We do need to replace hardware. Here’s why, and what hardware:
The ASIC’s that run Ethernet interfaces are by and large now made in the PRC.
So let’s say you have an Ethernet chip (either on the mo-bo, or on a NIC card in the PCI). How do you know what logic is in the chip? As long as it performs the Ethernet role properly, how do you know that is ALL that is on that chip?
So here’s how you mount a massive attack that can’t be fixed with software patches:
You create a packet that is forwarded to the NIC/chip that has the correct L2 frame information - let’s say you’ve padded the Ethernet frame with additional information above and beyond the IP payload. The IP stack is going to look at only the IP datagram size, not the whole Ethernet frame. Or let’s say you turn on a particular set of bits in the Ethernet header, which then reads a L2 payload on only specific packets - and this starts the attack sequence.
How much extra stuff could you fit on a chip the size of an Ethernet chip? Oh man... I could have a whole small computer in there. Most of the CPU’s today have much of their die space taken up with FPU’s, cache and memory controllers. If all I wanted was a programmable controller to execute a few instructions to attack the network (or worse, sniff the network and kick interesting packets back out to a capture node), that would not take much logic at all.
How would you know that your Ethernet chipset has this additional logic?
Well, maybe you’d get lucky by fuzzing the Ethernet fields and frames... and maybe you wouldn’t/couldn’t. You could pull the silicon out of the carrier and look at it under a microscope and reverse-engineer it to insure that all that was on the silicon was, in fact, an Ethernet controller.
But the government probably won’t do that. They’ll start pulling equipment off secure networks and insisting on “brand X, revision n.m” specifications for known good Ethernet controllers.
BTW — this idea for an attack has occurred to several of us who are former cisco engineers and employees. We’ve been asking ourselves “why would the Chinese be counterfeiting only interface cards....?” there have been several scandals in DoD purchasing recently where the GSA order has been filled with either counterfeit low-end routers, or a cisco box stuffed with counterfeit line cards.
The solution, ultimately, is to revert to Cold War thinking: for secure comm in the 80’s, I remember that it used to be a requirement for DoD projects that the devices come from certified US companies in US plants, especially CPU’s and any device that created EM emissions. We need a certified secure compute, network and interface hardware platform...
Is it plausible to think that our gung-ho free trade principles, regards Red China, et al, could be used against us?
Yea, TEMPEST specs. Heard of it.
Pulling all that back together is going to take a little time since we've spent a lot of time outsourcing technology to our enemies for cheap prices and cheap labor.
Still mitigation can come sooner with a little more thought. Replacing the OS is a prime place to start. Since an OS like Linux is open source, government can verify its security and tailor it for their needs. As for on-board Ethernet, replacement cards (from a reliable source - including the chipsets) can still be plugged in and the on-board chips disabled. Oh and encryption. We should never hear stories about DoD laptops being stolen that have unencrypted data storage, regardless of the department they're assigned to.
Overall though, it will require a retooling of our information equipment procurement process and suppliers.
Good point.