Design for a trust-free environment: Huawei’s Transparency Centre

The recent opening in Brussels of what Chinese telecom giant Huawei calls its Cyber Security Transparency Centre is the latest in a series of attempts to stop its equipment from being banned from lucrative 5G and other large-scale telecom contracts.

It will probably be as successful as the others: doing little to assuage concern while providing a highly publicised indication of the looming problems that face not just Huawei but any firm making computers and communications gear in a world where capitalism and nationalism are set on a collision course.

For Western competitors, Huawei is an easy target. It’s hard to imagine a company of Huawei’s size and status within China not having close links to the government - a government that sees information technology as a valuable tool of political influence.

Let’s assume that Huawei executives could fend off demands to make information collected by their gear secretly available to intelligence agencies. The core question is: how do you prove that your products are free from hidden trapdoors that could expose your customers’ data to the spooks?

Taken at face value, Huawei’s centre is a step forward. The company has invited security experts to come and test the security of its communications devices. And not just that; to work with Huawei’s engineers on developing standards to assess the security of communications gear in general, deputy chairman Ken Hu told visitors at the launch. That latter hope is perhaps a bit more realistic.

The centre itself will do little to clear up Huawei’s immediate problem. The company’s executives may hope visiting experts will declare the machinery secure enough to be used in Europe’s networks and not be home to backdoors that enable spooks in China to pull data out and decrypt it easily, but that is an unlikely outcome. As with proving any negative, declaring a clean bill of health to Huawei’s equipment – or anyone else’s – is near impossible.

It might be feasible to kill off some of the more lurid accusations, such as the idea that there might be kill switches planted in devices to disable the gear during a conflict. Such a switch would need to be connected to key functions and could be revealed by techniques used to check program logic such as formal verification. Infiltration by security agencies appears to be much more subtle. So much so, that it is difficult to even prove intent when an apparent attempt is uncovered.

In 2013, RSA Security decided to warn users against writing software that relied on a random-number generator in its own codebase. Following the leaking of memos by Edward Snowden, many security researchers came to believe the US National Security Agency (NSA) in the early 2000s pushed for the inclusion of the weakened function, called Dual_EC_DRBG, in order to make it easier to decrypt communications its workers intercepted. The actual backdoor, if present, has never been identified.

In recent years, security agencies in the West have become incrasingly concerned over not just software backdoors or Trojan-horse utilities but hardware versions. Although researchers have scored notable successes in finding some hardware backdoors, such as one left by chip designers in a family of military-grade logic devices identified in 2012 by Sergei Skorobogatov of the University of Cambridge and Christopher Woods of Quo Vadis Labs, the hardware Trojan could be even more insidious than its software counterpart.

In 2013, Georg Becker and colleagues from the University of Massachusetts at Amherst showed that a tiny change in the way a single transistor was fabricated could evade most practical tests of chip function but compromise a random-number generator so it would create keys that are much easier to guess. More recently, a team from Bochum University found it is possible to make circuits spy on each other using electrical interference. As the spyware does not need to be connected directly to the victim logic, it is incredibly hard to detect even using the in-depth formal-verification techniques used to check silicon circuitry that would probably uncover secret kill switches.

If Trojans are near impossible to detect, buyers will simply have to work on the basis that the hardware they purchase may be untrustworthy at some level – a natural consequence of running down expertise in core technologies in favour of international trade.

This is more or less the way in which European agencies have reacted to Huawei’s situation. It is a contrast to the US, where security concerns have become a reason to ban the products for sensitive applications – although trade leverage may have a strong underlying impact here.

In the meantime, Huawei’s competitors can breathe a little more easily. While the focus remains on China there is less scrutiny on them. But Huawei’s claimed aim for its ‘transparency centre’ does have merit: there is an urgent need to develop techniques to ensure the trustworthiness of computers and communications systems without having to completely reverse-engineer every machine.

It may not be possible to engineer a machine you can trust implicitly, but if you can work with systems you are not entirely sure of by reducing the probability of data being compromised to very low levels, that may be enough.