[Cryptography] GHCQ Penetration of Belgacom

Jerry Leichter leichter at lrw.com
Sun Dec 21 14:22:29 EST 2014

On Dec 21, 2014, at 11:34 AM, ianG <iang at iang.org> wrote:
>> Nevertheless, to reword in the interest of clarity, hiding something in
>> hardware is, AND ALWAYS WILL BE, impossible to detect or disprove.
> How about dual-sourcing through mutual enemies?  E.g., use a China fab and a fab run by the dalai lama.  Or a Russian one and a Chechen one.
> Then, sample the chips, open them up, and test whether the tracks / layout are the same as each other?
> (I have no idea if such a technique for reading the chip like that exists...)
The pattern up to now has been for that attackers to move to lower and lower levels of abstraction.  Hack user code; hack OS code; hack boot-time code; hack firmware; hack the logic-level description of the hardware; hack the individual transistors (changing dopant levels so that the circuitry doesn't do *quite* what the logic assumes).  Every step down this hierarchy is harder for the attackers, but *much* harder for the defenders - and also much harder for the subset of defenders who analyze the details of attacks.  The lower you go, the fewer access points there are for analysis and the more delicate and hard to detect are the modifications.

Detecting chip-level attacks on chips with the complexity that's common today is an extremely difficult problem.  There are just so many places to hide things, and so many changes an attacker can potentially make.  And the technology is moving forward at a rapid clip, so techniques you develop against today's chips will likely be useless in a year or two.

As for direct comparison:  Every chip maker has its own "secret sauce", it's own detailed process technology.  I doubt a point-by-point comparison would be useful - too many false positives.

On the other hand, attacks against the on-chip implementations are probably as low as you can go in the abstraction hierarchy - we don't have the technology to change the inherent properties of silicon or electrons. :-)  So in some sense, perhaps the chase has finally reached an endpoint.

BTW, for a fascinating fictional look at the attack hierarchy (and a great mind-stretching read), see David Brin's "Existence".  (You'll have to get well into the story to see what I mean.)
                                                        -- Jerry

More information about the cryptography mailing list