[Cryptography] What is Intel® Core™ vPro™ Technology Animation

Jerry Leichter leichter at lrw.com
Sun Sep 22 21:07:13 EDT 2013


On Sep 22, 2013, at 7:56 PM, d.nix wrote:
> ...If for example, the paper regarding manipulating the RNG circuit by
> alternate chip doping is valid, then an adversary with deep pockets
> and vast resources might well be able remotely target specific systems
> on demand. Possibly even air gapped ones if this function is
> controllable via a 3G signal as I have read elsewhere.
> 
> Or perhaps just outright reroute and tap information prior to
> encryption, or subtly corrupt things in other ways such that processes
> fail or leak data....
You started off concerned about misuse of a "remote override" function that Intel deliberately puts on the chips - a valid concern - but now have wandered off into arbitrary chip modifications.  Those, too, are perhaps valid concerns - but they've been concerns for many years.  Nothing new here, except that the deeper we look, the more ways we find to hide attacks within the hardware.

That said, the doping paper, if I understood the suggestion correctly, discussed a way to modify individual chips, not whole runs of them.  (Presumably you could modify whole runs by spiking the production process, but that would be difficult to hide:  Chip manufacturing is by its nature a very tightly controlled process, and an extra step isn't something that people would miss.  It would probably even show up in the very tightly watched yield statistics:  The extra step would delay wafers on the line, which would cause the yield to drop.  The beauty of the doping attack is that it's undetectable - at least right now; for every attack, a defense; for every defense, an attack.  But exactly how one might make the *implementation* of the attack undetectable isn't at all clear.)

> Hmmmm. Maybe time to pull my old 1996 SGI R10K and R4400 boxes out of
> storage. For a few *very* dedicated and air gapped tasks they might be
> a small measure of worthwhile trouble.
You'll be amazed at how slow they now seem....

Still, it raises the question:  If you can't trust your microprocessor chips, what do you do?  One possible answer:  Build yourself a processor out of MSI chips.  We used to do that, not so long ago, and got respectable performance (if not, perhaps, on anything like today's scale).  An MSI chip doesn't have enough intrinsic computation to provide much of a hook for an attack.  Oh, sure, the hardware could be spiked - but to do *what*?  Any given type of MSI chip could go into many different points of many different circuit topologies, and won't see enough of the data to do much anyway.  There may be some interface issues:  This stuff might not be fast enough to deal with modern memory chips.  (How would you attack a memory chip?  Certainly possible if you're make a targeted attack - you can slip in a small processor in the design to do all kinds of nasty things.  But commercial of the shelf memory chips are built right up to the edge of what we can make, so you can't change all that much.)

Some stuff is probably just impossible with this level of technology.  I doubt you can build a Gig-E Ethernet interface without large-scale integration.  You can certainly do the original 10 Mb/sec - after all, people did!  I have no idea if you could get to 100 Mb/sec.

Do people still make bit-slice chips?  Are they at a low-enough level to not be a plausible attack vector?

You could certainly build a respectable mail server this way - though it's probably not doing 2048-bit RSA at a usable speed.

We've been talking about crypto (math) and coding (software).  Frankly, I, personally, have no need to worry about someone attacking my hardware, and that's probably true of most people.  But it's *not* true of everyone.  So thinking about how to build "harder to attack" hardware is probably worth the effort.
                                                        -- Jerry



More information about the cryptography mailing list