

Can Darpa fix the Cyber Security ‘Problem From Hell?’ - canistr
http://www.wired.com/dangerroom/2011/08/problem-from-hell/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

======
shabble
I attended a presentation a while back by a guy who was working on thermal
fingerprinting/watermarking for ASI[CP]s. It was targeted at design/soft-IP
producers, to detect if a particular chip was using their SoC modules without
a proper licence, by observing particular thermal signatures each IP block
generated. The cool bit was how it integrated deeply into the actual block
layout, to make it harder to remove.

It wouldn't stop the problem of a malicious manufacturer with sufficient
resources from adding nasty things, but it could probably raise the bar a bit.

------
lindauer
This is reminiscent of the problem laid out in Ken Thompson's "Reflections on
Trusting Trust."

<http://cm.bell-labs.com/who/ken/trust.html>

------
ChuckMcM
TL;DR version - Foreign governments can inject malware at the chip level, we
don't have a second source.

I think the short answer to this question is 'no.' The more interesting
question is can you write software that defends itself against a chip trying
to subvert it? Possibly. Some of the original triple redundancy with voting
research that was done for the space program might be useful here. Basically
run three chips in parallel and insure they all do the same thing. This would
have addressed the SCADA malware as it affected the operation of a single PLC
but wasn't synchronized to other PLCs. So using a voting scheme for 2 out of 3
you would have had reliable operation.

I think one of the winners would be Intel here. They have the most fab
capacity in the 48 contiguous states. With government contracts mandating the
chips be built on Intel processes in the U.S. of A. they could at least
protect the supply chain some what and act quickly when they suspected a
problem.

~~~
shabble
Redundancy and majority-vote decisions are not much use if you're relying on 3
instances of the same subverted hardware.

(A similar problem applies to non-malicious uses, where multiple systems (even
with N-version programming, clean room implementations, etc) interpret the
specification incorrectly and the majority vote the wrong way.)

Second sourcing and strict requirements for different hardware implementations
would cut a lot of the risk, especially if, as you say, one of them is a
trusted, domestic manufacturer.

The level of global production processes for high technology used in weapons
would make for an interesting additional dynamic to military foreign policy.
You can't really go attacking the guy who makes the widgets for your laser
guided bombs unless you've got either a really big stockpile (and risk
economic problems and obsolescence), or you can build them domestically if
necessary.

The statistic quoted in the article:

 _"The Pentagon now buys 1 percent of all the world’s integrated circuit
production"_

is pretty scary. I can't seem to find any reasonable source for the total IC
production available. <http://dx.doi.org/10.1126/science.1200970> looks
interesting, but I don't have access, so I've gone with the Ars summary on it:
[http://arstechnica.com/science/news/2011/02/adding-up-the-
wo...](http://arstechnica.com/science/news/2011/02/adding-up-the-worlds-
storage-and-computation-capacities.ars)

Assuming they're in it purely for GPU power, 1% of the estimated 10E12 MIPS is
100 Billion MIPS for the US defence establishment. Of course, 90% of it will
be custom fabbed stuff for embedded systems, but the sheer scale of it is
mind-blowing.

