Why go to all the trouble of inserting backdoors when clearly a large number of PC owners are clueless and have their machines already taken over. Who needs covert hardware and software tweaks when we’ve got Microsoft?
Heh. As part of the performance appraisal process at Bell Labs was a warning about not trusting your computer too much, with this very memo.
Easy: you put the backdoor in the compiler. It’s a fairly well known attack vector.
Ah, but if you were paranoid you can easily compile an open source compiler with several other ones, then with itself, and compare results for a simple hello world program. I’m well aware of the issue (see two posts up) but even in Bell Labs the C compiler didn’t come in source, though I’m sure Ken would have sent it to anyone who wanted it.
Not to mention that compiler writers (I did one for my dissertation) look at the code produced a lot more closely than the normal person, so it is unlikely that compiler X would get infected by compiler Y practically speaking.
Cite? Are you talking about “Reflections on Trusting Trust” or was this something that actually happened?
Possible. But it’s difficult to do things like that without anyone noticing.
Apparently hard-wired backdoor programs ARE possible, per this study (PDF)
No one disputes that hard-wired backdoor programs are possible. The question is whether they can do anything useful without getting detected. Nothing about the attacks in your linked paper would make them any less detectable to the end user than the conventional and obvious way for an IC designer to implement a backdoor. The novelty in that paper is in how the IC fab might hide a backdoor from the IC’s designers, not how an IC designer might hide a backdoor from the IC’s end users.
Actually, I see that Voyager was maybe slightly disputing that above. I think it’s easier than he/she thinks: you can probably escalate privilege just by tampering with one or two bits that aren’t in a critical path, and you can hang your trigger circuit off basically any one bit that’s under software control. I think it would be hard but still practically possible for an IC fab to do that in a typical design, for some definition of “practical”. The deadline (since you have to work fast, or else the customer notices the mysterious extra year of lead time…) certainly makes it harder. You might be able to backdoor popular hard IP (e.g., an ARM core) ahead of time, though, and wait for a design that used it.
In any case, nothing in the linked paper makes the “not breaking the test vectors” part any easier. Their contribution is a slightly smaller (easier to place, harder to notice by examining die photographs and stuff) trigger circuit. They do model some of the timing effects mentioned by Voyager, which they claim are not too bad. Those timing effects are no different with their trigger vs. a conventional one.
I wasn’t going to bother, but I am weary of reading this meme.
Go back in history and look at how many people were involved in the manhattan project. Estimates are approx. 125k, and yet Harry Truman had no idea about the status of the project (not to mention the American people, who didn’t have a clue). The only people who knew were those people who had a need to know. Compartmentalization has become an art form. Most people who work in top secret jobs have very little idea of what the details of the big picture actually is. They know their assignment. This is by design and this is a good thing.
People are very good at keeping secrets. And depending on your personal moral code, you may or may not be able to be paid enough money to keep your mouth shut. Geeky engineers are like most everyone else… most have families, mortgages, and financial needs to meet. When you think about it, it becomes very easy to understand how someone who is in a position of knowledge would keep his/her mouth shut because opening it, at the very least, would blackball them from many industries. No job? No money! Goodbye comfortable lifestyle, hello uncertainty and stress.
Some people cannot be bought… They are quickly dispatched or marginalized until they get the hint. Some people don’t mind being marginalized… As long as their job and salary are secured, whatever else happens is not their concern. Rarionalization is a wonderful thing.
Whether or not what the OP is asking is happening on a wholesale level or not is impossible for me to say. But to think that something like this couldn’t happen because people would talk is simply nonsense.
So, someone else is watching the last episodes of Person of Interest!
Wrong. The Manhattan Project was a veritable colander of leaks.
*"These detailed accounts have been made public on the website of the Department of Energy, which has posted the 36-volume, official history of the Manhattan Project, which had been commissioned by General Leslie Groves in late 1944. Among the most intriguing set of documents, released last month, is the volume about intelligence and security, which reveals:
"Since September 1943, investigations were conducted of more than 1,500 'loose talk' or leakage of information cases and corrective action was taken in more than 1,200 violations of procedures for handling classified material…. Complete security of information could be achieved only by following all leaks to their source."*
http://io9.gizmodo.com/secrets-of-the-manhattan-project-were-leaked-a-staggeri-1626524763
I am so hoping that crypto will tell us who really brought down the Twin Towers.
Including a direct pipeline to Moscow …
What secrecy was maintained with the Manhattan Project was based on patriotism … it was just three years before the IJN almost annihilated our ability to defend the West Coast … and people honestly believe an invasion was eminent.
If one is afraid their country will be destroyed, they’re more likely to keep the secrets … I just don’t see the same level of loyalty in the IC manufacturing sector.
You know, there was this guy Edward Snowden who released a lot of documents not all that long ago (but after this thread started).
Some of these docs clearly show that the NSA had backdoors in key parts of Intel and other chip makers’ cpus. Using these, they could read a large part of encrypted Internet traffic.
One of the methods was a deliberate weakening of the RNG provided by the cpus. There was an odd “magic number” in the initialization that was never explained, until Snowden.
Modern chips are so complicated, who knows what’s really going on deep in the microcode.
Another source of concern are the encrption systems built in to many modern hard drives. The manufactureres are extremely closed mouth about them and no one has any idea whether they can be readily defeated by the NSA or some such.
Remember: If someone can break it, even “just the government”, it’s completely broken and cannot be trusted.
Your citation doesn’t seem to back up your claim. The article is about the NSA’s ability to get the information off the internet and break the encryption. It doesn’t say they’re tapping into the CPU itself. If the NSA could tap straight into the CPU, they wouldn’t need to break the encryption. The article does talk about the risk if the NSA could tap into the CPU, but the answer to the OP is still no, the NSA currently can’t.
I’m not sure this information was reveled by Snowden, the encryption we use over the internet was never considered very robust. The military has never used it for their classified transmissions. This is the center of the Hillary Clinton e-mail scandal, she did use these substandard technologies when it was clear she should have used military encryption, where we don’t actually include the key with the document.
I don’t know about what you’re using, but the encryption I use is at least as robust as what the military’s using. Probably more so, if they’re trying to keep what they’re using secret.
The article says the NSA compromised those methods listed there. If it’s one of those you’re using, then it’s not as robust as the military’s methods. Seriously, if the NSA breaks the encryption, why the hell would the NSA use that encryption.
I don’t know any of the details of how SSL works. The cryptographic algorithm requires a seed value, and both sides need this seed value; one to encrypt the information, the other to decrypt it. My understanding is this seed value is convoluted and complexified as to be unrecognizable, and then just simply included with the message. Granted, a person who intercepts the cipher would need the computation power of someplace like the NSA to extract the original information. With enough money, about anyone can get this computation power.
The article says the NSA can do this now …
The military writes this seed value on a piece of paper, gives it to a security officer, puts him on a C-17 to where ever and the security officer hand-delivers the seed value to the recipient. The “key” is never sent where our enemies can get it.
The NSA cannot break their own codes.
From the linked article:
“Earlier this year, the program found ways inside “some of the encryption chips” used by businesses and governments, **either by working with chipmakers to insert backdoors **or by surreptitiously exploiting existing security flaws, the NYT said.”
Sure, “some of the encryption chips”, I get that … ftg is talking about CPU’s and the article doesn’t back up that particular claim. My thought is that if we had a back door to the processor, we would have access to the information before it’s encrypted. The article is about the NSA breaking the encryption, so I’m assuming they don’t have access to the processor.
Mono printers do it too, with tiny, pale grey dots.
A “veritable colander of leaks”? Hmm. Amazing. But Truman didn’t know until Roosevelt died. I guess he needed you to show him the way.