From: kelly@netcom.com (Kelly Goen)
Date: Thu, 18 Feb 93 12:50:01 PST
To: cypherpunks@toad.com
Subject: Re: Chip Level Back Doors
In-Reply-To: <9302181756.AA28225@toad.com>
Message-ID: <9302182048.AA04620@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> _________________________________________________________________
>              FROM THE VIRTUAL DESK OF SANDY SANDFORT
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> I'm relatively new to the list, so this may be an idea that's
> already been dealt with.  If so, please let me know off-line.
> 
> PGP was created as an end-run to legislation that would have
> mandated trapdoors in all encryption hardware/software sold in
> the U.S.   Fortunately, such legislation has been defeated to
> date.
> 
> How do we know the proposed legislation wasn't just a smoke
> screen?  Isn't it possible that the Feds have already compromised
> Intel or MicroSoft?  Is there some way to be sure that the new
> 486 chip running your computer isn't recording each PGP or RSA
> private key you generate?
> 
>      S a n d y                         ssandfort@attmail.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 


Actually I would like to respond to this one, from a technical level
silicon compilers use a process known as auto_insert logic,
this a a process where known gate libraries are automatically
inserted in the design of a chip, a gate level trapdoor may then be
created by designing a multiple level interdiction program, (virus
tech immediately came to mine on this one do to my work in
both the MS-DOS and Unix virus/security area, the first attack is
on the base OS that the OS for the cad package, generally its some variety of
Unix(tm), next the CAD package that manages the chip design, and finally the
silicon compiler itself, now while all these steps are essentially
trivial to an informed engineer in the business they are
essntially opaque to those outside of the design/foundry end for chip
design, could they be attacked in this fashion to create a gate level backdoor
??? With a modest investment intime and money by an attacker no,doubt
if he subverts an engineer on the project of interest.,-- whish could be at
the CAD software ivendor, the OS vendor for the cad platform,
now while design verification techniques are used in most chip houses
it should be relatively trivial to bypass that
given the complexity of todays designs... is it possible?? damn right,
Has it happened yet ??? I wouldnt know you tell me...
I worked on the CAD end, the OS end, and the Silicon compiler end
as well as having the skills needed to the the open holes in the whole
process... finding out a chip design had been
compromised wouldnt surprise me in the least...
A Chip level backdoor to reach into the middle of a running systems and grab
public keys is another magnitutde of complexity above what
we are
discussing on the gate level... is it possibile? most certainly...
It would cost immensely however, and would require the coorperation
or subversion of several steps in the chain  A LOT more code has to
be hidden in those auto_insert libraries and the
design verification process has to be MUCH more widely compromised,
and I believe performance hits WOULD be detectable at the end user level



       WHAT do YOU  think
       cheers
       kelly