Slashdot Mirror
Totally Secure Non-Quantum Communications?
An anonymous reader writes "TEES is reporting that Dr Laszlo Kish, an associate professor at Texas A&M, has proposed a 'classical, not quantum, encryption scheme that relies on classical physical properties -- current and voltage. He said his scheme is absolutely secure, fast, robust, inexpensive and maintenance-free and relies on simultaneous encrypting of information by both the sender and the receiver.' The scheme uses properties similar to Johnson noise along with Kirchoff's Law to provide what he hopes to be an easier method of secure communications. Arxiv also has the full text [PDF Warning] of the paper."
"James Bond may use the fanciest, most expensive and high-tech devices to thwart would-be eavesdroppers, but in a pinch, the super-spy can use one Texas A&M engineer's simple, low-cost scheme to keep data secure from the bad guys."
This is the first sentence from the article. I'm sorry, but I cannot take anything in that article seriously. On another note the guy has an interestingly hungarian sounding name.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
his scheme is absolutely secure, fast, robust, inexpensive and maintenance-free
Haven't we heard this before?
Generally, if something sounds too good to be true, it usually is neither good nor true.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
This sounds very good in theory, but it may be difficult to implement securely.
For example, he claims an eavesdropper could inject current to measure voltage drops, but would be discovered on the first attempt. If the eavesdropped can send a pulse of current that is so small as to not be registered on the endpoint equipment (which say samples the line at 1X sampling rate), but the attacker is injecting and sampling at a rate 100X faster, the attacker's pulse will be so far above the nyquist bandwidth of the endpoints that they will never see it.
I admit I only read the abstract, he may address this later on in the paper.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Is this guy serious? Connecting random resistors across their line of communications?
Communications is getting compressed, gated and even frequency trapped in order to reduce bandwidth over the global network. Analog is dying (if it isn't dead yet). How will returning to an analog-based "encryption" system work in the digital future?
I don't see any truly safe encryption scheme. I was thinking of some a few months ago (such as having the encoding system changing how many bits and what resolution it uses in a preplanned structure that only the recipient decoding system knows). Bits are bits, and if you can vary what the bits mean and in what order they are created, it is very hard to decode those bits.
I don't think encryption is really important any more. All a government or corporate enemy needs to do is bug your office and your car and the encryption scheme falls apart. The black market government (mob, mafia, yakuza whatever) already has their perfect encryption schemes in place: say nothing, write nothing down and never tell anyone what you are doing. It works. When was the last time you heard of a mob or mafia arrest in your home town (yes, the black market exists there, too).
Government wiretapping isn't being used against the great crime squads. These systems are in place more to make citizens feel safe from terrorists, but all they really is in increase the budget of the agency trying to use the systems. In 10 years, wiretapping will be useless as information will have 500 different paths to take and no one will be able to trace them all. Imagine if you could take your voice, broadcast in your room random bits of your voice to confuse bugs and analog taps, and then chop up the real voice into 5 different streams of varying bits and frequency resolution to be sent via 5 different paths (phone line modem, DSL, cable modem, WiFi to a network 150 feet away and another path hidden in an AIM chat of noise). There is no way "they" can stop the flow of information.
The article really makes little sense to me as it seems to go backwards. It would have been great in the 80s.
This article (uses the words 'proposed' and 'absolutely secure' in the same paragraph. You can't trust such a claim about a proposed system until it's been implemented, distributed, deployed, and pounded on for years by cryptanalysists.
Oh, the sensationalism!
The only way an eavesdropper can determine which resistance is being used at which end is to inject current into the communication channel and measure the voltage and current changes in different directions. Doing this, though, exposes the eavesdropper, who is discovered with the very first bit of information extracted.
But what if the eavesdropper was present from the very beginning, how will they be able to differentiate a "clear" network from a tapped one?
As a rule of thumb anyone who claims to have found a way for "totally secure" anything is either a liar looking for cheap publicity/an ego trip/ pushing a terrorist agenda. And IMHO, I can foresee his "simple" solution using resistances being just as "simply" broken using a handheld calculator and a pair of rheostats (see disclaimer).
In this case you'd want to measure the voltage drop properties of the line to figure out what resistances were on either end.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
There's so much wrong with this, I don't know where to start.
First, Cryptography is hard. Even professional cryptographers with decades of experience still get it wrong -- often. Considering as this guy has essentially no previous experience (he's an EE professor), it's already near certain that he's dead wrong.
Second, he doesn't provide "absolutely secure" communications. He provides non-interceptable communications. He's totally ignoring authentication, non-repudiation, man-in-the-middle attacks, and half a dozen other very important problems. (It's also not a cipher, but we'll ignore that slip.)
He also assumes (from the abstract) that an eavesdropper can only eavesdrop by injecting current into the wire, which is blatantly false. One could easily tap the magnetic field generated by current in the wire, without drawing very much power from the wire at all.
And to top it all off, he's depending on the precise values of voltage and current, which means this is an analog system. Analog systems are notoriously difficult to build precisely -- which is why we're using digital everywhere.
This is such bad research that I can't wait until Bruce Schneier get ahold of this.
Quantum Encryption is p2p. Which means when Bob and Alice trade IP addresses, Mallory would need to convince Bob that her IP is Alice, and Alice that her IP is Bob, which is tough. I mean, if you're trading sensitive info, you ought to be able to have each other's IPs.
FTFA: The way the eavesdropper gets discovered is that both the sender and the receiver are continuously measuring the current and comparing the data," Kish said. "If the current values are different at the two sides, that means that the eavesdropper has broken the code of a single bit. Thus the communication has to be terminated immediately."
And it also assumes that measureing equipments themselves are caliberated and identical (correct me if I am wrong on this) ? Why would anyone base a reliable equipment on "noise" which is random...
Yes, again. The attacker doesn't know which resistor is at which end. And taps the middle.
Of course, the attacker may be the receiver, in which case she KNOWS the value at one end. And that is the trivial breaking case.
Ratboy.
Just another "Cubible(sic) Joe" 2 17 3061
If you are to guess a 50/50 state without any clues whatever, why listen in at all? You know it has to be a 1 or a 0, you don't need to actually be connected to the system for that. So just guess away. If it works, you have just cracked every conceivable system of encryption, and no tools or physical access to the message necessary!
:-)
As for "several thousand combinations"... After the first 32 bits of information you have 4,294,967,296 possibilities, so I hope you are a good guesser.
Another way to see it: if the signal in your induction pickup were truly undetectable then we could wrap billions of similar induction pickups around the communications wire and generate electricity "too cheap to meter".
We don't see the world as it is, we see it as we are.
-- Anais Nin
Suppose Eve inserts a resistor in the transmission line. Now she can measure two voltages instead of one, and I'm pretty sure the difference in standard deviation will reveal the choice of resistors at each end of the line.
If Eve fears that her resistor might be detected, she can use the intrinsic resistance of the wire instead. Unless we assume superconducting transmission lines...
Nice try, though. This is probably related to the issue of determining who is talking when eavesdropping on a two-wire telephone line.
AC
...so why consider quantum cryptography in the first place?
....
It is like speech recognition, VR, kitchen helper robots,
It does not make a lot of sense technologically, but you can get grant money for it easily, because it matches what nonexperts think computing should be able to do for them. Stupid, but very human.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
First, Cryptography is hard. Even professional cryptographers with decades of experience still get it wrong -- often. Considering as this guy has essentially no previous experience (he's an EE professor), it's already near certain that he's dead wrong.
He is doing cryptography in the quantum cryptography sense--a secure, non-interceptable channel--not in the algorithmic cryptography sense. He is well-qualified to talk about the kinds of systems he is talking about.
Second, he doesn't provide "absolutely secure" communications. He provides non-interceptable communications. He's totally ignoring authentication, non-repudiation, man-in-the-middle attacks, and half a dozen other very important problems. (It's also not a cipher, but we'll ignore that slip.)
Again, he isn't trying to do any of those things; he is proposing a way of creating a physically secure channel, in the same sense that quantum cryptography is.
And to top it all off, he's depending on the precise values of voltage and current,
Wrong again. He is proposing a system in which resistances are altered in steps. That's no different and no more analog than any other digital system.
This is such bad research that I can't wait until Bruce Schneier get ahold of this.
Unless Schneier is an expert on electronics, Schneier isn't qualified to say anything about this.
Yes, this guy's system probably doesn't work. But, really, your response is even dumber than his proposal.
Wow, that's so wrong. I wonder who modded you up.
The best cryptographic and digital security is one that is very public, that has had many hundreds of people pounding on it for years trying to find flaws.
A secret system is likely to be broken as soon as someone more skillful than the designers learns of its existance.
I've had enough abrasive sigs. Kittens are cute and fuzzy.