IBX II is an information barrier for gamma-spectroscopy nuclear warhead authentication build around the four decade old MOS 6502 processor and using an Apple II computer.
Hardware from a distant past, at a time when their use for nuclear arms control was never envisioned, can provide more trust for essential verification technologies.
Any further progress toward nuclear disarmament will have to rely on robust verification mechanisms, especially while there is limited trust among relevant states. This requires trusted measurement systems to confirm the authenticity of nuclear warheads based on their radiation signatures. These signatures are considered sensitive information, the systems have to be designed to protect them. To accomplish this task, so-called “information barriers” have been proposed. These devices process the sensitive information acquired during an inspection, but only display results in a pass/fail manner. Traditional inspection systems rely on complex electronics both for data acquisition and processing. Several research efforts have produced prototype systems following fundamentally different design philosophies, but it has proven difficult to demonstrate that hidden switches and side channels do not exist. After almost 30 years of research and development, no viable and widely accepted system has emerged.
Vintage Verification is a fundamentally different approach: The prototype of an inspection system uses vintage hardware built around a 6502 processor. This processor uses 8-micron technology (about 600 times larger than current 14-nanometer technology) and has only about 3500 transistors. Vintage hardware may have a number of important advantages for applications where two parties need to simultaneously establish trust in the hardware used. CPUs designed in the distant past, at a time when their use for sensitive measurements was never envisioned, drastically reduce concerns that the other party implemented backdoors or hidden switches on the hardware level. Limited computing capabilities also limit the space of possible software manipulations.
Today, the design of the 6502 is de-facto open source, and several projects have explored the hardware in great detail (visual6502.org, monster6502.com). The technology is so basic that it would be difficult or impossible to surreptitiously implement extra functionalities that could be used to leak secret information. For the same reason, however, using vintage hardware also comes at a price, as the performance of the inspection system is limited, and data acquisition and processing has to be designed and highly optimized accordingly. Employing two custom-made extension cards for an Apple IIe, the device records gamma spectra from a sodium-iodine detector. To compare two items, the recorded 256 channel spectrum is condensed into twelve energy bins. A similar approach has been used for many years in Sandia's Trusted Radiation Identification System (TRIS).
In a next step, the project seeks to provide for physical storage of the template information in the form of punched cards, thus reducing measurement requirements on the reference item. In our system, the inspector is able to verify that the template data has not been altered either through a public SHA-3 hash, calculated on the 6502 processor, or through a scheme were host and inspector use additional punched cards to verify data authenticity through a special protocol.
More to explore:
The project was first presented on December 29, 2017 on the 34th Chaos Communications Congress (34c3):
- Video and Slides of 34c3 Talk
- Github repository with software and hardware designs