Restoring trust in the network: The silicon perspective

By now, it seems safe to assume that most people have heard of Edward Snowden and are familiar with the spying accusations that have been leveled against the National Security Agency (NSA). One of the accusations points the finger squarely at US tech companies. A New York Times article claimed that businesses, including software, hardware, and semiconductor companies, cooperated with the NSA to undermine user privacy and security by deliberately building vulnerabilities and backdoors into their products. Whether the accusations made in the New York Times story are true, false, or exaggerated, US technology companies shouldn’t expect the perception to go away on its own.

Given the national security implications of compromised networked communications, protectionist reflexes are poised for action. Just as Chinese telecommunications companies have been blocked from selling critical infrastructure systems in some Western countries due to alleged back doors, evidence is emerging that US technology companies are facing a tougher business environment overseas (see this story about Cisco and the NSA effect). If other nations perceive American companies to be pawns of the US intelligence agencies, they may discourage their citizens and corporations from buying American products or prohibit them in critical infrastructure applications. US technology companies have to fight distrust with logic and transparency. A good example that this is occurring is Microsoft’s announcement that its products would use encryption more extensively, and expand source code reviews by requesting governmental authorities.

Unnamed US semiconductor manufacturers were also implicated in the New York Times article. Speaking as a semiconductor professional, I have considerable skepticism that US intelligence agencies would want back doors in widely used commercial processors. A back door in silicon can’t be removed; there is no plausible deniability or remediation once the vulnerability is discovered. QorIQ communications processors are used in networking and cellular infrastructure worldwide — and there’s no doubt that the NSA is aware of the prevalence of QorIQ processors in critical infrastructure worldwide. Secret monitoring ports or ‘kill switches’ in QorIQ processors would be the cyanide capsule of the Internet; and the NSA knew (even before Snowden) that secrets don’t remain secrets.

QorIQ processors epitomize the multi-national nature of modern technology. QorIQ devices are complex systems on a chip, with subsystems designed in the USA, Canada, India, and Israel, with various aspects of manufacturing taking place in the USA, China, Malaysia, South Korea, and Taiwan. Supporting firmware is developed in China, India, Romania, Canada, and the USA. Our technologies and spirit of problem solving comes from many nations to be sold to many nations to make communication faster, cheaper, and due to the inclusion of encryption acceleration in all QorIQ processors, private.

Encryption provides privacy, but only if you trust the system to protect the keys. One problem we saw coming years ago is the topic of this blog; how do you make a system trustworthy? To that end, my international colleagues and I architected and implemented the QorIQ platform’s trust architecture. Since 2008, QorIQ processors have been shipping with the capability to detect and block execution of surreptitiously modified code. In addition to this ‘secure boot’ capability, QorIQ processors also support secure debug, external tamper detection, and hardware secret keys. We are doing everything we can reasonably do in commercially oriented embedded processors to make the job of ALL attackers as difficult as possible.

Protectionism and fear mongering are not solutions to the loss of trust in technology companies (or governments) the world over. Trust is regained through verification, and innovative technology solutions like the trust architecture can provide the silicon roots of verification (and therefore trust) which are prerequisites to hardened networking (and network connected) systems.


Geoffrey Waters
Geoffrey Waters
Geoff Waters serves as a Distinguished Member of Technical Staff, covering high-end multi-core products and trusted computing for the Digital Networking group. He leads the Trust Architecture user’s group, and is a regular contributor to the MultiCore for Avionics (MCFA) working group. When Geoff is not working on security acceleration and hardware roots of trust, you'll find him on the river competing in canoe ultra-marathons and kayak races.

Comments are closed.

Buy now