[Cryptography] God Mode backdoors
Ron Garret
ron at flownet.com
Sat Aug 18 18:47:30 EDT 2018
On Aug 18, 2018, at 8:44 AM, Bill Frantz <frantz at pwpconsult.com> wrote:
> If we use trusted hardware to do the encryption, or verify the encrypted data does not include backdoor information, how do we built that hardware? I can see three ways:
>
> (1) Build it out of small scale ICs -- hex inverters, and quad nand gates for example. It seems very hard to put a backdoor into this kind of system. I have seen a 6502 built this way. It was about a cubic foot and could run Apple ][ programs.
>
> (2) Build it using a FPGA. There could be backdoors in the FPGA, but going from a device programmed at the gate level to a useful backdoor at the CPU level seems like it might be hard.
>
> (3) Run your own fab. Old fab equipment is available at prices that are affordable by individuals. I read about one guy who has his own fab in QST. I know another fab owner personally. She says her yield is currently limited by not having a good clean room, but she is getting some functioning chips in her garage.
4. Use hardware targeted specifically at non-consumer markets where security actually matters. This is no guarantee, of course, but it’s much less likely that a company would tolerate a back door in such a device because, were it to be discovered, it would probably bankrupt the company.
One of the reasons I chose the STM32F405 for the SC4-HSM is that it specifically offers secure delivery of embedded code as a documented feature. Medical device companies rely on this to secure extremely valuable trade secrets. A back door would be grounds for a very costly class action lawsuit.
rg
More information about the cryptography
mailing list