[118041] in Cypherpunks
Re: trusted chips? trusted testing other chips? backdoored
daemon@ATHENA.MIT.EDU (Sean Roach)
Sat Sep 18 01:48:41 1999
Message-Id: <3.0.6.32.19990918003302.0084d850@mail.intplsrv.net>
Date: Sat, 18 Sep 1999 00:33:02 -0500
To: cypherpunks@algebra.com
From: Sean Roach <roach_s@mail.intplsrv.net>
In-Reply-To: <000501befdbe$c86db880$3fc7a5d0@minemine>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Reply-To: Sean Roach <roach_s@mail.intplsrv.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 01:05 AM 9/13/99 -0700, Gary Jeffers wrote:
>
>trusted chips? trusted testing other chips? backdoored chips
>practical?
>
> It seems to me that to have real computer security it is
> necessary
>to have at least 1 CPU chip trusted. An oppressive and ambitious
>State could most elegantly destroy computer freedom by putting
>backdoors with string checkers in CPU chips.
>
> It might be possible to put a modest CPU chip in line with the
>powerful, modern "maliced" chips in order to "cage" them. The
>trusted chip would encrypt and decrypt the data flowing to and from
>the "maliced" chip. There could be several cheap trusted chips in a
>system. At the very least, the trusted chips could prevent "maliced"
>systems from sending and receiving "malice" strings.
>
> Trusted chips could be placed between keyboards and the rest of
>the system. Monitors would be more difficult.
>
> Could a trusted chip be built so that it kept its memory when the
>system was powered down? I think this would be necessary.
>
> Is it possible for a trusted chip to determine if another
>chip can be trusted?
>
> Would it be practical for a huge State to force CPU chip
>manufacturers to design their chips with backdoors?
Okay, I'll bite.
First of all, you overlook merely compromizing the interface directly
and not even bothering with the CPU. I personally don't see why I
should trust this trusted chip any more than the cpu it's supposed to
protect me from. It seems to me that a really good government trick
would be to have a front provide such "trusted" chips to the public.
Since only those who recognize that they might have something to hide
would bother with this technology, those getting the technology are
the ones that need to be watched, right?
Instead, how about redundant chips. Unless the NSA gets all chip
manufacturers to compromise their chips in the exact same way, at
least as far as output, why not have an odd number of processors from
different manufacturers, all directly compatible with one another,
all getting the same input, and hopefully giving the same output.
For a system with 3 chips, for arguements sake, lets say Intel,
Cyrix, and brand C, because I can't reliably think of a third
supplier. If Intel and Cyrix give a certain output, while brand C
gives a different output for a certain pin, discard brand C and keep
the output from Intel and Cyrix. The same goes for if Cyrix is out
voted, or Intel. In cases where this is a random number, the effect
should still be just as random. Serial numbers, however, should be
nicely garbled, being the majority output, bit by bit of 3 different
processors. For instance, if the first character of the serial
number on each of the three chips is A, 3, and 8 in hex, or 1010,
0011, and 1000, the output would be 1010, an A. For 2, 9, 7, it
would be 0010, 1001, and 0111, coming out to be a 0011, or a 3. Thus
the output serial number, even, would not match any one chip,
although as my first example showed, occasionally coincidences occur.
If the chips are truly compatible, at the input and output of the
pins, then such processing, which would be much simpler to implement,
and test for backdoors, should be transparent to the software.
Just my uninformed two cents.
Sean Roach
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBN+MkDZHDoiHtqFDZEQLUrQCgkuZ8dDHfH1Xym5M3AiH0Sw/wZVsAnjTE
RxdbCA84kow7cWA6CJ4ag/v/
=1T81
-----END PGP SIGNATURE-----
