Levels of Assurance for DoD Microelectronics

The NSA has has published criteria for evaluating levels of assurance required for DoD microelectronics.

The introductory report in a DoD microelectronics series outlines the process for determining levels of hardware assurance for systems and custom microelectronic components, which include application-specific integrated circuits (ASICs), field programmable gate arrays (FPGAs) and other devices containing reprogrammable digital logic.

The levels of hardware assurance are determined by the national impact caused by failure or subversion of the top-level system and the criticality of the component to that top-level system. The guidance helps programs acquire a better understanding of their system and components so that they can effectively mitigate against threats.

The report was published last month, but I only just noticed it.

Tags: , ,

Posted on August 29, 2022 at 9:30 AM24 Comments

Comments

Clive Robinson August 29, 2022 12:57 PM

@ Bruce, ALL,

I was thinking about this some days back.

If people hunt back on this blog they will find that the DoD issued an open bid for people with ideas about how to limit if not stop hardware subversion.

At the time @Nick P pointed out a likely scenario as to what would happen.

In short any prospective candidates to limit or stop the subversion of hardware that were non-destructive and potentially mass deployable, would get made secret or higher in classification.

As it turns out any research into this area of anti-subvertion does appear to have dropped off of the radar. Which is odd when you consider just how valuable such research would be…

Any way that was then this is now, and as most will realise the electronics industry sucks at hardware security for various reasons without having to even think of deliberate subversion.

Rapid Geek August 29, 2022 7:53 PM

I worked for a company which built a machine for repairing air force and navy equipment. It was based on a plc or on an in-house pcb which was basically an Arduino Mega. How would each of these measure up to this standard?

The Mega was a COTS part with add-on boards built into the main pcb. Seems like it can be reprogrammed easily or the entire board replaced.

The plc was a Siemens 1200 series. I would assume that the majority or the validation here is done via Siemens.

In both cases, we had to hand the code over to the liaison regardless.

Ted August 29, 2022 10:39 PM

I was grateful the document provided an example of how the Levels of Assurance (LoA) might apply.

The example on page 5 is for an airplane. The top-level system is rated at LoA3 – the level of highest consequence for system failure.

But critical sub-components are also rated individually. And I was a bit surprised at the LoAs assigned to them.

In the example, the Ground Speed Sensor was rated as LoA1. Flight Controls at LoA2. And Encrypted Comms at LoA3.

As specific as the document was in referencing FPGAs, ASICs, and other custom microelectronic components, I was really curious how the LoAs would apply to them particularly. I would also love to see the Best Practices documents.

Cassandra September 1, 2022 4:10 AM

I am dismayed by the lack of comments on this posting.

Perhaps it is because software is widely accessible, but the tools and techniques needed to assure hardware are difficult to obtain.

Decapping a chip and running it under an electron microscope to view the layout is not something anyone can do in their home office. In addition, layouts are hard to interpret, so doing a hardware audit is onerous and quite possibly expensive.

I expect those with the facilities could use pattern recognition and/or a trained image analysis AI to simplify the task of interpreting a hardware layout, but that is the kind of obvious approach I would expect security and intelligence agencies to be doing already. It still doesn’t identify backdoors introduced by doping changes.

From a public/commercial point of view, auditing hardware won’t be done until there is money in it: either positive, in that you can improve your earnings; or negative, in that you decrease the risk of a huge loss (e.g. by a fine, or ransomware, etc). How much extra would you pay for a ‘hardware audited’ chip?

Until non-aligned countries start selling capable ‘open hardware’ chips, I don’t expect hardware security to improve: The big players have a vested interest in having commercially available hardware as full of exploitable flaws as possible. Ross Anderson has built an academic career showing how poorly supposedly secure commercial hardware is, and large criminal groups are well resourced to find flaws. It is sometimes difficult to distinguish between a ‘nation state’ adversary and a ‘large criminal group’ adversary, and there can be considerable overlap.

Clive Robinson and others have made it clear that your security endpoint should be isolated as far as practicable: not only no ‘always on’ network connectivity, but no network connectivity at all, and care taken to minimise and/or control sources of input and output, including energy emissions and receptions of all types. Putting security endpoints into mobile phones looks like the height of folly.

Baseline specifications for hardware that work to minimise security exposure are a good thing, and really ought to be used more than they currently are. Companies should only be able to get cyber-insurance if they can demonstrate use of hardware that meets minimum specifications; and appropriate processes: subject to independent audit, of course. In terms of public policy, I would look to get security compliance on at least the same footing as Health & Safety legislation. It wouldn’t solve the problem (industrial accidents still happen), but would at least get some focus on the area.

There are already people decapping security keys to read out forgotten passwords, and attacks only ever get better.

Clive Robinson September 1, 2022 9:16 AM

@ Cassandra, ALL,

Re : Hardware vulnarabilities.

There are many problems with finding vulnarabilities in modern hardware.

For instance,

“Decapping a chip and running it under an electron microscope to view the layout is not something anyone can do in their home office.”

Nor in most labs either SEM’s are at the best of times sensitive beasts. Which is a problem, because they can not realy image down to the sizes required and can not do depth scans.

But it’s also a destructive process in that any chip you try to check that way is in effect “having an autopsy not an MRI”.

I’ve talked about this before back with the Bloomberg nonsense over Apple server motherboards.

You have to ask a question of “probabilities”. Look at it this way,

1, Probability of destructive testing.

Maybe one in a hundred chips maximum will be tested.

2, Probability of chip being backdoored in a supply to be effective.

This is an awkward question to answer but boils down to “interconnectedness” between chips.

If a couple of hundred chips are used in a system then in reality only one in a hundred needs to be backdoored to have more than 50% of the systems backdoored.

But the odds of finding a backdoored chip by destructive testing is 0.01 x 0.01 or one in ten thousand… But the attacker has a 50% system vulnarability…

Nearly all modern military weapons systems like commercial cloud systems have a very high degree of interconnectedness…

So destructive testing is a bit of a non starter for such systems.

Which brings us to your next point,

“It still doesn’t identify backdoors introduced by doping changes.”

Or by several other tricks like blind viad and capacitive coupling between traces.

So most types of testing people are going to come up with are effectively going to be at the very best minimally effective to non effective…

So as they are all quite expensive and involved testing, as you note,

“From a public/commercial point of view, auditing hardware won’t be done until there is money in it… … How much extra would you pay for a ‘hardware audited’ chip?”

The simple answer is I could not aford it as it would be upwards of 200 times more expensive than a commercial part. Also that would be at “factory loading dock” pricing. If you wanted “secure supply chain delivery” you are talking armourd trucks armed guards and all sorts of other precautions.

As we know the Russians have in the past intercepted equipment in “Diplomatic pouches” and put bugging devices in them. Likewise they have managed to intercept athletes urine and other samples in specialised tamper proof bottles and render the samples free of drug signs.

What one set of people can do so cam another. The NSA/CIA were quite adept at intercepting and adding backdoor hardware to equipment destined for certain foreign countries. The Chinese got fed up of telling the US to “cease and desist” and being ignored so they just passed legislation to stop US technology being used in sensitive applications only then did the US take note by crying foul…

With regards,

“Putting security endpoints into mobile phones looks like the height of folly.”

It is, and this is where we find “folly” rebadged as “convenience” wins almost every time in consumer and commercial products. But also because of the idiocy of “Political Mantra” by the “Small Government” morons forcing every Goverment dept to either use “Consumer Of The Shelf”(COTS) equipment or outsourcing even the most sensitive and secret of systems to commercial organisations using COTS systems. No Government system can be considered secure these days, even nearly a decade after Ed Snowden showed what a folly using such equipment and outsource services was…

The problem is the neo-con and similar nonsense mantras always sound so appealing as they promise to do more with less.

But the reality is the neo-cons and similar don’t deliver “more with less” in fact it’s “less with more” they actually deliver. In the process they do however shift a very substantial fraction of tax payer money into their non tax paying companies. Some of which goes into lobbying and kick-backs from which those moronic politicians benifit from greatly…

The real issue and I see no way of changing it except on a near personal level[1] is,

Nobody wants to pay for security,
even those that want or desperately need security.

I wish I could say different but that is the real state of the game…

[1] I’ve mentioned before what you need to do to have real Emissions Security and how to build the secure safes, secure cells (SKIFs) and how to make the equipment to give you a properly “Energy Gapped” system. But obviously not how to defend the system from a “black bag job” (physical attack prevention security). The level of work required and cost I’ve not mentioned because it would shock most people in that it would be in most cases greater than that required for a sizable home extension… The last non domestic one I was involved with required the equivalent of a 1960’s “bomb shelter” / “Survival Bunker” excavations and grounds remodelling. Sufficiently large for two of the largest vehicle shipping containers on four foot deep reinforced slab foundations and 12ft top protection with full water proofing etc. Yes some commercial organisations do require such instalations which is why some 1980’s “Civil Defense” nuclear bunkers have sold for as much as they have as they represent a real bargin cost wise.

Leon Theremin September 1, 2022 10:37 PM

Ptychographic X-ray Laminography; No trade secret or hardware trojan can hide!
https://spectrum.ieee.org/chip-x-ray

Every cell transmitter, phone and computer must be inspected. Silicon Trojans must perish.

Deeply Embedded Cores with Software Defined Radios must be neutered.

Clive Robinson September 2, 2022 8:23 AM

@ Leon Theremin,

“Deeply Embedded Cores with Software Defined Radios must be neutered.”

Do you actually know what a “Software Defined Radio”(SDR) actually is as a hardware component?

I suspect not…

Put simply it is an Analog to Digital Converter, that is directly connected to a Turing Engine or as others call it a CPU.

All the radio functionality is done via various algorithms running on the CPU.

The first system of that type I was involved with the design and production of was a Piccolo Modem based aroind a Z80 8bit CPU and a couple of A to D chips of which only 4bits each were used.

That was back in the later half of the 1980’s. My next forray into SDR was to design a Digital IF followed by a TMS DSP chip which was controled by a 6502 6bit chip.

What I did was design a “Digital Oscillator” driving a counter that fed the higher address bits of a 1nS RAM chip, the lower address bits were driven by a low bit depth (4bits) A to D that was built using high speed Video Amps (like Op Amps but a whole lot faster at the time).

I used the RAM chip as a lookup table, with the Data bits in part feeding back to the address bits. It in effect catd as a pair of high speed multipliers that output two “over sampled” ouput streams in a form that fed directly into a DSP chip.

The important thing to note is not that I was some smart arse boy genius, but that with a little inventive thinking almost any bit of digital hardware can become part of an SDR and you might not recognize it for what it is.

For instance few realise that a D Type latch has an ouput which is a very good over sampled output ewuivalent to a mixer / multiplier. Put it into a digital counter and the ouput is effectively integrated, and if you feed that into a D to A converter you get a very very good sinewave at the difference frequency between the D-Type CLK input and the D input.

Knowing just that and how “Single Side Band Suppressed Carrier”(SSB-SC) is generated enables you to rewrite it as a state machine. A little more work and a low cost microcontroler can be programed to produce the envelope signal and frequency/phase signal to drive a high efficiency Class E amplifier.

As they say “The Proof is in the pudding” and you can buy such a device quite cheaply,

https://ae5x.blogspot.com/2022/01/incoming-trusdx-kit.html?m=1#more

Winter September 2, 2022 8:39 AM

@Clive

Put simply it is an Analog to Digital Converter, that is directly connected to a Turing Engine or as others call it a CPU.

Maybe you should start with explaining that a “radio” is nothing but a variable voltage (signal) on a length of conductor (antenna).

Clive Robinson September 2, 2022 9:31 AM

@ Winter,

Maybe you should start with explaining that a “radio” is nothing but a variable voltage

Actually voltage has little or nothing to do with it[1] as it’s to do with the movment of charge.

Which in turn creates a current, that has a varying value on where you are on the conductor due to Standing Wave Ratio on a non resonant or frequency indipendent impedence antenna such as a transmission line antenna.

Only at resonance do the capacitive and inductive impedences cancel and the “resistance” alow you to calculate the voltage from the current… But… The resonant impedence is still not what you would measure with a DC Voltmeter. As there is Q Factor and Radiation Resistance to be considered along with the calculated imoedence you are along the resonator.

If you take a half wavelength at resonance wire and break it and measure the transmisson line effective resistance it varies from around 12.5 to 200 ohms depending on orientation and hight above ground. It’s assumed to be “current fed” and in most cases you would expect 50 to 100 ohms with an ideal of 72ohms.

However feed it at the end and theoretically it’s infinity and “voltage fed”. In practice it’s not because the radiation resistance is related to the diameter of the wire. As a first approximation this resistance is in parallel, so a thin wire could be 5000ohms and a cage of thin wires about 8inches in diameter would be around 800ohms. The lower that resistance in effect the more broadband the antenna is (look at the antenna elements on the Russian Woodpecker OTHR and they are several feet in diameter).

So you hear people arguing if they should use a 36:1, 49:1 or 64:1 transformer, and they mostly do not appreciate that it has to match the effective impedence and, have an input winding inductive impedance of around five times the transmission line impeedence. That creates all sorts of problams with broad band transformers that you will find a 50-300pf capacitor across the primary winding.

Then there are “non resonant” “Random Wire” length Antennas. With out going into fairly dull details a non resonant wire over a quaterwave in length will be between 150 and 600 ohms impedence thus a transfotmer to give a 300 or 450 ohm impedence generally works fine.

I could also go into “Off Center Feed”(OCF) antennas but if you realy want a primer on those,

‘https://rsars.files.wordpress.com/2013/01/study-of-the-ocf-dipole-antenna-g8ode-iss-1-31.pdf

It will give you a “first aproximation” on resonant antennas.

Winter September 2, 2022 9:49 AM

@Clive

Actually voltage has little or nothing to do with it[1] as it’s to do with the movment of charge.

Chicken-egg problem. The common way to move charge ist to set up a potential difference, ie, voltage. But if you drive charge into a conductor, you get a voltage anyway.

All the rest is “details”. Heinrich Herz was able to send and receive radio waves using just sparks and a loop of wire.

‘https://en.wikipedia.org/wiki/Heinrich_Hertz

Clive Robinson September 2, 2022 1:56 PM

@ Winter,

“Heinrich Herz was able to send and receive radio waves using just sparks and a loop of wire.”

Just barely, not even across the room. In fact we now know that most of his early experiments would have been well inside the “near field” which many engineers know as “trouble” for various reasons (in part because the E and H fields are in the process of becoming correctly aligned).

It was not untill he was generating EM radiation up around 66.6cm that he could clearly demonstrate the polaristion of dipole radiators in paradolic reflectors.

Oh and the voltages he was generating for his experiments were well on the scary side of the near certain death terminator.

Back in the 1970’s for fun a school friend and I reproduced some of his experiments as well as those of some of his Victorian successors. It was kind of scary knowing we were generating high power microwaves in the centimetric range and trying to measure things with Lecher lines with fluorescent tubes on top as “wavemeters”.

Leon Theremin September 3, 2022 4:25 PM

@Clive

Thanks for the explanation, albeit that message is just optimized for maximum keyword stuffing to increase discoverability, so we are just going to talk past each other.

The theory behind silicon trojans that enable microwave weaponry are less of interest to me right now than the fact that they are being deployed and used to harm society – both by enabling covert access to computers/phones and by causing non-ionizing radiation burns on bodies.

The criminals causing Havana Syndrome on innocent civilians don’t need to know how to make the weapons, they just point and click.

The victims shouldn’t need to acquire an Electrical Engineering degree to know how to defend themselves or bring about public disclosure of these crimes so that collective action can solve the issue.

For low cost “energy shielding” against microwaves, covering an area with bottles full of salty/brine water is an option – the more the better.

power hack remote September 3, 2022 8:45 PM

any interest in: all kinds of astronomy, related to:

remote apc ups trigger by over power on standard COTS. no powerchute etc.

DETAILS: chome fizz box, apc ups xxx, website [not saying] maybe hack power, trigger problematic brownout style issues, could tell because a fan motor acted strange, like a transformer about to go, zzzzzz. Happened today 827pm

How can microcontrollers, etc, contribute to this, maybe?

othe example: intel IHA, hub controller, 1999, in dell 8100xps, seen issues in person before.

Clive Robinson September 6, 2022 2:31 AM

@ Winter,

Re : Charge is the thing.

Chicken-egg problem. The common way to move charge ist to set up a potential difference, ie, voltage.

No, the voltage or more correctly “the potential difference” is not a physical thing, it is caused by the difference in charge between any two points. It’s why “static electricity” can give you one heck of a shock.

Many people even technicians make the mistake of believing it has some kind of actuality like charge.

Which is why they come unstuck with alternating current (charge) circuits and true and apparent power. As well as the diference between resistance and impedance, likewise “displacment current”.

All of which leads on to other problems, have a look at,

http://www.w8ji.com/mobile_and_loaded_antenna.htm

To see why it can be a bit of a nightmare when people think voltage is something that can be a physical object.

Winter September 6, 2022 3:29 AM

@Clive

No, the voltage or more correctly “the potential difference” is not a physical thing, it is caused by the difference in charge between any two points.

Unless it is electromagnetic induction, aka, electrical generator, or a chemical (redox) potential, aka battery.

Clive Robinson September 6, 2022 9:04 AM

@ Winter,

“Unless it is electromagnetic induction, aka, electrical generator, or a chemical (redox) potential, aka battery.”

Then it’s “Electromotive Force”(EMF) not “Potential Difference” it’s very important to know the difference as EMF can be twice PD due to maximum power transfer.

The Institite of Radio Enginers and the IEEE measure antennas by means of power transfer.

You should know that,

Pwr = I^2 R

Therefor,

R = Pwr / I^2

The feedpoint resistance of an antenna at resonance is considered to consist of two parts,

1, Radiation Resistance
2, Loss Resistance

Of which only the loss resistance is “ohmic” thus produces heat in the antenna. The radiation resistance is illusory except in terms of energy coupled into the environment the antenna is in. What makes up Radiation Resistance is complicated but an idea dipole center fed is expectedd to be 73ohms in free space, a monopole would be half that or 36.5ohms. Which also means that the efficiency is worse, and yes a 1/4 wave radiator is less efficient than a 1/2wave radiator. But radiation resistance unlike loss resistance is not ohmic, you can only measure it by power transfer not power disipation.

What you have to remember is,

1, Volts is the name of the unit of measure.
2, EMF is the force created by the movment of charge.
3, Potential Difference is the difference in stored charge between two capacitors or similar devices.
4, EM radiation is caused by the acceleration / rate of change of charge over a unit length and is usually measured as Volts per meter.

Winter September 6, 2022 10:36 AM

@Clive

Then it’s “Electromotive Force”(EMF) not “Potential Difference” it’s very important to know the difference as EMF can be twice PD due to maximum power transfer.

A force is the derivative of a potential.

All in all, this is just juggling words. Whenever you move charges, there is some kind of potential difference and vice versa. Whether you call it “charge movement”, EMF, osmosis, redox potential, or voltage is utterly immaterial for a radio transmitter.

Clive Robinson September 6, 2022 7:00 PM

@ Winter,

“All in all, this is just juggling words.”

No it’s not the words have meaning, misunderstanding them causes all sorts of problems including myths about the magic of inductors in straight wire antennas.

“Whether you call it “charge movement”, EMF, osmosis, redox potential, or voltage is utterly immaterial for a radio transmitter.”

That’s where you are wrong. Charge can be moved but not radiate an EM signal.

As I said earlier,

“EM radiation is caused by the acceleration / rate of change of charge over a unit length”

If there is no rate of change then you have no EM radiation.

Put more simply a rate invariant movment of charge, provides a “Direct Current”(DC) which does not produce an EM / RF carrier as there is no change in either the E or H fields.

Winter September 7, 2022 7:51 AM

@Clive

No it’s not the words have meaning, misunderstanding them causes all sorts of problems including myths about the magic of inductors in straight wire antennas.

Re: voltage

My original quote:

Maybe you should start with explaining that a “radio” is nothing but a variable voltage (signal) on a length of conductor (antenna).

For a short moment I even got to doubt myself. But a little searching helped me out. This is indeed just juggling words, voltage or current. In a RF circuit you have a varying [1] voltage driving a current. You cannot have the one without the other in such a circuit.

‘https://ham.stackexchange.com/questions/18527/what-comes-first-voltage-or-current

An antenna has loss resistance and radiation resistance. Current and voltage together over these resistances cause the antenna to radiate (and heat up).

and later

The causality you mention does not exist. Stop thinking about it that way. An antenna captures some (very small) power from the electromagnetic field and transfers it to the feedpoint. To transfer power, both current and voltage must be nonzero. One does not cause the other, but they are related by the feedpoint impedance.

And, indeed, Heinrich Herz did generate EM waves using an inefficient, high voltage setup. But he did generate and receive EM waves.

[1] Varying, that is, with a non-zero second order time derivative.

Clive Robinson September 7, 2022 10:01 AM

@ Winter,

There is a reason why the fundemental SI “defining constant” of electricity is the “Elementary Charge”(e) which is positive for the proton and negative for the electron,

https://en.m.wikipedia.org/wiki/Elementary_charge

As e is such a physicaly small qiantity (1.602176634×10−19 of a Columb) a larger more practical unit of charge the Columb”(Q) is used.

You will note that the “base unit” for electricity is the Ampere expressed as so many particles of electrical charge in a given time.

Voltage as such is not a base unit but a derived unit. But the reality is a “voltage” unlike charge does not exist as a physical item, because it is a “relative unit of measure” between two points.

In fact there is a simple experiment using two metal plates and a very high impedence voltmeter that you can do that shows that simply moving one plate changes the voltage (so it can not be a physical item but an effect of moving a physical item which is the elementry charge).

I could go on and show that an electromagnetic wave is neither voltage or current but the result of a rate of change of moving charge. So if you were to move one of those metal plates fast enough then a part of the work you are doing would become an EM signal.

If you look up a “Parametric Amplifier” using Varactor diodes you will find that is in effect how it works. As such it is one of the lowest noise amplifers there is because it effectively just uses reactive components that only store charge they do not convert it to heat energy by ohmic heating.

Oh and with regards Heinrich Herz’s earliest experiments, what he probably demonstrated was “capacitive” or “magnetic” coupling not EM radiation (look at what goes on in the “near field”).

Winter September 7, 2022 12:25 PM

@Clive

You will note that the “base unit” for electricity is the Ampere expressed as so many particles of electrical charge in a given time.

However, the Ampère is not the unit that is used to drive electronic circuits.[1] Electronics are driven by voltage. And your primacy of the unit of charge is irrelevant to how to drive electronics.

[1] Moreover, the Ampère can still not be measured accurately, the voltage can.
‘https://www.nature.com/articles/d41586-022-01994-4

The standard unit of electric current, the ampere, is one of the seven base units in the International System of Units. But measuring a current exactly in amperes is not an easy task. In fact, in 1990, attempts to pin down the ampere were abandoned in favour of using the volt (which measures voltage) and the ohm (which measures electrical resistance) as primary electrical units1

Clive Robinson September 7, 2022 1:15 PM

@ Winter,

However, the Ampère is not the unit that is used to drive electronic circuits.

The current flow in the output circuit of both valves/tubes and semiconductor is how the output of the circuit is defined.

I could take you through the design process for not just valves/tubes but most semiconductors from little Class A amps all the way up to clase H amps, as I’ve designed all of them and even invented a couple of circuits along the way in over four decades of working in electronics.

To be not just quite honest but blunt as well you made a wrong call and now do not want to admit that you are wrong.

That is not my problem but…

Winter September 7, 2022 4:24 PM

@Clive

To be not just quite honest but blunt as well you made a wrong call and now do not want to admit that you are wrong.

I simply do not understand what your problem is.

I wrote

Maybe you should start with explaining that a “radio” is nothing but a variable voltage (signal) on a length of conductor (antenna).

Heinrich Hertz did send and receive the first EM transmissions using a high voltage and pieces of wire a century ago. It is basic physics. I claimed nothing more.

So what is your point? That you build radio transmitters that are much more complex and much more efficient? Yes, that is a century of progress. Hertz’ “transmitter” was ruefully weak and inefficient. That you create electronic circuits driven not by voltage? Why not? That is progress too.

But that is all not needed to get RF transmissions. Just a varying voltage driving a piece of conductor will do, as Hertz showed.

Clive Robinson September 7, 2022 11:21 PM

@ Winter,

“I simply do not understand what your problem is.”

Because you do not understand EM transmission or antennas, or I guess basic physics.

They are all about “work” that is energy over time, voltage is nothing what so ever to do with energy or time it is a relative measure of charge difference between two points.

What matters in transmission line theory and in practice in most radio systems is impedence, loss, length, and the effective wavelength.

As for Hertz, yes his later experiments did eventually use EM radiation, but high voltage had little to do with it.

As for basic physics ask yourself a question of how AC current moves through a coupling capacitor or transformer?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.