On 9/22/13 at 6:07 PM, leich...@lrw.com (Jerry Leichter) wrote
in another thread:
Still, it raises the question: If you can't trust your
microprocessor chips, what do you do? One possible answer:
Build yourself a processor out of MSI chips. We used to do
that, not so long ago, and got respectable performance (if not,
perhaps, on anything like today's scale). An MSI chip doesn't
have enough intrinsic computation to provide much of a hook for
an attack. Oh, sure, the hardware could be spiked - but to do
*what*? Any given type of MSI chip could go into many
different points of many different circuit topologies, and
won't see enough of the data to do much anyway. There may be
some interface issues: This stuff might not be fast enough to
deal with modern memory chips. (How would you attack a memory
chip? Certainly possible if you're make a targeted attack -
you can slip in a small processor in the design to do all kinds
of nasty things. But commercial of the shelf memory chips are
built right up to the edge of what we can make, so you can't
change a
ll that much.)
Some stuff is probably just impossible with this level of
technology. I doubt you can build a Gig-E Ethernet interface
without large-scale integration. You can certainly do the
original 10 Mb/sec - after all, people did! I have no idea if
you could get to 100 Mb/sec.
Do people still make bit-slice chips? Are they at a low-enough
level to not be a plausible attack vector?
You could certainly build a respectable mail server this way -
though it's probably not doing 2048-bit RSA at a usable speed.
We've been talking about crypto (math) and coding (software).
Frankly, I, personally, have no need to worry about someone
attacking my hardware, and that's probably true of most
people. But it's *not* true of everyone. So thinking about
how to build "harder to attack" hardware is probably worth the effort.
You might get a reasonable level of protection implementing the
core of the crypto operations in a hardware security module
(HSM) using Field Programmable Gate Arrays (FPGA) or Complex
Programmable Logic Device (CPLD). There is an open source set of
tools for programming these beasts based on Python called MyHDL
<www.myhdl.org>. The EFF DES cracker may have some useful ideas too.
The largest of these devices are also pressing the current chip
limits. There isn't a lot of extra space for Trojans. In
addition, knowing what to look at is somewhat difficult if pin
assignments etc are changed from chip to chip at random.
As with any system, there are tool chain issues. Open source
helps, but there is always the Key Thompson attack. The best
solution I can think of is to audit the output. Look very
carefully at the output of the tool chain, and at the final
piece that loads the configuration data into the device.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"Web security is like medicine - trying to
do good for
408-356-8506 |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
