[Cryptography] High volume thermal entropy from an iPhone
Jonathan Thornburg
jthorn4242 at gmail.com
Thu Dec 14 20:06:11 EST 2017
> We have theoretical reason to believe that the dark signal from a phone camera is thermal noise.
Doing SecureCryptoHash(dark frame) is the easy part.
The hard part is convincing yourself that that "dark frame" (which you
just got from some ReadRawImage API is really "the dark signal" and
hasn't been processed either "helpfully" (i.e., in ways which would be
"helpful" for a typical phone picture) or maliciously.
We're doing crypto, so we have to assume malicious adversaries about.
(After all, if there weren't malicious adversaries about, we could
just take AES(key=counter++, data=0xdeadbeef) for randomness.) That
means we need to worry about all the layers of software & firmware
that lie between our crypto code and the bare hardware.
On 12/14/17, Max Skibinsky <max at skibinsky.com> wrote:
>> I actually think that from my points earlier point 4 is the most pertinent
>> :
>> in your case not only are you neither the designer nor the manufacturer
>> but
>> you also do not control the software updated that get delivered to you.
>
> yes, #4 is certainly a thorny issue. I assume the "passive" attack
> scenario here are hidden patterns in camera firmware and iOS that,
> while appearing to us as "perfect" noise are in fact predictable from
> low level software specifics (known to manufacturer but unknown to
> us). Extreme case of active attack would be corrupt vendor that
> actually produces far less noisy camera, and supplements it with
> perfect noise generated from seed stamped into each camera firmware -
> attack that is next to impossible to detect without reverse
> engineering the silicon.
>
> The only weak guarantee i see here is that comparing random
> motherboard vendor, dedicated HSM vendor and Apple - the party i would
> trust the most would be Apple for economic reasons. What is double
> digit millions in reputation/brand damage to small vendors, is tens of
> billions of damage to Apple - they have most motivations to keep all
> parts of firm/soft ware stack secure. But of course thats just social
> guarantee we are trying to avoid in first place.
>
> - Max
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list