In October 2018, Bloomberg published an article making unsubstantiated claims about a supply chain breach in servers.
The story, which Bloomberg stands by but is widely regarded as wrong, draws attention to a significant issue: our technology infrastructure is undergirded by a global supply chain that could be compromised by malicious actors.
This got me thinking about hardware secure enclaves such as:
- Intel Trusted Execution Technology (Intel TXT )
- Intel Software Guard Extensions (Intel SGX)
- ARM Cryptoisland, which includes features for secure manufacturing, implemented as Cryptocell
Today’s show dives into issues around supply chain security and related technologies. My guests are Greg Shipley, Deputy Director at Cyber Reboot, an In-Q-Tel Lab; and Justin Wilder, Vice President at In-Q-Tel.
Our conversation aims to:
- Provide a high-level overview of TXT, SGX, etc., and why they matter
- Explore how the market has (attempted) to implement some of these approaches, what has worked, and what hasn’t
- Examine what trusted execution or similar measures look like in the routing and switching world
- Propose some ideas on how to move the whole thing forward
Sponsor: InterOptic
InterOptic offers high-performance, high-quality optics at a fraction of the cost. If you’re not doing optics correctly, you’re going to pay for it upfront (and then later too). Don’t be fooled by lesser optics. The difference between generic third-party and brand-equivalent optics matters. Go to InterOptic.com to learn more.
Sponsor: Cumulus Networks
By building innovative data center products with Linux, Cumulus offers unprecedented interoperability, agility and scale, and makes integrating your open source software with your proprietary software seamless and efficient. To learn more about Cumulus’ open source philosophy and contributions, head to cumulusnetworks.com/openpod.
Show Links:
Intel® Trusted Execution Technology (Intel® TXT) Overview – Intel
Intel® Software Guard Extensions (Intel® SGX) – Intel
Cryptoisland Family – ARM
Couldn’t the Bloomberg article be referring to the BCM?
I think its difficult to be certain as the article is badly written from a technical point of view. My reading is that the unproven Bloomberg article is focussed on the BMC but misunderstands the actual likelihood of hijacking.
This presentation talks about how difficult it is and that it is _possible_ but unlikely and unreliable.
Link: Response: Modchips, Hardware Implants and Bloomberg falsehoods – EtherealMind – https://etherealmind.com/response-modchips-hardware-implants-and-bloomberg-falsehoods/