Search Mailing List Archives
[liberationtech] How to defend against attacks on chips?
mpm at selenic.com
Sun Jun 16 09:59:26 PDT 2013
On Sun, 2013-06-16 at 11:54 +0200, Guido Witmond wrote:
> On 16-06-13 04:12, Waitman Gobble wrote:
> > On Sat, 15 Jun 2013 17:19:14 -0500, Anthony Papillion
> > <anthony at cajuntechie.org> wrote:
> >> But how do we handle hardware attacks? For example, what happens when a
> >> chip maker, say Intel, collaborates with the government to allow access
> >> to users systems from the chip level? How can we defend against this?
> Unless it's tamper resistant hardware, there is always the electron
> microscope to verify the chips itself. It's a big job but could be an
> ongoing graduation project at a few universities in
> China/Russia/Iran/Iraq. I bet they love to present the evidence of
> tampering in an Intel processor.
Let's say we could fully automate the process of converting an an
electron microscope image of the >1B transistors on a recent Intel CPU
to about a billion lines of Verilog "source code". Let's divide that by
a generous factor of 50 to account for a lot of this being highly
repetitive patterns like cache.
Now we simply have to audit 20 million lines of source code. Given that
we're hopelessly bad at auditing the millions of lines of source code we
already have, this seems like a doomed process. That's before we even
start to consider any of the ways that Intel could obfuscate the
Bear in mind that Intel can't even fully verify their own designs,
despite having complete access to the design. This is how we get things
like the Pentium FDIV bug, which is only the most famous of the
thousands of bugs discovered in their CPUs. And yes, a bunch of those
bugs have been remotely-exploitable security holes:
(One could argue that the NSA doesn't need Intel to backdoor their CPUs
because Intel is already doing that by accident on a regular basis.)
Mathematics is the supreme nostalgia of our time.
More information about the liberationtech