25 Jul
2014
25 Jul
'14
1:12 p.m.
On Jul 25, 2014, at 3:10 PM, Sean Caron <scaron at umich.edu> wrote:
A lot of the techniques described in the "NSA ANT
Catalogue" [1] seem to be
based on exploiting the machine at the level of the BIOS/ROM monitor,
microcode, etc. Really very sneaky to compromise the hardware itself; it
often goes overlooked that firmware can be surreptitiously re-flashed, CPU
microcode surreptitiously modified, FPGAs reprogrammed... you really start
to question your confidence in _any_ hardware... maybe it's all been pre
compromised for mass surveillance before it even gets into our hands...
certainly select bits of equipment are ...
Good reason not to use the BIOS.
http://cm.bell-labs.com/who/ken/trust.html is very relevant. It?s a different approach to
hiding a security attack; this one is hidden in the compiler. Same sort of issue; you
wouldn?t tend to expect it there.
One conclusion is that the security benefits of open source software carry over to open
source hardware. Don?t trust your processor? Build your own from an FPGA plus open
source VHDL.
On the supposed attack on the RNG: that demonstrates what security people know quite well,
which is that it?s not in fact an RNG and it should never be used that way. Instead, it
is one (of several) sources of entropy. The actual strong RNG is a bit of software like
the /dev/random driver in your favorite kernel, or open source libraries like Yarrow or
others. If you feed them bits from a compromised ?hardware RNG?, nothing bad happens.
The worst possible outcome is that those bits contribute zero entropy; the more likely
answer is that whatever patterns had been built into it are wiped out by the mixing
machinery of the software strong RNG.
There?s a reason for that: tradional hardware randomness sources, like noise or the like,
are biased. It?s very unlikely that they produce actual white noise, with equally
probably 1 and 0 bits and no higher level patterns. The software RNG takes care of all
that.
paul