Intercepting Microsoft wireless keyboard communications
Steven M. Bellovin
smb at cs.columbia.edu
Mon Dec 10 23:03:14 EST 2007
On Tue, 11 Dec 2007 13:49:19 +1000
"James A. Donald" <jamesd at echeque.com> wrote:
> Steven M. Bellovin wrote:
> > It's moderately complex if you're trying to conserve bandwidth
> > (which translates to power) and preserve a datagram model. The
> > latter constraint generally rules out stream ciphers; the former
> > rules out things like encrypting the keystroke plus seven random
> > bytes with a 64-bit block cipher. Power is also an issue if your
> > cipher uses very much CPU time or custom hardware.
> > > I"m sure most readers of this list can propose *some* solution.
> > > It's
> > instructive, though, to consider everything that needs to go into a
> > full system solution, including the ability to resynchronize cipher
> > states and the need to avoid confusing naive users if the cat
> > happened to fall asleep on the space bar while the CPU was turned
> > off.
> Use CFB mode. That takes care of all the above problems. You can
> transmit any small bunch of bits, don't need to transmit a complete
> block, and if the keyboard and the receiver get out sync, the
> keyboard's signal will be decrypted as garbage for the first 128
> bits. If one has the keyboard regularly transmit "no key's pressed"
> from time to time, and if valid key press representations have a
> couple of check bits redundancy, with several keypresses being
> ignored after any invalid key signal, keyboard and receiver will
> synchronize with no fuss.
Believe it or not, I thought of CFB...
Sending keep-alives will do nasties to battery lifetime, I suspect;
most of the time, you're not typing. As for CFB -- with a 64-bit block
cipher (you want them to use DES? they're not going to think of anything
different), it will take 9 keypresses to flush the buffer. With AES
(apparently your assumption), it will take 17 keypresses. This isn't
exactly muggle-friendly. Just think of the text in the instructions...
Redundancy? I wonder how much is needed to avoid problems. It has to
be a divisor of the cipher block size, which more or less means 8 extra
bits. How much will that cost in battery life?
--Steve Bellovin, http://www.cs.columbia.edu/~smb
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography