[Cryptography] Making secure devices.

Ray Dillinger bear at sonic.net
Sat Oct 24 18:00:16 EDT 2015


I found a supplier for PROMs!!


Sometimes we have discussions here about the difficulty of finding
or manufacturing trustworthy devices.  The number of places - firmware,
non-volatile memory, boot records, etc - where malware might be hiding
in a full-on computer seems to multiply every year, and the "Internet
of Things" appears to be designed mostly to serve as attack vectors.

It becomes more and more important to do security on devices which are
so simple that it is possible to insure that they are doing NOTHING
else, and of course any such device becomes a high-priority target
for an attacker to access at any point along the supply chain or by
finding a way to get a program wedged into some hidden spot in its
BIOS, etc.

So ....  I've recently found a supplier for PROMs.  Non-erasable,
write-once devices whose idea of a software update is to literally
throw them away and get a new one.  And also a programmer for them,
which proceeds by the old-fashioned expedient of breaking undesired
circuits by physically melting selected traces.

With this, I think I can do things like, eg, replace disk drive
firmware with firmware that cannot be modified to hold a trojan.
With work, I think I could replace a motherboard BIOS and make
sure that malware can't be stored there.

I think I can make a USB controller whose administrative interface
is capital-C Closed and can be relied on to remain so no matter
what infectuous crap gets plugged into it.  I think I can put
executable code for a simple PRNG or a block cipher on this, hook
it up with a processor that has absolutely no nonvolatile storage
and is incapable of addressing its volatile storage on its instruction
bus, and make a network device that I can trust to NOT be remotely
subverted even though it contains some network software.  Heck,
I could make my own keyboard hardware and be absolutely certain
there isn't a little password-stealing program running on the
NVRAM chip I see on that circuit board (WHY does a keyboard need
a 256k non-volatile memory?!  WHY??!!)

Heck, I could even build a trustworthy router.  One where I KNOW
that no "trusted" manufacturer has been forced to include a back
door or pwned into putting one there.

Of course, since I'm the guy who's writing these write-once chips,
I'm the only guy who can trust them.  Trustworthy devices for
customers would pretty much have to be programmed on site and
require each customer to have their own prom writer.

Otherwise they'd have to be "trusted" rather than "trustworthy" -
which I do not want, because "trusted," which used to mean only
capable of doing harm by betraying people, has been taking on an
even darker meaning.  Increasingly it means COMPELLED to do harm
by betraying people.

					Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151024/dcf34b0b/attachment.sig>


More information about the cryptography mailing list