[Cryptography] China Spies In SuperMicro Mobos - Exemplar #OpenFabs Required
Tom Mitchell
mitch at niftyegg.com
Sat Oct 6 19:33:53 EDT 2018
On Sat, Oct 6, 2018 at 3:20 PM Thierry Moreau <thierry.moreau at connotech.com>
wrote:
> On 05/10/18 06:04 AM, grarpamp wrote:
> >
> https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
>
.....
> > Fake news or not, you still cannot trust any closed thing.
>
Trust but verify... ;-)
But how to verify?
One strategy is protection in layers. While true Cisco makes big bucks for
big hardware
Much of the world could benefit from more modest router and filtering
hardware.
Ubiquiti Networks makes some nice little inexpensive boxes that are open
source (linux) enough to watch.
This same class of hardware can support VPN for point to point security.
For many the issue is ex-filtration
of data in terabyte quantities.
Devices like the Xfinity cable routers and modems are something the
national security folk need to watch.
Phone, security, data are a trifecta of risks. Cable modems are another
risk, they are not dumb boxes.
As others noted grain of sand size devices are no longer caps. An
interesting class of stuff can be built into
them and test points and debug ports are obviously interesting targets.
Automated imaging can detect changes at incoming inspection but managing of
the 'gold' standard images will
demand encryption and verification (closed garden block chain?).
JTAG test chains need to have a quality cryptographic hash and signed.
Boards need to be designed for verification.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20181006/241fa1a8/attachment.html>
More information about the cryptography
mailing list