Clive Robinson • October 14, 2019 5:20 AM

@ ,

With regards the wired article you will find,

As dangerous as their invention sounds for the future of computer security, the Michigan researchers insist that their intention is to prevent such undetectable hardware backdoors, not to enable them. They say it's very possible, in fact, that governments around the world may have already thought of their analog attack method.

Only it's not "governments" it was people on this blog quite some years back. Have a search for @RobertT and "capacitance" he described some much cleverer varients, with @Nick P and myself.

But also you will find in the article,

"Detecting this with current techniques would be very, very challenging if not impossible," says Todd Austin, one of the computer science professors at the University of Michigan who led the research. "It's a needle in a mountain-sized haystack." Or as Google engineer Yonatan Zunger wrote after reading the paper: "This is the most demonically clever computer security attack I've seen in years."

Actually it's not that clever when you think aboit it, any student who has ever played with an NE555 timer as a retrigerable monostable used in many circuits will have used a capacitor as an integrator to triger a level change in a logic circuit. It's the repurposing of an old idea in a new way that makes them think "It's bleeding obvious... Why didn't I think of that" it's a sign that the idea has come of age in a broader market place.

But Todd Austin is wrong about detecting it, it is actually quite easy to spot, and I've said as much and described in some detail how to do it on this blog and other places some years ago now...

The first thing to keep in mind is that in the French language the same word means both safety and security. Thus the French way of thinking does not distinguish the ideas into unrelated domains as much as do those in the English language way of thinking[1].

The big problem with computer security is we "build pyramids not boats". Our thinking is skewed to believe that you can only build on secure foundations. It's not true, boats for millennia have got along fine without any foundations, and the water they float on is in no way stable or secure. A moder side view of this was Elon Musk and his landing barge for rockets, atleast in his case he could point at aircraft cariers to show he was not mad.

What if we decide not to have our compiter design process be one of Castles on bed rock, but warships on water? The English Tudor king Henry VIII found he could build a navey and thus set England on a course to become the worlds formost maritime nation and build an empire that covered the globe.

That is there are great possabilities in thinking mobile castles. Leonardo De Vinchi, drew up designs for such things, but his idea did not realy become part of military thinking during WWI with the invention of the armoured car that became the tank. Which again opened up significant possabilities and changed the face of land based warfare for ever.

Ask your self are there ways we could use a mechanism thought as for safety to one we can use for security?

The answer is look in the area of reliability. Unreliable systems are either "not dependable" or "dependable for a limited time". New York Telephone realised that if you could monitor an unreliable system and detect when it was going wrong and switch it out rapidly for a working system then you could keep a circuit in operation whilst you replaced the defective component. Thus the idea of fault tolerant systems began to be used.

The problem was detecting when a unit was starting to fail, eventually this gave rise to the idea of "voting systems" which NASA did not invent but certainly made famous.

Some years ago now I realised that redundant fault tolerant systems were infact "boats" from the security aspect, and that "fault" also covered malware. That is an idea for Safety works just as well for Security, to which some might rightly say "but of course, why would you think not".

It became a small but essential part of my "Castles-v-Prisons" idea which you can search for on this blog to find conversations about it.

The problem thus has a known solution...

Thus the question now is who takes on the Sisyphean task of pushing the idea over the group think mental entropy hump?

As I've noted over the years a great many ideas on this blog are discussed and solutions possed several years prior to both industry and academia even realising they should be looking at them, as for Governments, you hear that squeaky noise way way behind, that's the wheel they are to busy greasing with pork fat rather than replacing. Because they are still doing things the way their Grandpapy did, because in their conservative view "What was good enough for Grandpa, is good enough for me" (mind you Grandpapy was pretty quick at grabbing brown envelops behind his back ;-)

[1] A point I've made before, is that our primary language we learn when very young befor we are two forms the way we think. There is evidence of this with "tone deafness" and language where languages such as some Asian ones that depend on pitch to convey infomation. Speakers of such languages are considerably more likely to be "pitch perfect" across the population. It's why I think the fact that the number of native languages decreasing is actually harming the world by reducing the number of different ways people see and think about the world.