Krista's Coding Corner

07.06.2014

Offtopic: Sleepless nights with tinfoil hat

60 years since Alan Turing’s death.

For this “celebration” I’ll write about secure computers. As we seem to have a lack of them.

Computers in the market are quite like black boxes: you can’t know that has gone inside of them. Our computers are infested with modern parasites called backdoors and (deliberate) security holes.

So, maybe creating your own computer could make the difference here. I’m not talking about buying readymade processors, motherboards and so on. I talk about really building your computer from scratch (ie. electrical components such as resistors).

There are many projects that design or build these logic ports into computers, like this: http://hackaday.com/2011/01/20/intermediate-concepts-building-discreet-transistor-gates/

However, mostly these computers just calculate couple of numbers OR are using somewhat complex and complicated components to get more capable systems. But where to draw the line when stating something is safe and something else is not snooping proof?

My current opinion is that you should use as simple building blocks as possible to prevent snooping. If you only have resistors and maybe even transistors, changes are that your system is in the component level too complex to monitor. Those components are small, so it would be hard to add any extra snooping parts into them. And even if there was something, you really don’t do too much with the information one transistor is giving, and one transistor can’t mislead your computer that much.

I feel that there is no point spying logic gates as they are quite stupid and simple: no real info coming from there as they only come powerful if you have many of them working together. Keeping that in mind, FPGA (Field-programmable gate array) could be the answer as no-one probably is interested in soldering thousands of chips by hand (computers need A LOT of components to work in any meaningful level...).

FPGA is a digital microchip that contains thousands and thousands of logic gates which can be programmed into any combination wanted. The problem with these is that they are hard to debug as the amount of combinations where your code almost works is almost limitless. For example: two signals don’t come to a specific logic gate in exactly the same (wanted) time, creating false results. However, this is a great feature if you want something snoop proof: think someone trying to get some sense from the noise of all your gates! There just is terrible amount of gates babbling all sorts of things all the time and only small amount of that has any real meaning, and the meaning comes from changing combination of different gates in different times. (There are always tons of signals coming and going and the user is interested only in a fraction of them).

After getting the hardware you need to program your own processor. This can be done with using one of the hardware description languages (like VHDL, Verilog or SystemC). I can assure you: this is probably the hardest part of this kind of a project.

You should build the processor so that it can be tested from outside that it is doing exactly what you want, nothing more and nothing revealing. This means using tons of math and some electrical engineering to check the outputs with different inputs. For example the processors in smart cards are tested like this because in the past there were security problems with the amount of time the processor took to encrypt some data (because of bad coding). By measuring how long it took to encrypt different pieces of data, the smart guys could figure out how the chip worked and what was the secret key. (I know, some people just have some crazy skillz).

Connections to the world around your computer are tricky: you can’t use Ethernet chips as they absolutely are not secure. Also some cables (like VGA) and of course displays are also a (big) risk.

https://en.wikipedia.org/wiki/NSA_ANT_catalog

https://en.wikipedia.org/wiki/Tempest_(codename)

(*here some solution I hope we will figure out*)

One thing still, even this post has already come way too long: be careful with your compiler, it may not be your friend! http://cm.bell-labs.com/who/ken/trust.html

Commit log

- 13.08.2014 Added offtopic to the title.

blog comments powered by Disqus