Cavium, a maker of semiconductors acquired in 2018 by Marvell, was allegedly identified in documents leaked in 2013 by Edward Snowden as a vendor of semiconductors backdoored for US intelligence. Marvell denies it or Cavium placed backdoors in products at the behest of the US government.
The allegations surfaced in the PhD thesis of Dr Jacob Appelbaum, “Communication in a world of pervasive surveillance: Sources and methods: Counter-strategies against pervasive surveillance architecture.” Appelbaum’s thesis was published in March 2022 and received little public attention until mentioned in security blog Electrospaces.net last week.
Appelbaum in 2012 worked as an investigative journalist and technical expert with documentarian Laura Poitras on the Snowden leak. He left the Tor Project in 2016 amid disputed allegations and subsequently enrolled in Eindhoven University of Technology in the Netherlands, where he is a postdoctoral researcher in computer science and cryptography.
In the thesis, on page 71, footnote 21 says, “While working on documents in the Snowden archive the thesis author learned that an American fabless semiconductor CPU vendor named Cavium is listed as a successful SIGINT ‘enabled’ CPU vendor. By chance this was the same CPU present in the thesis author’s internet router (UniFi USG3). The entire Snowden archive should be open for academic researchers to better understand more of the history of such behavior.”
The implication, made explicit by the thesis index that references the footnote as “Cavium CPU backdoor,” is that at least some Cavium kit at some point contained a backdoor useful for American intelligence. Marvell disputes that it implemented a backdoor.
“Marvell places the highest priority on the security of its products,” a spokesperson told The Register. “Marvell does not, and Cavium did not, implement ‘backdoors’ for any government.
Marvell does not, and Cavium did not, implement ‘backdoors’ for any government
“Marvell supports a wide variety of protocols and standards including IPsec, SSL, TLS 1.x, DTLS and ECC Suite B. Marvell also supports a wide variety of standard algorithms including several variants of AES, 3DES, SHA-2, SHA-3, RSA 2048, RSA 4096, RSA 8192, ECC p256/p384/p521, Kasumi, ZUC and SNOW 3G. All Marvell implementations are based on published security algorithm standards.
“Marvell’s market leading Nitrox family delivers unprecedented performance for security in the enterprise and virtualized cloud data centers. The Nitrox product line is the industry leading security processor family designed into cloud data center servers and networking equipment, enterprise and service provider equipment including servers, Application Delivery Controllers, UTM Gateways WAN Optimization Appliances, routers, and switches.”
In a phone conversation, Appelbaum told The Register, “Marvell is answering a question that no one asked.” He explained further in an email, essentially arguing that Marvell could have inadvertently backdoored its equipment by implementing weak and exploitable algorithms, such as the infamous Dual EC DRBG, that were championed by the US government so that they would be adopted by suppliers and deployed in the wild for snoops to abuse.
He also suggested a vendor might agree to incorporate an exploitable weakness and ensure staff are unaware of the development. Appelbaum wrote:
The alleged backdoor, in other words, could be simply the implementation of a weak yet standardized encryption algorithm, something the NSA allegedly encouraged as part of BULLRUN, an operation discussed in the Snowden documents that aimed to subvert encryption standards.
Appelbaum’s email recounts how Michael Kanellos, director of influencer relations and marketing at Marvell, emailed him on May 24, 2023 with some questions about the footnote. Appelbaum says he responded and asked questions of his own.
“For example, I asked how they worked to discover what the NSA had stated as a fact and if they had performed a review of Cavium intellectual property during their acquisition. I emphasized that this was not an accusation against Marvell but rather an opportunity for Marvell to understand how and why the NSA would report it as an internal success,” he wrote in his email.
Appelbaum explained that he has not received a reply to his questions and he would be willing to share his correspondence in the event of any dispute about that.
“As far as I know, Marvell has not reported performing an internal audit on the intellectual property that they acquired from Cavium to search for any NSA sabotage, nor have they reported performing a similar audit on Marvell related technologies,” he said.
“As a simple example, I was unable to find an impact statement about how either Cavium and/or Marvell was impacted by Dual EC DRBG, if they were indeed impacted as the NIST website above indicates.”
And more generally, Appelbaum asked: “Why are American technology companies being sabotaged by the American NSA as part of project BULLRUN and related programs? Why do media organizations redact rather than report the names of these American companies to the American public?”
Appelbaum’s claim reminds us of allegations that surfaced in 2018 about Supermicro server motherboards containing spy chips, a claim Supermicro denied and one that didn’t stand up to scrutiny. There’s also Juniper’s use of the aforementioned Dual EC DRBG algorithm in its NetScreen devices back in 2008 – an algorithm, as we said, is now seen as “a standardized backdoor.” [PDF]
The Register spoke with a former executive at a major US-based chipmaker who said he frequently had to answer questions from the government about chip security. The attitude a decade ago, they said, was “we want you to make things easy and accessible for us.”
Government officials would come to talk about making hardware more secure, but would bring someone along from signals intelligence or from the NSA. These were generally conversations and not demands.
“We’d say he’s not welcome,” the executive said. “We’d tell them to fuck off all the time.”
The reason for that was this firm did a lot of business in China and understood the financial risk of being caught compromising its hardware. “But I think a lot of companies buckled,” our source said.
They also said questions were raised about how the company could ensure that components made in China or Taiwan hadn’t been compromised. The biz could barely make its chips work reliably in the first place, so if alterations were being made in the foundry it would be noticed, the contact noted.
But compromising hardware with added components is generally more effort and riskier than just identifying flaws in existing off-the-shelf hardware. The easier way to do it, the source suggested, is to destroy the root key with laser fault injection [PDF] and then, having broken the cryptography, to hunt around for defects that allow remotely loadable exploits. ®
