Down low...too slow! IBM is TranScalar Systems

The Advent of Malicious Circuits | Beyond the Beyond from Wired.com

(((There's a new one. You bake the malware right into the hardware, then release the hardware into the wild. With keystroke loggers, spamware and trojans built right into the chip itself, you're home-free against software-based detection.)))

(((How do you get victims to buy your subverted chips, though? That one seems pretty obvious: product forgery. Sell 'em your China-based Appl3 H-phone. If the price is right, they'll go for it -- and with the fraud money you'd pull down from a scheme like this, you could give the hardware away -- even pay fools to take it.)))

Many moons ago, I started working on a novel about a brainwashed super-agent. (Who bears an eerie and entirely accidental resemblance to Jason Bourne, of whom I was blissfully ignorant at the time. Not that he was entirely original; just that he was more like a mashup of Piers Anthony's "agents" and Graham Greene's "Professor D." But that's beside the point.) He would have been hoodwinked into joining, then trained and brainwashed and turned into a psychotic robot to be sent out on dangerous missions, then brought back and brainwashed again for the next job. (That's the part I cribbed from Anthony.) My first sketches on that idea date to the summer of 1980. They're pretty bad. In summer and fall of '80, I worked through two drafts of a novella that outlined that character and situated him relative to the great technical bureaucracy that I imagined him serving, and ultimately defying, like a cancer cell.

The character stuck in my brain and I started fleshing out the parts of the idea that had to do with how you would organize a great invisible intelligence enterprise. I'd created a pretty coherent vision of how the whole system worked and started sketching some much better stuff as long ago as 1984; I'd settled on the idea that his "master" was a sentient but profoundly alien AI as early as about 1988 or so; by early 1992, I'd worked out how the system-monster communicated without being noticed, by hiding its traffic as noise packets on the Internet; more sophisticated messages could be "book-coded" in Usenet messages. By 1995, while working at Kodak, I merged that nightmare vision with another, based loosely on the legend of Volund/Wayland Smith, and concocted a grand, long-range story of a conflict between two new sentiences, once accidental, the other planned, and neither seeming very human. The driver on the "planned" side was a small but powerful firmware vendor called TranScalar Systems, who designed chips for communications applications. Their chips were in everythign, and spyware was in all their chips. That gave their sentient monitoring system absolute control over dat streams (as long as the government-owned monster didn't realize it was there).

I'd done almost all of this while being more or less completely ignorant of cyberpunk. I didn't read any Gibson until about 1999, no Sterling until '98. So on the one hand, I reinvented some wheels. On the other, I had some ideas that I now know never really got much traction. The Sprawl trilogy, for example, is thick with deeply alien AIs, but that vision never caught on -- the moder post-cyberpunk transhumanist AI is cloyingly human, as a rule.

Since then, one by one, most of the stuff I dreamed up has hit the mainstream. In 1998's The Saint, Simon uses a Usenet-based "book code" to trade messages regarding his contracts. Jason Bourne, who'd been there all along, of course, entered my consciousness in the early oughts. And now I learn that the idea of hardware-embedding malware is finally making the mainstream. I'm a visionary without visible portfolio. It's my own damn fault for not writing it earlier, of course.

Shadow_modeFrom Usenix:

Abstract

Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hardware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses.

We present the design and implementation of Illinois Malicious Processors (IMPs). There is a substantial design space in malicious circuitry; we show that an attacker, rather than designing one speci?c attack, can instead design hardware to support attacks. Such ?exible hardware allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware.

We show two such hardware designs, and implement them in a real system. Further, we show three powerful attacks using this hardware, including a login backdoor that gives an attacker complete and highlevel access to the machine. This login attack requires only 1341 additional gates: gates that can be used for other attacks as well. Malicious processors are more practical, more ?exible, and harder to detect than an initial analysis would suggest.

1 Introduction

1.1 Motivation

Attackers may be able to insert covertly circuitry into integrated circuits (ICs) used in today’s computerbased systems; a recent Department of Defense report [16] identi?es several current trends that contribute to this threat.

First, it has become economically infeasible to procure high performance ICs other than through commercial suppliers. Second, these commercial suppliers are increasingly moving the design, manufacturing, and testing stages of IC production to a diverse set of countries, making securing the IC supply chain infeasible. (((Uh-oh.))) Together, commercialofftheshelf (COTS) procurement and global production lead to an “enormous and increasing” opportunity for attack [16].

Maliciously modi?ed devices are already a reality. In 2006, Apple shipped iPods infected with the RavMonE virus [4].

....

Using modi?ed hardware provides attackers with a fundamental advantage compared to softwarebased attacks. Due to the lower level of control offered, attackers can more easily avoid detection and prevention. The recent SubVirt project shows how to use virtualmachine monitors to gain control over the operating system (OS) [11].

This lower level of control makes defending against the attack far more dif?cult, as the attacker has control over all of the software stack above. There is no layer below the hardware, thus giving such an attack a fundamental advantage over the defense.

Although some initial work has been done on this problem in the security community, our understanding of malicious circuits is limited.

IBM developed a “trojan circuit” to steal encryption keys [3]. By selectively disabling portions of an encryption circuit they cause the encryption key to be leaked. This is the best example of an attack implemented in hardware that we are aware of (...)

Indeed, a single hardcoded attack in hardware greatly understates the power of malicious circuitry. This style of attack is an attack designed in hardware; nobody has designed hardware to support attacks. The design space of malicious circuitry is unexplored, outside of simple, specialpurpose, hardcoded attacks. Responding to the threat of trojan circuits requires considering a variety of possible malicious designs; further, it requires anticipating and considering the attacker’s countermoves against our defenses. Without such consideration, we remain open to attack by malicious circuits....

 

Comments

vancouver app development

To keep it interesting and readable, hire a copywriter who excels in writing that is highly accessible, simple and interesting. When you get the Mobile Design Starter Kit, you get all that you need to get the party began . With these apps you will be asked various questions. Thanks to Burnaby mobile app, Richmond android development this PC application has become on mot phones. The Mobile design Starter Kit is such a software that offers you all the themes and scenarios you need to build any app you want.

Vancouver Android Development

Our development team could develop most kind of mobile applications meant for android and IOS system include samsung, iphone, ipod, ipad and mac book??. http://www.vancouverandroiddevelopment.com/