Should we discontinue EVMs?

Rahul Mehta · Post by **Rahul Mehta** » 23 Oct 2009 06:59

.

There is one more way to rig EVM.

The company where I work has been developing an equipment. Much of it is outsourced, but we have one lab where two hardware guys do testing, and occasionally I join them. There were some extra useless 8057 chips, and I decided to break them to see what is "inside" them. As expected, the chip was about 5 cm * 1.2 cm wide, but inside the big black chip, the core-chip was just 0.75 cm * 0.75 cm. This small rectangle inside has 40 pins, connected to the 40 pins of the black chip. (This was long before EVM thread started). IOW, some 80% area inside in the black chip is empty.

So one can make a core-chip with 41 pins and one can use the blank area in the chip to put a coiled antenna, which is connected to the 41st new pin. And bingo, you have RF enabled chip to go. And if this chip is in EVM, then EVM is capable of taking candidate number of radio wave.

Raja Bose · Post by **Raja Bose** » 23 Oct 2009 07:16

^^^ Big black chip...core chip....?

I wonder what are you referring to? What is the packaging, what is the IC, what is this core and exactly where are you planning to store your antenna again...on the silicon?

Dileep · Post by **Dileep** » 23 Oct 2009 07:23

Rahul Mehta wrote: 1. DCs dont publish which person withdrew at what time. All they publish is total number of withdrawals. In almost every seat, number of withdrawals are quite large, sometimes as high as 50% of those who file.

You can go and ask the DC's office, right?

2. BEL does not disclose all projects details on web. And BEL must be having 100s of projects for which they order chip. One can use a new project or existing project to order the chip and with co-operation of store-manager, boxes can be swapped within 30 minutes. I dont have a degree in "box placement", but I know from my experience that box replacement is TRIVIAL task.

The point is, it is traceable. If extra chips are ordered, that can be proven. Please do the honours of doing so.

I know from MY experience (and I have disclosed my experience in this regard already) that is it NOT a trivial task.

I have proved that EVMs can be rigged by putting a trojan at gate level design in the chip, and then implementing the chip in such a way that power consumption increases by less than 1%.

I have proved that putting a trojan at gate level is not technically possible.

I have checked with people who work in PCB design as well as manufacturing. They NEVER check gate level design and they only occasionally they do power checks, but as long as chip is within range (1% to 5% of rated consumption), they dont bother. So if rigged chip consumes power that is just 1% more than actual chip, no box-replacement is needed. CIA can simply ask the chip supplier to send rigged chip and since gate level design is not scanned in BEL, the chip will sail thru. And in case BEL has procedure to scan the chip, then and then only CIA has to resort to box swapping. And that too is a trivial task, needs only 30 minutes to replace 25-50 boxes.

Box replacement is NOT a trivial task. I have proved that already

Raja Bose · Post by **Raja Bose** » 23 Oct 2009 08:16

Aha! Now I see the light as to why Mehta ji is claiming that everything is trivial. He is zimbly using the Mathematician's definition of "trivial"! If it can be done in theory, mathematicians claim it is "trivial" (for example cracking the RSA encryption is trivial) - RM ji is just following the same hallowed tradition

And for a person who doesn't know what is a chip and what is not....I am wondering how did he provide a way to hack the gate level design?

Rahul Mehta · Post by **Rahul Mehta** » 23 Oct 2009 15:25

Rahul Mehta wrote:. There is one more way to rig EVM. The company where I work has been developing an equipment. Much of it is outsourced, but we have one lab where two hardware guys do testing, and occasionally I join them. There were some extra useless 8057 chips, and I decided to break them to see what is "inside" them. As expected, the chip was about 5 cm * 1.2 cm wide, but inside the big black chip, the core-chip was just 0.75 cm * 0.75 cm. This small rectangle inside has 40 pins, connected to the 40 pins of the black chip. (This was long before EVM thread started). IOW, some 80% area inside in the black chip is empty. So one can make a core-chip with 41 pins and one can use the blank area in the chip to put a coiled antenna, which is connected to the 41st new pin. And bingo, you have RF enabled chip to go. And if this chip is in EVM, then EVM is capable of taking candidate number of radio wave.

Raja Bose wrote:^^^ Big black chip...core chip....? I wonder what are you referring to? What is the packaging, what is the IC, what is this core and exactly where are you planning to store your antenna again...on the silicon?

Pls see this picture :

http://www.pcmag.com/encyclopedia_term/ ... 417,00.asp

40-pin 8057 we commonly get in market is black ceramic block of size 5 cm * 1.2 cm. Inside this black chip, the actual area which contains silicon (which I refer as core) is only about 0.75 cm * 0.5 cm. Rest of the space is just some ceramic material (package).

Now a team of highly skilled engineers, such as skilled people in M/s Microchip, can implement a core of 41 pins, where 1 pin is connected to coiled radio antenna inside the ceramic core. This way, the chip will be able to get the candidate number over RF.

Now unless someone opens the chip and views it, no one will notice. And I have spoken to people who worked with PCB makers, and all said that no PCB maker has "opening the chip" as standard procedure and they never did it in any of their projects. So if the BEL chief can ensure that no engineer dares opens the chip, and so radio enabled EVM chip will sail thru into EVM.

Dileep · Post by **Dileep** » 23 Oct 2009 19:58

There is no existing technology that can fabricate a radio receiver and a microcontroller on the same silicon chip. The whole premise of integrated radio and microcontroller is thus discredited.

Raising the same discredited point again and again doesn't help.

Tanaji · Post by **Tanaji** » 23 Oct 2009 20:50

Lets give Rahul Mehta some more ideas :

Rahulji, do you know that there is something called a software radio? Basically with that you dont need all the circuitry that a conventional radio receiver requires. <Most of the functions are implemented in software using digital signal processing. All you need is a basic antenna and a small front end circuit, but this is dramatically less complex than a conventional receiver.

Perhaps EVMs are using this?

Search for software radio if you think I am bluffing.

Raja Bose · Post by **Raja Bose** » 23 Oct 2009 22:03

Assuming the antenna is put in the DIP or SOIC and directly connected to the "41st" pin of the MCU IC - are we assuming that we have a perfect receiver with the antenna connected directly to the IC's ADC? Where is the 41st pin going to be placed in a existing IC design of 40 pins and what will it be routed to in the IC? Please give numbers of the sensitivity of the proposed RF antenna inside your packaging and its effect on the MCU operations.

We will tackle the tiny question of manpower involved and processes next, but 1st lets pin (pun not intended!) down the tech details instead of vague hand-waving. If you blur a picture enough even Madhuri Dixit will start looking like Musharraf - something which Mehta ji has been earnestly trying to do over the past umpteen pages of this thread.

On a side note, he is not alone (and perhaps not to be entirely blamed) since he is also a product of the same education which is churning out 1000s of "Computer science/engineering graduates" who indulge in vague hand-waving pseudo science and claim they are doing "engineering" - without ever realizing that "engineering" involves actual work on the ground and not just tossing out vague ideas. This seems to be more way more prevalent in computer science/engineering as opposed to EE/other branches of engineering and pure sciences. After going to a top conference in my field a while back I was highly disappointed at both the quality/relevance of papers and the smug blinkered attitude of a lot of the student presenters who have no realization of the worth of their work (or rather, lack thereof) - perhaps they were all hoping to get into academia somehow and continue their cosy nonsense yet reality will clearly be harsher. The result of that disappointment (which was not surprisingly, also shared by some real knowledgeable people I respect) has led to a new column in IEEE Computer starting this September

vera_k · Post by **vera_k** » 27 Oct 2009 22:18

Relevant to this thread. The article posits that trojans cannot be ruled out unless chips are manufactured in a secure facility.

http://www.nytimes.com/2009/10/27/science/27trojan.html?_r=1&8dpc

Despite a six-year effort to build trusted computer chips for military systems, the Pentagon now manufactures in secure facilities run by American companies only about 2 percent of the more than $3.5 billion of integrated circuits bought annually for use in military gear. That shortfall is viewed with concern by current and former United States military and intelligence agency executives who argue that the menace of so-called Trojan horses hidden in equipment circuitry is among the most severe threats the nation faces in the event of a war in which communications and weaponry rely on computer technology.

A recent White House review noted that there had been several “unambiguous, deliberate subversions” of computer hardware.

The United States has used a variety of Trojan horses, according to various sources.

All the more reason to add a paper trail to the EVMs. If the Americans are having so much trouble keeping Trojans out of their equipment, our odds are worse given that the chips are not manufactured in secured Indian facilities.

Dileep · Post by **Dileep** » 28 Oct 2009 07:38

Some new info.

The EVMs used for the bye-elections in Kerala are the same machines used for the Lok Sabha elections, as the 6 month time os preservation is over.

What about the state elections that just got over? Were they ran on the used machines?

If so, the great RM theory of modulo-5 goes out of the door. He said use once only.

Pranav · Post by **Pranav** » 28 Oct 2009 07:42

It is interesting, some people on this thread argued, we have to trust, what about all the chips in the defense equipment etc etc ...

Well, here is what happens in defense equipment:

But as military planners have come to view cyberspace as an impending battlefield, American intelligence agency experts said, all sides are arming themselves with the ability to create hardware Trojan horses and to hide them deep inside the circuitry of computer hardware and electronic devices to facilitate military attacks.

In the future, and possibly already hidden in existing weapons, clandestine additions to electronic circuitry could open secret back doors that would let the makers in when the users were depending on the technology to function. Hidden kill switches could be included to make it possible to disable computer-controlled military equipment from a distance. Such switches could be used by an adversary or as a safeguard if the technology fell into enemy hands.

A Trojan horse kill switch may already have been used. A 2007 Israeli Air Force attack on a suspected partly constructed Syrian nuclear reactor led to speculation about why the Syrian air defense system did not respond to the Israeli aircraft. Accounts of the event initially indicated that sophisticated jamming technology was used to blind the radars. Last December, however, a report in an American technical publication, IEEE Spectrum, cited a European industry source in raising the possibility that the Israelis might have used a built-in kill switch to shut down the radars.

(From article cited above by vera_k)

Rahul Mehta · Post by **Rahul Mehta** » 28 Oct 2009 08:47

Dileep wrote:There is no existing technology that can fabricate a radio receiver and a microcontroller on the same silicon chip. The whole premise of integrated radio and microcontroller is thus discredited.

I did not say that same "silicon" has both MC and radio wave receiver or antenna. Pls re-see the diagram I posted in my post at http://www.pcmag.com/encyclopedia_term/ ... 417,00.asp

In a typical 40 pin 8057, the black chip is of size say 5 cm * 1.25 cm of which silicon inside it is only of .5 cm * .5 cm. The rest of the space is big enough to add one more silicon chip inside it and have a coiled antenna. This black chip will externally look same as usual 8057 but will have capability of getting radio signals.

---

Raja Bose: Assuming the antenna is put in the DIP or SOIC and directly connected to the "41st" pin of the MCU IC - are we assuming that we have a perfect receiver with the antenna connected directly to the IC's ADC? Where is the 41st pin going to be placed in a existing IC design of 40 pins and what will it be routed to in the IC? Please give numbers of the sensitivity of the proposed RF antenna inside your packaging and its effect on the MCU operations.

What is numbers of sensitivity? People have already made 2 mm * 2 mm sized circuits with coiled antenna capable of receiving and sending it back. The send distance is small, but in EVM there is no send and hence non-issue. The empty space inside the black ceramic chip is almost (6 - 0.25) sqm. This is more than enough to put a circuit that can receive radio waves and send it to MC chip inside.

Manpower etc are non-issue. The CIA has enough scientists/engineers to make such chip. And AFAIK, BEL may not even procedure to open the chip and verify it --- no PCB maker opens chips. And if BEL does have such procedure, then only "box replacement" is needed and it is do-able with co-operation of store chief of BEL.

-----

Dileep wrote:The EVMs used for the bye-elections in Kerala are the same machines used for the Lok Sabha elections, as the 6 month time os preservation is over. What about the state elections that just got over? Were they ran on the used machines? If so, the great RM theory of modulo-5 goes out of the door. He said use once only.

In any election, some old EVMs get thrown out and new ones are brought it. The EVMs can have required trojans. Also, CIA is smart enough to follow a thumb rule that "add only 10% of total polled votes to favorite candidate" and no more, as explicit rigging will expose the scam. So yes, if 10% addition doesnt help, favorite candidate may lose. In place like keral, even 2% addition is enough. So even if 2% of the EVMs used were new, that would be sufficient. So Kerala-byelection has no bearing on modulo-5 or rig-once-only.

The modulo-5 was an example to PROVE that a trojan that favors Congress is possible, there are many logics one use. And "rig once only" and modulo-5 or rigging logics are not connected. It is possible that EVM would change its type after one use, and so next time too, it would rig but the rigging constant is different.

Rahul Mehta · Post by **Rahul Mehta** » 28 Oct 2009 08:57

vera_k wrote:All the more reason to add a paper trail to the EVMs. If the Americans are having so much trouble keeping Trojans out of their equipment, our odds are worse given that the chips are not manufactured in secured Indian facilities.

Paper trail is only a graceful way of killing EVMs. Because the paper-ballot is the paper trail. So once you have "paper", the only advantage EVM offers is 20 second delay. That can be achieved by a stamping machine with counter and no memory to store votes. So once you have paper trail -- long live EVM. Also, putting paper trail will mean making NEW EVMs from scratch as existing EVM does not seem to have ports. Plus, the printers will get stuck too often and would cause too many glitches. And once election are over, where will will you keep printers? In store room for another 6 months to 2 years? Trust me, if 7 lakh printers is left unused for 2 years in store, at least 1 lakh would rust away.

------

Pranav wrote:It is interesting, some people on this thread argued, we have to trust, what about all the chips in the defense equipment etc etc ... Well, here is what happens in defense equipment:

====
But as military planners have come to view cyberspace as an impending battlefield, American intelligence agency experts said, all sides are arming themselves with the ability to create hardware Trojan horses and to hide them deep inside the circuitry of computer hardware and electronic devices to facilitate military attacks. In the future, and possibly already hidden in existing weapons, clandestine additions to electronic circuitry could open secret back doors that would let the makers in when the users were depending on the technology to function. Hidden kill switches could be included to make it possible to disable computer-controlled military equipment from a distance. Such switches could be used by an adversary or as a safeguard if the technology fell into enemy hands. A Trojan horse kill switch may already have been used. A 2007 Israeli Air Force attack on a suspected partly constructed Syrian nuclear reactor led to speculation about why the Syrian air defense system did not respond to the Israeli aircraft. Accounts of the event initially indicated that sophisticated jamming technology was used to blind the radars. Last December, however, a report in an American technical publication, IEEE Spectrum, cited a European industry source in raising the possibility that the Israelis might have used a built-in kill switch to shut down the radars.

Which is why one of the law I have proposed says that ALL equipment Military, PSU etc will use (10 years after the law passes) will have only 100% made in India chips/PCBs . And using made-in-US chips in EVMs is biggest foolish=corrupt decision one can think of. In other places, if the made-in-US chip has trojan, the equipment failure will at least create a doubt. Where as in EVM, there is NO counter-proof to prove that EVM chip has played foul play.

vera_k · Post by **vera_k** » 28 Oct 2009 12:51

Rahul Mehta wrote:Paper trail is only a graceful way of killing EVMs. Because the paper-ballot is the paper trail. So once you have "paper", the only advantage EVM offers is 20 second delay.

An EVM paper trial does not need to reproduce the entire ballot paper, and so is not as wasteful as the real thing. And the paper trail will be used only in cases of dispute. Not every constituency, and not every booth per disputed constituency would have to be manually counted. Booth level manual counting can take care of suspicions of the type raised by Mohan Rawale where he found he got 6 votes in a booth that polled for Shiv Sena in the last election.

You are right of course that the current stock of EVMs would have to be replaced with models that include a printer.

Rahul Mehta · Post by **Rahul Mehta** » 28 Oct 2009 18:56

vera_k wrote:An EVM paper trial does not need to reproduce the entire ballot paper, and so is not as wasteful as the real thing. And the paper trail will be used only in cases of dispute. Not every constituency, and not every booth per disputed constituency would have to be manually counted. Booth level manual counting can take care of suspicions of the type raised by Mohan Rawale where he found he got 6 votes in a booth that polled for Shiv Sena in the last election.

You are right of course that the current stock of EVMs would have to be replaced with models that include a printer.

The paper cost was minor issue. If there are 20 candidates, the ballot with printing would cost less than 50 paise per ballot, Rs 500 per booth (one booth has 1000 voters and need one EVM today). The existing EVM costs Rs 10000 and is good for only 10 years = 7 elections at most including possible midterm polls and by-elections. With printer, it would cost at least Rs 2000 extra and printer would be good only for 2-3 years. Also, the cost of verifying printer before each election will be significant. And which printer would you use? Dot matrix printers can be horribly unreliable. eg I go to my local bank 12 times a year to get passbooks printed and at least 1-2 times, the printer is down !! Thermal and laser printers are reliable, but then cost further goes up.

Now in booth, all one candidates needs to do is to send 2-4 voters, who will press "Congress" and then ask him to scream saying that they had pressed "BJP" !! Now who is right, voter or machine? If you assume that EVM is fraud-proof, then where is the need for paper trail? And you say that voter is right, then what do you do? Cancel the poll in that booth? So paper trail is good ONLY if there is openness and option of retracting. In voting we have no openness and we dont allow retract. So paper trail is good for nothing.

And in some 20% election, margin is thin may be below 2%. So they will all go recounting.

Paper trail will - sau hute khyae aur sau pyaj bhi.

It is just a graceful way of killing EVM.

All in all, I dont oppose paper trail.I support it with clear note that it is as good as killing EVM. As far as I go, I want to kill EVMs. Paper trail way is expensive and graceful way of killing EVMs. I dont prefer it, but better than bloody EVM staying alive.

----

Another way to kill EVM is to enact "Instant Run Off Voting" aka IRV. I am campaigning for IRV as well, and lots of RSS/BJP grassroots are now paying attention to it. The RSS/BJP leaders as usual dont pay any attention to such proposals, but grassroots do. If demand for IRV catches up, then also EVM will need a total redesign and so it will have to be scrapped.

Raja Bose · Post by **Raja Bose** » 29 Oct 2009 06:34

Rahul Mehta wrote: What is numbers of sensitivity? People have already made 2 mm * 2 mm sized circuits with coiled antenna capable of receiving and sending it back. The send distance is small, but in EVM there is no send and hence non-issue. The empty space inside the black ceramic chip is almost (6 - 0.25) sqm. This is more than enough to put a circuit that can receive radio waves and send it to MC chip inside.

All circuits are not created equal. Making MEMS sensors with coils beside them is not the same as putting an active antenna beside an MCU. Please find a reference where they have an MCU with an antenna inside the packaging and then we can continue. And as regards your repeated allegation that PCB guys dont check the chip - it is based on what some friend of yours told you. Does he work for BEL? Does he know the processes of BEL? By some act of greatness is he a spokesperson for the entire PCB industry on best practices? I dont know about your friend but where I work I have seen spot checks being done on ICs pretty rigorously and pretty regularly (and I can guarantee you that these fellows see more ICs in a day than your friend sees in a year). Hence, kindly stop parroting your imagination as proof.

Now let us indulge in a little bit of logic. You are claiming that since "PCB guys dont check the chip" hence, anything can be done to the chip hence, EVMs are bad hence, ban them - Dont improve them, dont secure the processes, simply ban them (how convenient!). Why not simply ask the process to be made more secure - unless ofcourse your agenda is something totally different than ensuring that elections can be conducted securely.

And BTW all the faults you find with the EVM's IC tampering and what-not are equally valid for your camera and stamper idea - It has been conclusively proven on this thread. After all the chance that the camera's IC and CCD get checked is even lesser than an EVM getting inspected! We cannot have selective faith in electronic circuitry now, can we?!

Which is why one of the law I have proposed says that ALL equipment Military, PSU etc will use (10 years after the law passes) will have only 100% made in India chips/PCBs .

A statement I would agree with but given current capabilities it is not possible (the "ALL" part). However, in such a case where ICs are fabricated in India, would you be willing to accept the EVMs as secure or I imagine some new conspiracy involving Tata and Birlas will be peddled?

Rahul Mehta · Post by **Rahul Mehta** » 29 Oct 2009 07:06

Dear All,

Pls google using keywords "trojan in hardware"

http://www.google.co.in/#hl=en&q=trojan ... 380e62de34

Well, the above link will show that people have done it already !!

All along, I have been claiming that it is possible to put trojans in IC. I am a software guy, and so I could guess that trojans in microcode or other ways are possible. I did not know that people have already done it. But I bet that resident experts in chips knew it all along that putting trojans in h/w is possible and that people have done it. Shame on resident h/w and chip-experts that they did not talk about "trojans-in-chips" at all. I would like you all readers to know that

1. either resident chip-experts did NOT know about "trojan in hardware" in which case their expertise is worthless (after all, what good is a policeman who knows nothing about how criminals operate)

2. or they deliberately did not share this information with the readers, in which case I doubt their integrity.

3. or they are sentimental and emotional about EVMs and have lost rationality. So just as emotional parents deny that their kids can do wrong, they keep denying that EVMs can be tempered despite mountain of evidences.

But what new? Experts are worth 10 times when hide the truth.

====

Raja Bose,

You have asked me many questions to prove that trojan in hardware is impossible. Well, the above links show that it is possible. So I wont be answering these questions anymore.

Raja Bose wrote: And as regards your repeated allegation that PCB guys dont check the chip - it is based on what some friend of yours told you. Does he work for BEL? Does he know the processes of BEL? By some act of greatness is he a spokesperson for the entire PCB industry on best practices? I dont know about your friend but where I work I have seen spot checks being done on ICs pretty rigorously and pretty regularly (and I can guarantee you that these fellows see more ICs in a day than your friend sees in a year). Hence, kindly stop parroting your imagination as proof.

I didnt say that PCB makes dont "check" chips - they do. But they ONLY do superficial functional testing. They do NOT put chip under electron microscope and do gate level analysis. Essentially, PCB manufacture test chips only against random manufacturing faults not against a trojan. This superficial tests will not detect a trojan, as trojan does NOT alter functionality of chip under normal circumstances.

And please check the above URL. It points to 10s of articles which prove that

1. putting trojan in chips is possible.
2. it is possible to activate that triojan remotely (articles dont mention how, but RF seems to be the only way)
3. it is nearly impossible to detect such trojans in chip.

===

Now let us indulge in a little bit of logic. You are claiming that since "PCB guys dont check the chip" hence, anything can be done to the chip hence, EVMs are bad hence, ban them - Dont improve them, dont secure the processes, simply ban them (how convenient!). Why not simply ask the process to be made more secure - unless ofcourse your agenda is something totally different than ensuring that elections can be conducted securely.

Provide secure processes? Which secure process will stop BEL store chief from replacing 10 box? Which secure process will stop American company M/s Microchip from putting trojan in hardware, given that company is immune to all laws in India. Which secure process will stop CIA from offering $11 million bribe to M/s Microchip CEO for putting trojan in chip? Why dony YOU first provide a secure process. And once EVMs are made using that secure process, we can talk. But existing EVMs are not made using secure process that you claim exist. Mind you, you have proved that such secure process exists. You are ONLY claiming that such secure process exists and then running away when I ask you to show that BEL does follow such process.

And BTW all the faults you find with the EVM's IC tampering and what-not are equally valid for your camera and stamper idea - It has been conclusively proven on this thread. After all the chance that the camera's IC and CCD get checked is even lesser than an EVM getting inspected! We cannot have selective faith in electronic circuitry now, can we?!

Cameras come from 1000s of vendors, and will be allocated randomly and so they cant be tempered by one agency centrally. Also, in the paper ballot scheme with stamping machine with 20 second delay, the rigging is possible ONLY at booth level. So industrial scale rigging of 100,000 booths is physically impossible. So dont beat dead horse again and again and again. The paper ballot with "stamping machine with 20 second delay and counter" is better than EVM because

1. It is cheaper
2. At booth level, EVM and "20 second delay stamping" are equally secure
3. Lakhs of EVMs can be tempered by CIA with help of just 10-12 people in BEL, CEC. While the same is not possible with paper ballots.

Rahul Mehta · Post by **Rahul Mehta** » 29 Oct 2009 07:24

I am going to post some URLs to show that putting trojan in chip is not just do-able. but people have actually done it. And some claim that trojans can be activated remotely by the chip-maker.

http://en.wikipedia.org/wiki/Hardware_T ... computing)

http://www.newscientist.com/article/mg2 ... bombs.html

http://portal.acm.org/citation.cfm?id=1440959

http://portal.acm.org/results.cfm?query ... N=73371205

http://www.spectrum.ieee.org/semiconduc ... ill-switch

And more links at :

http://www.google.co.in/#hl=en&q=trojan ... 380e62de34

I request all to read in full so that you can know how good "experts" are in hiding the truths. I will post parts of the articles from above links. The comments inside curly brackets are mine.

=====

Are chip makers building electronic trapdoors in key military hardware? The Pentagon is making its biggest effort yet to find out

Last September, Israeli jets bombed a suspected nuclear installation in northeastern Syria. Among the many mysteries still surrounding that strike was the failure of a Syrian radar--supposedly state-of-the-art--to warn the Syrian military of the incoming assault. It wasn't long before military and technology bloggers concluded that this was an incident of electronic warfare--and not just any kind. Post after post speculated that the commercial off-the-shelf microprocessors in the Syrian radar might have been purposely fabricated with a hidden ”backdoor” inside. By sending a preprogrammed code to those chips, an unknown antagonist had disrupted the chips' function and temporarily blocked the radar.

That same basic scenario is cropping up more frequently lately, and not just in the Middle East, where conspiracy theories abound. According to a U.S. defense contractor who spoke on condition of anonymity, a ”European chip maker” recently built into its microprocessors a kill switch that could be accessed remotely. {remote means RF? Without RF, how would one access the CPU?} French defense contractors have used the chips in military equipment, the contractor told IEEE Spectrum . If in the future the equipment fell into hostile hands, ”the French wanted a way to disable that circuit,” he said. Spectrum could not confirm this account independently, but spirited discussion about it among researchers and another defense contractor last summer at a military research conference reveals a lot about the fever dreams plaguing the U.S. Department of Defense (DOD).

Feeding those dreams is the Pentagon's realization that it no longer controls who manufactures the components that go into its increasingly complex systems. A single plane like the DOD's next generation F-35 Joint Strike Fighter, can contain an ”insane number” of chips, says one semiconductor expert familiar with that aircraft's design. Estimates from other sources put the total at several hundred to more than a thousand. And tracing a part back to its source is not always straightforward. The dwindling of domestic chip and electronics manufacturing in the United States, combined with the phenomenal growth of suppliers in countries like China, has only deepened the U.S. military's concern.

Recognizing this enormous vulnerability, the DOD recently launched its most ambitious program yet to verify the integrity of the electronics that will underpin future additions to its arsenal. In December, the Defense Advanced Research Projects Agency (DARPA), the Pentagon's R&D wing, released details about a three-year initiative it calls the Trust in Integrated Circuits program. The findings from the program could give the military--and defense contractors who make sensitive microelectronics like the weapons systems for the Fâ¿¿35--a guaranteed method of determining whether their chips have been compromised. In January, the Trust program started its prequalifying rounds by sending to three contractors four identical versions of a chip that contained unspecified malicious circuitry. The teams have until the end of this month to ferret out as many of the devious insertions as they can.

Vetting a chip with a hidden agenda can't be all that tough, right? Wrong. {our resident experts claim that detecting trojan in chip is trivial.}Although commercial chip makers routinely and exhaustively test chips with hundreds of millions of logic gates, they can't afford to inspect everything. So instead they focus on how well the chip performs specific functions. For a microprocessor destined for use in a cellphone, for instance, the chip maker will check to see whether all the phone's various functions work. Any extraneous circuitry that doesn't interfere with the chip's normal functions won't show up in these tests.

”You don't check for the infinite possible things that are not specified,” says electrical engineering professor Ruby Lee, a cryptography expert at Princeton. ”You could check the obvious possibilities, but can you test for every unspecified function?”

Nor can chip makers afford to test every chip. From a batch of thousands, technicians select a single chip for physical inspection, assuming that the manufacturing process has yielded essentially identical devices. They then laboriously grind away a thin layer of the chip, put the chip into a scanning electron microscope, and then take a picture of it, repeating the process until every layer of the chip has been imaged. Even here, spotting a tiny discrepancy amid a chip's many layers and millions or billions of transistors is a fantastically difficult task, and the chip is destroyed in the process.

But the military can't really work that way. For ICs destined for mission-critical systems, you'd ideally want to test every chip without destroying it. The upshot is that the Trust program's challenge is enormous. ”We can all do with more verification,” says Samsung's Victoria Coleman, who helped create the Cyber Trust initiative to secure congressional support for cybersecurity. ”My advice to [DARPA director] Tony Tether was ’trust but verify.' That's all you can do.”

Semiconductor offshoring dates back to the 1960s, when U.S. chip makers began moving the labor-intensive assembly and testing stages to Singapore, Taiwan, and other countries with educated workforces and relatively inexpensive labor.

Today only Intel and a few other companies still design and manufacture all their own chips in their own fabrication plants. Other chip designers--including LSI Corp. and most recently Sony--have gone ”fabless,” outsourcing their manufacturing to offshore facilities known as foundries. In doing so, they avoid the huge expense of building a state-of-the-art fab, which in 2007 cost as much as US $2 billion to $4 billion.

Well into the 1970s, the U.S. military's status as one of the largest consumers of integrated circuits gave it some control over the industry's production and manufacturing, so the offshoring trend didn't pose a big problem. The Pentagon could always find a domestic fab and pay a little more to make highly classified and mission-critical chips. The DOD also maintained its own chip-making plant at Fort Meade, near Washington, D.C., until the early 1980s, when costs became prohibitive.

But these days, the U.S. military consumes only about 1 percent of the world's integrated circuits. ”Now,” says Coleman, ”all they can do is buy stuff.” Nearly every military system today contains some commercial hardware. It's a pretty sure bet that the National Security Agency doesn't fabricate its encryption chips in China. But no entity, no matter how well funded, can afford to manufacture its own safe version of every chip in every piece of equipment.

The Pentagon is now caught in a bind. It likes the cheap, cutting-edge devices emerging from commercial foundries and the regular leaps in IC performance the commercial sector is known for. But with those improvements comes the potential for sabotage. ”The economy is globalized, but defense is not globalized,” says Coleman. ”How do you reconcile the two?”

In 2004, the Defense Department created the Trusted Foundries Program to try to ensure an unbroken supply of secure microchips for the government. DOD inspectors have now certified certain commercial chip plants, such as IBM's Burlington, Vt., facility, as trusted foundries. These plants are then contracted to supply a set number of chips to the Pentagon each year. But Coleman argues that the program blesses a process, not a product. And, she says, the Defense Department's assumption that onshore assembly is more secure than offshore reveals a blind spot. ”Why can't people put something bad into the chips made right here?” she says.

======================

Last week, engineers from Case Western Reserve University in Cleveland, Ohio, and the electronics firm Rockwell Automation of Milwaukee, Wisconsin, revealed how microchips could be effectively turned into time bombs in two papers published on the physics preprint server (arXiv:0906.3832 and 0906.3834). There is currently no way to test for chips adulterated in this way, says electronics engineer Frank Wolff of the Case Western team, although he and others are exploring detection techniques (see "Tripping up trojans").

=========

Enough said. The case that "EVM chips can contain a pro-Congress trojan" is now closed.

vera_k · Post by **vera_k** » 29 Oct 2009 10:37

Rahul Mehta wrote:With printer, it would cost at least Rs 2000 extra and printer would be good only for 2-3 years. Also, the cost of verifying printer before each election will be significant. And which printer would you use?

This is the sort of contraption that would work. Of course, there would have to be appropriate modifications to maintain secrecy

Rahul Mehta wrote:It is just a graceful way of killing EVM

Sure.

Raja Bose · Post by **Raja Bose** » 29 Oct 2009 11:58

Rahul Mehta wrote: Pls google using keywords "trojan in hardware"

http://www.google.co.in/#hl=en&q=trojan ... 380e62de34

Well, the above link will show that people have done it already !!

Mehta ji, Thank you so much for that Google search link (most of which if I may add talks about software trojans) and the other links . However, let me deflate your balloon a bit (if I may). Read the paper by Lin et al carefully (don't gloss over it looking for buzzwords like you do for everything else) - read about the related work parts where he talks about triggers used by other proposed trojans which require output pins - something detectable with current techniques (also mentioned in one of your links). Also notice how he himself avoids talking about any trigger. The reason is that for his limited use case (revealing the key of a crypto chip) you don't need a trigger and more importantly putting in even an internal trigger circuit will screw up his non-detection criteria. How do I know about this takleef of his? - becoz one of my colleagues from ETH had the good fortune to attend his talk last month and he asked him in detail about the feasibility of non-detection of his schemes. Now if you want an RF triggered version that will be an even major issue (as Dileep has explained on this thread many times hence, your convenient leap of logic is invalid.) Now if you want an RF trigger trojan you will need enough circuitry which will make it stand out (I am not even considering the crude scheme of putting a coil antenna in the DIP or SOIC which will stand out like a Paki in an X-ray inspection). Hence, your RF trigger idea is out. And without that your proposal for use of a hardware trojan is out too. Notice that they are proposing a trojan in the paper which is internally triggered and uses side channel leakage to reveal the key of a crypto chip (i.e. the flow of data is exactly opposite of what you would like) - For gathering the data emanating from such a side channel attack you will need to be very close to the source to avoid being killed by the noise hence, your idea of using a van to even get some data from the EVM (though it serves no purpose anyways) is out.

Rahul Mehta wrote: You have asked me many questions to prove that trojan in hardware is impossible. Well, the above links show that it is possible. So I wont be answering these questions anymore.

Unfortunately your links show what is possible for totally different use cases which have no relevance to what you are trying to allege (and that too in the lab). Do me a favour and contact Intel SeCoE (these are pretty much the top guys for hardware trojans) and ask them how many hardware trojans they have and they will give you a list (I mentioned this towards the beginning of this thread). Next ask them how many they have seen in practice and they won't need a list at all!

Rahul Mehta wrote: I didnt say that PCB makes dont "check" chips - they do. But they ONLY do superficial functional testing. They do NOT put chip under electron microscope and do gate level analysis. Essentially, PCB manufacture test chips only against random manufacturing faults not against a trojan. This superficial tests will not detect a trojan, as trojan does NOT alter functionality of chip under normal circumstances.

In case you didn't notice, I said rigorous testing. Yes, they get inspected randomly and you can be pretty sure the inspection is not some "functional testing" for "random manufacturing faults" either. Like I said, just because your friend's company does it, doesn't mean its a best practice. BTW stop harping about the Syrian example - it involves defence equipment which contain custom ICs which are not available otherwise hence, analyzing them may not always reveal whats not supposed to be there (though in case of Syria, I doubt they have the expertise anyways to do anything beyond change treads on their T-55s). The EVM contains an IC which is both extremely simple (making it harder to hide stuff) and a very well known one so that for comparison purposes you can easily get examples without the manufacturer even knowing about it. Unless you are proposing that evil evil Microchip has contaminated all the billions of ICs they have supplied worldwide since the last decade.

Rahul Mehta wrote: Provide secure processes? Which secure process will stop BEL store chief from replacing 10 box? Which secure process will stop American company M/s Microchip from putting trojan in hardware, given that company is immune to all laws in India. Which secure process will stop CIA from offering $11 million bribe to M/s Microchip CEO for putting trojan in chip? Why dony YOU first provide a secure process. And once EVMs are made using that secure process, we can talk. But existing EVMs are not made using secure process that you claim exist. Mind you, you have proved that such secure process exists. You are ONLY claiming that such secure process exists and then running away when I ask you to show that BEL does follow such process.

Now lets get to the process. The rubbish re. the BEL store chief has been disproved multiple times - repeating it wont make it magically true. And how is the CEO of Microchip going to insert the Trojan - is he going to design it himself and put it in? Making modifications to an IC (even a trivial one) is not like writing Java code Mehta ji...its not a simple question of replacing c=a+b; with c=a-b; Till now you have failed to show even 1 single instance of how to practically hijack the process - you could not even do so with the simple process Dileep constructed for you. If you make the allegation, its your problem to prove it - dont expect others to do your work for you. BTW if such a secure process does not exist and if you really claim to care about this issue, you would demand that such a process be put in place. Instead what I see from you is claims for banning the EVM on the basis of some vague allegations and hand-waving. You seem more interested in jumping to conclusions and least bothered to even question the relevant persons to obtain the details you claim to so accurately hypothesize about. Hardly the stance of someone with genuine and honest interest in the issue.

Rahul Mehta wrote: Cameras come from 1000s of vendors, and will be allocated randomly and so they cant be tempered by one agency centrally.

In case you don't know, the cameras may come from 1000s of vendors who source the main components from a few major OEMs (all manufactured in China now) - so you bet it can be tampered centrally and that too as easily as you claim an EVM can be tampered. Sorry no free lunch for you there!

Rahul Mehta wrote:Enough said. The case that "EVM chips can contain a pro-Congress trojan" is now closed.

Unfortunately Mehta ji, the case of "EVM chips can contain in practice without detection a pro-Congress/pro-XYZ trojan" is not closed - neither the technical aspect and definitely not the process aspect. Hence, keep trying. But please spare us the Lahori logic of claiming that since some process has not been allegedly utilized (but which is very much feasible) hence, EVMs have to be replaced immediately by some hare-brained idea (which conveniently has also not been shown to be tamper-proof both technology-wise and process-wise).

Dileep · Post by **Dileep** » 29 Oct 2009 12:31

The trojans in the military systems are designed into the custom ASIC, and used on a custom board, intentionally by a company as demanded by its customer. As far as the design and manufacturing goes, the trojan is part of the specification. The end user, which is another country, doesn't know about it, that's all. He also have no access or control over the equipment.

That situation can not be applied to the EVMs.

We supply EVMs to some African countries. In those cases, it might be possible to deliver them a trojan enabled EVM. That too only if we use a full custom ASIC instead of a standard controller. The trojan will be implemented with the full knowledge of the BEL team, not covertly.

None of the arguments apply to the EVMs used in India, since:

1. We use a commercial chip that has simple architecture. The only thing custom about it is the mask ROM. Any modification to the chip could be detected.

2. The 'manufacturer' is Indian, so the 'chip vendor' alone can not do the mischief.

ArmenT · Post by **ArmenT** » 30 Oct 2009 09:53

To answer one last unanswered question:

Rahul Mehta wrote:U.S. defense contractor who spoke on condition of anonymity, a ”European chip maker” recently built into its microprocessors a kill switch that could be accessed remotely. {remote means RF? Without RF, how would one access the CPU?} French defense contractors have used the chips in military equipment, the contractor told IEEE Spectrum . If in the future the equipment fell into hostile hands, ”the French wanted a way to disable that circuit,” he said.

Easy enough if the equipment in question already has an antenna e.g. a military jet. Note the unsaid part -- the US contractor only mentions the French, but US military equipment is rumored to have similar kill switches, especially the aircraft sold to unreliable allies e.g. saudis, pakis etc.

Incidentally, these are special purpose chips custom made for the application and they usually have all sorts of anti-tampering measures to prevent people from opening them to take a look. One of the conditions that the Pakis have to abide by is that they have to allow US officials to check their planes every month or so and make sure that the seals are in place.

Raja Bose · Post by **Raja Bose** » 30 Oct 2009 10:41

^^^ Thats called End User Monitoring - India is subject to that too for the US sourced equipment.

Dileep · Post by **Dileep** » 30 Oct 2009 11:57

The whole premise of military trojan doesn't apply here. No one here claimed that it is impossible to have a trojan. What claimed was that it is impossible to have a trojan undetectable.

For a moment, let us assume that a separate radio receiver chip is miraculously placed on the carrier of the microcontroller. That would show up on a simple inspection, any time in the future.

That additional chip needs a radio receiver, a DSP, and a communication protocol driver to feed the data to the main controller. the main controller needs the logic and code to do the actual rigging. All those are already proven not possible.

How long will you beat a dead horse?

Pranav · Post by **Pranav** » 01 Nov 2009 07:08

Raja Bose wrote:And as regards your repeated allegation that PCB guys dont check the chip - it is based on what some friend of yours told you. Does he work for BEL? Does he know the processes of BEL? By some act of greatness is he a spokesperson for the entire PCB industry on best practices?

Indiresan is on record saying that the PSU manufacturers cannot read the binary that has been put on the chip by the foundary, for whatever reason. AFAIK there is no other official information on that issue.

The chip is manufactured in a non-secure facility on foreign soil.

Even if the foreign foundary were not complicit, with the complicity of 5-6 people in the software writing and testing group, a compromised binary can be sent to the foundary.

Dileep · Post by **Dileep** » 01 Nov 2009 07:44

Pranav wrote:
Raja Bose wrote:And as regards your repeated allegation that PCB guys dont check the chip - it is based on what some friend of yours told you. Does he work for BEL? Does he know the processes of BEL? By some act of greatness is he a spokesperson for the entire PCB industry on best practices?
Indiresan is on record saying that the PSU manufacturers cannot read the binary that has been put on the chip by the foundary, for whatever reason. AFAIK there is no other official information on that issue.

The chip is manufactured in a non-secure facility on foreign soil.

Even if the foreign foundary were not complicit, with the complicity of 5-6 people in the software writing and testing group, a compromised binary can be sent to the foundary.

No. What Indiresan said was, the manufacturer ca not read it AFTER the security bit is set. This was on the point of 'difficulty in getting the code' part.

The public debate happens at a rudimentary technical level compared to the debate here on BRF. We, being knowledgeable about the nuances of information security, believe that 'source code can be stolen'. The public debate OTOH has ample reference to the source being secure etc.

Rahul Mehta · Post by **Rahul Mehta** » 02 Nov 2009 10:09

Raja Bose wrote:And as regards your repeated allegation that PCB guys dont check the chip - it is based on what some friend of yours told you. Does he work for BEL? Does he know the processes of BEL? By some act of greatness is he a spokesperson for the entire PCB industry on best practices?

RB, Dileep, Tanaji,

The company where I work is actually making a small hardware equipment based on ARM. I am on server side coding, but being a small company, we are all encouraged to take part in all parts of system. So I was involved in making h/w specs as well as got chance to interact the PCB manufacturer. I asked him if they verify the chip. The only verification they do is put the chip in some kit, the kit runs some code and will blow light if the chip is OK. It is rudimentary functional testing. I asked if they "open" the chip i.e remove ceramic coating and examine internals. And I asked if they do X-ray scan to ensure that chip is genuine. And he laughed. So did my colleagues. They ALL said that NO PCB maker they know ever bothers open the chip and X-ray scan of gate level design was unheard in industry. And one of us has 10 years of experience in hw field.

Yet you guys insist that BEL does X-ray scanning of the chip, you insist that BEL compares the X-ray scans with standard outputs (as if Microchip gives gate level design to customers) and looks for differences. Now, BEL aside, can you show me instruction manual or any document of PCB maker where in PCB maker claims that they

1. open a sample of the chip before they use it and examine the chip after remove the ceramic coating?
2. they do X-ray scan of chips and compare the fate level design with standard design?

-----

Pranav: Indiresan is on record saying that the PSU manufacturers cannot read the binary that has been put on the chip by the foundary, for whatever reason. AFAIK there is no other official information on that issue. The chip is manufactured in a non-secure facility on foreign soil. Even if the foreign foundary were not complicit, with the complicity of 5-6 people in the software writing and testing group, a compromised binary can be sent to the foundary.

Dileep:

1. What Indiresan said was, the manufacturer ca not read it AFTER the security bit is set. This was on the point of 'difficulty in getting the code' part.

2. The public debate happens at a rudimentary technical level compared to the debate here on BRF. We, being knowledgeable about the nuances of information security, believe that 'source code can be stolen'. The public debate OTOH has ample reference to the source being secure etc.

Dileep,

Are you aware that you are accusing Indirsen of lying before public and that too in a important committee report. And you may be right, and I think you are right , that Indirsen is liar. But do you know the seriousness of the allegation you are making? Your claim that binary can be read from a stolen EVM and Indirsen's claim that binary cannot be read from stolen EVM are diametrically opposite of each other and are poles apart. There is no common ground. Given the two opposite claims, at least one of you is a liar, and IMO it is Indirsen not you. The lie of Indirsen is important to note. When it comes to EVM hacking, we are NOT talking about ordinary street hacker with low budgets. We are talking about Sonia, CIA, BJP and any party, whose pockets are deep. So if a person with deep pocket *can* get binary from stolen EVMs, and if Indiresen is saying otherwise, Indirsen is liar and should be exposed. Now is it possible for you to make a document and put it in public, that Indirsen's claim are lies? Or do you insist that such liar should be allowed to a walk away unscathed.

And btw, your statements prove that "expert committees on this issues are useless". Because if experts are lying, their expertise have no use.

Rahul Mehta · Post by **Rahul Mehta** » 02 Nov 2009 10:15

Pranav wrote:The chip is manufactured in a non-secure facility on foreign soil. Even if the foreign foundary were not complicit, with the complicity of 5-6 people in the software writing and testing group, a compromised binary can be sent to the foundary.

Pranav,

There are 100s of ways of getting tempered code in EVMs, and there are 10s of TRIVIALLY easy ways. So I dont rule out the possibility that the small number of coders and reviewers (if number is small) can be bribed to get tempered code in EVMs.

But a much easier way is to
1. write an honest code
2. ask Microchip to put the honest code in chips' ROM
3. test the code of the ROM in BEL and verify that same honest code is there
4. lock the chips, and
5. then replace the 20-25 boxes containing the chips with boxes sent by CIA.

This will ensure that no coder needs to be bribed and no coder needs to know. The "box-replacement" strategy needs only 7-9 people inside BE, or even less.

.

Dileep · Post by **Dileep** » 02 Nov 2009 14:44

Rahul Mehta wrote: The company where I work is actually making a small hardware equipment based on ARM. I am on server side coding, but being a small company, we are all encouraged to take part in all parts of system. So I was involved in making h/w specs as well as got chance to interact the PCB manufacturer. I asked him if they verify the chip. The only verification they do is put the chip in some kit, the kit runs some code and will blow light if the chip is OK. It is rudimentary functional testing. I asked if they "open" the chip i.e remove ceramic coating and examine internals. And I asked if they do X-ray scan to ensure that chip is genuine. And he laughed. So did my colleagues. They ALL said that NO PCB maker they know ever bothers open the chip and X-ray scan of gate level design was unheard in industry. And one of us has 10 years of experience in hw field.

Yet you guys insist that BEL does X-ray scanning of the chip, you insist that BEL compares the X-ray scans with standard outputs (as if Microchip gives gate level design to customers) and looks for differences. Now, BEL aside, can you show me instruction manual or any document of PCB maker where in PCB maker claims that they

1. open a sample of the chip before they use it and examine the chip after remove the ceramic coating?
2. they do X-ray scan of chips and compare the fate level design with standard design?

You are trying to sidestep the arguments, by mixing up two different things.

No one does x-ray scanning or de-capping of chips as a means of production control. Those are forensics. Those are mentioned to disprove the "tamper without leaving a trace" argument. It is possible to pick up a unit, and check if they are tampered or not. That is the ONLY significance of the forensics. There is no need to do that by the production company.

The production company only checks the code information provided by the manufacturer, and runs a functional test. This test include the power consumption. Any additional circuitry is going to draw more current, and hence fail the test. In case of mask programmed chips, it is also customary to verify the binary on a lot-sample basis.

The rest is YOUR allegations.

Are you aware that you are accusing Indirsen of lying before public and that too in a important committee report. And you may be right, and I think you are right , that Indirsen is liar. But do you know the seriousness of the allegation you are making? Your claim that binary can be read from a stolen EVM and Indirsen's claim that binary cannot be read from stolen EVM are diametrically opposite of each other and are poles apart. There is no common ground. Given the two opposite claims, at least one of you is a liar, and IMO it is Indirsen not you. The lie of Indirsen is important to note. When it comes to EVM hacking, we are NOT talking about ordinary street hacker with low budgets. We are talking about Sonia, CIA, BJP and any party, whose pockets are deep. So if a person with deep pocket *can* get binary from stolen EVMs, and if Indiresen is saying otherwise, Indirsen is liar and should be exposed. Now is it possible for you to make a document and put it in public, that Indirsen's claim are lies? Or do you insist that such liar should be allowed to a walk away unscathed.

We all are very well aware that your standards of definition of a 'lie' is a flexible one. For you, pretty much everyone else is a liar.

If you have a problem with Dr. Indiresan's statement, please take it up with him, or at the right platform. I am not making any allegation. You are.

OTOH, if you are complaining to ME as a representative of Dr. Indiresan, please provide your power of attorney for representation.

Dileep · Post by **Dileep** » 02 Nov 2009 14:46

Rahul Mehta wrote: 5. then replace the 20-25 boxes containing the chips with boxes sent by CIA.

Rahul Mehta, please post how those altered chips will come into the BEL facility undetected, and the original chips go out. Then how will the boxes swapped inside the stores?

This question had been asked to you countless times. EVERY time, you vanish from the thread for a few days ans come back with the same argument.

SaiK · Post by **SaiK** » 03 Nov 2009 00:45

http://idrw.org/?p=1487

Raja Bose · Post by **Raja Bose** » 03 Nov 2009 11:43

SaiK wrote:http://idrw.org/?p=1487

See a couple of posts above for the response when Rahul Mehta brought up a similar example (ie tampering in defence equipment).

Pranav · Post by **Pranav** » 03 Nov 2009 16:37

Dileep wrote:No. What Indiresan said was, the manufacturer ca not read it AFTER the security bit is set. This was on the point of 'difficulty in getting the code' part.

The public debate happens at a rudimentary technical level compared to the debate here on BRF. We, being knowledgeable about the nuances of information security, believe that 'source code can be stolen'. The public debate OTOH has ample reference to the source being secure etc.

Indiresan did not mention any security bits. One must go by claims that have been officially made.

Dileep · Post by **Dileep** » 03 Nov 2009 18:11

Pranav wrote:
Dileep wrote:No. What Indiresan said was, the manufacturer ca not read it AFTER the security bit is set. This was on the point of 'difficulty in getting the code' part.

The public debate happens at a rudimentary technical level compared to the debate here on BRF. We, being knowledgeable about the nuances of information security, believe that 'source code can be stolen'. The public debate OTOH has ample reference to the source being secure etc.
Indiresan did not mention any security bits. One must go by claims that have been officially made.

He didn't because the context didn't warrant it. Quoting something out of context doesn't prove anything.

Pranav · Post by **Pranav** » 03 Feb 2010 07:00

CEC Navin "The Baker" Chawla, best known for ordering people to be baked alive during the emergency, is trying to suppress Gopalswami's letter:

Chawla: do not disclose Gopalaswami’s letter

J. Balaji

NEW DELHI: Chief Election Commissioner (CEC) Navin Chawla has asked the President’s Secretariat not to disclose to an RTI applicant the letter written by the then CEC, N. Gopalaswami, to the President questioning the propriety of his (Mr. Chawla) continuing as Election Commissioner.

The President’s Secretariat (RTI Section) has informed this in a communication to S.C. Agarwal. It said the CEC (Mr. Chawla) “is of the considered view that the letter/report sent by Mr. Gopalaswami to the President may not be disclosed to the applicant under the RTI Act.”

During January last year, Mr. Gopalaswami suo motu sent a recommendation to the President that Mr. Chawla be removed from office on the alleged ground of ‘partisanship’. His action raised eyebrows within the government for its timing as well as its departure from well-settled readings of the relevant constitutional provisions.

However, this recommendation was turned down by the President and Mr. Chawla continued as Commissioner and subsequently became CEC.

Mr. Agarwal sought a copy of the letter from the President’s Secretariat, and when it refused to disclose the matter, moved the Central Information Commission.

In its reply, the CPIO, President’s Secretariat, said taking into consideration the relevant material, views expressed by Mr. Chawla and the statutory requirement under the RTI Act, the information “does not merit disclosure.”

Earlier, the President’s Secretariat said the disclosure of the letter “would be an invasion of privacy.”

Then Mr. Agarwal approached the Chief Information Commissioner, who ordered: “The information sought is with regard to correspondence between the then CEC and the President of India regarding a third party. There is no doubt that the information sought is third party and held in confidence by the President. This is, therefore, clearly third party information qualifying for the protection allowed by the Act as such. Before any decision is taken to disclose the same therefore, CPIO will refer the matter to the third party Shri. Chawla to obtain his opinion on the disclosability of this information.”
Fresh appeal

Mr. Agarwal has now filed a fresh appeal to the Appellate Authority in the President’s Secretariat seeking the copy of Mr. Gopalaswami’s letter.

He also sought the copy of Mr. Chawla’s letter asking the President’s Secretariat not to disclose Mr. Gopalaswami’s letter.

http://www.hindu.com/2010/02/03/stories ... 461000.htm

Ex-KGB agent Antonia Maino alias Sonia Gandhi bats for EVMs:

On the occasion, the Chairperson of the United Progressive Alliance, Smt. Sonia Gandhi, in her address, said that in the past six decades, the Election Commission has helped in deepening the democracy by ensuring regular Parliamentary / State Legislative Elections. She said that the Election Commission is the most important institution for empowerment. Election Commission has moved forward from Ballot to Electronic Voting Machines (EVM) and is pioneer in using the technology. Process and procedures followed by the Election Commission during the elections command wide spread acceptability and the Election Commission is the hallmark of democracy, Smt. Gandhi added.

http://pib.nic.in/release/release.asp?relid=57302

Sushma Swaraj, agent of Bellary Reddy-YSR mining mafia, fails to object to EVMs:

The Leader of Opposition in the Lok Sabha, Smt. Sushma Swaraj, while congratulating the officials and the staff of the Election Commission on the occasion, said that this is time to think, what has been achieved in the last 60 years and to identify the deficiencies and to plan for the future.

http://pib.nic.in/release/release.asp?relid=57302

Sachin · Post by **Sachin** » 03 Feb 2010 08:32

Pranav wrote:CEC Navin "The Baker" Chawla, best known for is trying to suppress Gopalswami's letter:

The sad part is that the President's Officer asked the opinion of the Election Commissioner before deciding on that matter. Did the President's office for even a minute believe that EC is going to allow a letter incriminating the Chief Election Commissioner to be released?

.

Pranav · Post by **Pranav** » 08 Feb 2010 08:04

Law Ministry releases Gopalaswami’s letter on Chawla to President

New Delhi: The Law Ministry has released the letter written by the then Chief Election Commissioner, N. Gopalaswami, to the President seeking removal of fellow Election Commissioner Navin Chawla, while the Rashtrapati Bhavan declined to make the document public.

The appellate authority under the Right to Information Act in the Ministry allowed the request by S.S. Ranawat of Bhilwara in Rajasthan, for information on the unprecedented recommendation made by Mr. Gopalaswami in January last year. The Rashtrapati Bhavan had cited Mr. Chawla’s opposition to the disclosure as a reason for not making it public.

In his 93-page report, Mr. Gopalaswami cited several instances of “partisan behaviour” on the part of Mr. Chawla.

Acting on the petition filed by BJP leader L.K. Advani and 179 other MPs, who had levelled accusations of “political partisanship,” the then CEC contended that he had powers under the Constitution to recommend the removal of Mr. Chawla. The government, however, rejected the recommendation and later appointed Mr. Chawla CEC.

Mr. Gopalaswami cited Mr. Chawla’s own notings on another occasion that the CEC had the power to make such a recommendation.

In the recommendation to the President, Mr. Gopalaswami said he concluded that “significant facts” and “irresistible conclusions” from the report submitted by him were crucial in judging the suitability of Mr. Chawla as Election Commissioner.

He said Mr. Chawla’s continuance as Election Commissioner was “not justified.”

“My recommendation, therefore, under the powers vested in me under the second proviso to Article 324(5) of the Constitution, is to remove Shri Navin B. Chawla from the post of Election Commissioner,” Mr. Gopalaswami said in his January 16, 2009 letter, months before the general elections during which he demitted office.

Referring to 12 instances cited by him, Mr. Gopalaswami said: “Taken individually [they] appear to indicate Shri Chawla’s political partisanship. Collectively, they point to a continuity of consistent thought and action in furthering the interest of one party with which he appeared to be in constant touch, raising serious doubts about his political detachment.

“Further, it was not only that he appeared to be lacking in political neutrality but more pernicious were his attempts to influence Election Commissioner Dr. Quraishi, not by dint of valid arguments, but by spreading stories that Dr. Quraishi was supporting the opposite views.”

On many occasions, Mr. Gopalaswami said, Dr. Quraishi had confided that he was under pressure, as for instance when he was in favour of elections being held in Karnataka on time and wanted the electoral rolls prepared for the new constituencies using the ‘cut and paste’ method, but did not want his name taken because he was under pressure.

Dr. Quraishi once shared a comment made by Mr. Chawla to him that “they are angry with you not so much because you were instrumental in Sonia Gandhi getting a notice from ECI on her birthday [reference to the notice on the maut ka saudagar remarks] but for the fact that you sided with the CEC in advancing the elections in Himachal Pradesh.”

Such pressure tactics, Mr. Gopalaswami said, did not augur well for the Election Commission because the independence and neutrality of the members could be jeopardised by subjecting them to mental pressure and pressure from other vested interests.

“Such an approach would strike at the very foundation of the Election Commission as a neutral body,” he said.

The then CEC said that from time to time he had taken care to apprise some select people of these happenings lest they be labelled as an afterthought.

U.P. elections

As for the episode of U.P. elections in 2007, when Mr. Chawla wanted the poll announcement deferred anticipating imposition of President’s rule, which was demanded by the Congress, Mr. Gopalaswami said the matter was brought to the notice of the then President, A.P.J. Abdul Kalam.

Mr. Gopalaswami said his immediate predecessors, J.M. Lyngdoh and B.B. Tandon, and a retired Gujarat IAS official, had also been told about these instances.

“It is also necessary to record here that prior to May 2005, in the one year and three months of my experience as Election Commissioner, there was not even one single incident in which there was any remotely partisan view expressed by any Commissioner on any occasion when the general election to the Parliament 2004 and election to the Legislative Assemblies of Maharashtra, Arunachal Pradesh and Bihar [2005] were conducted.”

Mr. Gopalaswami said Mr. Chawla’s “present conduct seems a part of a continuum of the conduct he had exhibited, of closeness to a certain political formation, during the emergency a little over 30 years ago and more recently, prior to his appointment as EC, when he received donations for the trusts which he and his family members ran, to the period of the last three and a half years in the Election Commission.”

Mr. Gopalaswami said these would certainly be significant factors in deciding Mr. Chawla’s continuance in the post of Election Commissioner. These would equally be significant in determining his suitability to the office of CEC. — PTI

http://www.hindu.com/2010/02/08/stories ... 431100.htm

vhkprasad · Post by **vhkprasad** » 19 Feb 2010 17:47

Hey Rahul,

We achieved what you are looking for, Indian EVMs are vulnerable and we are writing a research paper on it. Recently we came across a paper in IIT chennai written by you, we would like to have your email Id to further discuss on this issue.. I will let you know about myself by email. respond to [email protected] ASAP.

For all the members of the forum.. you will soon hear the news on indian EVMs been hacked and the design completely cracked..

Pranav · Post by **Pranav** » 20 Feb 2010 15:25

RamaP (in TSP thread) wrote:
However, nowadays I am even more concerned as to whether there will ever be an ideal leadership who truly cares about India's interests over Uncle's priorities. The conspiracy theory that bothers me the most is about EVMs. If EVMs are truly compromised and if Uncle has a say in India's internal political affairs, then I guess we can safely say good bye to any chances of India giving a fitting reply to TSP in the near as well as distant future. Adding to that is the tremendous influence wielded by the Indian media, who apparently is driven by a not so subtle uncle sponsored agenda. If the above factors are even partially true, then it is truly a worrisome situation for our nation. In such a scenario, our nation would have no other choice but to keep a rather huge collection of dossiers with predefined text template ready to be sent to TSP in response to all the future terrorist bloodbaths.

It is standard practice for trojans and kill switches to be embedded in defense equipment. Also, western elites have had decades of experience rigging EVMs in the US.

Available information about Indian EVMs suggests that the source code is accessible to only 4 or 5 people at the PSU, and that the binary code is not verified in India after the chips arrive from the US-based manufacturer.

So, it would in fact be highly surprising if western elites have not rigged the EVMs through their agencies ... surely they are not that incompetent.

ArmenT · Post by **ArmenT** » 21 Feb 2010 01:53

Pranav wrote: It is standard practice for trojans and kill switches to be embedded in defense equipment.

True, but there's a difference between this and EVMs. The difference is that the defence equipment is manufactured entirely in the west and they add the kill switches in as a feature and sell the whole package to some third world country. The third world country doesn't get the source or even the binary code on the chips, so they don't have a way of knowing what is on those chips. They just take the whole equipment at face value.

In the case of EVMs, the binary code is supplied by the Election Commission and they already know what the hashes of those binary codes are, because they wrote them. Hence, the idea of slipping a trojan in becomes a whole lot harder.

Put it this way: if I buy the only car I can afford and it came to me painted blue, I wouldn't know if there's a special reason why the car was painted blue. However, if I ordered a custom car that I wanted painted in my own peculiar shade of red and it came to me painted blue, I'd know something was up. That's the big difference.

Pranav wrote:Available information about Indian EVMs suggests that the source code is accessible to only 4 or 5 people at the PSU, and that the binary code is not verified in India after the chips arrive from the US-based manufacturer.

Your assertion has been refuted many times, including on the same page on this thread. The binary code is verified for each and every chip. There's a very good reason to do this too, which has nothing to do with rigging. Also, there are two manufacturers of those chips, one of which is not US based at all. The manufacturers of those chips have been talked about many times in the previous pages of this thread.

Also, you still haven't come up with how these supposedly rigged EVMs are setup individually to favor a particular candidate. Remember the machines are randomly sent from a warehouse and the candidates names are arranged somewhat randomly on the machine as well and the candidates are allowed to verify the machines the previous day and put their own seals on the machines and their own locks and guards around the building where the machines are stored before election day.

Pranav wrote:So, it would in fact be highly surprising if western elites have not rigged the EVMs through their agencies ... surely they are not that incompetent.

What would be highly surprising is if you came up with some actual facts instead of repeatedly spouting discredited facts. Repeating BS doesn't make it true.

Incidentally while a lot of people have been talking a lot of horse-puckey about EVMs, no one has been talking about the low-tech technique of voter rigging, which is actually a lot easier to achieve and bypasses all the security measures people take to protect EVMs from fraud.