[Cryptography] Hardware Trojan Protection
----- Forwarded message from Bill Frantz
Still, it raises the question: If you can't trust your microprocessor chips, what do you do? One possible answer: Build yourself a processor out of MSI chips. We used to do that, not so long ago, and got respectable performance (if not, perhaps, on anything like today's scale). An MSI chip doesn't have enough intrinsic computation to provide much of a hook for an attack. Oh, sure, the hardware could be spiked - but to do *what*? Any given type of MSI chip could go into many different points of many different circuit topologies, and won't see enough of the data to do much anyway. There may be some interface issues: This stuff might not be fast enough to deal with modern memory chips. (How would you attack a memory chip? Certainly possible if you're make a targeted attack - you can slip in a small processor in the design to do all kinds of nasty things. But commercial of the shelf memory chips are built right up to the edge of what we can make, so you can't change a ll that much.)
Some stuff is probably just impossible with this level of technology. I doubt you can build a Gig-E Ethernet interface without large-scale integration. You can certainly do the original 10 Mb/sec - after all, people did! I have no idea if you could get to 100 Mb/sec.
Do people still make bit-slice chips? Are they at a low-enough level to not be a plausible attack vector?
You could certainly build a respectable mail server this way - though it's probably not doing 2048-bit RSA at a usable speed.
We've been talking about crypto (math) and coding (software). Frankly, I, personally, have no need to worry about someone attacking my hardware, and that's probably true of most people. But it's *not* true of everyone. So thinking about how to build "harder to attack" hardware is probably worth the effort.
You might get a reasonable level of protection implementing the core
of the crypto operations in a hardware security module (HSM) using
Field Programmable Gate Arrays (FPGA) or Complex Programmable Logic
Device (CPLD). There is an open source set of tools for programming
these beasts based on Python called MyHDL
participants (1)
-
Eugen Leitl