Surreptitiously Tampering with Computer Chips

Another possible method to defeat encryption and security. A bit evolved but we see where privacy is now considered a thing of the past. If it can be done, it probably will.

How many people are going to actually be able to verify their hardware.

This is really interesting research: "Stealthy Dopant-Level Hardware Trojans." Basically, you can tamper with a logic gate to be either stuck-on or stuck-off by changing the doping of one transistor. This sort of sabotage is undetectable by functional testing or optical inspection. And it can be done at mask generation -- very late in the design process -- since it does not require adding circuits, changing the circuit layout, or anything else. All this makes it really hard to detect.

The paper talks about several uses for this type of sabotage, but the most interesting -- and devastating -- is to modify a chip's random number generator. This technique could, for example, reduce the amount of entropy in Intel's hardware random number generator from 128 bits to 32 bits. This could be done without triggering any of the built-in self-tests, without disabling any of the built-in self-tests, and without failing any randomness tests.

I have no idea if the NSA convinced Intel to do this with the hardware random number generator it embedded into its CPU chips, but I do know that it could. And I was always leery of Intel strongly pushing for applications to use the output of its hardware RNG directly and not putting it through some strong software PRNG like Fortuna.

Link to Bruce Schneier article

reply to post by roadgravel


Or embedded firmware, scary thought and good post.

Hey, I needed to look it up You're welcome

Re: your comments on who will be able to verify their hardware. Most likely only folks who build their own computer systems or have experience dealing with the technology mentioned when it is not nicely packaged into their system. Perhaps those from part-producing countries or tech wizards.

From the PDF

It seems detection in the RNG would not be easy.

Our Trojan is capable of reducing
the security of the produced random number from 128 bits to n bits, where n
can be chosen. Despite these changes, the modied Trojan RNG passes not only
the Built-In-Self-Test (BIST) but also generates random numbers that pass the
NIST test suite for random numbers.

Since the Trojan RNG has an entropy of n bits and uses a very good digital
post-processing, namely AES, the Trojan easily passes the NIST random number
test suite if n is chosen suciently high by the attacker. We tested the Trojan
for n = 32 with the NIST random number test suite and it passed for all tests.
The higher the value n that the attacker chooses, the harder it will be for an
evaluator to detect that the random numbers have been compromised.

Of course you can bypass all this by generating random numbers physically, like with a set of pin pong balls in a cage, in a manner analogous to how lottery numbers are generated. Or, by constructing your own random number generator by NOT using any microchips, simply using old transistors. The more complex the RNG the more vulnerable it is these types of attacks.

reply to post by deloprator20000


..Or Inventing your Own " Unique Language " that you and those you wish to Communicate with Understand.........


Decoding that would be a bit Hard.....

reply to post by Zanti Misfit


That would also work.

reply to post by deloprator20000


Zeblob Torok ! ...........

reply to post by deloprator20000

Yep, but you might have a bit of a problem interfacing the numbered balls into AES or other cryto program code.

Maybe that's the next big app for software.

Very interesting but I can't see a compromised RNG posing too much of a security threat. I once played around with my own hardware RNG based on the manipulated binary output from a noise generator circuit. Wasn't all that good as the bitstream just wasn't sufficiently random to start with and processing was kinda limited with 8 bit CPUs back then.

Yep, the NSA wants weakened RNGs so encryption can be broken. Despite recommendations by a group such as the NIST, it appears everything has to be checked for NSA funny business.

Officials from RSA Security are advising customers of the company's BSAFE toolkit and Data Protection Manager to stop using a crucial cryptography component in the products that were recently revealed to contain a backdoor engineered by the National Security Agency (NSA).

"To ensure a high level of assurance in their application, RSA strongly recommends that customers discontinue use of Dual EC DRBG and move to a different PRNG," the RSA advisory stated. "Technical guidance, including how to change the default PRNG in most libraries, is available in the most current product documentation" on RSA's websites.

An advisory sent to select RSA customers on Thursday confirms that both products by default use something known as Dual EC_DRBG when creating cryptographic keys. The specification, which was approved in 2006 by the National Institute of Standards and Technology (NIST) and later by the International Organization for Standardization, contains a backdoor that was inserted by the NSA,

The BSAFE library is used to implement cryptographic functions into products, including at least some versions of the McAfee Firewall Enterprise Control Center, according to NIST certifications. The RSA Data Protection Manager is used to manage cryptographic keys. Confirmation that both use the backdoored RNG means that an untold number of third-party products may be bypassed not only by advanced intelligence agencies, but possibly by other adversaries who have the resources to carry out attacks that use specially designed hardware to quickly cycle through possible keys until the correct one is guessed.

arstechnica.com...

This PRNG has been controversial because it was published in the NIST standard despite being three orders of magnitude slower than the other three standardized algorithms, and containing several weaknesses which have been identified since its standardization

On September 10 2013, The New York Times wrote that "internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard — which contains a backdoor for the NSA.

en.wikipedia.org...

Zanti Misfit
reply to post by deloprator20000

 

Zeblob Torok ! ...........

Quobtrub zentilub?

More detail and background on the NIST SP800-90 Dual Ec Prng and what appears to be NSA involvement.

But Paul Kocher, president and chief scientist of Cryptography Research, says that regardless of the lack of evidence in the Times story, he discounts the “bad cryptography” explanation for the weakness, in favor of the backdoor one.

“Bad cryptography happens through laziness and ignorance,” he says. “But in this case, a great deal of effort went into creating this and choosing a structure that happens to be amenable to attack.

“What’s mathematically creative [with this algorithm] is that when you look at it, you can’t even prove whether there is a backdoor or not, which is very bizarre in cryptography,” he says. “Usually the presence of a backdoor is something you can prove is there, because you can see it and exploit it…. In my entire career in cryptography, I’ve never seen a vulnerability like this.”
...
The standard, which contained guidelines for implementing the algorithm, included a list of constants – static numbers – that were used in the elliptic curve on which the random number generator was based. Whoever generated the constants, which served as a kind of public key for the algorithm, could have generated a second set of numbers at the same time – a private key.

Anyone possessing that second set of numbers would have what’s known in the cryptography community as “trapdoor information” – that is, they would be able to essentially unlock the encryption algorithm by predicting what the random number generator generated. And, Shumow and Ferguson realized, they could predict this after seeing as few as 32 bytes of output from the generator. With a very small sample, they could crack the entire encryption system used to secure the output.

www.wired.com...

reply to post by VoidHawk


Sinonyetjaverboten/+_-/= 2

Zanti Misfit
reply to post by VoidHawk

 

Sinonyetjaverboten/+_-/= 2

Thats a big fat lie! Skeptic overlord loves us all.

reply to post by VoidHawk


LOL , Busted ! .........


i297.photobucket.com...