Hacker News new | past | comments | ask | show | jobs | submit login

> Because it doesn't have a fixed function it's almost impossible to set up any specific subversive behaviour in advance without knowing what might be run on it.

This is precisely the essence of my question, given that I have little knowledge of FPGAs and have no real clue how much each reprogrammed circuit has in common with any other. :)

> how much each reprogrammed circuit has in common with any other

Very little. An FPGA is a set of reprogrammable logic blocks (LUTs) of very small size, plus a number of special purpose peripherals. The "layout" process of assigning functions to LUTs is usually done with simulated annealing and random perturbation. The compiler won't necessarily give the same output from the same input, let alone slightly different input.

The fixed-function blocks and any embedded processors (e.g. Nios) are more targetable. But you could also e.g. set up the clock PLL to leak the FPGA configuration slowly via spread-spectrum modulation.

I'm fascinated to hear that the process of programming a FPGA involves genetic algorithms! Where can I read more about that?

Simulated annealing isn't technically a genetic algorithm (nor is random perturbation). Simulated annealing jiggles things randomly (in this case, probably locations of LUTs), with decreasing amplitude over time. The amplitude of the random perturbations is the "temperature," which decreases until the system has settled into a (hopefully global) optimum. So basically this system will start moving the LUTs around a lot, keeping the most optimal results, and gradually start moving them around less and less until the result doesn't change for a while.

A genetic algorithm, by contrast, encodes the system into a "string" (like a DNA strand), and then swaps pieces of strings between two "organisms," just like genetic mating does. The most optimal descendants are kept, the least are discarded, and the process is repeated. This would be harder to implement for locations, as you would have to encode locations onto a string, and be able to swap pieces of strings while maintaining the functionality of the LUTs.

A subverted FPGA could contain a whole different circuit which turns on based on whatever condition desired (timer, radio command, data pattern seen by the FPGA) and takes over the function of the FPGA in whatever way the subverter intended. As the post to which you are replying said, for good effect, the designer of the subverted circuit would need to know the function the FPGA is performing in your device and design a custom circuit for it. This is possible e.g. by examining the first batch of your devices, and inserting a subverted circuit in your supply chain for subsequent batches. Certainly a lot of trouble to go to, but it's possible theoretically, and people have been writing about the possibility.

Now, the FPGA is not necessarily an ideal place to insert your circuit; personally, I would put it in something like one of those flat ribbons which connect components inside so many devices, or a socket - they may have access to all the bus pins of the gadget, and they will be less conspicuous. I don't think 3D printing is the answer to this, since too many things would have to be 3D printed.

Now, I don't know how I would go about protecting from such attacks, or if this is even a real-life concern right now, but I would think that some kind of automated high-resolution X-ray imaging and analysis technology would be a more realistic direction.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact