What is required for trust?

Sandy Harris sandyinchina at gmail.com
Thu Jun 3 10:39:20 EDT 2010

India recently forbade some Chinese companies from bidding on some
cell phone infrastructure projects, citing national security concerns:


Of course, the Chinese gov't and companies are by no means the only
ones one might worry about. AT&T and other US telcos have given
customer data to the NSA. What about fear of NSA trickery in Lucent
products? Or French intelligence in Alcatel? Or Israeli or Taiwan or
whoever? In all cases, you can argue about how plausible such threats
are, but it seems clear they are not utterly implausible.

Nor are the companies the only threat. Cisco and many other firms have
factories in China; if you are worried about Huawei colluding with
government here to spy on or sabotage other nations, then you likely
have to worry about that government slipping a team into Cisco staff
to subvert those products. I don't think this threat is realistic, but
I could be wrong.

The main devices to worry about are big infrastructure pieces --
telephone switches, big routers and the like. However, those are by no
means the only potential targets. Small home routers and various
embedded systems are others.

So, if one is building some sort of hardware that people may be
reluctant to buy because of security concerns, what does it take to
reassure them? Obviously, this is going to vary with both the
application and the people involved, but can we say anything useful in

Standard components help. If you use IPsec, or AES, or a commodity
processor, I can have some confidence in those parts, though I'll
still worry about other things. Use your own protocol or crypto
algorithm and I definitely won't trust it without publication and a
lot of analysis. Put big lumps of your own VLSI on the board and I'll
worry about what might be hidden in them.

Openness helps. Put an open source OS on the thing and give me the
application code in source for auditing. If you must use some VLSI or
FPGA parts, publish source for those.

Auditing helps. Intel got outsiders to audit their random number
generator. This is probably needed for some critical components, but

All of those help, but are they enough? If not, what else is needed?
Or is this an impossible task?

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list