[117762] in Cypherpunks
repost: Civil war for our personal computers.
daemon@ATHENA.MIT.EDU (Gary Jeffers)
Fri Sep 10 01:47:33 1999
Message-ID: <006301befb5d$347d26a0$a2c7a5d0@minemine>
From: "Gary Jeffers" <jeffers@htc.net>
To: <cypherpunks@cyberpass.net>
Date: Fri, 10 Sep 1999 00:22:10 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0060_01BEFB22.861F2340"
Reply-To: "Gary Jeffers" <jeffers@htc.net>
This is a multi-part message in MIME format.
------=_NextPart_000_0060_01BEFB22.861F2340
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I am reposting article for sake of people who don't like attachments. =
Earlier, I posted from MS Hotmail and had to do an
attachment. My modem is sort of working now.
CIVIL WAR IN OUR PERSONAL COMPUTERS
=20
or
THE SEGREGATED PERSONAL COMPUTER
=20
or
THE DIVIDED PERSONAL COMPUTER
or
MULTIPLE TRUSTED ENCRYPTED LINEAR GATED SENTINEL CPU's =
The BACK-DOORED CPU POSTULATE: The NSA either already has or soon will =
have the major
cpu manufacturers, including Intel, distributing cpu's with =
back doors in their
designs. This method is simply too elegant and too cheap on a =
per target basis to=20
pass up.
Personal computers are too big and complicated to trust. We have =
millions of bytes of=20
executable code and several digital chips in each one of them. Shrink =
wrapped software=20
and digital chips can be back-doored. Notibly, this also includes =
operating systems, Internet=20
browsers, and sentinels (anti-virus software). Nobody can guarantee that =
a back-door doesn't=20
exist on his modern computer.
TRUSTED CHIPS ARE CRUCIAL
The only possible way of defending against the threat of widely =
distributed commercial=20
back-doored hard or soft ware is by use of trusted cpu chips. By =
trusted, I mean chips of=20
which we could be sure that the architecture did not have any maliced =
structure (back doors).=20
Without trusted chips, I see little hope for information freedom.
The trusted chips would be used to segregate the personal computer. =
Trust would be=20
"distributed" over the computer. In operating your computer for critical =
private tasks, it=20
would be assumed that your computer could not be trusted as a whole. It =
would be assumed=20
that your computer had been back-doored. Trusted chips placed between =
computer components=20
would encrypt and decrypt data streams. In this way, the computer, as a =
whole, would not=20
"know" your private information.
At minimum, three trusted cpu's would be needed. One would be from =
keyboard to system.=20
Another would be from monitor to system. Another between the system and =
the telephone line=20
to the Internet.=20
GENERAL FUNCTION OF THE TRUSTED CHIP
The general function of the trusted chip is to encrypt/decrypt data. =
In this way,
the trusted chip would isolate back doors in the personal computer. =
Malice back doors
would only see "meaningless" encrypted data.
PROGRAMMING FOR THE TRUSTED CHIP
The programming on a trusted chip would be minimal. It would include =
PGP and some "wrapper"
and associated programming. Each chip would be a PGP "end user" with its =
own public/private=20
key pair. Data would flow thru the computer and the trusted chip gates.=20
All software would be open source so it could be publicly and =
privately evaluated=20
and compiled.
ARCHITECTURE OF THE TRUSTED CHIP
Architecture: A snap-in chip in a visible, single chip module with =
terminal pairs for=20
placement between system components. Maybe a variety of terminal pairs =
so user could
easily and flexibly plug chip module into his system. The trusted chip =
modules would be=20
designed so that they would not be tied to particular software. This =
way, software=20
development could be done independently of particular module =
considerations. The modules
would be "universal". Module and software design would be simplified and =
both would be=20
given greater utility.
MOBILITY, "DISTRIBUTEDNESS", AND VARIABILITY OF TRUSTED =
CHIP MODULES
Trusted chips and modules could easily be swapped in personal =
computers. Functionality
could be changed and upgraded easily and cheaply. They would tend to =
give the personal=20
computers a variable architecture that would be very difficult for a =
large State intruder=20
to systematically and cheaply deal with. They would make for a =
"distributed", variable=20
target that would necessitate the making "many solutions" for the =
intruder and render
the intruders job more difficult and expensive. The advantages of the =
intruder's large=20
scale solutions would be much diminished. Trusted chips could utilize a =
distributed
topology to counter the power pyramid, centralized topology of State =
tyranny. It would
be hard to widely control trusted chip systems for the same reason that =
it is impossible to
eliminate all cock roaches.=20
THREATS THAT TRUSTED CHIPS COULD COUNTER
The chief threats that trusted chips could counter would be =
commercial back doored
soft and hard ware and also black bag break in intrusions that placed =
back doors on=20
personal computers.
GENERAL OPERATIONS OF TRUSTED CHIPS=20
All trusted chips would be operating when crucial, private operations =
were being=20
conducted. Most of the time, the trusted chips could be in passive mode =
except for the
trusted chip between the computer and the Internet line. The Internet =
trusted chip=20
would constantly look for anomalous data. Its operation would probably =
differ greatly
from that of the other trusted chips.
=20
QUESTION: CORRUPTED CHIPS STANDING SENTINEL AGAINST EACH =
OTHER?
Questions? Would it be possible to put two back doored cpu chips in line =
and use encryption
in both of them in such a way that they could not pass a malice string =
between them? A
problem is that a maliced cpu could be triggered by an inputed signal =
string that would
open the back door operations. The problem here is that the first cpu =
would receive the=20
signal string and that would activate its operations and that signal =
string would seem
to be impossible to censor without a trusted chip. Generally, could you =
encrypt/censor
data to a possibly corrupted back door cpu chip without a trusted chip =
in front of it?=20
If anybody can figure the above out, then everything becomes much =
easier and the problem
becomes solvable without the use of trusted chips.
EXIT
Well, I'm out of ideas for now. Could there be such a thing as a =
"trusted chip". How=20
could it be done? - EPROMS? I'm not good at hardware. Somebody help out =
here.=20
Yours Truly,
Gary Jeffers
BEAT STATE!!!!
------=_NextPart_000_0060_01BEFB22.861F2340
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>
<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000 size=3D2>I am reposting article for sake of =
people who=20
don't like attachments. Earlier, I posted from MS Hotmail and had to do=20
an</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2>attachment. My modem is =
sort of=20
working now.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000=20
size=3D2> &nbs=
p; =20
CIVIL WAR IN OUR PERSONAL=20
COMPUTERS<BR> =
&=
nbsp; =20
<BR> &nb=
sp; &nbs=
p;  =
; =20
or<BR> &=
nbsp; &n=
bsp; =20
THE SEGREGATED PERSONAL=20
COMPUTER<BR> &=
nbsp; &n=
bsp; =20
<BR> &nb=
sp; &nbs=
p;  =
; =20
or<BR> &=
nbsp; &n=
bsp; =20
THE DIVIDED PERSONAL COMPUTER</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000=20
size=3D2> &nbs=
p;  =
; =
=20
or<BR> &=
nbsp; =20
MULTIPLE TRUSTED ENCRYPTED LINEAR GATED SENTINEL CPU's </FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2><BR> The BACK-DOORED CPU =
POSTULATE: The NSA=20
either already has or soon will have the=20
major<BR> cpu =
manufacturers,=20
including Intel, distributing cpu's with back doors in=20
their<BR> designs. This =
method=20
is simply too elegant and too cheap on a per target basis to=20
<BR> pass =
up.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2><BR> Personal computers =
are too big=20
and complicated to trust. We have millions of bytes of <BR>executable =
code and=20
several digital chips in each one of them. Shrink wrapped software =
<BR>and=20
digital chips can be back-doored. Notibly, this also includes operating =
systems,=20
Internet <BR>browsers, and sentinels (anti-virus software). Nobody can =
guarantee=20
that a back-door doesn't <BR>exist on his modern computer.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000=20
size=3D2><BR> =
&=
nbsp; =20
TRUSTED CHIPS ARE CRUCIAL</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> The only possible way =
of defending=20
against the threat of widely distributed commercial <BR>back-doored hard =
or soft=20
ware is by use of trusted cpu chips. By trusted, I mean chips of =
<BR>which we=20
could be sure that the architecture did not have any maliced structure =
(back=20
doors). <BR>Without trusted chips, I see little hope for information=20
freedom.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> The trusted chips would =
be used to=20
segregate the personal computer. Trust would be =
<BR>"distributed" over=20
the computer. In operating your computer for critical private tasks, it=20
<BR>would be assumed that your computer could not be trusted as a whole. =
It=20
would be assumed <BR>that your computer had been back-doored. Trusted =
chips=20
placed between computer components <BR>would encrypt and decrypt data =
streams.=20
In this way, the computer, as a whole, would not <BR>"know" =
your=20
private information.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> At minimum, three =
trusted cpu's=20
would be needed. One would be from keyboard to system. <BR>Another would =
be from=20
monitor to system. Another between the system and the telephone line =
<BR>to the=20
Internet. </FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000=20
size=3D2><BR> =
=
GENERAL FUNCTION OF THE TRUSTED CHIP</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> The general function of =
the trusted=20
chip is to encrypt/decrypt data. In this way,<BR>the trusted chip would =
isolate=20
back doors in the personal computer. Malice back doors<BR>would only see =
"meaningless" encrypted data.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000=20
size=3D2><BR> =
&=
nbsp; =20
PROGRAMMING FOR THE TRUSTED CHIP</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> The programming on a =
trusted chip=20
would be minimal. It would include PGP and some =
"wrapper"<BR>and=20
associated programming. Each chip would be a PGP "end user" =
with its=20
own public/private <BR>key pair. Data would flow thru the computer and =
the=20
trusted chip gates. </FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> All software would be =
open source=20
so it could be publicly and privately evaluated <BR>and =
compiled.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000=20
size=3D2><BR> =
&=
nbsp; =20
ARCHITECTURE OF THE TRUSTED CHIP</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> Architecture: A snap-in =
chip in a=20
visible, single chip module with terminal pairs for <BR>placement =
between system=20
components. Maybe a variety of terminal pairs so user could<BR>easily =
and=20
flexibly plug chip module into his system. The trusted chip modules =
would be=20
<BR>designed so that they would not be tied to particular software. This =
way,=20
software <BR>development could be done independently of particular =
module=20
considerations. The modules<BR>would be "universal". Module =
and=20
software design would be simplified and both would be <BR>given greater=20
utility.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000=20
size=3D2><BR> =
=20
MOBILITY, "DISTRIBUTEDNESS", AND VARIABILITY OF TRUSTED CHIP=20
MODULES</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> Trusted chips and =
modules could=20
easily be swapped in personal computers. Functionality<BR>could be =
changed and=20
upgraded easily and cheaply. They would tend to give the personal =
<BR>computers=20
a variable architecture that would be very difficult for a large State =
intruder=20
<BR>to systematically and cheaply deal with. They would make for a=20
"distributed", variable <BR>target that would necessitate the =
making=20
"many solutions" for the intruder and render<BR>the intruders =
job more=20
difficult and expensive. The advantages of the intruder's large =
<BR>scale=20
solutions would be much diminished. Trusted chips could utilize a=20
distributed<BR>topology to counter the power pyramid, centralized =
topology of=20
State tyranny. It would<BR>be hard to widely control trusted chip =
systems for=20
the same reason that it is impossible to<BR>eliminate all cock roaches.=20
</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000=20
size=3D2> &nbs=
p; =20
THREATS THAT TRUSTED CHIPS COULD COUNTER</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> The chief threats that =
trusted=20
chips could counter would be commercial back doored<BR>soft and hard =
ware and=20
also black bag break in intrusions that placed back doors on =
<BR>personal=20
computers.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000=20
size=3D2><BR> =
&=
nbsp; =20
GENERAL OPERATIONS OF TRUSTED CHIPS </FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> All trusted chips would =
be=20
operating when crucial, private operations were being <BR>conducted. =
Most of the=20
time, the trusted chips could be in passive mode except for =
the<BR>trusted chip=20
between the computer and the Internet line. The Internet trusted chip =
<BR>would=20
constantly look for anomalous data. Its operation would probably differ=20
greatly<BR>from that of the other trusted chips.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2><BR> </FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000=20
size=3D2><BR> =
=20
QUESTION: CORRUPTED CHIPS STANDING SENTINEL AGAINST EACH =
OTHER?</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2>Questions? Would it be possible to =
put two back=20
doored cpu chips in line and use encryption<BR>in both of them in such a =
way=20
that they could not pass a malice string between them? A<BR>problem is =
that a=20
maliced cpu could be triggered by an inputed signal string that =
would<BR>open=20
the back door operations. The problem here is that the first cpu would =
receive=20
the <BR>signal string and that would activate its operations and that =
signal=20
string would seem<BR>to be impossible to censor without a trusted chip.=20
Generally, could you encrypt/censor<BR>data to a possibly corrupted back =
door=20
cpu chip without a trusted chip in front of it? </FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> If anybody can figure =
the above=20
out, then everything becomes much easier and the problem<BR>becomes =
solvable=20
without the use of trusted chips.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000=20
size=3D2><BR> =
&=
nbsp; &n=
bsp; =20
EXIT</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2> =
Well, I'm=20
out of ideas for now. Could there be such a thing as a "trusted =
chip".=20
How <BR>could it be done? - EPROMS? I'm not good at hardware. Somebody =
help out=20
here. </FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2>Yours Truly,<BR>Gary =
Jeffers</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2>BEAT =
STATE!!!!<BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_0060_01BEFB22.861F2340--