Free Advice for FBI/OPM/NSA/DOE: full-disclosure hardware
Travis Biehn
tbiehn at gmail.com
Wed Jun 17 07:53:47 PDT 2015
On Wed, Jun 17, 2015 at 8:59 AM, Tim Beelen <tim at diffalt.com> wrote:
> Has anyone ever established or tried building trust model with any of
> these producers? It's rather hard to invent that wheel. I've heard that
> setting up a foundry is quite a bit of work. And in today's environment it
> is a significant advantage to produce community vetted hardware. So we
> might be able to get a solid business model behind this.
>
>
> On 6/17/2015 3:27 AM, grarpamp wrote:
>
>> On Wed, Jun 17, 2015 at 12:25 AM, Troy Benjegerdes <hozer at hozed.org>
>> wrote:
>>
>>> PCB layout of the server(s) that got hacked.
>>>
>> The gate counts in the chips moots the PCB.
>>
>> 'IP' and such
>>> ...
>>> because there will be more than just me talking about why we need
>>> full-disclosure hardware that you can X-ray and compare to an image
>>> signed and hosted by multiple independent and competing nation-state
>>> or multinational-corporate level security agencies.
>>> ...
>>> If your Intel motherboard matches the image signed by IBM,
>>>
>> Private xraying to validate an individual chip is fine, but does
>> nothing for everyone else. If you already have and are validating
>> the [somehow open] image, you might as well open-source and
>> open-up the entire fab. That way you know everything rolling off
>> the line is good. While you may trust the chip to image in your
>> hand, do you trust Intel, Huawei, Qualcomm, TSMC?
>>
>> https://en.wikipedia.org/wiki/Foundry_model
>>
>
>
OK, yes - being able to verify first and foremost that the PCB you have
matches some reference is an important first step for guaranteed hardware
security.
Perhaps building an accessible verifier might be the logical first step.
How effective is this X-Ray method for detecting hardware modifications
[what is the resolution?] How do you process two different X-Ray images,
remove the noise (normalize) to compare two different documents?
-Travis
--
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3469 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150617/62630b48/attachment-0002.txt>
More information about the cypherpunks
mailing list