nach oben

Open Access 2018 | Open Access | Buch

The Huawei and Snowden Questions

Can Electronic Equipment from Untrusted Vendors be Verified? Can an Untrusted Vendor Build Trust into Electronic Equipment?

verfasst von: Prof. Dr. Olav Lysne

Verlag: Springer International Publishing

Buchreihe : Simula SpringerBriefs on Computing

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Inhaltsverzeichnis

Über dieses Buch

Preliminary

This book is open access under a CC BY 4.0 license.

This book answers two central questions: firstly, is it at all possible to verify electronic equipment procured from untrusted vendors? Secondly, can I build trust into my products in such a way that I support verification by untrusting customers? In separate chapters the book takes readers through the state of the art in fields of computer science that can shed light on these questions. In a concluding chapter it discusses realistic ways forward.

In discussions on cyber security, there is a tacit assumption that the manufacturer of equipment will collaborate with the user of the equipment to stop third-party wrongdoers. The Snowden files and recent deliberations on the use of Chinese equipment in the critical infrastructures of western countries have changed this. The discourse in both cases revolves around what malevolent manufacturers can do to harm their own customers, and the importance of the matter is on par with questions of national security.

This book is of great interest to ICT and security professionals who need a clear understanding of the two questions posed in the subtitle, and to decision-makers in industry, national bodies and nation states.

Inhaltsverzeichnis

Frontmatter

PDF

Open Access

Chapter 1. Introduction

Abstract

In September 2007, Israeli jets bombed what was suspected to be a nuclear installation in Syria. Apparently, the Syrian radar that was supposed to warn about the attacks malfunctioned in the critical time interval prior to the Israeli attacks. Eventually, an alleged leak from a US defence contractor suggested that a European chip maker had built a kill switch into its chips. The radar may thus have been remotely disabled just before the strike took place (Adee, IEEE Spectr 45(5):34–39, 2008) [1].

Olav Lysne

PDF Zum Volltext

Open Access

Chapter 2. Trust

Abstract

A relationship between a buyer and a seller of electronic equipment is one of trust. The buyer of the equipment trusts the seller to deliver the equipment on time, with the right quality, and at the agreed price. Usually the buyer also has to trust the seller to provide support and security updates for the lifetime of the product. The focus of this book is somewhat unusual, since we are not concerned with price, quality, or technical support. Rather, we study the relationship between the seller and the buyer under the assumption that the seller might want to use its position as the equipment provider for purposes that are directly opposed to the interests of the buyer. From this position, the notion of trust between the equipment provider and the buyer of the equipment takes on a very different flavour.

Olav Lysne

PDF Zum Volltext

Open Access

Chapter 3. What Is an ICT System?

Abstract

The full complexity of the information and communications technology (ICT) systems that we use every day is hard to fathom and it spans at least two dimensions. First, if I were to send an e-mail to my colleague in the office next door, the process easily involves more than a hundred devices over two continents. On its way from my computer in Norway to the mail server I use in the United States, it will traverse routers and switches in several countries. Each of these routers and switches will be dependent on several other components just to determine the next hop on the path towards the recipient of the e-mail.

Olav Lysne

PDF Zum Volltext

Open Access

Chapter 4. Development of ICT Systems

Abstract

An example from 2015 illustrates how compilers can be used to spread malware. Xcode is Apple’s development tool for iOS applications. Attackers added infectious malware to Xcode and uploaded the modified version to a Chinese file-sharing service. Chinese iOS developers downloaded the malicious version of Xcode, compiled iOS applications with it and inadvertently created infected executables, and then distributed these infected executables through Apple’s App Store (Reuters: Apple’s iOS app store suffers first major attack, [9]). This technique has allegedly long been known to the CIA (The Intercept: CIA campaign steal apples secrets, [5]), who has been claimed to have exploited Xcode to add malware to iOS applications.

Olav Lysne

PDF Zum Volltext

Open Access

Chapter 5. Theoretical Foundation

Abstract

What computers can and cannot do has been a long-standing topic in the foundation of computer science. Some of the pioneers of the field had a strong background in mathematics and, in the early days of computing, worked on the mathematical formulation of the limits of computation. The work led to the notion of decidability. Informally speaking, a question that can be answered by either yes or no is decidable if a computer can compute the correct answer in a finite amount of time.

Olav Lysne

PDF Zum Volltext

Open Access

Chapter 6. Reverse Engineering of Code

Abstract

The ability to reverse engineer a product has been important for as long as technology has existed. A vital activity in most branches of industrial design and production has been to acquire samples of the products sold by competing companies and pick them apart. Understanding the engineering done by your competing opponents can shed insight into the strengths and weaknesses of their products, reveal the engineering ideas behind their products’ features, and fertilize and further improve the innovation that goes on in one’s own company.

Olav Lysne

PDF Zum Volltext

Open Access

Chapter 7. Static Detection of Malware

Abstract

In the search for research fields that can shed light on our issue of checking a piece of equipment for unwanted functionality, static malware detection stands out as the most obvious candidate. Malware detection is as old as malware itself and its main goal is to discover if maliciously behaving code has been introduced into an otherwise clean system by a third party. In this chapter, we consider techniques that are static, in the sense that they are based on investigating the code rather than a running system. We will return to dynamic methods in a later chapter.

Olav Lysne

PDF Zum Volltext

Open Access

Chapter 8. Dynamic Detection Methods

Abstract

The static detection of malware has celebrated successes over the years, but obfuscation techniques have deprived static methods of many of their advantages. The Achilles heel of obfuscated code is that, however difficult to read and understand, it has to display its actions when executed. Dynamic methods for malware detection exploit this fact. They execute the code and study its behaviour.

Olav Lysne

PDF Zum Volltext

Open Access

Chapter 9. Formal Methods

Abstract

Mathematical reasoning is the foundation of most engineering disciplines. It would be unthinkable to construct a ship, bridge, or building without first making a mathematical model of the design and calculating that the design satisfies relevant requirements. Such models are used in the exploration of the design space, in quality assurance processes during construction, and in certification processes.

Olav Lysne

PDF Zum Volltext

Open Access

Chapter 10. Software Quality and Quality Management

Abstract

All engineering disciplines have notions of product quality. Along with these notions come mechanisms and best practices ensuring that, for a given product, each item of the product has a specified quality. Furthermore, we are used to thinking that the most critical of these quality metrics are absolute. If the product fails to meet these absolute quality metrics, the customer might have legal claims on the producer. Such quality breaches are therefore expected to be relatively rare in most engineering disciplines.

Olav Lysne

PDF Zum Volltext

Open Access

Chapter 11. Containment of Untrusted Modules

Abstract

In previous chapters, we established that the problem of fully verifying information and communications technology (ICT) equipment from an untrusted vendor is currently not feasible. As long as full and unconditional trust does not prevail in the world, we will have to build and maintain digital infrastructures consisting of equipment we do not fully trust and equipment consisting of modules we do not fully trust.

Olav Lysne

PDF Zum Volltext

Open Access

Chapter 12. Summary and Way Forward

Abstract

In this book, we have asked the following question: What if one or more of the providers of the core components of an information and communication technology (ICT) system are dishonest? This question has been actualized by recent discussions and events, such as the Snowden revelations, the discussions that have taken place in many Western countries on the inclusion of equipment from Chinese providers into telecommunications infrastructures, and the case of Volkswagen cars having electronics recognizing that they were being tested for emissions.

Olav Lysne

PDF Zum Volltext

Titel: The Huawei and Snowden Questions
verfasst von: Prof. Dr. Olav Lysne
Verlag: Springer International Publishing
Electronic ISBN: 978-3-319-74950-1
Print ISBN: 978-3-319-74949-5
DOI: https://doi.org/10.1007/978-3-319-74950-1