trusting the processor chip

Rick Smith smith at sctc.com
Fri Apr 26 21:31:41 PDT 1996


Having penned the response to Jeffrey Flinn on the unlikelihood of
processor back doors, I'll comment on jim bell's response:

>This analysis seems to assume that the entire production run of a standard 
>product is subverted. 

Actually, I perceived two models: either all processors are subverted
or a subset of them are. Both require a reasonably complete design
team to reliably achieve the objective of a well hidden and reliable
back door. The cost effective thing to do is use the original design
team since they have the knowledge you need to pull it off. A
different and/or much smaller team has a lower likelihood of success.

> More likely,I think, an organization like the NSA 
>might build a pin-compatible version of an existing, commonly-used product 
>like a keyboard encoder chip that is designed to transmit (by RFI signals) 
>the contents of what is typed at the keyboard.  It's simple, it's hard to 
>detect, and it gets what they want.

Simple, no. Hard to detect, somewhat. Gets what they want, unclear.

My experience with processor design and development is rather ancient
and my knowledge of IC work is third hand, so I'll gladly defer to
someone with closer knowledge of the process (Tim?).  However, I've
never heard anything to imply that a processor architecture can be
cleverly and reliably dinked with in this manner without lots of
expensive engineering. Where does the chip real estate come from?  Is
there room in the microcode for this? Will it destabilize other
behaviors? Will the victim detect it through RFI testing?

No, it's not impossible. The risk vs reward tradeoff is shaky.

Rick.
smith at sctc.com        secure computing corporation






More information about the cypherpunks-legacy mailing list