[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: trusting the processor chip



>> By NSA standards, it is simple.  NSA has probably had its own
>> semiconductor  fabs for 30+ years.
>Yep. Regardless of whether the fabs are government property or not,
>it's a sure thing that some contractors have appropriately SCIFfed
>fabs and appropriately cleared staffs.

There's an interesting Moore's Law wrinkle to this.  Not only
does processor speed double every 18 months, but the cost of the
chip fab plant for each generation of technology also doubles.
Intel's building some $2B plants now, and who knows what the
x886 CPU and 256MB memory fab plants will cost.  While the costs
are somewhat lower for a low-volume plant than a high-volume one,
at some point it will be much harder (as a percentage of their
total budget) for the NSA to stay ahead of the power curve,
and they'll have to switch over to designs like highly-custom
applications on commercial FPGAs and such.

And "appropriately cleared staffs" are also harder to find as
the chip business internationalizes.  Back when I was a tool
of the military-industrial complex, I was working on an RFP that
had a heavy-duty "buy American" policy, not only for economic
protectionism but to make sure that UnAmerican Foreigners didn't
subvert the designs for critical components to add security leaks.
For instance, the controller chips for disk drives, and raw EPROM.
We eventually got them to let us use imported commercial
products as long as any design and construction that was actually 
specific to the customer was done in the US, on the assumption that
the Singaporean Espionage Service wasn't going to put back-doors in
all the disk drives their city exported, and the Korean CIA
wasn't going to put extra pins in their EPROMS that would replace
the contents with hacked versions designed to steal US Secrets :-)
#					Thanks;  Bill
# Bill Stewart, [email protected], +1-415-442-2215