[121878] in cryptography@c2.net mail archive
Re: "Designing and implementing malicious hardware"
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Apr 28 17:39:44 2008
To: Ed Gerck <edgerck@nma.com>
Cc: Cryptography <cryptography@metzdowd.com>
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 28 Apr 2008 17:37:55 -0400
In-Reply-To: <481631B2.4030405@nma.com> (Ed Gerck's message of "Mon\, 28 Apr 2008 13\:21\:06 -0700")
Ed Gerck <edgerck@nma.com> writes:
> Perry E. Metzger wrote:
>> No. It really does not. Shannon's tenth theorem is about correcting
>> lossy channels with statistically random noise. This is about making
>> sure something bad doesn't happen to your computer like having someone
>> transmit blocks of your hard drive out on the network. I assure you
>> that Shannon's theorem doesn't speak about that possibility.
>
> Yet, Shannons' tenth theorem can be proven without a hypothesis that
> noise is random, or that the signal is anything in particular.
Not quite. If I inject noise into a channel in the right way, I can
completely eradicate the signal. For example, I can inject a different
signal of exactly opposite phase.
However, in any case, this doesn't matter. We're not talking about
receiving a signal without errors at all. We're talking about assuring
that your microprocessor possesses no features such that it does
something evil, and that something can be completely in addition to
doing the things that you expect it to do, which it might continue to
do without pause.
Lets be completely concrete here. Nothing you have suggested would
work against the described attack in the paper AT ALL. You cannot find
"evil chips" with statistical sampling because you don't know what to
look for, and you can't detect them by running them part of the time
against good chips because they only behave evilly once in a blue moon
when the attacker chooses to have them behave that way. Indeed, I
don't even see how someone who had read the paper could suggest what
you have -- it makes no sense in context.
And with that, I'm cutting off this branch of the conversation.
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
