š¾ Archived View for dioskouroi.xyz āŗ thread āŗ 29417927 captured on 2021-12-04 at 18:04:22. Gemini links have been rewritten to link to archived content
ā¬ ļø Previous capture (2021-12-03)
-=-=-=-=-=-=-
________________________________________________________________________________
After reading "Ghost Fleet" by P.W. Singer and August Cole, the idea in there about China putting backdoors in chips sent to the US for years -- laying the 'groundwork' for an eventual cyber and physical invasion -- has really stuck with me. He makes the point in the book (which has tons of citations to describe the attacks/weapon systems) that even critical defense-related chips, for things like our most advanced fighter jets, are often still assembled/manufactured in China. But I imagine an equally useful strategy could just be putting backdoors in all the various things ordinary people order off Amazon each day: fast charger wall outlets, USB cables, etc.
I've always assumed that we just had a way to 'check' each chip used in critical industries, such as defense, if they came from another country. It kind of feels the same way it did the first time I learned how to pick pin and tumbler locks, and realized locks are purely an illusion of security.
US is already paranoid about sourcing components. Even European companies are asked to use US components when trying to sell to US. China is selling to the world. One confirmed case of backdoors and financial loses will be far greater than benefit of spying on average US citizen.
People like you are spreading propaganda. This is most likely propagated by organizations trying to bring manufacturing back to US. It is actually harmful because it distracts from security that matter. Every week you have US companies hacked by Russian hackers, but somehow IC security of USB cable should be important.
I am spreading propaganda by mentioning a fictional book I read, which made me think of potential security vulnerabilities? Things like a LAN Turtle exist, and have probably existed long before most people were aware of them.
For sure, P.W. Singer is unbiased. It just pure accident that he worked with U.S. Department of Defense and CIA and some books are on reading list of U.S army. He himself is selling his books as "useful fiction"(combination of research and fiction, wtf?).
There is a very thin line between unbiased facts and opinions and propaganda. For most people, electronics is like magic, circulating ideas about dangers to security where probability is low from both technical and economic point of view is not useful. Both old style printer yellow dots and recent CSAM are US ideas pushed to whole world in open and much higher level than individual IC components.
I think China's intention to surpass the U.S. as the dominant superpower by 2049, the 100-year anniversary of the PRC founding, is absolutely crystal clear and without doubt. They have said they would like to accomplish this through military means if necessary, but focusing on economic and technological means/"warfare" -- their term not mine (see "Unrestricted Warfare" by PLA Colonels Liang and Xiangsui written in 1999 on the 8 year anniversary of the Gulf War;
https://www.c4i.org/unrestricted.pdf
) In fact, the paper clearly argues for going to war with a more powerful adversary by using network warfare prominently. Full disclosure: I have not read the entire paper, but enough of it to get the gist since they clearly state their goals and intentions.
Now, is China doing something America has not done? Absolutely not. Is it crazy for a country to want to become more powerful? Absolutely not. Is it wrong for a country to do so? I would argue not, since their first responsibility should be to their people, and _usually_ -- not always -- a more powerful country on the world stage is better for the people of that country.
I believe in a globalized world, I am not a nationalist, and think if the world could truly come together, it would obviously be better for all of mankind. However, I am also an American, and although I don't love everything about my country by any means, I am going to pick and favor my country over a foreign one when that country is clearly an adversary. Does that mean I want harm to come to China? No. Does that mean I wish ill-will of the Chinese people? No.
And for what it's worth, I don't think anyone is unbiased and believe it is unrealistic to expect people to be. I think biases are as fundamental (in good and bad ways) to being human as walking on two legs is. Biases are critical to how our brain/memory works -- we have something like 180+ known cognitive biases (
https://en.wikipedia.org/wiki/List_of_cognitive_biases
). I think the best thing we can do is recognize and acknowledge when we have bias, and factor that knowledge in to how we are thinking about a topic. For example, because of what I do for a living, if I see a positive story about the benefits of marijuana or crypto, I will initially be inclined to believe it _may_ be true; the good ol' confirmation bias at work. But, I also usually try to stop myself, and think more critically of the information being presented, since I know that I am going to be inclined to have that bias towards the two topics. I feel as humans, that is the best we can do. Anyone who pretends to not be biased in any way whatsoever is lying. My father was a psychiatrist for 43 years, and I talked to him about this many times over the course of my life, and he agreed that he's never seen someone who did not have bias.
Maybe you could have / should have mentioned in the OP that the book is a novel.
It's in no way clear from your post alone that the book you're talking about is fiction.
"_which has tons of citations_"
That's my mistake then, if it still allowed me to edit the comment I would do so to make that more clear.
Chips != USB cable:
https://shop.hak5.org/products/o-mg-cable-usb-a
_> To get a cable like this, you used to need a million dollar budget .. It is packed with a web server, 802.11 radio .. The O.MG Cable is built for covert field-use, with features that enhance remote execution, stealth, forensics evasion, all while being able to quickly change your tooling on the fly. And, of course, it works just like a normal USB cable when not deploying payloads. Keystroke Injection payloads are transmitted out of the USB A connector. The Keylogger Edition ... adds a Keylogger capable of storing up to 650,000 keystrokes._
I think in china you could make one for a lot less than a million dollars. They have some pretty good electronic fabrication facilities there.
The problem is that we (USA) used to have 90% of all chip design and production.
Now we have less than 10%-15% of it because it was cheaper to outsource it to Taiwan, Korea or Japan. We created the problem ourselves by shunning manufacturing and wanting to be a "knowledge-service economy" which only sounds good in the abstract but you still need to have the hardware in trustable form and even worse: most innovation (easily 80% or more) in anything but especially in computers, only comes from innovation of the manufacturing process, and only AFTER that does any other innovation (e.g. software) FOLLOW - software is the tail, not the dog!
The book must have been the source of Bloomberg's horrible reporting with the "Big Hack".
> fast charger wall outlets, USB cables, etc.
This seems far more likely than supply chain attacks on enterprise hardware.
Calling something an illusion is the wrong way of looking at things because everything in life is about getting at least 80-99% there ā to be āgood enough.ā Everything therefore is an illusion by that logic.
Thereās no absolute guarantee that a seat belt will save you, or that no one will poison your water supply, or that your AWS service will always be up.
Perhaps we are no longer 90% in this space due to changing political climates but we were there before.
There are safety-critical systems, though.
Big vessels full of poisonous (but useful!) chemicals. Aircraft control systems. All carefully designed to be far more nines than 99% reliable - provided that the components behave according to their datasheets and how they behaved during validation.
And if itās critical enough, that isnāt just left to chance after the initial design validation. There are continuous supply chain and acceptance testing checks that have to keep being run and managed. This is one reason the costs are higher.
There are a few ways this is dealt with in government. First is a requirement to provide engineering diagrams sufficient to rebuild a chip from scratch if necessary. When purchasing a few hundred thousand servers at a time from Dell or leasing space in Amazon's data centers, nobody is physically auditing that every chip actually matches the diagram, but they will randomly audit at least a few. If someone is shipping a bunch of motherboards that have undocumented backdoors on them, it will get noticed.
Second is network disconnection of the systems. Most exploits rely on remote access. If there is no network path from a C&C server to the infected host due to it not being exposed to the Internet and not having any kind of commodity radio capability, there isn't much an attacker can do short of something like Stuxnet, that is, just frying machinery instead of trying to exfil data or take over control. Something like that needs to be pretty tightly targeted, though. The factory line in China likely doesn't have any reliable way to identify exactly which chips are going to end up in US critical systems and only sabotage those.
Third is extremely thorough sandbox testing. Observe something for a long time in a controlled environment and see what it does. That is also something that is not feasible to do for every part, but it is feasible and is done for randomly selected equipment samples.
Obviously, different levels of scrutiny, testing, and security will be applied to, say, the public homepage of the Department of Labor versus the servers running blue force tracking for operational military units. In some ways, it is actually a lot easier to secure critical defense and IC systems than something like banking or email. Not having to expose an information system to external networks or allow arbitrary users signup access is already a huge first step that simplifies the problem space a ton.
You need to know what are you looking for in a potentially hostile device. I really like the story about The Thing:
https://en.m.wikipedia.org/wiki/The_Thing_(listening_device)
Youāll never know what opponent has discovered and using for his advantage.
Interesting, but what is the source?
Has there been a single case where a backdoor by a state actor has been found in a chip?
I've often thought that if they were going to do it, we would have heard about it by now.
Earlier this year Bloomberg double-downed on it's infamous 2018 "The Big Hack" story with "The Long Hack",
https://www.bloomberg.com/features/2021-supermicro
(Oddly it seems to have snuck under everybody's radar, including on HN.)
In The Long Hack they not only reiterate the same claim regarding SuperMicro motherboards, they reference a 2010 criminal case involving counterfeit Cisco hardware in which a witness (Marine Staff Sergeant on active duty at the time, thus speaking for the military) discussed supposedly chipped IBM-branded Lenovo-built laptops sent to the military circa 2008. (The counterfeit Cisco hardware case itself seems a less interesting example as it simply might have involved trojan'd firmware, which is sadly quite common.)
I wonder how easy these attacks are to control. The reason the great powers signed the Geneva protocols against poison gas use is that the gas was as likely or more to cause problems for the user as it was for the enemy. The same applies to biological agents.
Once you push parts into the supply chain you canāt really tell where they will end up.
>Once you push parts into the supply chain you canāt really tell where they will end up.
That's why I wonder if it wouldn't be a good, "broad spectrum" attack. I imagine aides to key Senators, Congressmen, White House staffers, C-suite people at defense contractors etc. buy all sorts of devices off Amazon, which they plug in without a second thought like the vast majority of us do. Obviously, 98% of the people plugging in the devices aren't valuable from a military/intelligence perspective, but even if only 1 in 10,000 targets was worthwhile, I imagine there would be a few that were goldmines of information.
On the other hand, I imagine if it was that sophisticated of an attack, the more devices you have randomly "in the wild" increases the chances it is discovered potentially, which could then nuke your whole operation. I remember in the Snowden docs, the NSA's TAO was sometimes intercepting orders for laptops etc people placed online, carefully placing backdoors in it, then sealing it all perfectly back up and putting it back on track for delivery. It arrives and you think it's safe since it's factory sealed and you got it brand new from a reputable retailer. That's a more targeted example of the same concept
I believe it is possible to have a computing fabric that is so simple there isn't anywhere to hide bugs in it, yet extremely performant. The downside is it wastes transistors, and isn't a Von-Neuman architecture at all. It's a grid of 4 in, 4 out look up tables (that's 64 bits of state each), each exchanging 1 bit with its cartesian neighbors, clocked in alternate phases like a chess board to prevent all race conditions. It's Turing complete, can route around bad cells, and you could securely partition a program to run in part of it, but not all.
I wrote a bunch of blog posts on this theoretic hardware a while ago
Give a lightning talk at ORConf 2022? They have a friendly community of designers who work with open hardware, including a few large companies. Past videos are online and some of the speakers are active on Twitter, including a few who work with Google efforts around open ASICs and US manufacturing.
https://www.youtube.com/c/FOSSiFoundation/videos
You should submit this to as a story, or would be interesting to see a mix of peoples opinion of it.
Required reading: "Stealthy Dopant-Level Hardware Trojans" by George Becker et al
https://link.springer.com/content/pdf/10.1007/978-3-642-4034...
> āIn this paper we propose an extremely stealthy approach for imple- menting hardware Trojans below the gate level, and we evaluate their impact on the security of the target deviceā
Holy crap wtf.. how is this even possible
Who needs horror films when journal articles can be that scary!
And just as fictional! Whenever anybody is talking about one distant nuclear power physically invading another nuclear power they are reaching into your pocket.
Having talked with folks who were directly involved in that inter-plant incident, it wasn't fiction and it was a serious threat.
How Small Is Small? From PC Mag
https://www.pcmag.com/encyclopedia/term/process-technology
To understand how tiny these transistor elements are, using state-of-the-art 5 nm feature sizes as an example, 16 thousand of them laid side-by-side are equal to the cross section of one human hair. See half-node and active area.
Semiconductor Feature Sizes
(approximate for all vendors)
Nanometers Micrometers Millimeters Year (nm) (Āµm) (mm) 1957 120,000 120.0 0.12 1963 30,000 30.0 0.03 1971 10,000 10.0 0.01 1974 6,000 6.0 1976 3,000 3.0 1982 1,500 1.5 ** 1985 1,300 1.3 ** 1989 1,000 1.0 ** 1993 600 0.6 ** 1996 350 0.35 ** 1998 250 0.25 ** 1999 180 0.18 ** 2001 130 0.13 ** 2003 90 0.09 ** 2005 65 0.065 2008 45 0.045 2010 32 0.032 2012 22 0.022 2014 14 0.014 2017 10 0.010 2018 7 0.007 2020 5 0.005 2022 3 0.003 2024 2 0.002 ***
What this means is:- very complex circuits can be laid out and placed inside a bypass capacitor on the 3.3 or 5 volt rail that pass their data through the encapsulant via IR and also receive instructions. They can be hidden on multilayer boards hidden by the + and G rails from x-rays. They can also access data busses by similar hidden means. With data bus access they can get/send clocked data on command.
Ever hear of the 'Russian Pebbles'. Dead drops that use a foot coil to send/receive data, and yes, they have wireless charging - a charger agent places his foot nearby the buried pebbles...
You can even place a backdoor on a circuit without any noticeable physical changes (other than chemical differences which are extremely hard to detect). You basically change which chemicals are used to "dope" the transistors, which changes their polarity.
See:
https://news.ycombinator.com/item?id=26860715
Anyone here on HN know who is doing good work in this area?
Pretty much every major company in the space will have a team or even several dedicated to digital IC security. Qualcomm, Intel, Apple, Mediatek, Xilinx, and probably Google and Amazon now as well. I attended a really interesting pre-COVID lecture series given by some engineers in one of Qualcomm's teams that started with crypto/security basics and eventually got in to more advanced techniques like side channel attacks. I had a lot of questions related to our own products that they couldn't answer in the name of secrecy.
Google and Amazon definitely have dedicated IC security staff.
Why? They don't seem to be that professional, or experienced
Could you elaborate? Who doesn't seem to be professional? Why would that mean that there's no IC security team?
Their IC team is tiny, and I heard they outsourced massively.
Offensive or defensive? For offensive (at least in the non-classified space), major players include e.g. Riscure.
A fun historical quirk about chip-level security is that most of the experienced people and firms have at least some ties to cable/satellite TV piracy (on either side of that).
Please excuse the new account, I don't work for them, but
. Maybe the hit will cause one of them to chime in.
Their pitch deck was about flashing keys into a root of trust at the fab, then using those as a way to do different types of decentralized or federated firmware integrity attestation. They had some quiet traction with some chip manufacturers and in defense and aerospace and at the time, they were the only ones I thought were really bringing something new to the space.
I'm trying to read this charitably but can't. As far as I can tell, they're describing the concept of "fuse some keys into chips" (and/or "use a PUF"?) and "do secure boot". Where's the novelty? All I see is PR and bad, bad vibes.
Is there a decent technical document available that actually describes their improvements over the SOTA? Without that, the impression I get is that somebody is trying to dazzle non-technical investors with bullshit.
How could they be doing good work unless they can actually analyse the code running the CPUs? We're dealing with black boxes and wondering why we're missing things so often...
I wonder if certain applications would benefit from redundant setups in different cpu arches to check for discrepancies.. kinda like NASA stuff but different.
I remember part of a book, "Souls in the Great Machine", on a post-apocalyptic fantasy Earth, where a "librarian" ran a computing device composed of hundreds of people working machinery together. She set up a duplicate computer to make sure the results always matched.
Some do that already in safety devices critical devices apparently. Mostly for making sure that both do not fail at the same time as opposed to examining differences. It works best when just one working is enough.
Shameless blog post, but I wrote about something similar here. [1]
The TL;DR of it is that I think the hardware industry is in the exact same spot as the software industry was 20 years ago; a wild west of security. And I think the only way out of this is with decades of good tools, infrastructure, and methodology development.
That's not to say software security isn't a mess right now-- it also is. But at least we *know* relatively how much it's a mess. With hardware, it's an unknown unknown, the worst kind of unknown.
[1]:
https://ljhsiung.com/posts/the-state-of-cpu-fuzzing/
The semiconductor industry was using fuzzing before it was used in software (starting about two decades ago), but they didn't call it that. They (or rather, the academics who pioneered it) called it coverage-directed constrained random simulation, and it worked in much the same way as modern fuzzers do.
I wonder if you could fuzz a chip directly, without having the schematics, so that if the manufacturer inserts something off-the-books it still gets explored.
For fuzzing to be effective you need access to coverage information. If you have the RTL (SystemVerilog or VHDL source) you can verify that you're hitting all the paths and the branches, and use a constraint solver to find paths that increase coverage. If you just have the registers and latches you can see how much of the state you've reached. But if you just have a chip too much of the internal state is unreachable: you'll never find the magic sequence that triggers the badness (if it exists) by random simulation, the heat death of the universe will happen first.
What if you had some kind of microscope which could see which gates get activated?
Latticesemiās Supply Guard helps with this type of security:
https://www.latticesemi.com/Solutions/Solutions/SolutionsDet...
So... treat everything as a black box, source from redundant supply chains, and invest in shielding?
Sounds like systems architecture is about to get physical.
Call the architects!