[117927] in Cypherpunks
Re: chips, trust, waldoes, ultranoia, levels of abstraction, etc.
daemon@ATHENA.MIT.EDU (Anonymous)
Wed Sep 15 20:31:18 1999
Date: Thu, 16 Sep 1999 02:11:12 +0200 (CEST)
Message-Id: <199909160011.CAA27723@mail.replay.com>
From: Anonymous <nobody@replay.com>
To: cypherpunks@algebra.com
Reply-To: Anonymous <nobody@replay.com>
cyphrpnk wrote:
>
>having worked at both Cadence and Mentor Graphics as well as Amdahl on EDA
tools
Thanks. I work at the HDL level. I trust myself, and
my simulator, but am obligated to be paranoid about everyone else.
Especially those whose output I can't read (and whose
work I depend upon). Conservative engineering. What a concept.
No idea why my boss trusts me, except that he threatens to make
my HDL publicly inspectable. He knows C and can't read HDL; I know C and
an HDL, but I don't easily read megabytes of GDSII or know how to wrangle
the tools that do. (And I once
wrote a very fast X based renderer for it. I have been able
to read gates from polygons.)
I don't worry about tools [1] as much
as the night-before-tapeout switch by adversaries who
have had access weeks before.
[1]
E.g., your 'Thompson' ('trusting
trust', ACM) attack --is a Feistel network in an HDL recognized more or
less readily as a login routine in C?
For example
The simplest mask-level leaker circuit I can imagine is a free running
ring oscillator, with either 3 or 5 inverters in the
chain, selected by a mux also in the chain. The mux
select is driven by the bitstream you want to tap.
This FM (FSK) modulates the oscillator: 3 or 5 inverter delays
plus a mux delay. Process-dependent
carrier frequency, yes, but it could really help the reception
if your shielding isn't up to par, and it doesn't require HDL level
cooperation. Sometimes good architects' plans
are built by shoddy contractors. Sometimes contractors
install bugs into buildings. Naaah, never happens.
Maybe I need more sleep.
This tiny circuit would help an RF attack, in much the same way
as the proposal for maliceware to drive a PCI bus (as an
antenna) for reception by the boyz in the van.
Remember, its to protect the children. And national
security. Nation of children?
...
Don't even ask about built-in-test vulnerability.
Or some dunghead will go on about the ISO9001-JTAG-Dickinson
conspiracy...
...
Free spookcircuit.
The power attack people could be helped by such simple (and
mask-level means) as enlarging certain capacitances (ie, transistor sizes;
wire lengths) to increase the draw. Deniability: "Oh, Spice said we needed
bigger drivers there."
But the power attack people don't need any help. They're doing quite well.
*I* don't want to keep money in a bank that keeps their secrets in Paul
Kocher's wallet.
>and cell libraries ... the problem of "chipping" isnt that complex... in
>ALL EDA packages(at least the ones I have had a hand in) there exists
>a facility to insert glue logic into a cell lib automagically
>its called autoinsert logic AND..generally it isnt protected against
modifications
>i.e. no checksums or hashs... it is generally ignored because it
>was checked prior to the placement into auto-insert logic...
>a trojan could be inserted quite easily via this method...
>and probably WONT be found...
> nuff said
> a cypherpunk
Remember comrades, this is ultranoia... for recreational
use only.. if symptoms persist, see your doctor or friendly local
firearms dealer.
