From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Apr 1996 23:23:04 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: trusting the processor chip
Message-ID: <m0uCiBa-00094jC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:14 PM 4/25/96 -0700, Paul S. Penrod wrote:
>
>
>On Thu, 25 Apr 1996, jim bell wrote:
>?
>> 
>> This analysis seems to assume that the entire production run of a standard 
>> product is subverted.  More likely,I think, an organization like the NSA 
>> might build a pin-compatible version of an existing, commonly-used product 
>> like a keyboard encoder chip that is designed to transmit (by RFI signals) 
>> the contents of what is typed at the keyboard.  It's simple, it's hard to 
>> detect, and it gets what they want.
>> 
>> Jim Bell
>> jimbell@pacifier.com
>> 
>> 
>
>This is getting more rediculous by the minute. If NSA wanted to find out 
>what you were typing, they dont need to subvert microcode or chips on the 
>board. Unless you have a tempest device - all they have to do is pull RF 
>from your vicinty  and they can *see* just exactly what your typing.

You don't understand the subject, do you?  While it is possible to determine 
a great deal of information  from RF, there is an enormous difference in 
effort between analyzing the output of an uncooperative, inadvertent 
transmitter and a "cooperative" one.  The most commonly understood source of 
RF signals come from CRT's, called Van Eck radiation.  But passwords don't 
generally appear on CRT displays, so that is of limited value.  I don't 
doubt that standard keyboards produce RF that might be analyzed, their 
output is probably not particularly easy to detect against a background of 
processor RFI.  (It's short and low-amplitude)   Far easier to analyze would 
be a chip that loudly and longly transmitted the current typed keyboard 
character, perhaps in some sort of serial binary code, possibly by driving 
the keyboard scanning lines according to a pre-arranged pattern designed to 
emit RF at a particular rate based on the clock oscillator.  This 
transmission would be just about undetectable to anyone who didn't have a 
whole raft of sophisticated detection equipment.  However, to those who know 
what to look for, it would probably be relatively easy to see. 

One particularly important reason for using such a chip, which you entirely 
overlooked, is that many computers are at sites with more than one, and in 
some cases many more than one computer.  Their signals will mix, obviously, 
and will be very hard to separate.  If it is possible to replace a keyboard 
chip with a Trojan Horse, the one desired target will be far more identifiable.



Jim "He only talks about one thing" Bell
jimbell@pacifier.com