Should we discontinue EVMs?

[Dileep]

BEL says that only 3-5 people know the code. Also, code review would mostly involve source code review and not the compiled code and surely not the random bytes.

You can not insert the random bytes from outside the source. The block of bytes itself must be present in the source files, and inserted at compile time. Every coder and reviewer will see the bytes.

There is no way around it.

errr ... the 100k tempered chips are sent "off the record". I did not say that Hitachi sent two boxes marked as "good chip - to be used for testing" and "tempered chip - to be used in PCBs".

You can not send material "off the record". The shipper, customs, local shipper, receiving stores, accounts, everyone verifies the received quantity against the purchase order.

And the tempered are not sent directly to BEL but sent to BEL chief.

Where? His house? How will the shipping and import documents will be made? Who will do the clearing? In whose name? Do you know that the chips are packaged 1000 to a box, each of them more than a cubic foot in size? So, the courier guy will deliver the 100 boxes to the BEL chief's home, and he will carry them in his pocket?

And later he got actual boxes replaced with tempered chips with the help of key people in the store area. Only 3-4 people are needed here. The people in store are wont even notice which boxes go and come, as long as they have gate passes.

This is moving from ridiculous to bizzare. Enough said.

Possible? Pls get Supreme Court order to examine some 10000 EVMs' gate level design. Is that possible for you?

No need to take things out of context. The original point was it is detectable. All you need is to hit ONE tampered machine to find it.

Power is tested during chip testing and NOT after PCB is made. After PCB is made, there are too many components that draw power and so unless something is way too much off, no one will bother. And also, power testing is done, but if addition in circuit is just 1%, then increase in power will be also just 1% and will pass within tolerable limits. So unless gate level design was tested, power test will not give any indications.

The chips, whatever comes to the stores, are sample tested, so any modified chips are going to get caught.

You continue to make out of the world claims that 100 boxes full of chips will be sent to BEL chief, and he will bring them into the stores. All those are IMPOSSIBLE. There is only one way to get the chips in, and that is through the normal channel. All those chips are going to get sample tested.

1. ??? CIA made duplicate chips and sent them to BEL chief. Big deal !!

It is physically impossible to send, recieve, transport, and insert the huge quantity of chips clandestinely. We are talking about 100 boxes, each 1 cuft in volume.

It is logistically impossible to send a shipment to a person, without a logistics trail, including PO, import and shipping documents etc.

It is systematically impossible for the top guy of abig company to walk in into a stores with some material.

That is the big deal.

2. In the process babal you posted, you have not posted people in-charge of store area. Also, you have only mentioned titles and salaries, not given job descriptions. Essentially, the person in storage area have to change the boxes. I dont know the exact designations BEL uses for them

The titles (also known as designations) are given. Their job functions are self explanatory from the title. Use them.

You don't need to know the BEL designations. We are debating based on the system I posted. Use them.

The truth is, you say numbers like 3-4, 6-8, but when it comes to real situation where actual job specifications are involved, the actual counts go way overboard. So, you are trying to make feeble excuses of not having "designations", where you yourself mentions "titles" are given.

Own up, man. You lost it.

Once again, I want to re-confirm : Do chips have serial numbers inside them?

No, they do not, and they can not.

[Dileep]

Just to indulge RM:

The 'simple process' of receiving a shipment of components into the incoming stores will be:

1. The truck comes to the receiving area.
2. The documents (copies of invoice, DC and packing list) given to the operator in charge of the area. He is required to check with the officer in charge of the receiving stores for instruction to actually receive the shipment. It can also be a requirement to take permission from the manager in charge. (My company does that, but the actual practice is the manager leaving the instruction before the shipment arrives)
3. The packages are unloaded by the store hands, and kept for verification at the dock area.
4. A couple of operators verify the master cartons/pallettes with the packing list. The store officer witnesses this, or even participates in the activity in many cases.
5. After all pallettes/master cartons are verified, the necessary documents are signed to release the trucker.

The pallette/master cartons can remain there at the docking area, or get processed immediately. The procedure is:

1. The store hands opens each of the pallets and master cartons till the manufacturer labelled cartons are obtained.
2. The store operators verify the cartons with the invoice and packing list. Each like item in the invoice and its quantity are verified. The stores officer witnesses this, and ticks off his copy of the invoice.
3. After the verification, the cartons are segregated into appropriate groups for movement into the receiving stores.
4. The cartons are moved to the appropriate holding area, as the stores operators checks off with the invoice.
5. The invoices are given to the stores operator who keeps the registers. He updates the stock books with the information. The stores officer checks the information, and accepts it. In most systems, the manager need to countersign the acceptance.
6. The document of acceptance, with copies of the invoice, will go to other departments to confirm that the material is received, and ready to IQC.

This document is the proof that the company received the material by the definition of excise. Once this is done, it can not be shipped out without generating new excise documents.

Similar procedures exist for sampling/transfer for IQC, and after IQC, movement to the holding stores. The holding stores are ALWAYS kept in physical separation with the receiving stores. Both because of quality issues, but also because of accounting issue. The material in receiving is a liability, while the material in holding store is an asset. So, the material being moved to holding stores is once again accounted, and handed over to the officer in charge there.

Kitting and issue to manufacturing also have similar procedures.

[Rahul Mehta]

Rahul Mehta: BEL says that only 3-5 people know the code. Also, code review would mostly involve source code review and not the compiled code and surely not the random bytes.

Dileep: You can not insert the random bytes from outside the source. The block of bytes itself must be present in the source files, and inserted at compile time. Every coder and reviewer will see the bytes. There is no way around it.

Doesnt matter. The coder can add random bytes in the source itself. The trojan code is decrypted and so reviewer will see it as random bytes only.

You can not send material "off the record". The shipper, customs, local shipper, receiving stores, accounts, everyone verifies the received quantity against the purchase order.

The replacement of boxes inside BEL storage area is a covert operation. Given that BEL chief and 3-4 key people in store area are part of conspiracy, this is do-able. And this needs to be done ONLY BEL has procedure to check gate level design. From what I hear, no client in ASIC world check chips at gate level. They do functional testing only and check the ROM code. So if BEL was not doing gate level checking, there is no need to even replace boxes. And in case BEL was doing gate level checking, then boxes need to be replace, and that wont need more than 3-4 people inside BEL at top level and store area.

Where? His house? How will the shipping and import documents will be made? Who will do the clearing? In whose name? Do you know that the chips are packaged 1000 to a box, each of them more than a cubic foot in size? So, the courier guy will deliver the 100 boxes to the BEL chief's home, and he will carry them in his pocket?

No. The boxes are coming via smuggling, and not via customs.

Rahul Mehta: Possible? Pls get Supreme Court order to examine some 10000 EVMs' gate level design. Is that possible for you?

Dileep: No need to take things out of context. The original point was it is detectable. All you need is to hit ONE tampered machine to find it.

Fat chance. SCjs are all on CIA payroll, and that has been confirmed. So they will appoint only those experts who will pick ONLY the good EVMs. So EVMs with tempered microcode will never get disected.

The chips, whatever comes to the stores, are sample tested, so any modified chips are going to get caught.

Yes. Only a sample is tested. After tests, BEL chief and store area chief replace the boxes and then PCB unit gets different boxes.

==========

Just to indulge RM:

The 'simple process' of receiving a shipment of components into the incoming stores will be: ( RM's comment - see how Dileep passes his speculation as facts }

1. The truck comes to the receiving area.
2. The documents (copies of invoice, DC and packing list) given to the operator in charge of the area. He is required to check with the officer in charge of the receiving stores for instruction to actually receive the shipment. It can also be a requirement to take permission from the manager in charge. (My company does that, but the actual practice is the manager leaving the instruction before the shipment arrives)
3. The packages are unloaded by the store hands, and kept for verification at the dock area.
4. A couple of operators verify the master cartons/pallettes with the packing list. The store officer witnesses this, or even participates in the activity in many cases.
5. After all pallettes/master cartons are verified, the necessary documents are signed to release the trucker.

The pallette/master cartons can remain there at the docking area, or get processed immediately. The procedure is:

1. The store hands opens each of the pallets and master cartons till the manufacturer labelled cartons are obtained.
2. The store operators verify the cartons with the invoice and packing list. Each like item in the invoice and its quantity are verified. The stores officer witnesses this, and ticks off his copy of the invoice.
3. After the verification, the cartons are segregated into appropriate groups for movement into the receiving stores.
4. The cartons are moved to the appropriate holding area, as the stores operators checks off with the invoice.
5. The invoices are given to the stores operator who keeps the registers. He updates the stock books with the information. The stores officer checks the information, and accepts it. In most systems, the manager need to countersign the acceptance.
6. The document of acceptance, with copies of the invoice, will go to other departments to confirm that the material is received, and ready to IQC.

This document is the proof that the company received the material by the definition of excise. Once this is done, it can not be shipped out without generating new excise documents.

Similar procedures exist for sampling/transfer for IQC, and after IQC, movement to the holding stores. The holding stores are ALWAYS kept in physical separation with the receiving stores. Both because of quality issues, but also because of accounting issue. The material in receiving is a liability, while the material in holding store is an asset. So, the material being moved to holding stores is once again accounted, and handed over to the officer in charge there.

Kitting and issue to manufacturing also have similar procedures.

At the end of the process babble, Dileep claims that one cannot replace 100 boxes, 1cuft each i.e. total 5 ft * 5 ft * 5 ft of material inside BEL, even if CIA is willing to spend Rs 1000 crores on it !! And mind you, the chances of post-facto detection that boxes were replaced are zero. If chips in storage area are replaced, no software/hardware person will ever ever notice. Most of them dont even have access to storage areas.

If India was such a water tight place, Telgi scam would not have happened. And Telgi scam got detected because there was paper trail, unlike EVM, which has no paper trail.

====

Now Dileep, you better show that BEL does gate level design verification from public sources. Otherwise, doing gate level design verification is NOT standard practice. And the power consumption will be barely 1% more, which will be within tolerance limits. So unless gate level design verification is done, replacement of boxes is not needed. And in case gate level verification was design, then also rigging EVM is not a show stopper, it only creates a speed breaker. The BEL chief has to take 2-3 key guys in store area and thats all. No big deal.

And yes, you can cook all sorts process babble and techno babble you like. A person who claims that allowing people to post complaints on PM's website will worsen India can cook any babble and make any claims. But neither commons (not your pothu janam) will agree that replacing 100 boxes in BEL is an impossible task for BEL chief. These chips are not some suitcase N-bombs that one would put such fortress like security.

[Raja Bose]

Just because you have never seen it, does not mean that nobody in industry does it. The manual is written by person with years of experience and manuals go thru several reviewers and 1000s of readers.

Trust Mehta ji to hand out hoity toity gyaan To someone like you who has never worked on embedded systems it might seem all nice and fine (just goes to prove that laymen cant decide everything which require domain expertise) but regardless of what footnotes say, there are best practices for these things and they are followed otherwise questions are raised - it is no rocket science. BTW you have very little idea (as the bolded part shows) of how manuals get written and reviewed. In fact it makes it even funnier since right now I am sitting in a USB standardization meeting and review process is appalling

Btw, I have friends who worked for ASIC making company in Ahmedabad. I asked if their clients ever check gate level design of the chips they send. Their opinion is that clients confine to power/functional testing. No one except may be hackers would bother to examine chip's gate level design and all the connections at gate level with some raw equipment. AFAITK, none of their clients ever checked chips at gate level. So your assumption that BEL checked gate level design of the chip is way outside standard industry processes.

Yours friends' ASIC company in Ahmedabad is not representative of industry and does not formulate industry best practices. Are you kidding me? Each and every ASIC we use is gate-verified - when you have something which goes into even 10s or 100s of 1000s of units, you dont take chances.

BTW I see this sneaky attempt to move the debate from whether EVM is insecure to whether EVM was ever insecure. If BEL does this verification or not - why didn't you got and ask them instead of making lame excuses about corrupt engineers. How lame is it for you to claim that if you ask a corrupt guy a tough question in public, he is somehow going to get out of the situation without arousing suspicion (and you will let him go unscathed). Instead all we have from you is passive opinions of "friends" who are not even remotely connected with the equipment under debate.

[Raja Bose]

Power is tested during chip testing and NOT after PCB is made. After PCB is made, there are too many components that draw power and so unless something is way too much off, no one will bother. And also, power testing is done, but if addition in circuit is just 1%, then increase in power will be also just 1% and will pass within tolerable limits. So unless gate level design was tested, power test will not give any indications.

For a so-called engineer, you seem to love speaking in vague terms (revealing the neta-side of you). What is this 1%?? 1% of What??? According to you, exactly what are these tolerable limits you are assuming?? For example, 1% of 100 amps is 1 amp - that is NOT a tolerable limit. Please provide how power testing is done in RahulWorld - if the underlined part is representative of your personal approach to system testing, I pity your customers.

[Raja Bose]

If India was such a water tight place, Telgi scam would not have happened. And Telgi scam got detected because there was paper trail, unlike EVM, which has no paper trail.

Thank you for admitting that and unknowingly validating Dileep's reasoning that since there is an inevitable non-trivial paper trail for supplying chips and equipment, it will be caught at some point. Shipping 100,000 chips (that too safely) is not exactly some trivial logistics exercise - it might seem so to you but then it just means you are clueless of the process (as I am sure you and I are about many other processes).

Now Dileep, you better show that BEL does gate level design verification from public sources.

Why should he? It was your responsibility to go to the EVM meeting and ask these questions. What gave you cold feet back then and why this sudden surge of belated guts to ask these very questions here?? If you were really genuinely interested in the answers you would have gone to Delhi and asked them in person, in front of the public notwithstanding your lame excuse that somehow the evil corrupt engineers will pull off djinn magic and evade answering your questions without embarrassing themselves publicly.

This is just another form of our desi mentality. Everybody is eager to debate and act knowledgeable in the shadows where one's actions have no effect but are scared gutless to do the same in public where there can be an effect. And your repeated attempts to have others serve you proof on a platter is just an example of the lazy "Why doesn't somebody do something" mentality.

[Pranav]

..

Compendium of instructions vol 1 http://eci.nic.in/ElectoralLaws/compendium/vol1.pdf
Instruction Sl 61, page 161. There is also an older instruction on page 141.

Good, thanks.

As per page 106, the DEO is the also the RO of a parliamentary constituency. So both keys are with the DEO, making things easier.

OK. So, it is after the observer seals the godown, but before the machines are taken for check. Fine.

Then?

Then - the activation is done, and the pre-determined candidate wins - that's all.

Access to the storage room is possible for the same reason that people like MMS, complicit in so many cover-ups, are running around free.

[Dileep]

Doesnt matter. The coder can add random bytes in the source itself. The trojan code is decrypted and so reviewer will see it as random bytes only.

If the coder inserts random bytes in code, the review catches it.

The replacement of boxes inside BEL storage area is a covert operation. Given that BEL chief and 3-4 key people in store area are part of conspiracy, this is do-able. And this needs to be done ONLY BEL has procedure to check gate level design. From what I hear, no client in ASIC world check chips at gate level. They do functional testing only and check the ROM code. So if BEL was not doing gate level checking, there is no need to even replace boxes. And in case BEL was doing gate level checking, then boxes need to be replace, and that wont need more than 3-4 people inside BEL at top level and store area.

Loose the 3-4 people bullshit, and specify by title from the procedure.

And as far as we know now, the chip is NOT an ASIC. It is a standard product, with MASK ROM.

[ArmenT]

Rahul Mehta: Got a few questions for you if you don't mind:

1. Why do you insist on spelling the word "tampering" as "tempering"? Is there a different hidden meaning in your variation of the spelling that you would like to share? Might be good to tell you that in the normal world, "tempering" is a heat treatment process in metallurgy that involves heating a metal to a specific temperature and then rapidly cooling it, in order to change the properties of the metal's microstructure and harden it. "Tempering" has nothing to do with electronics, so could you please stop using that word, or alternatively, explain why you insist on using it spelled that way.

2. Why do you insist on repeating questions, even when they've been answered for you multiple times by multiple people? For e.g. the serial # on the chips question. Are you hoping that someone will change their answer one of these days and give you the answer you're looking for?

3. What is the name of the ASIC manufacturing company that your friend works for in Ahmedabad. Don't need your friend's name, just the company name.

[Raja Bose]

2. Why do you insist on repeating questions, even when they've been answered for you multiple times by multiple people? For e.g. the serial # on the chips question. Are you hoping that someone will change their answer one of these days and give you the answer you're looking for?

Because he has our well-being (and Oldie status) on his mind.

He is just trying to wear down people so that either they lose interest or trip up - then he can sneakily claim he is right (after selectively quoting responses ofcourse). Unfortunately, this time he has swallowed more than he should have esp. with Dileep saar - hence galay ka kantaa na andhar jaataa hai na bahar (Translation: The bone stuck in his throat can neither be swallowed nor be spat out)!

[Dileep]

As per page 106, the DEO is the also the RO of a parliamentary constituency. So both keys are with the DEO, making things easier.

Not sure what they do. Maybe the second key will go to another official like the ADM.

Then - the activation is done, and the pre-determined candidate wins - that's all.

Access to the storage room is possible for the same reason that people like MMS, complicit in so many cover-ups, are running around free.

How many machines will be "activated"?

[Rahul Mehta]

Dileep,

If the chip was not ASIC and was standard chip, then all the more reason that power consumption and gate level design was NOT tested at all. When people buy standard chips from manufacturers, they never test gate level design. And if CPU is consuming 1% more power, no one will notice and no one will bother. In case of ASIC, people do a lot of tests, but not for standard chips.

====

1. Why do you insist on spelling the word "tampering" as "tempering"? Is there a different hidden meaning in your variation of the spelling that you would like to share? Might be good to tell you that in the normal world, "tempering" is a heat treatment process in metallurgy that involves heating a metal to a specific temperature and then rapidly cooling it, in order to change the properties of the metal's microstructure and harden it. "Tempering" has nothing to do with electronics, so could you please stop using that word, or alternatively, explain why you insist on using it spelled that way.

2. the serial # on the chips question. Are you hoping that someone will change their answer one of these days and give you the answer you're looking for?

3. What is the name of the ASIC manufacturing company that your friend works for in Ahmedabad. Don't need your friend's name, just the company name.

1. I am not good at spellings. Sorry for spell mistakes. I know that heat tempering and code tempering are different, but can never remember the right spellings.

2. Dileep says that chips dont have serial numbers. Pls see his post above, which was reply to my question. So which serial numbers are you talking about?

3. There is only one major ASIC maker in Ahmedabad. If you search, you will find. They design ASIC, dont have foundry. They are big name in ASIC design all over India.

=======

In end, self appointed "experts" are now claiming that replacing some 10-15 boxes each 1ft * 1ft is impossible !! Well, there are experts who give eloberate talks on auditing procedures and then claim that Satyam like fraud can never happen in a company like Satyam and with auditors like PwC. And then we also have IAS who explain eloberate safeguards and claim that one can never ever duplicate stamp papers. And here we have "experts" claiming something more --- one can never replace some boxes from BEL premises.

All in all,

1. I have shown what type of trojan (modulo-5) can add 100-200 seats to UPA without bribibg even one DC, one clerk and by merely putting trojan in chip and managing dispatches of EVMs from BEL or CEC warehouse.

2. I have shown that putting trojan is no more difficult that replacing 10 boxes inside BEL right after chip testing and right before PCB making. OR the chip had trojan in microcode and BEL skipped the gate level design, and did only functional testing, in which case no replacement was needed.


====

As per post-facto proviing, it is impossible. You need Supreme Court order to touch EVM. Given that SCjs are corrupt and pro-CIA, they will at best appoint committee of PwC-type auditors who will never do any sincere investigation of gate level design. And since EVMs were programmed to cheat only once, functional testing is now useless.

No wonder why pro-EVM are opposing the demand to publish gate level design of the chip. Because in such case, the trojan in gates will become visible, or may will be able to prove that chip is not as per the design.

[Dileep]

If the chip was not ASIC and was standard chip, then all the more reason that power consumption and gate level design was NOT tested at all. When people buy standard chips from manufacturers, they never test gate level design. And if CPU is consuming 1% more power, no one will notice and no one will bother. In case of ASIC, people do a lot of tests, but not for standard chips.

Power draw is always tested, and it is not 1% power we are talking about. If you want to do what you claim t do, it will take a very remarkable increase in power consumption.

In end, self appointed "experts" are now claiming that replacing some 10-15 boxes each 1ft * 1ft is impossible !! Well, there are experts who give eloberate talks on auditing procedures and then claim that Satyam like fraud can never happen in a company like Satyam and with auditors like PwC. And then we also have IAS who explain eloberate safeguards and claim that one can never ever duplicate stamp papers. And here we have "experts" claiming something more --- one can never replace some boxes from BEL premises.

Yes, it is impossible to sneak them in, without the help of a number of people, from the security guards to the staff on duty in the store.

1. I have shown what type of trojan (modulo-5) can add 100-200 seats to UPA without bribibg even one DC, one clerk and by merely putting trojan in chip and managing dispatches of EVMs from BEL or CEC warehouse.

And someone long time ago shown it is (theoretically) possible to balance a cone on its tip. The practical impossibility of the mod-5 scheme is very well established. Digging it up wouldn't help you.

2. I have shown that putting trojan is no more difficult that replacing 10 boxes inside BEL right after chip testing and right before PCB making. OR the chip had trojan in microcode and BEL skipped the gate level design, and did only functional testing, in which case no replacement was needed.

How many people will need to collude for the boxes to be replaced. Start from the security guards (several of them).

Please list by title here.

[ArmenT]

1. Why do you insist on spelling the word "tampering" as "tempering"? Is there a different hidden meaning in your variation of the spelling that you would like to share? Might be good to tell you that in the normal world, "tempering" is a heat treatment process in metallurgy that involves heating a metal to a specific temperature and then rapidly cooling it, in order to change the properties of the metal's microstructure and harden it. "Tempering" has nothing to do with electronics, so could you please stop using that word, or alternatively, explain why you insist on using it spelled that way.

2. the serial # on the chips question. Are you hoping that someone will change their answer one of these days and give you the answer you're looking for?

3. What is the name of the ASIC manufacturing company that your friend works for in Ahmedabad. Don't need your friend's name, just the company name.

1. I am not good at spellings. Sorry for spell mistakes. I know that heat tempering and code tempering are different, but can never remember the right spellings.

2. Dileep says that chips dont have serial numbers. Pls see his post above, which was reply to my question. So which serial numbers are you talking about?

3. There is only one major ASIC maker in Ahmedabad. If you search, you will find. They design ASIC, dont have foundry. They are big name in ASIC design all over India.

1. I have a feeling you have some other kind of agenda you're not revealing here. Note that you misspelled "tampering" again despite the fact that I wrote the correct spelling in the post above (the one you quoted and replied to!). And you've done it in previous posts as well, when replying to other posts of mine. How hard is it to lookup or cut/paste the correct spelling, especially when it is spelled correctly in the post you're replying to. Something is not right here....

2. I was talking about the chip serial #s and Dileep's answer above. Yes I know the answer already. You'd already asked this question a few pages before and it had been answered before. I can provide the relevant pages and posts too.

3. Who?? I googled and came up with a few names: einfochips, sibridgetech, couple of consulting firms etc.

[Rahul Mehta]

I have a feeling you have some other kind of agenda you're not revealing here. Note that you misspelled "tampering" again despite the fact that I wrote the correct spelling in the post above (the one you quoted and replied to!). And you've done it in previous posts as well, when replying to other posts of mine. How hard is it to lookup or cut/paste the correct spelling, especially when it is spelled correctly in the post you're replying to. Something is not right here....

Spare me from the spelling nonsense, pls. Angrez werent my baap and so my spelling is not good.

2. I was talking about the chip serial #s and Dileep's answer above. Yes I know the answer already. You'd already asked this question a few pages before and it had been answered before. I can provide the relevant pages and posts too.

Because not having chip-ID favors my case, and so I want to double check. If the chips have ID then it is not a show stopper, but surely a speed breaker. Because one who is making duplicate chips will have to be careful to put those IDs. But if chips dont have IDs and are 100%, identical, then replacing chips is easy.

3. Who?? I googled and came up with a few names: einfochips, sibridgetech, couple of consulting firms etc.

One of the above

[Pranav]

How many machines will be "activated"?

Does it matter? It could be anything between 0 and 100% of the machines.

[ArmenT]

Spare me from the spelling nonsense, pls. Angrez werent my baap and so my spelling is not good.

Forgive me for being skeptical because the rest of the posts of yours seem to have near perfect English spelling. Only time I see *repeated deliberate misspellings* of a particular word or name by desi posters with otherwise good English is when they mean to insult someone or something in their own private little way. Usual excuse given when caught is "oh my English isn't good", "that's an american name and I'm yindoo" or "that's a south/north name and I'm north/south indian and therefore spell it wrongly." It's already been done several times (including on BRF)

It is splitting hairs though and this discussion doesn't serve any purpose on this thread, so I'm not going to pursue this further.

[ArmenT]

2. I was talking about the chip serial #s and Dileep's answer above. Yes I know the answer already. You'd already asked this question a few pages before and it had been answered before. I can provide the relevant pages and posts too.

Because not having chip-ID favors my case, and so I want to double check. If the chips have ID then it is not a show stopper, but surely a speed breaker. Because one who is making duplicate chips will have to be careful to put those IDs. But if chips dont have IDs and are 100%, identical, then replacing chips is easy.

I've been awaiting your explanation with bated breath for a few days now. You have your basic factory scenario laid out for you with typical employees and job positions. Anything else you would like to have?

3. Who?? I googled and came up with a few names: einfochips, sibridgetech, couple of consulting firms etc.

One of the above

Odd. Neither of the two companies is an ASIC chip manufacturer according to their websites. They seem to do design, verification and IP portfolio, but no manufacturing. So which one is the manufacturer you're talking about .

[Rahul Mehta]

I've been awaiting your explanation with bated breath for a few days now. You have your basic factory scenario laid out for you with typical employees and job positions. Anything else you would like to have?

The process-babble Dileep gave only has titles no job description. And none of that process-babble needed.

The trojan can be inserted in EVMs by replacing the CPU boxes at any point after testing and before they go in PCB. Or one can put the trojan in microcode and skip the gate level design testing and ignore 1% increase in power consumption. Also, 1% increase in power consumption may not happen, if Hitachi reduces other unused gates in the chip.

One can even replace boxes after the lock bit is set after verification of masked ROM. In such case, trojan can be in the masked ROM itself. . The 100,000 CPUs will fit in 10-15 boxes of 1 cu ft each. Replacing them with another boxes containing similar chip is child's play. There is NO technology involved in replacing boxes.

Odd. Neither of the two companies is an ASIC chip manufacturer according to their websites. They seem to do design, verification and IP portfolio, but no manufacturing. So which one is the manufacturer you're talking about .

They dont own foundry. But they do complete end to end delivery. The take specifications from client, do the design work, use some foundry in US, China etc and deliver the final ASICs.

[Raja Bose]

Or one can put the trojan in microcode and skip the gate level design testing and ignore 1% increase in power consumption. Also, 1% increase in power consumption may not happen, if Hitachi reduces other unused gates in the chip.

Before you repeat bogus theories, You still haven't (very conveniently) answered my question:

What is this 1%?? 1% of What??? According to you, exactly what are these tolerable limits you are assuming?? For example, 1% of 100 amps is 1 amp - that is NOT a tolerable limit. Please provide some information on how power testing is done in RahulWorld, I am really interested to know.

In the entire thread all I see from you is some vague hand-waving in an attempt to confound the details either by ridiculing the need for detail or by posting utter rubbish - no wonder you want to appeal to the vanity of "your commons" - after all having laymen making decisions based on vague concepts (as opposed to detailed facts) makes it so much easier to hoodwink them, doesn't it?

[Dileep]

How many machines will be "activated"?

Does it matter? It could be anything between 0 and 100% of the machines.

Each machine will take 5-10 minutes to activate. That is why.

[Raja Bose]

They dont own foundry. But they do complete end to end delivery. The take specifications from client, do the design work, use some foundry in US, China etc and deliver the final ASICs.

Really?...because none of the two websites (einfochips or sibridgetech) mention anywhere that they take care of manufacturing for the client (via offshoring). If they do, please provide the link where it says so.

[Dileep]

The process-babble Dileep gave only has titles no job description. And none of that process-babble needed.

The titles are self explanatory as brief job descriptions.

I have posted HOW EXACTLY would the material be handled in a previous post. That is better than job description.

Now, I DEMAND that you sdpecify how exactly the 3-4 people would replace the chips in the holding store.

The trojan can be inserted in EVMs by replacing the CPU boxes at any point after testing and before they go in PCB.

You have no explained how. Name the titles of people. Start with the security guards.

[Pranav]

Each machine will take 5-10 minutes to activate. That is why.

It is quite possible to do it in about 1 minute per machine. The activation will be done with a small hand-held device which will be plugged into the control unit's BU port. The key-stroke sequence will be automated by this device. There would be a team of say 3 people - one to take the control units off the shelves, one who will plug-in the power supply and the activation device, and press the "activate" button, and the third person to put the CUs back on the shelf.

[Dileep]

It is quite possible to do it in about 1 minute per machine. The activation will be done with a small hand-held device which will be plugged into the control unit's BU port. The key-stroke sequence will be automated by this device. There would be a team of say 3 people - one to take the control units off the shelves, one who will plug-in the power supply and the activation device, and press the "activate" button, and the third person to put the CUs back on the shelf.

It is not that simple.

The following would be the activities per machine:

1. Take the CU packing box from the stack and carry it towards the work area.
2. Break the seals and tape on the CU Box and open it.
3. Take the CU unit out carefully and place it on the work area, face down
4. Carefully untie the thread seals on the battery compartment.
5. Install a battery. Close the door.
6. Plug the programming unit to the BU port.
7. Flip the CU, face up
8. Turn ON the CU, wait till POST finishes
9. Press a key sequence on the CU to put the controller into 'activate mode'
10. Press a key on the programming unit to program.
11. Turn OFf the CU.
10. Flip the unit, face down
11. Unplug the programming unit
12. Open the door and remove the battery
13. Close the door. Carefully tie the thread seal back on.
14. Put the CU back in te packaging box
15. Tape and seal the packaging box
16. Carry the box to the original place and re-stack.

Can you do this in 1 minute?

[Pranav]

The following would be the activities per machine:
....
Can you do this in 1 minute?

There are ways to optimize, but no need to go into a detailed Time and Motion Study at this stage.

Let us turn to the code.

Attn RM ji: Why do you need to worry random bytes etc. If, as you say, only a few people (3-5 people) at BEL have access to the source code - once these people are compromised, the rigged binary can be sent to the manufacturer, testers etc.

[Dileep]

There are ways to optimize, but no need to go into a detailed Time and Motion Study at this stage.

Let us turn to the code.

Because this trivial matter of having to compromise the DC and his staff, plus having to stay at the godown for hours together is a bit inconvenient to discuss?

And several posts to claim that it is "proven" that it can be done?

Attn RM ji: Why do you need to worry random bytes etc. If, as you say, only a few people (3-5 people) at BEL have access to the source code - once these people are compromised, the rigged binary can be sent to the manufacturer, testers etc.

According to the published info, the source is independently developed at BEL and ECIL, and cross reviewed. So it is not 3-4 people.

THEN, the source itself is stored for records, and hence could be verified any time, and the mischief identified to the people who made it. That is a major deterrent.

One of the discussion points were, corruption, WITHOUT detection, or TRACE.

[vhkprasad]

I would like to question you all..Does any body of you have an idea of the EVM circuit or just guessing the technology? I recently saw a response from Election Commission to RTI question... ECI has never done a softwrae check on EVMs, ECI doesn't have the source code, ECI doesn't own the IP rights. The point is not whether insertion of trojan is possible or not..The question is whether there is a mechanism to identify wilful trojans or replicated EVMs. Mere functional test and a mock poll is not sufficient to check trojans or replicas, We need verification tool that can validate the image(EVM Code) at any point by anybody including the polling agents. Why can't E-governance policy be made applicable to EVMs. I support open standards..like SCOSTA/SCOSIA (Smart Card Operating System for Indian Applications)..

[Pranav]

Because this trivial matter of having to compromise the DC and his staff, plus having to stay at the godown for hours together is a bit inconvenient to discuss?

And several posts to claim that it is "proven" that it can be done?

No, not inconvenient to discuss. Rather, it is trivial. Anybody who has been appointed by a deeply corrupt government can be relied on to serve its interests. Why are people like MMS still running free?

According to the published info, the source is independently developed at BEL and ECIL, and cross reviewed. So it is not 3-4 people.

THEN, the source itself is stored for records, and hence could be verified any time, and the mischief identified to the people who made it. That is a major deterrent.

One of the discussion points were, corruption, WITHOUT detection, or TRACE.

Here is what is done:

A select software development group of 2-3 engineers designs the source code and this work is not sub-contracted.

After completion of software design, testing and evaluation of the software is carried out by an independent testing group as per the software requirements specifications (SRS). This ensures that the software has really been written as per the requirements laid down for its intended use only.

After successful completion of such evaluation, machine code of the source programme code known as hex-code (not the source code itself) is given to the micro controller manufacturer for fusing in the micro controllers. From this machine code, the source code cannot be read. Source code is never handed over to anyone outside the software group.

Micro controller manufacturer initially provides engineering samples for evaluation. These samples are assembled into the EVM, evaluated and verified for functionality at great length. Bulk production clearance is given to micro controller manufacturer only after successful completion of this verification.

The source code for the EVM is stored under controlled conditions at all times. Checks and balances are in place to ensure that it is accessible to authorized personnel only.

During production, functional testing is done by production group as per the laid down quality plan and performance test procedures.

Samples of EVMs from production batches are regularly checked for functionality by Quality Assurance Group, which is an independent group within the organizations.

The source code is not available to anybody outside the development group (2-3 people) and the software testing group (another 2-3 people, perhaps). The government has only to ensure that cooperative and obedient people are transferred into these positions.

Although the EC likes to boast about the rigor of their procedures, they have never claimed that there is any testing of the machines other than functional testing. This will not detect the rigging. In fact, there was an RTI query asking how the binary code on the chips is verified. The EC's only response has been to maintain a deafening silence.

So it is clear that the people at the assembly plant don't have access to even the binary code, let alone the source code.

[Pranav]

I would like to question you all..Does any body of you have an idea of the EVM circuit or just guessing the technology? I recently saw a response from Election Commission to RTI question... ECI has never done a softwrae check on EVMs, ECI doesn't have the source code, ECI doesn't own the IP rights. The point is not whether insertion of trojan is possible or not..The question is whether there is a mechanism to identify wilful trojans or replicated EVMs. Mere functional test and a mock poll is not sufficient to check trojans or replicas, We need verification tool that can validate the image(EVM Code) at any point by anybody including the polling agents. Why can't E-governance policy be made applicable to EVMs. I support open standards..like SCOSTA/SCOSIA (Smart Card Operating System for Indian Applications)..

Hi, vhk - can you post a link to the RTI response, please?

[Dileep]

I would like to question you all..Does any body of you have an idea of the EVM circuit or just guessing the technology?

Prasad, welcome to the forum.

I would say educated guess.

I recently saw a response from Election Commission to RTI question...

Could you please post the document here?

ECI has never done a softwrae check on EVMs

True. EC is not competent to do that either.

ECI doesn't have the source code, ECI doesn't own the IP rights.

Not true. BEL/ECIL disclosed that ECI owns IP Rights. I don't know if EC actually holds a copy of the source, but they sure do own it.

The point is not whether insertion of trojan is possible or not..The question is whether there is a mechanism to identify wilful trojans or replicated EVMs.

To be precise, the question is whether insertion of a trojan, without the possibility of detection, is possible.

Mere functional test and a mock poll is not sufficient to check trojans or replicas

True.

We need verification tool that can validate the image(EVM Code) at any point by anybody including the polling agents.

Can't agree with that. If you go down that road, the first question is, who verifies the tool? And if you provide access to the EVM, the first allegation would be that someone can do field modification to the units. Read Pranav's posts above.

Why can't E-governance policy be made applicable to EVMs.

Do you have link to the policy?

I support open standards..like SCOSTA/SCOSIA (Smart Card Operating System for Indian Applications)..

The EVM security works on its simplicity. Read through the previous pages, and look at the very limited number of arguments raised against the system.

[Dileep]

No, not inconvenient to discuss. Rather, it is trivial. Anybody who has been appointed by a deeply corrupt government can be relied on to serve its interests. Why are people like MMS still running free?

Rhetoric apart, it is not easy to maintain secrecy in such a setup, even with govt manipulating people. In fact, the 'government' can directly control the appointment of the DC and ADM. The staff appointment goes through the regular system, and it is tough to control.

All it takes is one peon or one clerk to blow the cover.

The source code is not available to anybody outside the development group (2-3 people) and the software testing group (another 2-3 people, perhaps). The government has only to ensure that cooperative and obedient people are transferred into these positions.

BEL is a company, not a govt department. There are no 'transfer' of obedient people. It is almost impossible to select specific reliable people to form the team without making a scandal. With ECIL also doing it independently doubles the problem.

In fact the moment any indication of 'chamchas' getting into the EVM project, all others will put them under a microscope, and dig up their past to see if there is a scandal. That is a good deterrence.

Then, on top of all, the source once created is stored forever. ANY time in future, someone takes a look at it, the corrupt code can be seen. How are those chamchas going to explain it?

Although the EC likes to boast about the rigor of their procedures, they have never claimed that there is any testing of the machines other than functional testing. This will not detect the rigging. In fact, there was an RTI query asking how the binary code on the chips is verified. The EC's only response has been to maintain a deafening silence.

Absence of evidence is not evidence of absence

So it is clear that the people at the assembly plant don't have access to even the binary code, let alone the source code.

I am not sure about that allegation. My take is that the QC should be checking the chips by sample.

[Rahul Mehta]

Attn RM ji: Why do you need to worry random bytes etc. If, as you say, only a few people (3-5 people) at BEL have access to the source code - once these people are compromised, the rigged binary can be sent to the manufacturer, testers etc.

Dileep claims that "many" have access to source code or have verified the source code as a part of complete in-depth peer review. In such case, if one wants to insert trojan in a way that people in code review cannot know, then they can put the trojan in the random bytes et the end of the compiled binary.

The advantage of putting trojan in random bytes at the end of the binary (and it will be decrypted and executed by microcode of the chip) is that even if one manages to get hold of the box and read the ROM, he cannot prove that there is any trojan there. He will need to decode the microcode to prove that trojan exists, and decoding microcode is not easy, and difficult to the extent of impossibility.

To merely put the trojan in ROM, all this is also not needed. One can simply replace the boxes containing CPU chips after chips are verified, lock bits are set and just before they are sent to PCB making units. Replacing 15 boxes, each no bigget than 1 cuft is child play if Director of Bangalore facility and main person in-charge of Store Keeping decide to agree. These chips are not some plutonium that people would guard heavily. If BEL starts guarding all chips like plutonium, then they will never be able to finish any project in time.

======

Dear all,

We have discussed all tech details. I have shown that putting trojan is as easy or as difficult as replacing 10-15 boxes inside BEL, each box not bigger than 1ft * 1ft . How difficult is replacing 15 boxes containing CPU chips? That is not a tech issue anymore.

So IMO, it is time we move from tech issues to administrative political ways to resolve this EVM debate. The EVM bhagats claims that EVM does not have trojan because it cannot have trojan because one cannot replace even 1 box inside BEL even if top 5-10 people in BEL sell out. We anti-EVM dont believe that BEL is such a fortress.

So now how do we citizens of India resolve this debate? Any suggestions?

[Rahul Mehta]

1. I would like to question you all..Does any body of you have an idea of the EVM circuit or just guessing the technology?

2. I recently saw a response from Election Commission to RTI question... ECI has never done a softwrae check on EVMs, ECI doesn't have the source code, ECI doesn't own the IP rights. The point is not whether insertion of trojan is possible or not..The question is whether there is a mechanism to identify wilful trojans or replicated EVMs. Mere functional test and a mock poll is not sufficient to check trojans or replicas, We need verification tool that can validate the image(EVM Code) at any point by anybody including the polling agents. Why can't E-governance policy be made applicable to EVMs. I support open standards..like SCOSTA/SCOSIA (Smart Card Operating System for Indian Applications)..

vhkprasad,

1. None of us have ANY clue of what EVM consists of. The pro-EVM people are only making guesses about tech/process to claim that "trojan can never ever get into EVMs".

2. BEL or ECIL has rights to EVM software etc. To me, thats a lesser issue because ECIL and BEL are also PSUs, as good or as bad as EC. So whether EC has source code or BEL has source code or ECIL has source code --- it wont matter as far as safety goes. If there is a trojan inside say 20%s EVMs, public has no way to know as one would need SCj order to touch EVMs. Now if one is powerful enough to get trojan inside EVMs, he will have enough contacts in SCjs to ensure that SCjs never issue such order, or they appoint expert committee consisting of PwC auditors or kind of experts who lied in Pokharan-2 test. So these experts will go, select say 100-200 EVMs ONLY from the non-rigged 80% EVMs and then declare that ALL EVMs are unrigged !! So if there is a trojan in EVM, it is safe and undetectable to outside world. Only way to know is to let people buy EVMs for Rs 10000 a piece. But those who are worried about trojan getting discovered have already claimed that "selling EVMs will damage India !!". I wonder how handing over EVMs for cost price and giving details of gate level design of chip, binary etc will hurt even a sparrow. But EVM-lovers want iron wall type secrecy around EVMs.

[Tanaji]

I have shown that putting trojan is as easy or as difficult as replacing 10-15 boxes inside BEL, each box not bigger than 1ft * 1ft . How difficult is replacing 15 boxes containing CPU chips? That is not a tech issue anymore.

You have shown nothing at all despite repeated requests for it. Merely going around and repeating a particular statement doesnt mean it gets proved, much as you may want to employ the tactic. You have been repeatedly asked for a procedure that is feasible, You have been asked for the code yet you have delivered zero, zilch, nada.

When requested to turn up for the EC seminar, you quickly enrolled in the Northern Light Infantry for crash courses in downhill skiing i.e. you failed to turn up, giving ridiculous and laughable excuses.

Stop trying to mislead the newbies.

[Tanaji]

But EVM-lovers want iron wall type secrecy around EVMs

More lies from the serial liar called Rahul Mehta.

From day 1 most of us including me have called for a complete audit, and not secrecy. Of course, because it does not conveniently agree with the Liar's world view, he will hide this fact.

[Surya]

SIgh just following this thread has been revealing about the machinations of Rahul world.

SIgh and to think we were happy that he tried to get elected. what a disappointment

I think we will stay witht he devil we know.

[Dileep]

More lies from the serial liar called Rahul Mehta.

I am putting an anecdote that gives some insight into the psyche of RM. Quoting from the Neta-Babu thread.

Rahul Mehta recently changed the wording of a proposed executive notification designed to bring in drastic changes of the legal and administrative system of India (which I oppose BTW).

I have added the buzzwords such as "RTI application" and "complaint against corruption". But, yes, any damn text will go in the affidavit and that is intended. And I have not added buzzwords to please you --- many of my activists proposed that adding words like "RTI application", "complaint against corruption" would make it difficult for 4-digit IQ+ walla intellectuals to oppose this proposal. And I think they are right. Anyone who opposes this EN can be now portrayed as anti-RTI and pro-corruption. And so I decided to add these buzzwords in the text of the proposed EN.

And then he asks me a question:

So lets come back to question. First, am I stating it correctly that YOU both oppose the law that would allow citizens to put their complaints against corruption and RTI applications on PM' website? .

I post this here because the other thread is in the secure domain.

[Dileep]

Dileep claims that "many" have access to source code or have verified the source code as a part of complete in-depth peer review. In such case, if one wants to insert trojan in a way that people in code review cannot know, then they can put the trojan in the random bytes et the end of the compiled binary.

The notion of random bytes is thoroughly discredited. I have posted nine links, two of them books on embedded system design, which explains what exactly to do to fill unused ROM. Those were collected from the first two google search pages. There were plenty more relevant pages.

Rahul Mehta sad NOTHING to counter that, because he couldn't find any.

Now, he is talking like the random bytes is a given fact. That is not going to fly here.

You either refute my arguments on this subject, or retract your line of reasoning.

The advantage of putting trojan in random bytes at the end of the binary (and it will be decrypted and executed by microcode of the chip) is that even if one manages to get hold of the box and read the ROM, he cannot prove that there is any trojan there. He will need to decode the microcode to prove that trojan exists, and decoding microcode is not easy, and difficult to the extent of impossibility.

DROP the notion of random bytes. It can not be done without the collusion of EVERY author/reviewer of the source code.

To merely put the trojan in ROM, all this is also not needed. One can simply replace the boxes containing CPU chips after chips are verified, lock bits are set and just before they are sent to PCB making units. Replacing 15 boxes, each no bigget than 1 cuft is child play if Director of Bangalore facility and main person in-charge of Store Keeping decide to agree. These chips are not some plutonium that people would guard heavily. If BEL starts guarding all chips like plutonium, then they will never be able to finish any project in time.

I asked you the exact list of people from the chart I posted, and till now you haven't.

Still, you pretend that it is a given fact.

We all know, thanks to the post I quoted above for reference, what kind of a person you are. You find it perfectly fine to openly cheat in an argument. People hear started seeing clearly through you.

LEAVE the arguments, or SUBSTANTIATE them.

We have discussed all tech details. I have shown that putting trojan is as easy or as difficult as replacing 10-15 boxes inside BEL, each box not bigger than 1ft * 1ft . How difficult is replacing 15 boxes containing CPU chips? That is not a tech issue anymore.

It is not a tech issue. It is a logistics issue.

You LOVE to debate logistics issues, because they are not so definitive as technical issues. The past 40 pages of this thread attest that you NEVER admit ANY of the logistic problem as significant. As a defense, I have provided, upon your challenge, a complete logistic system for material handling. When you raised this issue of replacing boxes, I specifically asked you to post scenarios based on the given system.

You NEVER did that. Still, you pretend that it is a given fact.

LEAVE those arguments, or SUBSTANTIATE them.

So IMO, it is time we move from tech issues to administrative political ways to resolve this EVM debate. The EVM bhagats claims that EVM does not have trojan because it cannot have trojan because one cannot replace even 1 box inside BEL even if top 5-10 people in BEL sell out. We anti-EVM dont believe that BEL is such a fortress.

So now how do we citizens of India resolve this debate? Any suggestions?

Thank you for admitting that there are no technical vulnerability for the EVM. Only administrative/logistic issues.

Do you agree to move on based on this assumption?

[Dileep]

1. None of us have ANY clue of what EVM consists of. The pro-EVM people are only making guesses about tech/process to claim that "trojan can never ever get into EVMs".

Let me add that those are well educated guesses. I am someone with established credentials who can do everything from concept to delivery of an EVM. So are some other people who post here.

Only way to know is to let people buy EVMs for Rs 10000 a piece. But those who are worried about trojan getting discovered have already claimed that "selling EVMs will damage India !!".

I was the only one who posted this point of defense here. Are you accusing that I am "worried about trojan getting discovered"?

I wonder how handing over EVMs for cost price and giving details of gate level design of chip, binary etc will hurt even a sparrow. But EVM-lovers want iron wall type secrecy around EVMs.

It will definitely not hurt a Sparrow, unless someone throws the EVM thus procured at the bird.

The problem is, there will be another set of EVM haters who will jump up and down and yell "sell out", which is going to hurt the EVM more.

We all know very well how you think. You raised this point for exactly the reason I mentioned.