[Cryptography] Physical security risks of onetime pads just changed.

Thu Sep 15 19:50:22 EDT 2016

Den 16 sep. 2016 00:31 skrev "Tom Mitchell" <mitch at niftyegg.com>:
>
> The physical security rules of one time pads may have changed.
>
>
http://www.pbs.org/newshour/rundown/mit-machine-read-books-without-opening/
>
> This may have risks when tamper evident devices for
> nuclear launch code challenge response methods are considered.
> The launch codes -- well that is a movie plot threat I hope.
>
> Sending a pre-shared secret via US mail to establish
> VPN and othersecure  remote office communication channels
> may have gotten harder for high value government
> and civilian organizations.
>
> This implies that nine pages deep into a onetime pad
> can be read in the lab... flip it over and it is 18 pages.
> With luck flash paper pads would just ignite ;-)

While I do get the humoristic tone of your message, I have a somewhat
serious reply.

The problem have already been encountered by lottery ticket markers, and
more recently also Bitcoin paper wallet designers. In the latter case, you
really don't want to hand over a private key with money and realize it got
stolen without the paper wallet ever even being opened. There's multi-fold
paper wallet designs with patterns meant to obscure the Qr codes which is
holding the raw secret keys (no guarantees on the effectiveness!);

https://bitcointalk.org/index.php?PHPSESSID=pvk3efqi9hgipdoa7ocej0lvp5&topic=169836.msg2026791#msg2026791

http://cantonbecker.com/etcetera/2013/bitcoin-paper-wallet-design-video/

The attack method is called "candling", and to find relevant info you'll
want to search for "candling lottery tickets" (that's the only reliable set
of search terms to get relevant info which I could find).

One idea of mine is to use visual cryptography to stack multiple layers of
sheets with seemingly random patterns, and intentionally misalign and
rotate them, and to place fully random decoy sheets in the mix.

https://en.wikipedia.org/wiki/Visual_cryptography

The recipient then breaks the (tamper-evident) seals, discards the decoys
and then aligns the sheets according to instructions. The message will then
become readable.

This still breaks if the adversary can still manage to get a high enough
resolution scan of every sheet, but with high resolution visual
cryptography patterns this should be very hard for the foreseeable future.
Though the adversary has the advantage of being able to bend the stack of
sheets to cause controlled realignment, and that visual cryptography is
entirely "linear" (you always just need higher resolution images of the
blob of printed pixels to be able to figure it out).

Perhaps another defense could be to use scrambling sheets in the stack with
a variety of optical properties to inject noise and diffuse any images.
Small prisms, lenses and pigments with holographic properties and other
effects. Beware of unintentionally helping the adversary, though! You might
just create something resembling a Fresnel lens and make it easier to
analyze.

Of course the security model of this method is very limited today - it is
your best option if and only if...

* You only have one single reliable communication channel, in the form of
physical delivery of messages (courier, postal service or similar)
* You have no option to use proper cryptography (no shared key, don't know
each other's public keys, no trusted hardware, etc)
* You trust the couriers and other middlemen to not actually *open* the
envelopes, or even substitute them

In real world usage I'd only use it for one-off messages to deliver
encryption keys (with mandatory confirmation of receipt before use), in
mostly-trusted environments with completely trusted couriers, where you're
defending against opportunistic spies who can do anything but to open the
envelope (no unmonitored access, or too little time to tamper with the
seals).

The kind of stuff where you have two armed men carrying a briefcase cuffed
to the hand, and you're defending against X-ray vans;

http://www.theatlantic.com/politics/archive/2015/10/the-nypd-is-using-mobile-x-rays-to-spy-on-unknown-targets/411181/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160916/5f1e2a0a/attachment.html>