[Cryptography] On Security Architecture, The Panopticon, And "The Law"
Jerry Leichter
leichter at lrw.com
Sat Dec 28 07:27:19 EST 2013
On Dec 28, 2013, at 3:35 AM, Natanael wrote:
> Or how about timing based leaks triggered by a specific type of slightly malformed data package? You could then make the timing differences far larger and nobody would realize what is happening.
>
I don't understand what you're suggesting.
Let's review where we are. The opening question here was: Should we be concerned about an attack in which the hardware recognizes that an AES encryption is being done? My suggestion was that that recognizing when this was happening would be a hard problem, probably an insoluble one except in specialized circumstances. But let's grant it and go a step further: Assume an hardware assist for AES, so that the hardware doesn't even have to solve that problem. I then suggested that we are then at a next level of problem: What should the hardware *do*? I suggested the only thing it really *could* do was exfiltrate the captured key. Which led us here.
What I'll suggest at this point is that the "exfiltrate some information undetectably" problem is difficult. Yes, it can probably be solved by an attacker - but given a system on which the attacker has solved this problem, the game is over. There's not much point in looking at fancy ways to pick up more information - the system's already fully compromised. For example, it was long ago pointed out (I forget by who) that a search of memory for "high-entropy" 128-bit blocks works pretty well for finding stored keys. Much easier than playing with the details of AES, and it finds keys even when they aren't in active use.
-- Jerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131228/f80718b2/attachment.html>
More information about the cryptography
mailing list