[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec hardware accelerators (Rainbow warning)

To: wyu@ConsumerInfo.Com
Subject: Re: IPsec hardware accelerators (Rainbow warning)
From: John Gilmore <gnu@toad.com>
Date: Tue, 21 Jan 1997 02:32:41 -0800
cc: ipsec@tis.com, graydon hoare <admin@multinet.net>, gnu@toad.com
In-reply-to: <199701201924.LAA18380@dns1.ConsumerInfo.Com>
Sender: owner-ipsec@ex.tis.com

> There is a compnay called Rainbow Technologies.  They lcoated in Irvine 
> California.  They provide a hardware encrytion solution for this problem.  
> Can somehow the hardware solution and software solution combind together?

Thanks for the pointer.

One "hardware encryption solution" Rainbow provides is the Clipper Chip.
(Rainbow bought Mykotronx in 1985.)  The Clipper Chip and its follow-on
products are not compatible with the IPSEC protocols, because they use
an undocumented encryption algorithm and because they are designed to 
undermine rather than provide secure operation.

Rainbow's Mykotronx "Internet Security Group" also offers a
"CryptoSWIFT" PCI board that accelerates public-key protocols.  This
board might be useful for the high-level IPSEC key agreement protocol.
It isn't advertised to help with the low-level packet encryption,
though their beta-site form says they'll add DES and 3DES in 1997.
The board is now in alpha or beta test.

However, Rainbow's press release of December 12th announces support
for the "Key Recovery Alliance" and specifically mentions the board.
That and their long history with Clipper and NSA mean that company
statements that the board provides "Secure key generation and storage"
should be taken with a large grain of salt.

It's much harder to validate the security of the guts of an ASIC than
it is to validate a software key generator.  And you can easily
compare the binary of the production key generator code to your
validated version, while you can't examine the guts of each ASIC
except by physically destroying it.  Techniques are known for
"leaking" private keying information from a subverted cryptographic
processor chip, in ways that cannot be detected except by
eavesdroppers who know the secrets embedded in the chip.
Rainbow/Mykotronx have a long history of collaboration with NSA on
classified projects designed to subvert the information security
of users.

Rainbow's 1996 Q3 10-Q form (www.sec.gov) notes:

    Revenues from information security products [Mykotronx - gnu]
    for the three and nine months ended September 30, 1996 remained
    consistent and increased by 6%, respectively, when compared to the
    same periods in 1995.  The Company continued to experience low
    growth rates due to the slower than anticipated deployment of
    network security products within the government.

I.e. Clipper/Capstone/Fortezza aren't proving to be popular products.

    Gross profit from information security products for both the three
    months and the nine months ended September 30, 1996 was 19% and
    16% of revenues compared with 21% and 23%, respectively, for the
    corresponding periods in 1995. The decrease in gross margin was
    due to the change of mix from predominantly product contracts to
    principally less profitable research and development contracts.

These R&D contracts might well include research on building chips that
"leak" private information.  Such features would be relatively easy to
transfer from Fortezza chips into chips that do standard public-key
algorithms.  (See also the Baltimore Sun articles from December 3-13,
1995, on how NSA subverted Swiss company Crypto AG's products for many
years.  Senior Crypto AG officials stated throughout that their
products were secure and untampered.)

It *may* be possible to use untrustworthy chips to build secure
systems, if you only use documented encryption algorithms and don't use
the chips to generate any keys or random numbers.  A first step would
be to only use such chips for predictable (software-duplicatable)
operations, and check some tiny percentage of the transactions by
rerunning them in software.  The chip may still be subverting your
security in other ways (e.g. broadcasting your private key at radio
frequencies on unused pins in the hope that a spook with TEMPEST
monitoring gear is nearby).

If any working group members know of useful hardware crypto
accelerators available from non-US companies (for the world market),
please let me know.  I'd like to see hardware acceleration supported,
but not using US-only and/or likely-subverted products.

	John Gilmore

References:

Re: IPsec DES slowdown

From: "Wayne Yu" <wyu@ConsumerInfo.Com>

Prev by Date: Re: IPsec and TCP
Next by Date: Re: IPsec and TCP
Prev by thread: Re: IPsec DES slowdown
Next by thread: Re: IPsec hardware accelerators (Rainbow warning)
Index(es):
- Main
- Thread