Closed CPU's and Fabs Untrustworthy

[Anthony Papillion]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 6/17/2016 6:05 PM, juan wrote:
> On Fri, 17 Jun 2016 13:52:38 -0500 Anthony Papillion 
> <anthony at cajuntechie.org> wrote:
> 
>> 
>> There's value in running security software on a compromised 
>> system because it helps to stop /mass/ surveillance.
> 
> Does it? Your servers are compromised and so are your 'SSL' 
> connections...your tor routers are obviously compromised...any 
> system used to defend against mass surveillance that you run on 
> compromised hardware is...compromised.

Yes it does. Because before Snowden, they were basically capturing
data right off the wire in many cases. They were passive. It just
flowed right into their filters. Compromised hardware doesn't stop
them from getting your data in all cases, but it makes them work a
little more for it. They can't just sit on the wire and collect it
because they have to address the differences in each compromised
system. They have to seek you out instead of sucking it all in.

>> Ultimately, if you are under surveillance, they're going to get 
>> you but they're going to have to devote some time an effort /to 
>> you/. You're not going to get caught up in the worldwide 
>> dragnet.
> 
> Backdoored hardware affects everybody except the gov't.
> 
> Not to mention, why would it be OK to stop mass surveilance but
> not 'targeted' surveillance...of some big number of people?

I don't have a problem with targeted surveillance For example, if the
police believe (with good reason) that someone is plotting to bomb the
Whitehouse, I believe they should absolutely have the right and the
tools to monitor that person. That surveillance should stop the moment
they either have enough to make an arrest or they realize they are
wrong. Do you believe that no surveillance should happen at all for
any reason? You believe that's reasonable?

>> It's that innocent people are getting caught in a dragnet and 
>> that information could be used against them later.
> Aren't they 'innocent'? If they are 'innocent' they 'have nothing 
> to hide'.

I don't subscribe to that believe so please don't put words that I
didn't say or assume beliefs that I haven't expressed. People who are
caught in the surveillance dragnet /may/ be innocent of any crime or
they might not be. We really don't know, do we? I'm sure that some if
the information the agencies have gathered /do/ involve people who are
guilty of crimes and the data might prove it. Some, probably most,
don't. If the government has strong evidence that an individual has
committed a crime and evidence of it is being shared with others then
they should go through the legal channels and get authorization to
collect data on that single person. Not the entire neighborhood, not
the entire city. A single person.

Also, I don't subscribe to the bs about 'if you have nothing to hide,
you have nothing to fear'. Taking precautions to protect privacy
should never be taken as evidence of guilt. I'm not ashamed of my
naked body and there are times when I might even have no problem
walking in front of a window naked. But there are also times when I
want privacy and will draw my blinds. I don't hide the fact that I use
the bathroom but that won't stop me from closing the door when I go
in. In both of those cases, I'm not hiding anything. I'm exercising a
right to /privacy/. My privacy, when I am not committing a crime that
harms others, should /always/ be under my control.

>>> Nobody seems to be trying to fix 'our' fundamental problem...?
>> 
>> It's a hard AND expensive problem to address. There aren't a 
>> whole lot of people with processor design skills that aren't 
>> already working in processor design for one of the biggies.
> 
> I don't think processor design is especially hard. I admit I'm 
> guessing, but I can't imagine what could be so hard about
> designing some kind of not-fancy, risc system.
> 
> Not to mention....
> 
> http://opencores.org/

Processor design isn't particularly difficult. Neither is algebra.
Something doesn't have to be /hard/ to not be /common/ and not be
specialized. Processor design is not difficult to those who have taken
an interest in it and chosen to learn how to do it. The number of
people who would do that and then not seek jobs in the industry is
negligible. Sure, there are some people who might do it out of
interest or even for fun, but do you believe that number is really
enough to start a company powerful enough to mass manufacture chips?
Oh, and what about the person actually 'assembling' the chip who might
know very little if anything about processor design? What about that
person being bribed to insert something they don't even understand
into the assembly process? Do you think that wouldn't happen? If Intel
made it a policy not to have anything secret in their microprocessors,
do you really believe the security agencies would just go "darn! There
goes our chance to compromise Intel chips!"

Also, what's stopping the agencies from actually starting up a front
company just to manufacture open chips and slipping something in?
Don't think it would happen because 'someone is watching' and the
whole 'shallow bugs with many eyes' thing? I present to you Heartbleed
and ShellShock.

Oh and, of course, having the perfect processor /design/ is useless
unless you have trusted fab which, of course, circles back to the low
level worker and a nice big deposit of Bitcoin.

>> And the few that are likely don't have the money to bring up
>> what it takes to do it. It's not like this is going to be
>> bootstrapped by a Kickstarter.
> 
> 
> Actually, it seems exactly like the kind of project that 
> could/should be 'crowfunded'.
> 
> What's the 'minimum order' when dealing with something like TSMC ?
> 
OK, so I'll retract my statement above. Maybe this could be crowd
sourced. But again, how do we guarantee fab security? If a company has
to crowdfund a small number of chips, do you really think they are
going to have the money to set up fab operations that they can closely
audit and control?

>>> All the talk about snowden, tor, 'hacking' and similar 
>>> propaganda is...well...propaganda.
>> 
>> It's making people more aware of what's going on and how to 
>> protect themselves. Sure, it's not solving the problem but it is 
>> making things a bit better.
> 
> 
> I don't know. I wouldn't blame Snowden and co.(or maybe I would?) 
> but since 2013 things just kept and keep getting worse.
> 
> Your NSA friends didn't back off an inch.

No, you're very right that they didn't. New attacks are being
developed right now against vulnerabilities and backdoors we haven't
even discovered yet. And the attacks get better and better especially
when the companies collude with the government. It's not going to
magically get better through simply knowing about how bad it is. That
wasn't my point. But what can happen is larger and larger groups of
people (who control the money that places like Intel are rather fond
of) standing up and saying "we can't trust you so we're going
elsewhere". Critical mass is needed to make a difference not just a
few geeks ranting on Internet forums and mailing list. We don't have
the market moving power that a larger group does. That's why making
people aware and actually agitating the situation is so important.

>> Perfect is the enemy of good. If the spooks don't go after one 
>> person because it would take more personalized resources than 
>> simply catching them in a dragnet, that security has worked. We 
>> don't need 'perfect'. We need 'good enough'.
> 
> 
> 'good enough' requires working hardware, not hardware remotely 
> controlled from washington.

No it doesn't. Good enough, in this case, means getting a bit of
breathing room for people while the geeks figure out how we back the
government off technically. Until they can't technically control every
single piece of hardware, at least make it as hard as possible for
them to control it. Sure, it's not solving the problem entirely but
you have to admit it's going to protect some people who would
otherwise get caught up in a dragnet. Their data isn't there anymore.

Don't get me wrong, I am 100% behind making hardware secure. But we
can't be so focused on absolute security with no compromise that we
/only/ work on that and leave everything wide open until we have
absolute. That's kind of like "well, we think the NSA might be able to
break TLS by asking for our private key so we'll just keep using HTTP
until we develop a way where having our private key doesn't matter".
You do what you can and then you refine it closer and closer to
perfection.

Shit, I write a lot...

Sorry :)
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXZK1RAAoJEAKK33RTsEsVZP0QAJGSzHuvIDzoGJav/QG2eXOf
hgl8Q/D/0/xStelYBsx2Sq6y6RHzczFeI3LlJdAT3W/WkqtugSCRtTtUFY4sHsyL
gbRfCIkW2Yfg25z6fCr5iCp6rMqwEYlEy+H46tVsEizmGtYqVYo1jNaEsHMAzbbD
SwTZ+I2sByKRoc+ArLzNiuEyp/1qynxQStocFNjZuhyJi7ujaKxK5k3V6Lh2HBkt
dcNJngwJ7Ws4esIDDQ4DtzsNgK56GWMEt66GtUHGQaZxklB+QAwawZGgFpP2rHLu
hjH72ko0doGwoSX1SRVATneqofq7WCvR7k8bRTV2ipsgGKHOpfndT6UBldK94ukL
Tso2BOb7YVxgNIbz2BIOE4auJr9CNpQJSoaikoLkmQ1/IeYqqt7JAhdYR0VuBNbt
5sFUq0LejAQYZQSNoPX/38tlz6t7+9VO4iVn2iWzNp052/S3UwLvZaH/n9cfjaNm
Hjhz0jebH2rzLdm3SlZr8F618luPuqgQg7HHNCdvm2MIlNc5oDKZOWhhfvvgDy1/
q1wZPntscLdolM/VY1m4MZMOK219MEatp4lgNBxsChhKH5Op11LN2U6hUZ069Rgb
TL121QmP7JfmkbpehVONRbhhbou8bKsbcRvBe7ZDaS1kp950npNY8vJOjbpcINAX
ISgmOkyMy9JcdKhxwhOc
=DS8O
-----END PGP SIGNATURE-----