Surreptitiously Tampering with Computer Chips
This is really interesting research: “Stealthy Dopant-Level Hardware Trojans.” Basically, you can tamper with a logic gate to be either stuck-on or stuck-off by changing the doping of one transistor. This sort of sabotage is undetectable by functional testing or optical inspection. And it can be done at mask generation—very late in the design process—since it does not require adding circuits, changing the circuit layout, or anything else. All this makes it really hard to detect.
The paper talks about several uses for this type of sabotage, but the most interesting—and devastating—is to modify a chip’s random number generator. This technique could, for example, reduce the amount of entropy in Intel’s hardware random number generator from 128 bits to 32 bits. This could be done without triggering any of the built-in self-tests, without disabling any of the built-in self-tests, and without failing any randomness tests.
I have no idea if the NSA convinced Intel to do this with the hardware random number generator it embedded into its CPU chips, but I do know that it could. And I was always leery of Intel strongly pushing for applications to use the output of its hardware RNG directly and not putting it through some strong software PRNG like Fortuna. And now Theodore Ts’o writes this about Linux: “I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction.”
Yes, this is a conspiracy theory. But I’m not willing to discount such things anymore. That’s the worst thing about the NSA’s actions. We have no idea whom we can trust.
Nicholas Weaver • September 16, 2013 1:48 PM
One bit of subtleness is the effect of the design decision by Intel to not to include the tRNG in the JTAG chain (a test feature that allows reading/setting portions of the chip), but only use a Built In Self Test (BIST) based on a 32b CRC.
The BIST is “replace tRNG with LFSR (Linear Feedback Shift Register) known pRNG on the input, cycle the output, and do a 32b CRC checksum on the results”. Thus one brute-forces the constants so that it passes the BIST CRC test(s), since the test input is known, and with only 32b of CRC, brute force will find an answer.
Intel did this BIST-only because:
http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
On one hand, that makes sense-ish: JTAG on the INPUT (the ability to tie into the more general test chip framework rather than just a known initiated LFSR) to the hardware RNG would be questionable, as it would be easy to hijack. (Although given the microcode design on modern microprocesors, you could also possibly hijack RDRAND with alternate microcode).
But at the same time, there is no way to read the whole output with JTAG (which would prevent these ‘stuck-bit’ attacks from working), yet such a connection would prevent this attack from working.
Three months ago, my attitude would be ‘yeah, makes sense as a tradeoff to do this BIST design, pity you can trojan it.’.
Today? Paranoia is infectious: its a great example of the corrosive damage that the NSA has done to US cyber-security.