On Wed, May 02, 2007 at 06:12:31PM +0100, Dave Korn wrote: > If you wanted to be /really/ certain, I guess you'd have to take the tops > off all the ICs inside and look at them under an EM, to make sure they really > were the parts they claimed to be and don't have any extra circuitry or hidden > functions built in....
If the chips had more than a single layer, or even if they were single layer, it's probably possible to hide some functionality. I've heard of devices that are capable of displaying the current flowing through the conductive regions of the chip (electrons move just a little too fast to follow, about 1/4 the speed of light in copper) but that's an awfully labor-intensive way to check that everything is working to spec... it's probably cheaper to build it yourself. And then with respect to the non-crypto issues; are you going to cut open every capacitor on the red signal path to check for, say, miniature FM transmitters? I'm reminded a bit of the US embassy in Moscow, where (using neutron scanners) they found bugs in the girders that were the same density as the steel, and so invisible to X-rays... in the end, they learned that the only way to avoid these kinds of surprises was to use only their own building materials and labor. Earlier in this list tamper-resistant hardware was mentioned... the downside of that is that unless you're the manufacturer, your attempts to verify that it doesn't have any surprises look a whole lot like the kind of tampering it is designed to resist... It seems like this is a deep rabbit hole with no obvious end. Probably the best one could hope for is to avoid targeted attacks, where the opponent knows you are getting something and has it customized for you. Widespread (indiscriminate) compromisation is probably impractical to detect. If you're a nation, or particularly wealthy, then perhaps you can do it all yourself, but for high-tech devices that can get very expensive. History is littered with examples where countries tried to create a domestic source for some strategic good and failed miserably. Incidentally, on my web page I have some pictures and code for a HWRNG that an associate built (I wrote the software); he made a limited run of 10 or so, but if anyone wants the schematics, you'll want to send a SASE to Brad Martin at http://www.nshore.com/ (the plans are not in an easy-to-email form and this method filters out all but serious inquiries). It is actually a pretty neat device, battery powered to avoid 60Hz signal injection (you can use a wall wart if you want to though, the filters are good) and even enters a power-saving mode when not in use. My software (written for Linux and BSD) supports a mode where it allows the device to power down when /dev/random is above a "high water mark", and automatically powers it up when it drops below it. One person called it "the most over-engineered RNG I have ever seen". I think the cost to build one is about $100-200, but Brad spent $30k of unbillable time on this personal project, mostly on the design. It's a shame to see that only used on 10 units. There are, incidentally, some open-source hardware web sites, where they have schematics for various chips and cores... although you can't just etch your own silicon, there are shops that do all of that for you; you just email them the layouts and send them the money, and they can do a small run of chips for reasonable prices. -- Kill dash nine, and its no more CPU time, kill dash nine, and that process is mine. -><- <URL:http://www.subspacefield.org/~travis/> For a good time on my UBE blacklist, email [EMAIL PROTECTED]
pgpBE4zRtMeSN.pgp
Description: PGP signature