[Cryptography] Tamper-evident cryptographic systems

Jerry Leichter leichter at lrw.com
Fri Mar 21 16:10:33 EDT 2014

So Snowden revealed the extent to which the Internet had been infiltrated and compromised, and now many are rushing off to form a "more secure" Internet.  Imagine it's five years from now.  TLS with PFS is essentially universal for all Web services.  The big guys have strongly encrypted all their internal links.  Data at rest is encrypted.  Etc.

Are we really secure?  Or are we just waiting for the next Snowden to reveal another layer of infiltration that we never suspected - just as we never suspected things like, say, the Quantum XXX series of attacks?  Is there some way we can reasonably raise our level of confidence that certain things are *not* going on?

Let's bound those "things" a bit better.  It's unrealistic to think that targeted attacks against even hundreds of thousands of individuals can be stopped.  There are too many ways to compromise hardware, software, people, environments.  (Sure, your computer is completely secure, but video cameras are pointed at you, your screen, your keyboard....)  So let's limit it to *mass* surveillance.

Perry resurrected this list after a long hiatus with the challenge to develop new systems secure again such attacks.  I think we have some idea how to accomplish this kind of thing.  But ... one thing we really must learn from the Snowden experience is that even apparently secure systems can be attacked by a well-funded, motivated attacker.  You can't just introduce a new system and walk away saying "it's done".  You also need an active defense.

So ... how might one build "tamper evident cryptographic systems"?  Are there collections of sensitive signals of possible attacks that can be tracked to provide an early warning - even if no individual signal has a sufficiently low false positive/false negative rate?  Are there ways to construct "honey pots" that will attract attackers to systems specially configured to notice they are there?

Clearly, thinking about this kind of thing is part of classic espionage tradecraft - see the classic stories about England allowing German bombers to do major damage to avoid leaking the fact that Enigma had been broken.  I'm sure NSA does something to watch for success in attacks against its systems.  (Of course, Snowden is a particularly spectacular example of a failure of such measures.)

I can think of some very simple examples of this kind of thing, but nothing really broad or effective.  This seems to be an under-explored area in general. I recall seeing some work on forgery-revealing signature systems a couple of years back.  (The basic idea was that each time you sign, you modify your signature in one a number of possible ways chosen at random.  All the choices produce a valid "next" signature.  If someone steals you signature, his random choices won't match yours, and the two "signature streams" will soon diverge.  The existence of two distinct signature streams for a given signature is detectable.)

                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140321/09db3721/attachment.bin>

More information about the cryptography mailing list