Randomness, Quantum Mechanics - and Cryptography
John Denker
jsd at av8n.com
Tue Sep 7 14:56:25 EDT 2010
On 09/07/2010 11:19 AM, Perry E. Metzger wrote:
>> > 2) You can shield things so as to make this attack very,
>> > very difficult.
> I suspect that for some apps like smart cards that might be hard.
> OTOH, it might be straightforward to detect the attempt.
We should take the belt-and-suspenders approach:
a) Do some reasonable amount of shielding, and
b) detect the attack.
Detecting the attack is utterly straightforward.
The primary defense is to "close the loop" around
the noise-generating element. That is, we inject
a known calibration signal on top of the noise ...
and use that to constantly check that the input
channel gain and bandwidth are correct.
The true noise level depends only on gain, bandwidth,
temperature, and resistance. Blasting the system
with RF will not lower the temperature, so that's
not a threat. So unless you have a scenario where
the RF lowers the resistance, lowers the gain,
and/or lowers the bandwidth
_in a way that the calibrator cannot detect_
then this attack does not rise above the level of
a brute-force DoS attack, in the same category as
the AK-47 attack or the stomp-the-smart-card-to-dust
attack.
The calibrator idea relies on the fact that the
computer's i/o system has an o as well as an i.
Note that this defense is equally effective against
both
*) Continuing attacks, where a continuing RF blast
drives the first stage amplifier into saturation,
without necessarily doing irreversible damage, and
*) One-shot attacks, where a super-large blast does
irreversible damage to the amplifier.
------------
Secondary defenses, if you want to go to the trouble,
include putting a canary in the coal mine, i.e.
implementing a second sensor with a different gain,
bandwidth, and resistance. I reckon that attacking
one sensor and getting away with it is only possible
on a set of measure zero, but the chance of attacking
two non-identical sensors without either one of them
noticing is a set of measure zero squared.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list