1996-04-27 - Re: trusting the processor chip

Header Data

From: smith@sctc.com (Rick Smith)
To: jim bell <jimbell@pacifier.com>
Message Hash: 5679dca028c416d5a2e57d256bf8071ae5ac6c239e37dbc725bb932e7b132934
Message ID: <v01540b04ada6ca77a483@[172.17.1.61]>
Reply To: N/A
UTC Datetime: 1996-04-27 05:19:21 UTC
Raw Date: Sat, 27 Apr 1996 13:19:21 +0800

Raw message

From: smith@sctc.com (Rick Smith)
Date: Sat, 27 Apr 1996 13:19:21 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: trusting the processor chip
Message-ID: <v01540b04ada6ca77a483@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:23 AM 4/26/96, jim bell wrote:

> By NSA standards, it is simple.  NSA has probably had its own
> semiconductor  fabs for 30+ years.

Yep. Regardless of whether the fabs are government property or not,
it's a sure thing that some contractors have appropriately SCIFfed
fabs and appropriately cleared staffs.

> Even if we assume that
> their capabilities lag  commercial production in terms of
> density or quality, keyboard encoder chips  were trivial 20+
> years ago and could presumably be easily
> duplicated/modified today by even the oldest operating fabs.
> They probably  had far less than 10,000 transistors.  Even
> modern keyboard controllers  probably "waste"  a
> microcontroller with far more capability than you'd need
> for the task, and microcontrollers usually have
> substantially more code area  than would be necessary to add
> some sort of surreptitious function.

Agree. Keyboard controllers (and other peripheral components
of a system) are a much more tractable target than the CPU and
may be within the capbailities of such organizations. I'm more
inclined towards disk controller subversion myself. Of course,
there's also the apocryphal story of the so called "Iraqi
printer virus" that disabled the Iraqi air defense system.

Subverting the CPU is not simple even by NSA standards.

Rick.
smith@sctc.com        secure computing corporation







Thread