears to be no way to get any  
assurance you can reasonably believe in.  See http://cseweb.ucsd.edu/users/swanson/WACI-VI/docs/08_slides.pdf 
, full paper at http://www.usenix.org/events/leet08/tech/full_papers/king/king.pdf 
  - for some work in this area:  The authors took an open-source  
design for a SPARC chip and made some very small modifications to it.   
The resulting processor could not reasonably be distinguished from an  
unmodified one by any feasible testing, but renders any software  
protection you might use on the device completely ineffective against  
someone who knows how to trigger the hardware hacks (which can be done  
remotely).  The only way you would know this stuff is there is by  
vetting the design - and detecting ~100 new lines of VHDL among  
11,000, or 1000 new gates out of 1.8 million.  And, of course this is  
a proof of concept, involving a very simple processor and no attempts  
to absolutely minimize the visibility of the changes.

People usually fall back on "well, get chips from multiple sources,  
they can't compromise them all".  But that doesn't work here:  If you  
don't know which chips are "good" and which are "traitors", you don't  
know there isn't a traitor in the very equipment you have to rely on.   
Further, obvious ideas like running extensive comparisons of outputs  
of chips from multiple sources don't work against attacks that only  
open the chip on a specific command.  I suppose you could make sure  
every device that operates on sensitive data has redundant chips from  
multiple vendors and compare outputs - but then at the least you're  
vulnerable to a denial of service attack, which in some circumstances  
is almost as bad.  And even if you do find that two chips disagree -  
which is the "bad" one?  And if figure that out - you now know one  
"bad" source, but you have no evidence that the source of the other  
chip hasn't also "spiked" it in some different way.  (The classic  
trick here is to have two attacks, and let one be "found" - after  
which the target *thinks* he's safe.)

The whole question of how to get trustworthy parts appears to be a  
huge issue in the US military/intelligence community these days.   
They're putting together consultations with academia and industry -  
and undoubtedly also funding all kinds of secret work as well.  In the  
old days, it was practical for sensitive operations to build their own  
chips at vetted plants.  Those days are gone - there are only a  
limited number of plants on the entire planet that can build state-of- 
the-art chips, the technology itself has been mastered by only a  
limited number of players, and the costs are immense even by military/ 
black funding standards.
                                                         -- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list