Intercepting Microsoft wireless keyboard communications

Steven M. Bellovin smb at cs.columbia.edu
Mon Dec 10 23:03:14 EST 2007 

On Tue, 11 Dec 2007 13:49:19 +1000
"James A. Donald" <jamesd at echeque.com> wrote:

> Steven M. Bellovin wrote:
> > It's moderately complex if you're trying to conserve bandwidth
> > (which translates to power) and preserve a datagram model.  The
> > latter constraint generally rules out stream ciphers; the former
> > rules out things like encrypting the keystroke plus seven random
> > bytes with a 64-bit block cipher.  Power is also an issue if your
> > cipher uses very much CPU time or custom hardware.
> > > I"m sure most readers of this list can propose *some* solution.
> > > It's
> > instructive, though, to consider everything that needs to go into a
> > full system solution, including the ability to resynchronize cipher
> > states and the need to avoid confusing naive users if the cat
> > happened to fall asleep on the space bar while the CPU was turned
> > off.
> 
> Use CFB mode.  That takes care of all the above problems.  You can
> transmit any small bunch of bits, don't need to transmit a complete
> block, and if the keyboard and the receiver get out sync, the
> keyboard's signal will be decrypted as garbage for the first 128
> bits.  If one has the keyboard regularly transmit "no key's pressed"
> from time to time, and if valid key press representations have a
> couple of check bits redundancy, with several keypresses being
> ignored after any invalid key signal, keyboard and receiver will
> synchronize with no fuss.
> 

Believe it or not, I thought of CFB...

Sending keep-alives will do nasties to battery lifetime, I suspect;
most of the time, you're not typing.  As for CFB -- with a 64-bit block
cipher (you want them to use DES? they're not going to think of anything
different), it will take 9 keypresses to flush the buffer.  With AES
(apparently your assumption), it will take 17 keypresses.  This isn't
exactly muggle-friendly.  Just think of the text in the instructions...
Redundancy?  I wonder how much is needed to avoid problems.  It has to
be a divisor of the cipher block size, which more or less means 8 extra
bits.  How much will that cost in battery life?


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list