We discovered a huge class of attacks (that can actually induce fires!) on FPGAs. See Chapter 6 of Hadzic's Ph.D. thesis, at http://www.cis.upenn.edu/~boosters/thesis.ps -JMS On Tue, 26 Feb 2002, Richard Masoner wrote: > I'd like to bring up for discussion a topic I don't think I've seen before > -- that of possible vulnerabilities in networking code in hardware > devices. Specifically, several vendors are developing network adapters > with full TCP/IP offload in the hardware. These aren't just cards with a > network stack in firmware; a lot of these actually have the protocol > implemented in silicon. > > iReady <http://www.iready.com> is selling the "iChip," which is targeted > for lower-end, embedded applications. Adaptec and Intel have announced > gigabit network adapters with full protocol offload. Driving these > products is the burgeoning market for network storage (iSCSI in > particular), and the fact that OS protocol handling can gobble up over half > of CPU cycles just to process the incoming network packets. If you offload > protocol handling, you free the CPU for other tasks. From a performance > perspective, it makes perfect sense. > > I'll write to these companies for additional details (and hope for a > response), but my guess is that the protocol is implemented in some sort of > programmable logic on an ASIC, and that these adapters will not be > in-circuit upgradeable. > > The risk I see is the discovery of a vulnerability in these hard-wired > "protocol accelerators." What if a malformed packet could throw these > adapters into an undefined state? In a software TCP/IP stack, you just > patch the operating system and life goes on. What do you do with hardware > that's discovered to be vulnerable to DoS attacks? > > Is there a history of hardware being vulnerable to online DoS attacks like > this? Has anyone discussed this already? > > Regards, > > Richard Masoner >
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 16:09:45 PST