[Cryptography] Hacking spread spectrum clocking of HW ?

dj at deadhat.com dj at deadhat.com
Wed May 25 10:56:28 EDT 2016


> On 5/24/16, Henry Baker <hbaker1 at pipeline.com> wrote:
>> https://www.maximintegrated.com/en/app-notes/index.mvp/id/1995
>>
>> Q: How hard is it to diddle with the spreading codes on these clocking
>> sources?  I'd like to experiment with some longer codes.
>
> See their spec sheet...
> https://datasheets.maximintegrated.com/en/ds/DS1086-DS1086Z.pdf
>
> I looking for links to different whitepapers... where dither driving
> the spread is not pretty triangle frequency and amplitude, but
> is a random shared key. And it's driving an RF tx/rx capable of
> extremely wide spread range. Other option is to tx/rx faux
> wideband noise modulo a random spectrum key. Pointers?

It depends on the application.

Cryptographic spreading codes and wide bandwidths are seen in military
radiations.
CDMA Spread spectrum mobile phones used Walsh codes. I haven't kept up
with WCDMA and LTE since I got sucked into crypto but the principle is the
same.
Those little clock oscillators typically use an LFSR since the goal is
simply to smear out the clock peak to keep within emissions limits. But
any long random looking sequence into a VCO would do.
Bluetooth's frequency hopping spread spectrum was not designed to resist
predicting the sequence. Quite the opposite.

This is wireless 101. Any modern wireless comms textbook should cover it.

If you're talking side channel mitigation or FI tolerance, then it's
currently open season on clever ideas. But that sounds too much like my
day job.

CAZAC codes for stealth canaries anyone?





More information about the cryptography mailing list