[Cryptography] Phishing Attacks - Alice, HAL and Bob

Dirk-Willem van Gulik dirkx at webweaving.org
Fri Aug 19 04:53:31 EDT 2016


> On 19 Aug 2016, at 05:54, Jerry Leichter <leichter at lrw.com> wrote:
> 
>> Coins could be made out of glass. Flaws like tiny bubbles would be difficult to position during manufacture. As such imperfections would make each coin unique and impossible to replicate. Whatever process is used to draw a picture and a coin value could be used to add a unique serial number. Authentication would involve authenticating the physical properties like refractive index and examining the coin's unique physical flaws i.e. Fingerprint. Finally the central bank, for that currency, can authenticate that 'serial number -   fingerprint' combination.
> There is a great deal of published work in this direction.  One extreme example (first page only; the paper should be around somewhere) http://link.springer.com/chapter/10.1007%2F978-3-642-04431-1_15#page-1.  (A "PUF" is a Physically Uncloneable Function" - this search term will lead you to some of the published work.  The particular paper - which I haven't read - uses a "PPUF" - a Public PUF).
> .....
> An actual fielded system - to which I don't have a reference; this is from memory - was used to make tamperproof seals:  It's possible to pull a length of many fiber-optic strands.  The individual strands assort and mix themselves quite randomly, unpredictably, and uncontrollably.  Pick some number of them at one end and light them; record which ones are lit at the other.  Thread the glass through a hasp controlling access to something.  If it's cut, there's no known way to repair or replace it such that the resulting strand will reproduce the pattern.
> 
>     
Similar examples abound in nuclear nonproliferation research (and day to day practice!). 

Examples are intentionally scratching (with a steel wire brush) or splattering (with solder or metal welding blobs) the bolts closing a container and comparing photographs. 

The search term "safeguards" together with tamper proof and variations thereof, or the annual research progress reports of the secretariats of the international treaties(below), may be helpful when researching this generally very mature and robust field.  

A field that may be of interest to this community - as it has state level actors and nations at the core of its threat model. 

Rather than consider these rather late in the game - as is common in the IT space. 

And due to the diplomatic nature of robust international treaties - reports back rather transparent on what (sophisticated) state actors are doing to keep each other collectively in check, what works and what failed. 

As a result -most papers are very engineering oriented and more reports from the field than theoretical. 

Dw. 

https://www.iaea.org/safeguards/
http://www.un.org/en/conf/npt/2015/index.shtml




>   -- Jerry
> 
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160819/a39191f8/attachment.html>


More information about the cryptography mailing list