Re: trusting the processor chip
At 01:53 PM 4/25/96 -0400, Jeffrey C. Flynn wrote:
I received several responses to this question. My favorite was as follows...
This is probably science fiction, particularly at the VHDL level. Maybe someone could make a crime of opportunity out of a microcode flaw, but there's a risk of it being found out during testing.
To do it right would require collusion of the design and test teams. They need to ensure the back door stays closed, isn't tickled by "normal" testing and only opens when really requested. So a lot of people are in on the secret even before it gets exploited for nefarious purposes.
And what nefarious purposes would pay for the risks and costs of this? If the secret got out, the design team, product line, and company would be dead in the marketplace and probably spend the rest of their lives responding to lawsuits. What could you use this for that is worth the risk?
This analysis seems to assume that the entire production run of a standard product is subverted. More likely,I think, an organization like the NSA might build a pin-compatible version of an existing, commonly-used product like a keyboard encoder chip that is designed to transmit (by RFI signals) the contents of what is typed at the keyboard. It's simple, it's hard to detect, and it gets what they want. Jim Bell jimbell@pacifier.com
On Thu, 25 Apr 1996, jim bell wrote:
At 01:53 PM 4/25/96 -0400, Jeffrey C. Flynn wrote:
I received several responses to this question. My favorite was as follows...
This is probably science fiction, particularly at the VHDL level. Maybe someone could make a crime of opportunity out of a microcode flaw, but there's a risk of it being found out during testing.
To do it right would require collusion of the design and test teams. They need to ensure the back door stays closed, isn't tickled by "normal" testing and only opens when really requested. So a lot of people are in on the secret even before it gets exploited for nefarious purposes.
And what nefarious purposes would pay for the risks and costs of this? If the secret got out, the design team, product line, and company would be dead in the marketplace and probably spend the rest of their lives responding to lawsuits. What could you use this for that is worth the risk?
This analysis seems to assume that the entire production run of a standard product is subverted. More likely,I think, an organization like the NSA might build a pin-compatible version of an existing, commonly-used product like a keyboard encoder chip that is designed to transmit (by RFI signals) the contents of what is typed at the keyboard. It's simple, it's hard to detect, and it gets what they want.
Jim Bell jimbell@pacifier.com
This is getting more rediculous by the minute. If NSA wanted to find out what you were typing, they dont need to subvert microcode or chips on the board. Unless you have a tempest device - all they have to do is pull RF from your vicinty and they can *see* just exactly what your typing.
From the powerline, from the air - choose your poison.
...Paul ------------------------------------------------------------------------- "Faced with the choice between changing one's mind and proving that there is no need to do so, almost everybody gets busy on the proof" -- John Kenneth Galbraith "Success is attending a funeral as a spectator" -- E. BonAnno -------------------------------------------------------------------------
Take a look at the IEEE Symp on Security and Privacy Proceedings from 1995, I believe it was. There was a paper there about security bugs in the Intel processors, enumerating a number of them in 80386 for example. There where at least one or two byte sequences that plainly stopped the processor. [I'll find the reference, I have it back home.] The authors concluded that the number of released bugs reports had dimished over time for each processor model, and for the Pentium not a single one had been released. They speculated whether it was considered company confidential perhaps? They "promised" to build their own "processor tester" to try to find the most obvious ones at least. But it will be very hard to find all of these bugs, judging from the released bugs. Some of them are only appearing sporadically under a pretty complicated set of circumstances, like what is in the pipeline, the cache etc... The processor is ever important, if it is illdefined or flakey, it is almost impossible to build security on top of it. /Christian
On Thu, 25 Apr 1996, jim bell wrote:
This analysis seems to assume that the entire production run of a standard product is subverted. More likely,I think, an organization like the NSA might build a pin-compatible version of an existing, commonly-used product like a keyboard encoder chip that is designed to transmit (by RFI signals) the contents of what is typed at the keyboard. It's simple, it's hard to detect, and it gets what they want.
I thought that most (all?) chips already radiated on the electromagnetic spectrum? Isn't that what tempest is about?
More likely,I think, an organization like the NSA might build a pin-compatible version of an existing, commonly-used product like a keyboard encoder chip that is designed to transmit (by RFI signals) the contents of what is typed at the keyboard. It's simple, it's hard to detect, and it gets what they want.
I thought that most (all?) chips already radiated on the electromagnetic spectrum? Isn't that what tempest is about?
A) Yes, all circuitry radiates to some extent. The variable is the "some" factor. And is the noise compromising or just revealing? [Does it allow the Opposition to know you are typing, or WHAT you are typing...?] And the one everyone here seems to ignore -- can you hear it from where you need to? [I know of one National Lab with a blanket Tempest exemption -- it's a MILE to the uncontrolled border area.] B) Sure the Fort has Fab facilities. But Acme Gas & Grocery fixes cars, yet they do NOT have the diagnostic computer for my [in my dreams..] new BMW. Preventium & leading edge chips requires MASSIVE amounts of money for the infrastructure, and yesterday's versions do not cut it. [Tim, got any real $$ here?] I suspect it's like monitors: 14" SVGA's cost $200; 16" $650; 19" $1200 & 21", don't ask. Sure, tomorrow the 16" is $500, but you need it TODAY. The Fort is too busy trying to justify its FTE numbers to blow a couple zillion on keeping current with fab stuff. Plus, in a business with only a few customers, how does they keep the stepper-supplier from wising up? And when Mr. Bill introduces the 686, do you start all over? C) Would the Fort *really* ask for & get the needed cooperation while the industry fights CrippleChip/GAK? D) There are far cheaper ways to attack, as others point it. Neuter the power-supply controller chip, and it stays the same for generations. Or go for the video RAMDAC. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
participants (5)
-
Christian Wettergren -
David Lesher -
jim bell -
Paul S. Penrod -
Snow