<pie_>
securitywise, why is power9 even a thing? is everyone too distrustful of intel so now the US needed to rebrand?
<pie_>
MichaelRaskin: i dont suppose we could permute the instruction set
<MichaelRaskin>
pie_: well, permuting the instruction set is indeed full emulation…
<MichaelRaskin>
pie_: I guess it is easier to separate the backdoor layer from scratch than to fix the Intel ME mess and the restrictions on free software firmware
<pie_>
MichaelRaskin: sorry, im being ubnclear, why is a large US corporation interested in removing the backdoor layer
<MichaelRaskin>
I didn't say _remove_. I said separate. Without all the broken interfaces and rampant layering violations.
<pie_>
ok, i asked like that semi-deliberately :) wasnt sure
<pie_>
doh, i should have just asked if you used that word choice deliberately
<pie_>
so what does it get them doing it like this? they get to selectively re-add the backdoor layer later?
<MichaelRaskin>
I am not claiming what ratio of the current shipments has non-zero backdoor layer. Maybe not 100%. Maybe some batches have 0% — we don't really know
<MichaelRaskin>
But Intel ME is just bad design and broken in interesting ways etc.
<pie_>
so we're buying into the more high tech backdoors? ;PP
<MichaelRaskin>
Meh, high-tech backdoors are just manipulations of silicon doping levels ensuring very very high cost to detect (harder than mere topology mapping!) and reasonable success rate of arbitrary code execution from NIC DMA
<pie_>
yeet
<pie_>
i wish i was so lucid about this stuff
<pie_>
what youre saying does seems to match the ambient feeling but i dont suppose you could point out any papers or something?
<pie_>
on that note, do you think its reasonable to use highly reconfigurable hardware as a mitigation for backdoors? its someting ive been wondering about for a while
<MichaelRaskin>
I am not actually good at the gory details
<pie_>
if you have a sufficiently flexible mapping as a softcore to sayan fpga
<pie_>
* to, say
<MichaelRaskin>
Papers… should be easy to look up
<MichaelRaskin>
Well, one was mentioned by Schneier
<pie_>
also yeah thats the funny thing about discrete systems, its enough to flip the right bit and you can probably do whatever you want
<pie_>
and theres...a lot of bits around
<MichaelRaskin>
Reconfigurable hardware… remember how user control of Xbox was made possible because crucial key was sent in plain over high-speed bus?
<MichaelRaskin>
Maybe if your data is never in memory (or in CPU) as a large almost-usable chunk…
<MichaelRaskin>
(which could be done on pure software, by the way)
<MichaelRaskin>
Of course, motherboard-level extra-hidden-chip backdoor can just log all input and leak it via network without caring too much about CPU at all
<pie_>
i acctually dont know the details of the xbox hacks but nice
<pie_>
not sure what your hinting at with the scrambled memory stuff
<MichaelRaskin>
(and no, you do not want my level of knowledge: not high enough to reliably write cryptography implementations, but high enough to require a specific set of personality traits to avoid depression out of pure despair)
* pie_
pats MichaelRaskin
<pie_>
on that note theres gotta be some stuff out there about how to do this stuff right
<pie_>
closest ive gotten that was dense was cliverobinsons posts
<MichaelRaskin>
Re: RAM scrambling — well, you should always consider the threat model, of course.
<MichaelRaskin>
But modern HW has so much ill-constrained DMA…
<MichaelRaskin>
That you might as well assume that RAM is readable by adversary (if you are talking about hardware backdoors in the first place!)
<MichaelRaskin>
(just in case: I seem to be good enough at compartmentalisation to avoid truly destructive levels of despair)
<MichaelRaskin>
(I do try to keep habits that allow considering 100kb/s internet connection good enough)
<pie_>
on a darker note, the cold truth http://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf ". Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine [...] f your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://"
<pie_>
Im really bad at compartmentalization....advice accepted
<pie_>
ive seen your weird hex usernames :P
<MichaelRaskin>
Yes, that's a part of compartmentalisation — I have inboxes separated by topic
<MichaelRaskin>
With different logins and passwords, yes, because I don't expect any weaker separation not to be messed up by software of modern software quality
<pie_>
mickens would be wrong under the circumstances that widespread defense is actually feasible, but i dunno
<MichaelRaskin>
Well, if Mossad wants your death and knows about it, it won't even bother with communication intercept
<MichaelRaskin>
On the other hand, don't forget that Israel has also made The Classic Mistake. They had really well-designed communication encryption scheme and they used it in an army operation. There was a minor problem, though. The adversary was chaotic enough that _the only_ possible information it would want to intercept was army positions… and encrypted radio communication leaks this information just fine.
<MichaelRaskin>
On the carrier level, you know
<MichaelRaskin>
Radio fox hunting is an old and respected sport, after all.
<pie_>
hehe
<pie_>
you can substitute mossad with $AGENCY
<pie_>
but yeah something something metadata kills
<pie_>
what even is information flow
<pie_>
at least having read that i now know that Infrmation Flow (Control) is the term for something ive been looking for
<MichaelRaskin>
One could try to build a secure multi-layer-filtering system if US, China, Taiwan, India and Russia _just_ put backdoors in everything they can reach. The problem is they put backdoors and then (succesfully) steal keys from each other.
<pie_>
i dont understand wat you put in the first part
<pie_>
didnt know thres infotmation out about the econd part?
<MichaelRaskin>
Well, one could try to build a multi-architecture system requiring consensus of multiple systems. And to protect systems from attack one could try to put filters running on different architecture and passing through only data that is understood and identified as probably benign.
<MichaelRaskin>
As for putting backdoors — well, NSA/RDRAND story is even mentioned in Wikipedia
<pie_>
ahh, yeah i was pondering brnging consensus into this, but wheww, seems like layering complications no matter what you do
<MichaelRaskin>
Well, filtering and slightly shaking up data could be a useful thing…
<pie_>
i meant information about agencies cross staling keys (from the us)
<MichaelRaskin>
EternalBlue was considered «nobody but us» class exploit by NSA
<pie_>
what did that do again?
<pie_>
firewall bypass?
<MichaelRaskin>
A mere exploit against one more Windows SMB protocol problem
<pie_>
ah
<MichaelRaskin>
Doesn't really matter — huge impact exploit was stolen from NSA staging servers
<MichaelRaskin>
There are all indications that NSA didn't manage to report the bug to MS once exploit was stolen
<MichaelRaskin>
When it was included in a publically traded exploit set, NSA did report the vulnerability, but it was a bit too late
<MichaelRaskin>
Judging from Wikipedia, current official US narrative is that both Russia-backed _and_ China-backed groups stole the exploit, but only threat of public disclosure forced NSA to disclose the vulnerability