1996-04-27 - Re: trusting the processor chip

Header Data

From: Rick Smith <smith@sctc.com>
To: jimbell@pacifier.com
Message Hash: 61faaff300070f1993ba86d787274797f8f6641e265ce645442c200218e3badc
Message ID: <199604261550.KAA20217@shade.sctc.com>
Reply To: N/A
UTC Datetime: 1996-04-27 04:31:41 UTC
Raw Date: Sat, 27 Apr 1996 12:31:41 +0800

Raw message

From: Rick Smith <smith@sctc.com>
Date: Sat, 27 Apr 1996 12:31:41 +0800
To: jimbell@pacifier.com
Subject: Re: trusting the processor chip
Message-ID: <199604261550.KAA20217@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Having penned the response to Jeffrey Flinn on the unlikelihood of
processor back doors, I'll comment on jim bell's response:

>This analysis seems to assume that the entire production run of a standard 
>product is subverted. 

Actually, I perceived two models: either all processors are subverted
or a subset of them are. Both require a reasonably complete design
team to reliably achieve the objective of a well hidden and reliable
back door. The cost effective thing to do is use the original design
team since they have the knowledge you need to pull it off. A
different and/or much smaller team has a lower likelihood of success.

> More likely,I think, an organization like the NSA 
>might build a pin-compatible version of an existing, commonly-used product 
>like a keyboard encoder chip that is designed to transmit (by RFI signals) 
>the contents of what is typed at the keyboard.  It's simple, it's hard to 
>detect, and it gets what they want.

Simple, no. Hard to detect, somewhat. Gets what they want, unclear.

My experience with processor design and development is rather ancient
and my knowledge of IC work is third hand, so I'll gladly defer to
someone with closer knowledge of the process (Tim?).  However, I've
never heard anything to imply that a processor architecture can be
cleverly and reliably dinked with in this manner without lots of
expensive engineering. Where does the chip real estate come from?  Is
there room in the microcode for this? Will it destabilize other
behaviors? Will the victim detect it through RFI testing?

No, it's not impossible. The risk vs reward tradeoff is shaky.

Rick.
smith@sctc.com        secure computing corporation





Thread