cynicalsecurity is a user on bsd.network. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

I am going to share a thought here which is inappropriate for the birdsite simply because it would be RT’d endlessly without any understanding of its meaning.

What struck me in a particularly harsh way yesterday at Real World Crypto is the “fashionable research” syndrome.

Allow me to elaborate: the papers presented all had “side-channel” in them. Side-channel is the fashionable security of the ‘10s.

Indeed, very exciting, but now that is literally all that is being looked into!

There is no concept of the underlying (overlaying?) issue, i.e. assuming the CPU is trustworthy is now considered a mistake.

I would posit that the above has been known for a long time in reliability scenarios: a fabled controversy of the ‘90s had Europe vs. USA on avionics. European companies (Airbus) insisted that “majority consensus”
over three different computer architectures & independently developed software was a key requirement.The US (Boeing) behind Dartmouth said “one suffices”.

The Airbus reliability and dependability team was adamant about the “majority consensus” and Boeing similarly on “one suffices”. In the end they went their own ways but, big but, in my mind there is always the LaudaAir flight over India where the computer turned on the thrust inverters at 35k feet. It was a Boeing. I feared the AirFrance crash off Brasil was a similar issue until the reports came out and it was, unfortunately, human error.

What Airbus is doing is saying: I trust nobody.

cynicalsecurity @cynicalsecurity

To ensure that things happen how we want them we run three computers with different hardware and software developed by independent companies to the same specifications. Then we test them to these specs. Then we run them comparing each other’s output and taking majority decisions should there be a dissenting opinion.

This is the model I sought with the Chimaera Processor: you have different cores using different architectures, if your syscall() output differs then you have a problem.

What I strongly suspect is that getting these side-channel attacks to work even across two architectures would be a phenomenal challenge.

Please excuse the rant but I hope that, unlike the birdsite, you understand that I am looking for a real solution not a whack a’ mole oneZ

@wxcafe it has been a known technique in forever: it was used on the Saturn V at a gate-level, i.e. all logic gates were in triplicate, including the voter. I am using Airbus & Boeing as examples as people can still relate to them in practice.

@cynicalsecurity The reliability/redundancy theme is reflected in the first paragraph of Paul Kochers ACM article:

In 1967, the Silver Bridge collapsed into the Ohio River during rush hour. Instead of redundancy the bridge used high-strength steel. The failure of a single eyebar was catastrophic. Today's computing devices resemble the Silver Bridge, but are much more complicated. They have billions of lines of code, logic gates, and other elements that must work perfectly.

@cynicalsecurity Hm article seems to be paywalled but it’s strongly recommended! Also expands on the topic of cost-benefit ratio for adding features in terms of complexity.