Just update the microcode (was: Re: defending against evil in all layers of hardware and software)

2008-04-28 Thread John Ioannidis
Intel and AMD processors can have new microcode loaded to them, and this is usually done by the BIOS. Presumably there is some asymmetric crypto involved with the processor doing the signature validation. A major power that makes a good fraction of the world's laptops and desktops (and hence

SSL and Malicious Hardware/Software

2008-04-28 Thread Ryan Phillips
Matt's blog post [1] gets to the heart of the matter of what we can trust. I may have missed the discussion, but I ran across Netronome's 'SSL Inspector' appliance [2] today and with the recent discussion on this list regarding malicious hardware, I find this appliance appalling. Basically a cor

Re: Doubts about efficiency of Shor's factoring algorithm in quantum computers

2008-04-28 Thread Perry E. Metzger
Charles McElwain <[EMAIL PROTECTED]> writes: > Follow-ups on this line of research will be interesting for the > evaluation of any impact of quantum computers on cryptography, and > even generally, since the decoherence behavior would tend to make > quantum computers approximate improving classica

Re: defending against evil in all layers of hardware and software

2008-04-28 Thread Perry E. Metzger
John Denker <[EMAIL PROTECTED]> writes: > This is an important discussion > > The threats are real, and we need to defend against them. I'm not sure how to feasibly defend against such things. It would seem to require complete control over the entire design and supply chain, which involves so m

Doubts about efficiency of Shor's factoring algorithm in quantum computers

2008-04-28 Thread Charles McElwain
In case you missed this, since it appeared in the quantum physics section; but is relevant to quantum cryptography (or, cryptography on quantum computers.) The argument here is that Shor's factoring algorithm is dependent on the Quantum Fourier Transform, which is sensitive to errors in quant

Re: "Designing and implementing malicious hardware"

2008-04-28 Thread Perry E. Metzger
Ed Gerck <[EMAIL PROTECTED]> writes: > Perry E. Metzger wrote: >> No. It really does not. Shannon's tenth theorem is about correcting >> lossy channels with statistically random noise. This is about making >> sure something bad doesn't happen to your computer like having someone >> transmit blocks

Re: "Designing and implementing malicious hardware"

2008-04-28 Thread Ed Gerck
Perry E. Metzger wrote: No. It really does not. Shannon's tenth theorem is about correcting lossy channels with statistically random noise. This is about making sure something bad doesn't happen to your computer like having someone transmit blocks of your hard drive out on the network. I assure y

Re: "Designing and implementing malicious hardware"

2008-04-28 Thread Perry E. Metzger
Ed Gerck <[EMAIL PROTECTED]> writes: > Perry E. Metzger wrote: >> Ed Gerck <[EMAIL PROTECTED]> writes: >>> Each chip does not have to be 100% independent, and does not have to >>> be used 100% of the time. >>> >>> Assuming a random selection of both outputs and chips for testing, and >>> a finite

defending against evil in all layers of hardware and software

2008-04-28 Thread John Denker
This is an important discussion The threats are real, and we need to defend against them. We need to consider the _whole_ problem, top to bottom. The layers that could be subverted include, at a minimum: -- The cpu chip itself (which set off the current flurry of interest). -- The boot rom

Re: "Designing and implementing malicious hardware"

2008-04-28 Thread Ed Gerck
Perry E. Metzger wrote: Ed Gerck <[EMAIL PROTECTED]> writes: Each chip does not have to be 100% independent, and does not have to be used 100% of the time. Assuming a random selection of both outputs and chips for testing, and a finite set of possible outputs, it is possible to calculate what s

Re: "Designing and implementing malicious hardware"

2008-04-28 Thread Leichter, Jerry
On Mon, 28 Apr 2008, Ed Gerck wrote: | Leichter, Jerry wrote: | > I suspect the only heavy-weight defense is the same one we use against | > the "Trusting Trust" hook-in-the-compiler attack: Cross-compile on | > as many compilers from as many sources as you can, on the assumption | > that not all

Re: "Designing and implementing malicious hardware"

2008-04-28 Thread Perry E. Metzger
Ed Gerck <[EMAIL PROTECTED]> writes: > Each chip does not have to be 100% independent, and does not have to > be used 100% of the time. > > Assuming a random selection of both outputs and chips for testing, and > a finite set of possible outputs, it is possible to calculate what > sampling ratio w

Re: "Designing and implementing malicious hardware"

2008-04-28 Thread Ed Gerck
Leichter, Jerry wrote: I suspect the only heavy-weight defense is the same one we use against the "Trusting Trust" hook-in-the-compiler attack: Cross-compile on as many compilers from as many sources as you can, on the assumption that not all compilers contain the same "hook". ... Of course, y

Re: "Designing and implementing malicious hardware"

2008-04-28 Thread Leichter, Jerry
On Sat, 26 Apr 2008, Karsten Nohl wrote: | Assuming that hardware backdoors can be build, the interesting | question becomes how to defeat against them. Even after a particular | triggering string is identified, it is not clear whether software can | be used to detect malicious programs. It almost

RE: more on malicious hardware

2008-04-28 Thread Scott Guthery
>>Adding a backdoor to chips is a different story, though, since that would require cutting a second set of masks. >>I am assuming that there must be no backdoor in the legitimately produced chips since the client would detect >>it as a slight violation of some of their timing simulations. The