Re: data diodes

From: Charlie Strauss <cems_at_earthlink_dot_net>
Date: Sun Dec 03 2006 - 22:33:01 CST

I'm replying only to your comment and not to the general concept that
verifiability is hard there fore one wants to have something like a
data diode and dumb systems that engineers can prove are not
corruptable.

However if you do want to have some sort of assurance process for a
Z-80 or some particular thing it may be possible to tag and seal it
in useful ways. To give one example, at the time of manufacure, x-
ray it, then put a glitter tag epoxy on it and shoot a photo or
hologram. THings like this have been used to protect nuclear
weapons. Glitter tags are thought to be very resistant to forgery.

One still has to have some sort of chain of custody at the point of
manufacture, but at least you have reduced the problem to a single
point of concern.

One is of course not validating the Z80 in the field in an
engineering way, just validating the seal.

Now if you wanted to validate this in the field, one could look at
the RF emission of the "Z80" in the field. In the specific
situations you prescibe, an imposter Asic, I would anticipate a very
strongly different signature.

However, a simpler approach, that would fool, this radiation
signature would be to take advantage of one of the unused opcodes on
the Z80 to have it read an internally stored program. Then it would
be a genuine Z80 most of the time. Of course now you have moved the
problem to a software trigger which might be revealed. A more
significant problem with this approach is that while making a custom
ASIC as you first suggested is plausible, it's a different matter to
make a custom Z80. It would take a lot of resources to gather the
required masks and production methods. I'd be inclined to worry
about out possibilities.

As for validating the Data Diodes or vactrols this does not seem too
difficult.

On Dec 3, 2006, at 9:01 PM, Ronald Crane wrote:

> I am not a Luddite, but I know that it's possible to embed the
> equivalent of
> "bad guy magic" in electronic systems. Please show me how you would
> tell the
> difference between a real Z80 CPU and one that's labelled the same
> but that
> contains an ASIC that emulates a Z80 -- and that adds a few "extra"
> features
> that are activated by, for example, keying the phrase "Open Sesame" in
> MSB-first ASCII into the A0 line using 12V 2-nsec pulses with 10-
> nsec gaps?
>
> Please be specific about the time, people, and other resources you
> would need
> to discover this newt's-eye's-worth of "bad guy magic."
>
> -R
>
> On Sun, 3 Dec 2006 19:42:23 -0800, Ed Kennedy wrote
>> Hello:
>>
>> About Luddites: I tend to follow the 7/8ths rule. If I can
>> convince approximately that many people, I usually just ignore the
>> remaining
>> 1/8th.
> ...
>>> From: "Ed Kennedy" <ekennedyx@yahoo.com>
>>> Date: Sat, 2 Dec 2006 13:29:18 -0800
>>> Subject: Re: [OVC-discuss] data diodes
>>
>>> Hello Charlie:
>>
>>> The problem is simply a one of confidence. The devices you propose
>>> are probably very efficient and trouble free. However, one needs
>>> to be
>> able
>>> to take a pointer to the device and say, "See that little thing
>>> there?
>>
>> Hmm, you'll never convince the real luddites. If it's electronic,
>> they believe it can have bad guy magic in it.
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Dec 31 23:17:04 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST