Re: data diodes

From: Ronald Crane <voting_at_lastland_dot_net>
Date: Mon Dec 04 2006 - 05:44:12 CST

Emplacing an appropriate manufacturing seal would require a special (and very
expensive) manufacturing process for all hardware components, something I
think voting system vendors are certain to oppose. Also, voting system vendors
probably get most of their components from component vendors (e.g.,
http://www.avnet.com/), not directly from manufacturers.

You're correct about the RF signature of an ASIC emulating a Z80 being
significantly different from that of an authentic Z80. For example, there'd be
much higher-frequency clocks. But you'd have to be looking for this to find it.

You're also correct about it generally being very difficult and expensive to
create a (non-emulated) duplicate of a sophisticated part like a CPU. But
probably an attacker would get away with the ASIC in almost all cases, because
so few people would be looking for such an attack.

As for triggers, there's no reason that one can't broadcast them on the
powerlines or using radio, then embed the appropriate receiver in an ASIC.
Triggers (and even whole malware programs) require very little bandwidth,
because voting machines operate for hours at a time. Therefore they can be
transmitted over very noisy channels, as long as the attacker uses appropriate
error correction.

-R

On Sun, 3 Dec 2006 21:33:01 -0700, Charlie Strauss wrote
> I'm replying only to your comment and not to the general concept
> that verifiability is hard there fore one wants to have something
> like a data diode and dumb systems that engineers can prove are
> not corruptable.
>
> However if you do want to have some sort of assurance process for a
> Z-80 or some particular thing it may be possible to tag and seal it
> in useful ways. To give one example, at the time of manufacure, x-
> ray it, then put a glitter tag epoxy on it and shoot a photo or
> hologram. THings like this have been used to protect nuclear
> weapons. Glitter tags are thought to be very resistant to forgery.
>
> One still has to have some sort of chain of custody at the point of
> manufacture, but at least you have reduced the problem to a single
> point of concern.
>
> One is of course not validating the Z80 in the field in an
> engineering way, just validating the seal.
>
> Now if you wanted to validate this in the field, one could look at
> the RF emission of the "Z80" in the field. In the specific
> situations you prescibe, an imposter Asic, I would anticipate a very
> strongly different signature.
>
> However, a simpler approach, that would fool, this radiation
> signature would be to take advantage of one of the unused opcodes on
> the Z80 to have it read an internally stored program. Then it
> would be a genuine Z80 most of the time. Of course now you have
> moved the problem to a software trigger which might be revealed. A
> more significant problem with this approach is that while making a
> custom ASIC as you first suggested is plausible, it's a different
> matter to make a custom Z80. It would take a lot of resources to
> gather the required masks and production methods. I'd be inclined
> to worry about out possibilities.
>
> As for validating the Data Diodes or vactrols this does not seem too
> difficult.
>
> On Dec 3, 2006, at 9:01 PM, Ronald Crane wrote:
>
> > I am not a Luddite, but I know that it's possible to embed the
> > equivalent of
> > "bad guy magic" in electronic systems. Please show me how you would
> > tell the
> > difference between a real Z80 CPU and one that's labelled the same
> > but that
> > contains an ASIC that emulates a Z80 -- and that adds a few "extra"
> > features
> > that are activated by, for example, keying the phrase "Open Sesame" in
> > MSB-first ASCII into the A0 line using 12V 2-nsec pulses with 10-
> > nsec gaps?
> >
> > Please be specific about the time, people, and other resources you
> > would need
> > to discover this newt's-eye's-worth of "bad guy magic."
> >
> > -R
> >
> > On Sun, 3 Dec 2006 19:42:23 -0800, Ed Kennedy wrote
> >> Hello:
> >>
> >> About Luddites: I tend to follow the 7/8ths rule. If I can
> >> convince approximately that many people, I usually just ignore the
> >> remaining
> >> 1/8th.
> > ...
> >>> From: "Ed Kennedy" <ekennedyx@yahoo.com>
> >>> Date: Sat, 2 Dec 2006 13:29:18 -0800
> >>> Subject: Re: [OVC-discuss] data diodes
> >>
> >>> Hello Charlie:
> >>
> >>> The problem is simply a one of confidence. The devices you propose
> >>> are probably very efficient and trouble free. However, one needs
> >>> to be
> >> able
> >>> to take a pointer to the device and say, "See that little thing
> >>> there?
> >>
> >> Hmm, you'll never convince the real luddites. If it's electronic,
> >> they believe it can have bad guy magic in it.
> >
> > _______________________________________________
> > OVC-discuss mailing list
> > OVC-discuss@listman.sonic.net
> > http://lists.sonic.net/mailman/listinfo/ovc-discuss
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Dec 31 23:17:05 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST