i see your skepticism, and i raise you a retort! ;) i even have a list of candidates you can experiment with to confirm Intel Ivy Bridge as best fit. [0] On Wed, Dec 11, 2013 at 9:15 PM, Andy Isaacson <adi@hexapodia.org> wrote:
... Suppose I'm the manager writing this document, reporting the expected accomplishments of my group. We do cryptanalysis.
plus a few more things, e.g. your ~250-300million $USD/year budget goes toward: "actively engag[ing] the US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs [... to] make the systems in question exploitable through SIGINT collection (e.g., Endpoint, MidPoint, etc.) with foreknowledge of the modification. and, Insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communications devices used by targets. only with "foreknowledge of the modification" are you able to utilize this backdoor. (NSA does not like to share) also, this year by end of year, in 2013 you expect to: - Make gains in enabling decryption and Computer Network Exploitation (CNE) access to fourth generation/Long Term Evolution (4GL/LTE) networks by inserting vulnerabilities. - Complete enabling for [well recognized name] encryption chips used in Virtual Private Network and Web encryption devices. and last but not least, - Shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS. Ok, given those requirements. Who fits the bill? High end platform: http://www.techweekeurope.co.uk/news/intel-networks-high-end-platform-133501 """ Intel targets what it believes is a significant growth opportunity to bring the Intel Architecture into a rapidly evolving networking space. ... Intel added to its portfolio with the introduction of the Highland Forest platform, which combines the vendor’s Xeon E5-2600 v2 CPU with its new Coleto Creek chipset. Price said Highland Forest – which can pack up to 20 2.4GHz “Ivy Bridge” CPU cores – will offer two to six times the performance of the previous Crystal Forest platform, which was launched in October 2012. Highland Forest, with Intel’s Data Plane Development Kit, can deliver up to 255 million packets per second (p/s) – more than the 140 million p/s from Crystal Forest – as well as security capabilities of 110 Gigabits per second of IPsec and 200 Gb/s SSL security for encrypted traffic. """ IPsec (VPN) and SSL (Web crypto) and lots of it! sounds interesting. tell me more! other market points of note: - "Intel currently has over 15 SDN/NFV qualification trials underway with carriers in all major regions. Schooler emphasized that Intel has no intention to sell directly to service providers and is fully committed to launching an Intel Network Builders Ecosystem of industry players supporting the Intel Architecture." - "6WIND Announces Availability of Support for Intel® Xeon® Processor Platform for Large-Scale Communications Infrastructure Systems, Formerly Called “Highland Forest” 6WIND announces the availability of support within the 6WINDGate™ software for the Intel® Xeon® Processor Platform for Large-Scale Communications Infrastructure Systems, formerly called “Highland Forest.” With its optimized support for the Intel® QuickAssist Technology that provides hardware acceleration for encryption and compression, 6WINDGate delivers best-in-class performance for networking applications such as WAN optimization, VPN appliances, firewalls and Unified Threat Management (UTM) systems." - funny they seem to distance themselves from "Highland Forest" and "Ivy Bridge" in this press release and product launch... [ http://www.prweb.com/releases/2013/12/prweb11387583.htm ] they sound interesting, like they sell to many industries at large scale. are they a popular company/product? ""“6WINDGate is already deployed in tens of commercial LTE networks throughout Asia, Europe and North America, while also being used by multiple tier-1 suppliers of enterprise and cloud networking equipment."" hey look, LTE! ... ok, so that's a little suspect. what's that, there's more you say? https://plus.google.com/+TheodoreTso/posts/SDcoemc9V3J "I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction." , "Oh, I should add that just today I had to fight back an attempt by a Red Hat engineer to add a configuration option to blindly trust RDRAND and bypass the entropy pool" ... then the FreeBSD change of heart. hey Wind River, how are you using RDRAND? now what about Intel themselves, are they also pushing the chip? """ Intel officials are making aggressive moves to expand the reach of its silicon beyond servers and into other parts of the data centre. Schooler said the company has been making products for networking gear for about a decade, and has made significant strides in recent years. It’s also made several acquisitions – such as of Sensory Networks, Ethernet chip maker Fulcrum Microsystems and networking software maker Aepona, whose technology enables telecoms and cloud service providers to offer more services on their networks. Intel is looking to take advantage of the growth opportunity networking represents, Schooler said. The market Intel is targeting is about $16 billion (£9.7bn), and the chip maker currently has about 5 percent of it. Along with its x86 architecture, Intel also is developing accelerator chips for such jobs as packet inspection and encryption. """ whew. that's a lot of context and circumstance. let's look back over your goals for 2013: Make gains in enabling decryption and Computer Network Exploitation (CNE) access to fourth generation/Long Term Evolution (4GL/LTE) networks... - AFFIRMATIVE! Complete enabling for [Intel Ivy Bridge] encryption chips used in Virtual Private Network and Web encryption devices. - AFFIRMATIVE! Shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS. - AFFIRMATIVE! i will admit that i am continually impressed by NSA/SCS achievements. they're extremely competent!
If we're projecting success against FooBarCo chips' encryption sub-core, and everybody knows FooBarCo chips are used in both encryption and non-encryption products, it makes sense to cite the specific applications where FooBarCo chips are used.
agreed.
However, in "for FooBarCo encryption chips used in VPN", the "encryption" seems to me to denote a special purpose chip, rather than a general purpose chip with an encryption sub-core.
my reading between the lines: it is not a special chip, it is a special collection of many of them (20+) handling tier-1 core traffic encryption, which is an excellent point to aggregate a vulnerability in keying ciphers. (ignore public key for now, since we can just focus directly on session/temporal keys!)
"Cavium Networks" or "Cavium Nitrox" are approximately the right length to fit. Other vendors that might be interesting include F5, Barracuda, Riverbed, Cisco SCA 11000, Radware (an Israeli/American company), and everybody listed on http://en.wikipedia.org/wiki/SSL_Acceleration
0. please to be experimenting with datas: Interface Masters Technologies Freescale Semiconductor Alteon SSL Accelerator Nortel SSL Accelerator Strangeloop Networks Riverbed Technology Coyote point systems Crescendo Networks Microchip PIC32MZ Barracuda Networks Kemp Technologies STMicroelectronics Check Point VPN-1 Sun Microsystems Foundry Networks Cavium Networks Cavium NITROX Juniper Networks Nortel Networks Array Networks Intel Ivy Bridge <- only this is right length in justified context shown Forum Systems Cavium Nitrox CAI Networks A10 Networks Cisco Systems Citrix Systems Sun SCA6000 MIFARE Plus Network Box Coleto Creek F5 Networks jetNEXUS Cisco PIX Radware Cotendo Exinda Hifn IBM --- parting words: """ On April 17 at the Open Networking Summit, Intel executives laid out the company’s strategy around data center networking and the burgeoning trend of software-defined networking (SDN). They also showed that their efforts will expand beyond simply supplying the processors for networking hardware. The company unveiled reference architectures designed to help enterprises, cloud service providers and telecommunications companies more quickly create hardware and software for SDN and network-function virtualization (NFV), moves that could bring Intel into closer competition with the likes of networking giant Cisco Systems and chip maker Broadcom. - http://www.eweek.com/networking/intel-makes-push-into-competitive-sdn-space/ """ don't let them get away with it! open up raw access to entropy sources!! don't discriminate against the unit, one is prime!!!