given interest in open source privacy enhancing technologies, what about open ASIC SoC for privacy routers and other hw? - 32bit RISC opencores. http://cdn.opencores.org/pdf/or1k-asic.pdf - TRNG series as native instruction; avalanche + RF + slow sampled from fast pair into aligned memory target as raw samples, each source tunable via MSR. http://www.cryptography.com/public/pdf/VIA_rng.pdf , http://moonbaseotago.com/onerng/ - Fab with chain of custody via domestic 22-nm foundry services. (Intel, other?) - Random quality and critical component validation with a FEI Versa 3D tear down , http://siliconexposed.blogspot.de/2014/03/getting-my-feet-wet-with-invasive_... what else required? (IOMMU isolation?)
On 11/4/14, coderman <coderman@gmail.com> wrote:
... slow sampled from fast pair ...
currently running a long /dev/random cat with mtrngd adding entropy per post-processed XSTORE reads, hwrng read bytes: 531147747500 entropy add bytes: 530776765056 good fips blocks: 212310709 bad fips blocks: 148390 poker run failures: 3516205 bit run failures: 3376041 long run failures: 72955 monobit failures: 63584 continuous run failures: 11896 1Ghz dual entropy source Padlock engine. more than you'll ever need... constrast XSTORE running at max rates and mixing / compressing in userspace with RDRAND/RDSEED allowing zero visibility for confirmation of expected underlying bit generator behavior.
On Tue, Nov 4, 2014 at 1:57 PM, coderman <coderman@gmail.com> wrote:
given interest in open source privacy enhancing technologies, what about open ASIC SoC for privacy routers and other hw?
Are there any open-source ASICs for wifi, bluetooth, gsm, cdma, or other communication chips? I briefly glanced and saw: http://opencores.org/project,bluespec-80211atransmitter http://opencores.org/project,bluetooth https://github.com/RangeNetworks/openbts only slightly related to my request: https://github.com/travisgoodspeed/80211scrambler https://github.com/ewa/802.11-data
- Fab with chain of custody via domestic 22-nm foundry services. (Intel, other?)
I would appreciate any references or links you can provide me to working chains of custody and their threat models. I am curious to see what a good one looks like. I think that chain of custody is going to be problematic because of dopant-level trojans, which can probably sneak past chain of custody systems. (There are ways to detect dopant-level trojans, but they are expensive and annoying. Still, better than nothing of course.) - Bryan http://heybryan.org/ 1 512 203 0507
On 11/4/14, Bryan Bishop <kanzure@gmail.com> wrote:
... Are there any open-source ASICs for wifi, bluetooth, gsm, cdma, or other communication chips?
build in array of direct quadrature modulator circuits (RFIC) in the desired bands for software stacks across all of the above. that gets you performance and efficiency, all in one! (or many, as it were) there are open source SDR stacks for some of the above, however, traditional SDR as crudely shoved into a SoC would not work so well. this is a longer discussion, of course :)
I would appreciate any references or links you can provide me to working chains of custody and their threat models. I am curious to see what a good one looks like.
a trusted set of auditors is on premise able to observe the wafer processing, litho, etc. to die prep and packing, with device testing results for each core attached. packages collected till end of run, then trusted auditors depart with the set of presumably trusted fabrication parts.
I think that chain of custody is going to be problematic because of dopant-level trojans,...
the selective FIB deconstruction to verify, along with constructions resistant to stealthy dopant tampering, could leave you more confident that the set of chips so run were not surreptitiously tampered with. obviously, if chain of custody ever broken, the chips become suspect. this is all an amusing thought exercise, given the complete lack of anything remotely as hard to run software wise on top of this idealistic open soc :) best regards,
Given the difficulty of trusting auditors and ensuring they see all they need to see, why not push instead for crypto FPGA: consuner hardware, widely available. Probably hard to dope-trojan without breaking, and cleverly random allocation of transistors to the HWPRNG could mitigate. An open fpga with an open stack would not only be more trustworthy for crypto, I think it'd help legitimise and pave way for small-batch ASIC, too. On 5 November 2014 08:41:54 GMT+00:00, coderman <coderman@gmail.com> wrote:
On 11/4/14, Bryan Bishop <kanzure@gmail.com> wrote:
... Are there any open-source ASICs for wifi, bluetooth, gsm, cdma, or other communication chips?
build in array of direct quadrature modulator circuits (RFIC) in the desired bands for software stacks across all of the above. that gets you performance and efficiency, all in one! (or many, as it were)
there are open source SDR stacks for some of the above, however, traditional SDR as crudely shoved into a SoC would not work so well. this is a longer discussion, of course :)
I would appreciate any references or links you can provide me to working chains of custody and their threat models. I am curious to see what a good one looks like.
a trusted set of auditors is on premise able to observe the wafer processing, litho, etc. to die prep and packing, with device testing results for each core attached.
packages collected till end of run, then trusted auditors depart with the set of presumably trusted fabrication parts.
I think that chain of custody is going to be problematic because of dopant-level trojans,...
the selective FIB deconstruction to verify, along with constructions resistant to stealthy dopant tampering, could leave you more confident that the set of chips so run were not surreptitiously tampered with.
obviously, if chain of custody ever broken, the chips become suspect.
this is all an amusing thought exercise, given the complete lack of anything remotely as hard to run software wise on top of this idealistic open soc :)
best regards,
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
On 11/5/14, Cathal (Phone) <cathalgarvey@cathalgarvey.me> wrote:
Given the difficulty of trusting auditors and ensuring they see all they need to see, why not push instead for crypto FPGA...
FPGAs have been used to augment computation ever since they were developed. (i remember back in the early 90's being able to buy a PCI FPGA add-on card for accelerated computation) the problem is efficiency, and in a size pressured SoC design efficiency (which in turn drives power consumption) is paramount. not to say it isn't useful, but an FPGA processor compared to a tight, ASIC SoC, is going to lose by an order of magnitude. i would however be keen to see how some FPGA components on a RFIC integrated ASIC SoC could help DSP and related processing with flexibility while leaving the ASIC core for performance. fun considerations... too bad nearly everyone in position to contribute to such an effort is chained by NDAs, Secrecy Acts, or other binding Confidentiality clauses. best regards,
On 11/5/14, Cathal (Phone) <cathalgarvey@cathalgarvey.me> wrote:
Given the difficulty of trusting auditors and ensuring they see all they need to see,
perhaps relevant: "With over $6.5 billion in high-tech investments, CNSE's 800,000-square-foot (74,000 m2) Albany NanoTech Complex features the only fully integrated, 300 mm wafer, computer chip pilot prototyping and demonstration line..." - https://en.wikipedia.org/wiki/SEMATECH
participants (3)
-
Bryan Bishop -
Cathal (Phone) -
coderman