
Backdoor found in a China-made US military chip  - turnersr
http://www.cl.cam.ac.uk/~sps32/sec_news.html#Assurance
======
ChuckMcM
Interesting discussion. Some denial, some tin hat, some contemplative. I think
I've had all of those emotions with this sort of thing.

There are diagnostics in our network switches that allow for traffic to be
replicated and sent to other ports with a different destination mac (this
isn't port mirroring is more like port re-directing). Clearly in the hands of
a bad guy they might set up a machine on the LAN to get a copy of all the
traffic. Is it a cyberwar beach head? Probably not. Could it be exploited in
an attack? Probably. Of course if someone tried to route all that traffic
outside the network into the transit network it would be pretty obvious. So
not a good scenario.

Like the controller back door article on Ars last month I suspect most of
these things are diagnostic aids. You ask an engineer to test something and
that something is buried inside a bunch of silicon and the only way to do that
is to build some stuff in there that lets you look at things.

Of course you can do this in a 'smart' way, and in a 'stupid' way. When I
started at Intel there were extra pads on the silicon that got to these extra
functions, you ordered a 'bond-out' chip where bonding wires (between the chip
pins and the silicon) would be attached. All of the in circuit emulators up to
the 386 had a 'bond out' version in the emulator pod that gave you access to
internal state of the chip. Others have pointed out the key for loading
replacement microcode, another 'feature' to fix bugs in the field and do
diagnostics.

So things which require either 'special' chips or attaching a JTAG probe
directly to the part, are generally ok in my book. Once you have physical
access nearly all bets are off.

Its an expensive way to compromise the enemy. Simpler to just build a piece of
gear that looks and operates exactly like the original but is your own design.
There was some counterfeit Cisco boxes like this in the channel for a bit. Of
course they 'fail' when you update IOS and it fails. Still the cost to exploit
is lower and more assured than back dooring silicon in a fab.

Its also pretty hard to add features to a chip without the designer of the
chip in on the game. Every transistor is accounted for by long verification
and analysis so 'extra' ones would show up. That limits the risk to a chip
manufacturer being the 'bad guy' (and they are very traceable so unlikely to
do that)

None of this though should take away from the excellent work Cambridge is
doing. The silicon analysis is really cutting edge stuff, and I think it would
be useful for chip designers in verifying their masks are accurate too. If you
could effectively 'decompile' the resulting silicon and verify it against your
netlist, that would catch mask errors. And _that_ would save anywhere from
$100,000 to $2,000,000 depending on size of the mask.

~~~
lifeisstillgood
I'm sorry I am not sure what you are saying here. It seems to be "this is far
more likely to be a test engineers backdoor that was not on the spec" then a
Chinese backdoor added at the fab"

with no evidence either way, I am guessing that US intelligence (and others?)
are loudly saying this is happening not because they can prove it in silicon
but convincing human intelligence has told them

I happen to think that the techniques developed to analysis silicon are going
to be useful all round, and that a backdoor in a chip does not make a
successful cyber attack in the wild, but if these are real in-the-fab
additions then the implications are so large we should be prepared to not
label this "it's just a test component" and look at ideas like validating
silicon (noted somewherre else below)

~~~
jasonwatkinspdx
The NSA has it's own fab resources. That fact alone tells you everything you
need to know. The only remaining question is to what extent is it cost
effective to still use suspect parts.

~~~
lifeisstillgood
Sorry, the NSA has it's own billion dollar fab soitcan build copyrighted Intel
clones?

I simply don't get it?

* what happens when Intel release the nextgenration of chips? Apparently Intel needs to rebuild a while new fab plant at x billion - does the NSA? * do they trust the designs made by Intel? If not what do they do ? If Intel is introducing backdoors for the NSA what guarantee is tere those backdoors won't get used y someone else? * if they do trustthe design but don't trust the fab process surely it is better to put armed guard in the fab room or similar checks * and this is only for one generation of one class of chip. Do this for the chips in the CCTV cameras and the door locks and the ...

~~~
jasonwatkinspdx
Well, AFAIK the NSA doesn't publish what their fabs are capable of or what
they do with them. Maybe someone here knows better?

I'd assume the NSA's fabrication capability is more on the scale of the pilot
plants fabs build at each new process scale. Some universities certainly have
fabrication equipment testbeds as well, so the NSA effort may be more that
modest scale.

If I were tasked with the problems the NSA faces, I think I'd at least focus
in on:

1\. CMOS reverse engineering equipment that can shave down dies, image and
analyze the structures, etc.

2\. Small scale fabrication for extremely sensitive infrastructure. These
roles probably aren't performance critical. Eg if you have some
microcontroller that plays a role in say nuclear weapon arming protocols, you
need that to be pretty much beyond suspicion.

3\. Some way of sampling commodity parts for unexpected behavior non-
destructively. If this could be done efficiently enough, you could use it in
combination with #1 to get reasonable confidence for off the shelf parts.

One thing I'd suspect is that if the NSA did find highly targeted flaws they
probably wouldn't disseminate that fact unless absolutely necessary. Keep an
adversary using a strategy you know rather than provoking improvement.

Personally I doubt the NSA forces backdoors into commodity chips. In theory
there might be some way of introducing a flaw that would cripple specific
large computations like crypto-analysis of a particular code, or biasing a
particular random number generator. But that just seems too likely to
backfire.

I'd always thought it was interesting that the pentium FDIV bug was most
easily found by code calculating twin primes. But there may be a mundane
explanation for that rather than cloak and dagger stuff.

------
gouranga
The bit that surprises the fuck out of me is that they're buying stuff in from
China. I've never seen that - ever! They would buy expensive stuff fabbed
specially in the US rather than import usually.

I did a lot of work for the UK Ministry of Defence and the US Department of
Defence over the years on custom silicon and FPGA work and the paranoia factor
is scary. We had the layouts of everything bought in - even 74-series logic
which can pretty much be assumed to be inert. Samples were regularly decapped
and scanned using an SEM to verify to make sure the vendors weren't screwing
us or integrating backdoors.

Every part was asset managed to hell as well. Every part was traceable to the
point that every finger that poked it was known (I moved from engineering to
writing the asset management systems before leaving).

Crazy.

~~~
rhizome
Hopefully this isn't too political for HN, but I suggest combining your
surprise with the news that China was given a direct line around Wall Street
to buy Treasuries directly from the USG:

[http://www.reuters.com/article/2012/05/21/us-usa-
treasuries-...](http://www.reuters.com/article/2012/05/21/us-usa-treasuries-
china-idUSBRE84K11720120521)

There's a relationship here.

~~~
cantankerous
I'm not sure I see the problem. They let the biggest debt buyer cut out the
middle man. I'm sure there was some backroom dealing going on there, but it
seems like the biggest losers there are the middlemen who wound up getting cut
out.

~~~
antimora
The middle man was getting a cut anyway. It was mainly to make China's
purchases secrete.

    
    
      Primary dealers are not allowed to charge 
      customers money to bid on their behalf at Treasury    
      auctions, so China isn't saving money by cutting out 
      commission fees.

~~~
niels_olson
>make China's purchases secrete

Sometimes the typos are more fun than the whole thread.

------
raphman
The chip in question seems to be an Actel Microsemi ProASIC3 (PA3) [1,2],
given the hints in the screenshot of the paper.

[1] <http://www.actel.com/products/pa3/> [2]
<http://www.actel.com/documents/pa3_faq.html>

(I guess there is no real advantage in keeping this obscured)

~~~
dhx
I see no mention of tamper-resistance/self-destruct features?

Power glitch detection, mechanisms to detect decapping/stripping, wire mesh
shielding, protection against ultra-violet laser stimulation of transistors,
... are all important.

For those interested in further reading, Security Engineering[1] by Ross
Anderson contains a section on chip security. Another paper[2] by Ross
Anderson and Markus Kuhn (1996) provides additional background.

[1] <https://www.cl.cam.ac.uk/~rja14/book.html>

[2] <https://www.cl.cam.ac.uk/~rja14/tamper.html>

~~~
JL2010
"Unlike SRAM-based FPGAs or conventional ASIC solutions, ProASIC3/E devices
offer one of the highest levels of design security in the industry. In fact,
ProASIC3/E devices bring new levels of security to the FPGA market place. An
FPGA industry first, secure ISP is performed using the industry-standard 128-
bit AES block cipher algorithm. Reprogramming can be securely performed in-
system to support future design iterations and field upgrades with peace of
mind that valuable IP cannot be compromised or copied." ISP stands for in-
system-programming

------
Zak
The language used in this article seems very much like the author has
something to sell and is trying to create the impression that it is advanced
and mysterious. The claims about improvements of many orders of magnitude in
speed and cost as well as the unavailability of information and services to
private individuals suggest to me that someone is trying to get a defense
contract for some overhyped technology that won't really deliver what's
promised.

Edit: they seem to have submitted a patent application for the process of
sending test signals to a chip and monitoring it with an oscilloscope:
[http://www.sumobrain.com/patents/wipo/Integrated-circuit-
inv...](http://www.sumobrain.com/patents/wipo/Integrated-circuit-
investigation-method-apparatus/WO2012046029.html)

~~~
tptacek
Backdoors --- intentional, accidental, or (most typically) "deniably"
accidental --- are extremely common in software of all kinds, from RTOS
kernels to web stacks to third-party database wrapper libraries.

Are there backdoors in silicon? _Of course_ there are backdoors in silicon.
Just like in software, most of them will be deniably accidental. It's unlikely
we'll be able to trace most of them to deliberate sabotage, but the net effect
will be the same.

Having set the stage, consider: the competency required to manually evaluate
silicon packages is extraordinarily rare. Even if you wanted to shell out 6
figures for a competent superficial evaluation, you'd have a lot of trouble
finding available Chris Tarnovskys to do the work.

If you have 50% of the competence of Tarnovsky _and_ the ability to automate
any significant portion of that work, you can probably write your own ticket.

So: what's the likelihood that any such person, with an actual affiliation to
a respected EE/CS security program, would just be making stuff up?

~~~
Zak
I'm only going based on the tone of the writing and the content of the patent
application; both are written like hype. He might actually be doing something
novel, or he might just be trying to get attention for his company and not
doing anything special relative to others in the field. There may be good
reasons to avoid talking about details in his field, but when someone selling
something does that, hype is a reasonable default explanation.

~~~
scott_s
It sounds to me like grant-proposal language. I wouldn't call it hype, but it
is meant to convince people that you have done something important, and you
are deserving of more money to do further research.

------
tptacek
The Cambridge Security Lab is not fucking around. Assume this is not hype.

I'm less curious about whether overseas silicon is backdoored than I am in how
exposed the attack/activation surface for those backdoors are.

~~~
laughinghan
"Currently there is no economical or timely way of ascertaining if a
manufacturer's specifications have been altered during the manufacturing
process (99% of chips are manufactured in China),"

That claim about 99% of chips being manufactured in China is very easy to
verify as being utterly false. I have to wonder about the trustworthiness of
the rest.

\- kryptiskt, <http://news.ycombinator.com/item?id=4030818>

It has actually not been "very easy" for me to verify this, but I did find
something saying that in 2009, China had 9% of the world's production
capacity, which makes me strongly doubt that they are now 99% of the actual
manufacturing amount:
[http://www.manufacturingnews.com/news/10/0212/semiconductors...](http://www.manufacturingnews.com/news/10/0212/semiconductors.html)

@tptacek: Care to provide references for why Cambridge Security Lab is as big
a deal as you're making them out to be, and why we should overlook this
blatantly exaggerated fact they cited?

~~~
tptacek
A hardware security researcher's inability to perform Gartner-correct market
research is not relevant to his/her ability to decap, image, and analyze
silicon, and thus not at all relevant to me. Wow do I ever not care about this
particular gotcha.

~~~
laughinghan
Is that a "no, I cannot provide any reason to take this seriously besides my
(arrogant) word and this vague, exaggerated, ugly, poorly coded web page"?

This security lab's tendency to exaggerate the seriousness of the security
problem they've identified is _exactly_ what is in question here.

~~~
tptacek
You just evaluated a hardware reversing project in part by the design of its
web page. Do you have any background in this field at all?

~~~
laughinghan
I never evaluated any project by the design of its web page, I evaluated a web
page by its design.

I never evaluated any project at all, just asked why anyone should take you or
this web page seriously, and you have been nothing but dismissive in response.

~~~
chc
Hacker News Protip: If you click tptacek's name, you can see his profile,
which will inform you that he's a computer security professional. That's why
anyone should take him seriously.

On top of that, he also has a history here of useful and insightful commentary
on security issues. That's also why anyone should take him seriously.

The reason he's responding dismissively to you is probably that you keep
attacking the OP for irrelevant niggles. The sort of reasoning you're
employing here would lead someone who saw a speech by Albert Einstein to
dismiss it by saying, "Bah, he can't even be bothered to do his hair well. Why
should I think he does his research any better?" Attacking Einstein's hair
does not make his ideas any less valid. If you had _material_ objections to
the OP, you'd probably get a more congenial response.

~~~
laughinghan
1 & 2: Good reasons. Useful, didn't know that.

3: I will admit, I had read his other responses in this thread, and
intentionally chose to provoke a dismissive response by presenting something
on the verge of being immaterial. I even apologize to anyone at the Cambridge
Security Lab for any disrespect.

I don't apologize for being irreverent towards tptacek and the Cambridge
Security Lab. I still think my core point, "This security lab's tendency to
exaggerate the seriousness of the security problem they've identified is
exactly what is in question here.", was a totally material response to his
original comment, "Cambridge Security Lab is not fucking around.". I also
think (and intended) that even though I was trying to provoke him, my response
was totally congenial and had a material point and therefore acceptable, while
he should not have been so dismissive in response, to me and to everyone else.

------
helmut_hed
As a former chip designer I question the idea that the manufacturer introduced
this backdoor (if indeed there is one).

 _found a previously unknown backdoor inserted by the manufacturer. This
backdoor has a key..._

It's hard to understand what this guy is talking about. Is he claiming that
the manufacturer added additional hardware that the designers were unaware of?
Or they made modifications to existing circuitry so it doesn't match the
design? It would be very hard to do either without cooperation from the
designers, especially given the paranoia of hardware engineers (and of
_defense_ hardware engineers, an entirely different level of paranoia). The
question "are we manufacturing what we designed?" is one that is constantly
asked throughout the lifetime of a part. In fact the answer, for individual
parts, is often "no", because they can be defective. Still, the question is
constantly asked with a variety of automated tools at all points of the
manufacturing process.

Here's what I think he might have found: an additional fixed key introduced by
the designers themselves into the chip, and having nothing special to do with
the manufacturer. In other words, a deliberate backdoor.

~~~
chmike
I share this opinion and I'm surprized so few HN readers have considered this
possibility. It could make sense since the chinise could use the chip for
themselves.

------
kryptiskt
"Currently there is no economical or timely way of ascertaining if a
manufacturer's specifications have been altered during the manufacturing
process (99% of chips are manufactured in China),"

That claim about 99% of chips being manufactured in China is very easy to
verify as being utterly false. I have to wonder about the trustworthiness of
the rest.

~~~
tobiasu
To add, silicon can, and obviously is inspected by manufacturer using optical
and electronic microscopes. There are companies specialized in reverse
engineering chips or verifying existing components. Even hobbyists can grind
down chips and figure out what the circuitry does, using nothing more than
good optics and a digital camera plus freely available software to stitch the
images together and start analyzing traces from the picture.

Sure, this stuff gets harder with modern technology, but it would be
ridiculous to assume that manufacturers blindly click together chips and hope
for the best because they can't inspect their work.

~~~
lumberjack
I've seem to recall something regarding this. The manufacturer has the exact
blueprints to help guide them. Reverse engineers can't rely on the blueprints
because they might be comprised.

------
DanBC
To people complaining about the language - this reads more like a short
briefing note for politicians or non-technical managers. That's why things
like Stuxnet are mentioned; to give context and scale.

The author would probably like to stay involved with this tech, or at least to
be able to hand it off to CESG.[1]

[1] I assume CESG. Perhaps QinetiQ[2] would do it?

[2] I have no idea what they do. All those Qs? You've seen 007? They're the
real Q department. I doubt they do laser beam watches.

------
mattbauer
I'm skeptical. There are too many unsupported claims in this article. Off the
top of my head:

\- Assumes the Chinese put the backdoor in. There are plenty of others
interested in backdoors. \- Assumes the designing company doesn't do any
detailed production product checks. Not likely since this is a many, many
billion dollar business. \- Claims a systemic problem but only notes one chip.
That one FPGA could just have a design flaw. Need more details on the others.
\- At the end it claims an investigation over ten years but the fab world has
greatly changed over ten years. Many micro controller companies actually own
their Chinese fabs now.

As a side note, if you discover something like this, don't assume you found
something you weren't meant to find. You're discovery may just have made you
found.

~~~
tptacek
Many (maybe most? I don't specialize here) backdoors are deniably accidental,
a term I'm coining here to mean "could be sabotage, could be a development
artifact".

Whether any of those backdoors are deliberate is much less relevant than
whether they're known to your adversaries. In the case of Chinese electronics
engineering, your adversaries have the blueprints.

Do you really think it's likely that designers of bespoke silicon reliably
decap, image, and analyze the finished products? I think you're attributing
Intel/AMD-level wherewithal when, just like in software, a huge chunk of the
market has nothing resembling the resources of the leading vendors.

------
notspanishflu
Inquiry Into Counterfeit Electronic Parts in the DoD Supply Chain (PDF).

[http://www.armed-
services.senate.gov/Publications/Counterfei...](http://www.armed-
services.senate.gov/Publications/Counterfeit%20Electronic%20Parts.pdf)

------
Estragon
The fact that he's pleading for money as he makes these claims makes me
suspicious of them. He needs to provide more specific information and
evidence.

~~~
toemetoch
Last week a report was released that revealed 1800 cases during a 1-year
survey. [pdf] This is just one device, he has good reasons to advertise his
expertise.

[pdf] [http://www.armed-
services.senate.gov/Publications/Counterfei...](http://www.armed-
services.senate.gov/Publications/Counterfeit%20Electronic%20Parts.pdf)

~~~
Estragon
1800 cases of _counterfeit_ parts, not 1800 cases of _maliciously designed_
parts. There could well be malice involved, but the vast majority of those
cases were almost certainly economically motivated.

~~~
mfukar
_He needs to provide more specific information and evidence._

Heed your own advice.

~~~
Estragon
I'm not the one making extraordinary claims.

------
unimpressive
Hardware trust is something I've been wondering about for a while now. It's
easy to hide a software bug. (As evidenced by the occasional blue moon story
about somebody stumbling over one.) But a hardware bug just seems like a
constant paranoia that can never be investigated without expensive tooling.

~~~
cantankerous
There's a bit of research going into this area right now. Verification
strategies for hardware, etc. Another way around it is to bump up your
integration of trusted FPGA platforms where you can write and use your own
hardware in a potentially more trustworthy way.

------
spec_laconic
TL; DR \- No proof / source code / details on the backdoor \- Outlandish
claims of this being a "stuxnet" weapon

Show me some source, a schematic, or a technique that you're using, and then I
might believe you, otherwise this is just FUD. They didn't even name the
bloody chip.

------
zhuzhuor
_an American military chip that is highly secure with sophisticated encryption
standard, manufactured in China_

How could the authors know the backdoor design is not the intent of American
military?

------
Create
If it is from Actel, then it is CMMI certified :)

www.cl.cam.ac.uk/~sps32/SG_talk_BA.pdf

~~~
regularfry
Yeah, there's enough info on the scan to figure out the part family.

~~~
Create
...its more fun than reading the keys (CB21 5DQ) from FLASH:

Helion Technology Limited -- Helion Technology.

------
liuming
Dear Greeks, we Trojans can't make our own horse, so can we buy one from you,
please? No worry, I'll blame you later.

------
fiatmoney
Two thoughts:

1) Say what you will about the military-industrial complex, but they do buy a
load of physical products. When those are sourced domestically it has a lot of
good spillover effects on the rest of the industry (see Steve Blank's Secret
History of Silicon Valley).

2) I'd be far more worried about Intel, AMD, nVidia, Texas Instruments, et al,
especially if I was a foreign procurement officer. The logic in those chips is
incredibly complex and almost impossible to verify in any detail by a third
party. Coincidentally, they're all US companies.

------
bbromhead
This appears to be an improvement on Differential Power Analysis attack
against a FPGA. Congrats to the guys who discovered it!

It's interesting to note that in the DPA/SPA world the standard model of
operation is to develop a new attack and then patent the countermeasures ;)

It should be noted that this is "probably" not a backdoor in the traditional
sense (intentionally planted by some nefarious government organisation),
rather just bad, leaky design that has been identified by an improved attack
methodology...

------
Lednakashim
Can somebody explain exactly what they got access to? What is encrypted?

~~~
toemetoch
_This particular chip is prevalent in many systems from weapons, nuclear power
plants to public transport. In other words, this backdoor access could be
turned into an advanced Stuxnet weapon to attack potentially millions of
systems._

From the description I'm guessing an interface device that does something in
the order of I2C/CAN/M on one end and external comms to the outside world on
the other (why else would require "sophisticated encryption standard").

~~~
Lednakashim
Isn't it an FPGA chip?

------
duckduckgouser
First reaction to this for most including myself is that the U.S. is really f
--ked. But if the U.S. found this out, odds are they had chips manufactured
that looked like the Chinese version but really weren't, with the exception of
some small detail, perhaps not on the chip but on the board, that would
indicate that the chip was the "fixed" version.

But, this Frienemy war is not about taking advantage of these backdoors. That
is the nuclear option. The war is about who has the potential to pwn the
other.

BTW- I'm typing this on a Chinese netbook.

------
eps
Several months ago there was a report of similar nature that mainstream Intel
CPUs include a concealed (hyper-)hypervisor that appears to exist in China-
produced chips, but absent from pre-production samples made by Intel
themselves. I don't know where this all went, but it was some Russian guy who
found it by accident, and he was largely dismissed as a loon and generally
laughed at (though from I could tell he did know a thing or two about
hypervisors, system programming and what not).

------
gdubs
I've been wondering about this for a while. Given the scale of chip
architecture today, does anyone in the field have any input as to how hard
something like this is to detect?

------
mvip
So China is doing the same thing to hardware that the U.S. is doing to
software (and probably hardware too). Well, not really shocking. Karma is a
bitch. :)

------
breck
It is trivial for manufacturers to sneak backdoors into chips. It is
improbable to keep backdoors a secret. People aren't good at keeping secrets.

~~~
po
So, 100% of the backdoors I've ever heard about were not kept secret,
therefore backdoors are unlikely to be kept secret. :-)

------
codgercoder
I reacted the same way to this news as to the news that an electrical
distribution system was compromised over the Internet. That is, "are you
kidding me?!". Just as it's stupid to connect certain critical systems to the
public Internet, it's really silly to so loosely control military electronics
sourcing.

------
petrilli
There is a reason that the NSA partnered with IBM to build the Trusted Foundry
program. <http://www.nsa.gov/business/programs/tapo.shtml>

------
epo
We Brits buy an awful lot of equipment from America, I always took it for
granted that the Americans had backdoors in this gear but now seems that so
might the Chinese. Wonderful!

------
offshoreguy1
Well if the American government is dumb enough to outsource its production of
military and national security grade chips to Communist China, it deserves
whatever befalls it.

------
regularfry
Hm. I wonder if these chips are used in consumer devices?

------
deepinit_arek
Are yout trying to tell me they produce those chips in China LOL ... Idiocy
just reached new level.

------
onto3622
That is really not good. We should develop those chips at home, obviously.

------
rsanchez1
Evidently, the military prefers to cut cost rather than have complete control
over the manufacturing of their computer chips. Spending hundreds of millions
on jets that have to be American-made is fine, but it's on the computer chips
powering those jets and pretty much all advanced military technology that they
have to save money.

~~~
Bud
Hundreds of millions? You're off by about three orders of magnitude, there.

