[Cryptography] GHCQ Penetration of Belgacom

ianG iang at iang.org
Mon Dec 22 09:54:45 EST 2014 

On 21/12/2014 19:22 pm, Jerry Leichter wrote:
> On Dec 21, 2014, at 11:34 AM, ianG <iang at iang.org> wrote:
>>> Nevertheless, to reword in the interest of clarity, hiding something in
>>> hardware is, AND ALWAYS WILL BE, impossible to detect or disprove.
>> How about dual-sourcing through mutual enemies?  E.g., use a China fab and a fab run by the dalai lama.  Or a Russian one and a Chechen one.
>>
>> Then, sample the chips, open them up, and test whether the tracks / layout are the same as each other?
>>
>> (I have no idea if such a technique for reading the chip like that exists...)
> The pattern up to now has been for that attackers to move to lower and lower levels of abstraction.  Hack user code; hack OS code; hack boot-time code; hack firmware; hack the logic-level description of the hardware; hack the individual transistors (changing dopant levels so that the circuitry doesn't do *quite* what the logic assumes).  Every step down this hierarchy is harder for the attackers, but *much* harder for the defenders - and also much harder for the subset of defenders who analyze the details of attacks.  The lower you go, the fewer access points there are for analysis and the more delicate and hard to detect are the modifications.


Hmmm... you make it sound as though this stuff is going on all the time 
all around us.

Open question.  To what extent should we treat this as a realistic 
threat?  How prevalent is this?  Is there any way we can draw boundaries 
around this?

(Note I'm not asking for cites to prove ;-)

> Detecting chip-level attacks on chips with the complexity that's common today is an extremely difficult problem.  There are just so many places to hide things, and so many changes an attacker can potentially make.  And the technology is moving forward at a rapid clip, so techniques you develop against today's chips will likely be useless in a year or two.
>
> As for direct comparison:  Every chip maker has its own "secret sauce", it's own detailed process technology.  I doubt a point-by-point comparison would be useful - too many false positives.


OK, I see that.

When I was young enough to be a uni student there was a lot of research 
into hardware reliability and the notion of having alternate hardware 
implementations vote on results.  I though it all a bit of a woftam, but 
I wonder to what extent this research was encouraged by the knowledge 
that these sorts of attacks could be practical threats?

> On the other hand, attacks against the on-chip implementations are probably as low as you can go in the abstraction hierarchy - we don't have the technology to change the inherent properties of silicon or electrons. :-)  So in some sense, perhaps the chase has finally reached an endpoint.
>
> BTW, for a fascinating fictional look at the attack hierarchy (and a great mind-stretching read), see David Brin's "Existence".  (You'll have to get well into the story to see what I mean.)

Nod, to both.  Thanks!


iang

More information about the cryptography mailing list