Re: What is required for trust?

[Jerry Leichter]

On Jun 3, 2010, at 10:39 AM, Sandy Harris wrote:


India recently forbade some Chinese companies from bidding on some
cell phone infrastructure projects, citing national security  
concerns...

The main devices to worry about are big infrastructure pieces --
telephone switches, big routers and the like. However, those are by no
means the only potential targets. Small home routers and various
embedded systems are others.

So, if one is building some sort of hardware that people may be
reluctant to buy because of security concerns, what does it take to
reassure them?...
Given the state of the art, there appears to be no way to get any  
assurance you can reasonably believe in.  See http://cseweb.ucsd.edu/users/swanson/WACI-VI/docs/08_slides.pdf 
, full paper at http://www.usenix.org/events/leet08/tech/full_papers/king/king.pdf 
 - for some work in this area:  The authors took an open-source  
design for a SPARC chip and made some very small modifications to it.   
The resulting processor could not reasonably be distinguished from an  
unmodified one by any feasible testing, but renders any software  
protection you might use on the device completely ineffective against  
someone who knows how to trigger the hardware hacks (which can be done  
remotely).  The only way you would know this stuff is there is by  
vetting the design - and detecting ~100 new lines of VHDL among  
11,000, or 1000 new gates out of 1.8 million.  And, of course this is  
a proof of concept, involving a very simple processor and no attempts  
to absolutely minimize the visibility of the changes.


People usually fall back on well, get chips from multiple sources,  
they can't compromise them all.  But that doesn't work here:  If you  
don't know which chips are good and which are traitors, you don't  
know there isn't a traitor in the very equipment you have to rely on.   
Further, obvious ideas like running extensive comparisons of outputs  
of chips from multiple sources don't work against attacks that only  
open the chip on a specific command.  I suppose you could make sure  
every device that operates on sensitive data has redundant chips from  
multiple vendors and compare outputs - but then at the least you're  
vulnerable to a denial of service attack, which in some circumstances  
is almost as bad.  And even if you do find that two chips disagree -  
which is the bad one?  And if figure that out - you now know one  
bad source, but you have no evidence that the source of the other  
chip hasn't also spiked it in some different way.  (The classic  
trick here is to have two attacks, and let one be found - after  
which the target *thinks* he's safe.)


The whole question of how to get trustworthy parts appears to be a  
huge issue in the US military/intelligence community these days.   
They're putting together consultations with academia and industry -  
and undoubtedly also funding all kinds of secret work as well.  In the  
old days, it was practical for sensitive operations to build their own  
chips at vetted plants.  Those days are gone - there are only a  
limited number of plants on the entire planet that can build state-of- 
the-art chips, the technology itself has been mastered by only a  
limited number of players, and the costs are immense even by military/ 
black funding standards.

-- Jerry

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

What is required for trust?

[Sandy Harris]

India recently forbade some Chinese companies from bidding on some
cell phone infrastructure projects, citing national security concerns:

http://www.chinatechnews.com/2010/05/25/12102-indias-bsnl-excludes-chinas-huawei-zte-from-gsm-bidding

Of course, the Chinese gov't and companies are by no means the only
ones one might worry about. ATT and other US telcos have given
customer data to the NSA. What about fear of NSA trickery in Lucent
products? Or French intelligence in Alcatel? Or Israeli or Taiwan or
whoever? In all cases, you can argue about how plausible such threats
are, but it seems clear they are not utterly implausible.

Nor are the companies the only threat. Cisco and many other firms have
factories in China; if you are worried about Huawei colluding with
government here to spy on or sabotage other nations, then you likely
have to worry about that government slipping a team into Cisco staff
to subvert those products. I don't think this threat is realistic, but
I could be wrong.

The main devices to worry about are big infrastructure pieces --
telephone switches, big routers and the like. However, those are by no
means the only potential targets. Small home routers and various
embedded systems are others.

So, if one is building some sort of hardware that people may be
reluctant to buy because of security concerns, what does it take to
reassure them? Obviously, this is going to vary with both the
application and the people involved, but can we say anything useful in
general?

Standard components help. If you use IPsec, or AES, or a commodity
processor, I can have some confidence in those parts, though I'll
still worry about other things. Use your own protocol or crypto
algorithm and I definitely won't trust it without publication and a
lot of analysis. Put big lumps of your own VLSI on the board and I'll
worry about what might be hidden in them.

Openness helps. Put an open source OS on the thing and give me the
application code in source for auditing. If you must use some VLSI or
FPGA parts, publish source for those.

Auditing helps. Intel got outsiders to audit their random number
generator. This is probably needed for some critical components, but
which?

All of those help, but are they enough? If not, what else is needed?
Or is this an impossible task?

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com