[Cryptography] Useless side channels

[Perry E. Metzger]

The business of finding difficult to exploit side channels heated up
in the last few days, as many media outlets made a big deal out of a
paper in which it was explained that one could detect magnetic
fluctuations from computer systems almost 1.5 meters outside a faraday
cage.

Now, I don't want to denigrate the original research -- it seems like
the sort of thing people ought to try out and then publish, if only so
we'll know what's possible.

Instead, I want to denigrate people for discussing it with the press
as though it were a serious threat, and I want to denigrate the press
for being silly enough to cover it.

I mean, in an era where the average large corporation seems to patch
its systems every other leap year, and in which they never put any of
their machines inside faraday cages in the first place, they should
*clearly* worry about people walking up within 1.5 meters of said
non-existent faraday cage enclosed machines in their colocation
facility carrying sensitive equipment with which to exfiltrate a few
bits a second from software they already somehow planted on the
target machine.

Even if they do have faraday cages (hello, Ft. Meade!) we would
imagine no one from the Federal Protective Service police would
notice you carrying such things inside the machine rooms in question,
and there would be no better way to get out data if you managed to
get in anyway, especially given that you had already put software on
the target system.

However, I see no reason we should stop with this level of silly.

After all, the working press loves such stories, so we really need to
feed them more.

I've thought for a bit, and I've come up with an even finer useless
side channel, which is to use the Aharonov-Bohm effect for
exfiltration.

This effect has the added advantage of involving quantum mechanics,
which, from what I can see of the levels of accuracy surrounding
stories on quantum cryptography and quantum computing, is even more
magical to reporters than electromagnetism, which they seem to already
regard as a form of witchcraft. A quantum phenomenon would yield the
added benefit that no one in the news business would report this even
vaguely accurately.

As most of you are computer scientists or electrical engineers and not
physicists, you may be unfamiliar with the Aharonov-Bohm effect, so
I'll give a brief explanation.

The effect is a way that you can detect the presence of magnetic
fields that's non-zero somewhere even from somewhere else where the
field is zero.

Imagine an infinite solenoid carrying a steady current. Inside the
solenoid there's a magnetic field, but outside, although there's a
magnetic vector potential, the field is zero. Classically, there's no
way to measure that field from the outside.

However, it turns out that even though you can't measure the magnetic
vector potential's presence in any classical way, if you move an
electron in a full 360 degree circle around such a magnetic vector
potential, you will invert its phase. Now you might also think you
can't measure the phase, which is after all an imaginary number, but
you can do that by conducting interference experiments.

People have, with really complicated equipment and a great deal of
trouble, measured this effect.

Thus, it should be possible to build a sensitive experiment to route
electrons in a complete circle around your target's computer, conduct
interference experiments with them afterwards, and use the indirectly
inferred magnetic vector potential to further indirectly infer the
presence of magnetic fields within the computer which is otherwise
fully shielded.

Perhaps you can even build a giant experimental apparatus that
completely encircles Ft. Meade and who knows what you might learn!

This doubtless can be used for data exfiltration! Instant pressworthy
side channel, yes?

Sure, actually doing it would be extremely difficult, but so would
getting within a meter or two of an important machine with a faraday
cage round it in a colo to measure a magnetic field, and that didn't
stop interest from our friends at the major industry rags, right?

Reporters, do you have a slow news day and you need to report
breathlessly on something no one understands? The Aharonov-Bohm effect
is here to come to your rescue!


Perry
-- 
Perry E. Metzger		perry at piermont.com