Subject: Re: [s-t] privacy and caution digest #2 From: "Bryan O'Sullivan" <bos@serpentine.com> Date: Mon, 27 Oct 2003 22:49:19 -0800
On Mon, 2003-10-27 at 14:49, Nick B wrote:
Nobody, but nobody, builds _anything_ electronic from the ground up. Not me, not you, not Apple, not Microsoft, not Sony, not Intel, not the NSA. [Apple,] Sony, Intel and the NSA get closer by fabbing their own silicon.
No Such Agency doesn't fab much of anything; they can't afford to. They and their ilk are far more interested in things like FPGAs and adapting numerical algorithms to COTS SIMD hardware, such as graphics processors (a la http://www.gpgpu.org/).
My apologies; I don't have much information on the budget, interests, capabilities, facilities, or operations of the NSA.
Who knows what sort of spyware those tools are adding?
Don't be silly. The amount of computation you need to do to get a circuit of any useful complexity to do something predictable is enormous. You can't stuff a thousand CPUs and 200 engineers into an Applied Materials mask etch machine, so that they can rig a WiFi card and antenna onto your PS2's vector chip without Sony finding out. Even if you could, how would they talk to the evil animalcules inside the Novellus metal deposition machine in the facility next door, so the right traces get metallised?
I guess I didn't make myself clear. I wasn't hypothesizing an attack against a fab. I was saying that deeply paranoid "don't trust anyone" types could well hypothesize such attacks. They don't have to be semi-automated Thompson-style attacks (and I didn't have those in mind). Put yourself in a "don't trust anyone" frame of mind, and imagine that some part of the toolchain at (say) Intel includes spyware which allows it to be controlled by (say) NSA. Using this spyware, NSA can watch a part of a CPU going through design-and-test cycles, pick a part of the design to subvert, and carefully craft a replacement for that part of the design. Making the replacement part do something useful for the NSA is left as an exercise for those who enjoy this type of thing. My point was that anyone who has a tendency to believe in this sort of nonsense should, for consistency, be shunning mainstream hardware altogether. Even if they trust Intel, ho ho ho.
Never even mind that automatically figuring out what a bunch of geometry in a set of masks represents is vastly harder than reverse compilation for software.
Yes. I wasn't intending to suggest an attack based solely on masks. The hypothesized attackers, having subverted the toolchain, have full access at all levels of the hardware design (including design documents, sources in various description languages, etc).
It is actually quite hard. And if anybody ever does implement it really well, they can win, in principle even against projects like Plan 9
No they can't. Identifying something as "a compiler" and instrumenting the right code is impossible for automated systems.
I agree (almost), but a Thompson attack doesn't have to do that. Compilers read source code by calling read() and write object code by calling write(). These are, IMO, the right places to attack. A program which open()s a descriptor on a file called \(*\).c and read()s some source code from it, and open()s another descriptor on a file called \1.o and write()s some object code to it, is probably a compiler. Any Thompson attack is directed against a particular platform (e.g. OS + compiler + hardware) *or set of platforms*. That was the point I was trying to make. Plan 9 could have been vulnerable to an attack created after the start of the project, targetting both gcc and (say) 2c. I agree that [barring global conspiracies of the sort outlined above] someone designing a new system from scratch tomorrow, *using only tools and equipment available today*, and making the avoidance of Thompson-style attacks a priority, could come away clean. Off-hand, I guess that I would do it by avoiding having a modern bootstrap in the first place. I'd write my main compiler in some much smaller simpler language, and keep it that way. For myself, I still don't believe in Thompson attacks, or global conspiracies subverting fab toolchains. Global conspiracies seem to use much less subtle approaches (insert here stuff about chads, airliners, and Wars on Abstract Nouns). I'm so unparanoid that I'm running GNU Emacs 21.3, built from suspect sources. Heck, I'm so unparanoid that I don't even believe that Diebold is part of a global conspiracy. Hanlon's razor, and all that. Nick B ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 0.97c removed an attachment of type application/pgp-signature]