[148332] in cryptography@c2.net mail archive
Re: [Cryptography] Email is unsecurable
daemon@ATHENA.MIT.EDU (Arnold Reinhold)
Sun Dec 1 18:17:30 2013
X-Original-To: cryptography@metzdowd.com
From: Arnold Reinhold <agr@me.com>
In-reply-to: <20131127222511.7ffa1b31@terabyte>
Date: Sun, 01 Dec 2013 18:14:26 -0500
To: Cryptography <cryptography@metzdowd.com>
Cc: Jerry Leichter <leichter@lrw.com>, Benjamin Kreuter <brk7bx@virginia.edu>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Nov 27, 2013, at 10:25 PM, Benjamin Kreuter <brk7bx@virginia.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Wed, 27 Nov 2013 20:00:31 -0500
> Arnold Reinhold <agr@me.com> wrote:
>
>> We need to ask the question: what will it take today and in the
>> future to get hardware we can trust?
>
> The ability to fab our own CPUs in our homes, and to do so using
> minimal computing power (i.e. something you could bootstrap from CMOS
> logic). I would not hold my breath, and this is obviously something
> that only experts would be able to do. A possible compromise would be
> FPGAs, but only if we had a good way to thwart backdoors (e.g. if we
> could randomize the logic in some way).
>
There are other ways to get trusted hardware besides bootstrapping from CMOS logic. Old PC and Macs with non-reprogrammable firmware, booting off of CD-Rs, are unlikely to be backdoored. Maybe with some research we could develop tools for auditing firmware in some more modern PCs. Old Blackberries might be modified and reprogrammed to serve as portable secure e-mail/IM devices, exchanging encrypted data with modern smartphones or PC via bluetooth. Arduino class CPUs have little room for back doors; one could make secure e-mail/IM devices using them that one could carry in a pocket.
I suggested one way to randomize FPGA CPUs in a previous post: scrambling the instruction op codes. Many open source tools are already available that could simplify the task. For example the LatticeMico32 is an open 32-bit microprocessor soft core that runs on FPGAs from several manufacturers. All its instructions have a 6-bit op code (http://www.milkymist.org/socdoc/lm32_archman.pdf) so inserting a 6-bit look up table into the instruction decode might not be that hard. Note that (2^6)! ~= 2^296, so a secret scrambling of the op codes is unlikely to be brute forced. There are only a few classes of instructions in the Mico32 architecture, so it might also be possible and sufficient to just scramble the op codes within each class, without adding any new circuitry. Full open tool chains are available for this CPU, including GCC and several OSs. Adafruit sells a Mojo FPGA Development Board for $80 that includes a Spartan 6 XC6SLX9 FPGA that is capable of running LatticeMico32.
The XC6SLX9 FPGA itself sells for $18 quantity 1.
I'm not a hardware expert, but the bits and pieces for creating open trusted crypto hardware seem to be there.
Arnold Reinhold
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
