1996-04-27 - Re: trusting the processor chip

Header Data

From: tcmay@got.net (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: d609db09545c4a9a51523c8e8d2fe5f8ba5086d321ff2deacb0bad12c9aaa523
Message ID: <ada66cd5000210045f20@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1996-04-27 04:34:17 UTC
Raw Date: Sat, 27 Apr 1996 12:34:17 +0800

Raw message

From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Apr 1996 12:34:17 +0800
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
Message-ID: <ada66cd5000210045f20@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


My 9th grade classmate Rick Smith wrote:

>Having penned the response to Jeffrey Flinn on the unlikelihood of
>processor back doors, I'll comment on jim bell's response:

>> More likely,I think, an organization like the NSA
>>might build a pin-compatible version of an existing, commonly-used product
>>like a keyboard encoder chip that is designed to transmit (by RFI signals)
>>the contents of what is typed at the keyboard.  It's simple, it's hard to
>>detect, and it gets what they want.
>
>Simple, no. Hard to detect, somewhat. Gets what they want, unclear.

I haven't been commenting on this part of the thread, but since I am asked
to (below), I'll say that I agree with Rick on these points.

Though there have been fictional accounts--e.g. the French novel
"Softwar"--about replacement of chips with TLA versions, this tack is very
hard to pull off. (The Infoworld "April Fool's Day" 1991 report that the
NSA had arranged for printers entering Iraq to be modified so as to send
intelligence info was gullibly picked up by several outfits that should've
known better and reported as fact.)

>My experience with processor design and development is rather ancient
>and my knowledge of IC work is third hand, so I'll gladly defer to
>someone with closer knowledge of the process (Tim?).  However, I've
>never heard anything to imply that a processor architecture can be
>cleverly and reliably dinked with in this manner without lots of
>expensive engineering. Where does the chip real estate come from?  Is
>there room in the microcode for this? Will it destabilize other
>behaviors? Will the victim detect it through RFI testing?

For high-volume parts, such as the chips in the usual PCs we all use, such
a replacement would almost certainly need the cooperation of the chip
makers. Not impossible to obtain, but not easy. A new "stepping" of the
chip would probably be needed, though I suppose a chip with downloadable
microcode could be used.

Much more like, in my opinion, would be subversion of the software, a la
Thompson's point about subverting compilers.

And the work already done on "subliminal channels" that leak information
(deliberately in this case) is apropos. I know that such channels were a
major concern during the discussions of nuclear arms treaties.
Speculatively, if such a hardware replacement is likely, this is where I
would look first; but of course the parties to nuclear arms agreements know
this as well.

Anyway, there are all sorts of "maybes" and "possibles" here. Certainly
there is no _technical_ reason why a "Pentium--NSA-enabled" variant of the
Pentium could not be made...all things are possible. But how likely? And
where in the spectrum of real concerns does it lie? And would Intel dare to
cooperate with such a plan? And so on.

This'll have to be my last word on this topic.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









Thread