[liberationtech] Hardware trojans, RNGs, and Syphermedia

[Matt Mackall]

This paper outlines simple changes that can be made to insert
vulnerabilities into silicon that are invisible to current
reverse-engineering techniques:

 http://people.umass.edu/gbecker/BeckerChes13.pdf

It uses Intel's random number generator as an example, detailing
precisely how it can be weakened such that it has predictable output yet
still appear perfectly random. This hack can be done by unobtrusive
changes to the production masks in the chip fabs.

One interesting note in the paper is that Intel has intentionally not
included the normal JTAG-style debugging interfaces on the RNG that
would allow you to spot this sort of tricker, ostensibly for security.
The trade-off here is "attackers can't discreetly snoop on your RNG
internals by physically connecting to pins on your CPU (though they can
still snoop on everything else on your system including the RNG
_output_)" vs "no one can validate the RNG behavior". This choice seems
a little suspect.


Secondly, the company Syphermedia does this sort of silicon-level
trickery as a business:

 www.smi.tv/SMI_SypherMedia_Library_Intro.pdf‎

Their primary customers appear to be companies making set-top boxes, but
it would be interesting to investigate if they have any links to the
NSA.

-- 
Mathematics is the supreme nostalgia of our time.