Slashdot Mirror
Totally Secure Non-Quantum Communications?
An anonymous reader writes "TEES is reporting that Dr Laszlo Kish, an associate professor at Texas A&M, has proposed a 'classical, not quantum, encryption scheme that relies on classical physical properties -- current and voltage. He said his scheme is absolutely secure, fast, robust, inexpensive and maintenance-free and relies on simultaneous encrypting of information by both the sender and the receiver.' The scheme uses properties similar to Johnson noise along with Kirchoff's Law to provide what he hopes to be an easier method of secure communications. Arxiv also has the full text [PDF Warning] of the paper."
From TFA:
Kish said that the dogma so far has been that only quantum communication can be absolutely secure and that about $1 billion is spent annually on quantum communication research.
I guess the quantum bubble is about to burst.
I'm shocked.
"James Bond may use the fanciest, most expensive and high-tech devices to thwart would-be eavesdroppers, but in a pinch, the super-spy can use one Texas A&M engineer's simple, low-cost scheme to keep data secure from the bad guys."
This is the first sentence from the article. I'm sorry, but I cannot take anything in that article seriously. On another note the guy has an interestingly hungarian sounding name.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
his scheme is absolutely secure, fast, robust, inexpensive and maintenance-free
Haven't we heard this before?
Generally, if something sounds too good to be true, it usually is neither good nor true.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
This sounds very good in theory, but it may be difficult to implement securely.
For example, he claims an eavesdropper could inject current to measure voltage drops, but would be discovered on the first attempt. If the eavesdropped can send a pulse of current that is so small as to not be registered on the endpoint equipment (which say samples the line at 1X sampling rate), but the attacker is injecting and sampling at a rate 100X faster, the attacker's pulse will be so far above the nyquist bandwidth of the endpoints that they will never see it.
I admit I only read the abstract, he may address this later on in the paper.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
This article (uses the words 'proposed' and 'absolutely secure' in the same paragraph. You can't trust such a claim about a proposed system until it's been implemented, distributed, deployed, and pounded on for years by cryptanalysists.
Oh, the sensationalism!
In this case you'd want to measure the voltage drop properties of the line to figure out what resistances were on either end.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Sounds like snake oil, similar to http://www.schneier.com/blog/archives/2005/12/snak eoil_resear.html
Test your net with Netalyzr
What happens if a thermal fluctuation in the wire causes the loss? How can we tell this from an eavesdropper? To make this work surely the tolerances of all components need to be 0%. Nobody has ever made a 0% tolerance resistor, its a purely theoretical component. Which makes me wonder if this has actually been tested in the lab. Perhaps I'm missing something?
There's so much wrong with this, I don't know where to start.
First, Cryptography is hard. Even professional cryptographers with decades of experience still get it wrong -- often. Considering as this guy has essentially no previous experience (he's an EE professor), it's already near certain that he's dead wrong.
Second, he doesn't provide "absolutely secure" communications. He provides non-interceptable communications. He's totally ignoring authentication, non-repudiation, man-in-the-middle attacks, and half a dozen other very important problems. (It's also not a cipher, but we'll ignore that slip.)
He also assumes (from the abstract) that an eavesdropper can only eavesdrop by injecting current into the wire, which is blatantly false. One could easily tap the magnetic field generated by current in the wire, without drawing very much power from the wire at all.
And to top it all off, he's depending on the precise values of voltage and current, which means this is an analog system. Analog systems are notoriously difficult to build precisely -- which is why we're using digital everywhere.
This is such bad research that I can't wait until Bruce Schneier get ahold of this.
This page http://www.ece.tamu.edu/People/bios/bkish.html says he is Hungarian. (Or at least got his degree and doctorate in Hungary. Whith this name it makes him more than likely a fellow hungarian.)
Eh? Much like quantum communication systems, this is aimed at providing secure point-to-point communications. Almost everything you said above is utterly irrelevant to the question at hand. It doesn't solve any of the problems you bring up because it isn't meant to. Moving to hydrogen powered cars doesn't solve problems of secure Internet communcations, either. That doesn't make them a step backwards...
"Convictions are more dangerous enemies of truth than lies."
FTFA: The way the eavesdropper gets discovered is that both the sender and the receiver are continuously measuring the current and comparing the data," Kish said. "If the current values are different at the two sides, that means that the eavesdropper has broken the code of a single bit. Thus the communication has to be terminated immediately."
And it also assumes that measureing equipments themselves are caliberated and identical (correct me if I am wrong on this) ? Why would anyone base a reliable equipment on "noise" which is random...
Yes, again. The attacker doesn't know which resistor is at which end. And taps the middle.
Of course, the attacker may be the receiver, in which case she KNOWS the value at one end. And that is the trivial breaking case.
Ratboy.
Just another "Cubible(sic) Joe" 2 17 3061
There is no such thing as a perpetual motion machine, an honest politician, or perfect encryption. All three exist in theory, but never in reality.
Well, let's see. The perpetual motion machine doesn't exist, in theory, because the laws of thermodynamics and whatnot essentially rule it out. Of course, it may exist in somebody's theory, but their theory would be at odds with actual, working theories that correspond with reality.
You're closer to the mark when it comes to the honest politicians. I think the measure there should be "honest enough," or at least "honest about his/her opinions/policies when it comes to what we're actually talking about." No one, ever, is 100% honest. Civilization couldn't exist without a certain amount of fluff, white lies ("really, honey, you look great in that dress," or "some day, New Orleans will be just like it was before the storm"), and safety-minded subterfuge.
Perfect encryption? Don't know enough about it. But I know we can do better in talking about it than to use slightly off-balance analogies from other disciplines. It's probably far more useful, anyway, to talk in terms of how imperfectly normal human users use even the "perfect" tools we have for other purposes. That's where stuff always breaks down: GIGO.
Don't disappoint your bird dog. Go to the range.
If you are to guess a 50/50 state without any clues whatever, why listen in at all? You know it has to be a 1 or a 0, you don't need to actually be connected to the system for that. So just guess away. If it works, you have just cracked every conceivable system of encryption, and no tools or physical access to the message necessary!
:-)
As for "several thousand combinations"... After the first 32 bits of information you have 4,294,967,296 possibilities, so I hope you are a good guesser.
as an owner of 2 butt sets (lineman's phones) I can say that this isn't always true. My old western electric rotary one is batteryless. It is still handy for just that reason (and yes, I can still dial out with it on POTS service). My newer Chesilvale needs a 9v battery to work, but it also has a speakerphone in it and more features. I don't believe the battery is there to prevent detection (eliminating voltage drops).
The is more to a butt set than it being a corded phone with alligator clips. It has an audio transformer in it which permits one to hear what is on the line without going "off hook". It allows one to monitor the line without being audibly noticed (there might still be a voltage drop).
How will returning to an analog-based "encryption" system work in the digital future?
It won't obviously, but we are talking about a future with quantum based encryption, no time for dogma in science...
An alternate path to that future has been proposed. To dismiss it off-hand is what kept people in the Dark Ages.
--
Ah. So if the sender and receiver and receiver already have a reliable method of communication, they can use that to prevent eavesdropping on this new channel.
Now, how do they get this reliable method of communication to check current measurements with each other, that is secure against a man-in-the-middle attack?
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Another way to see it: if the signal in your induction pickup were truly undetectable then we could wrap billions of similar induction pickups around the communications wire and generate electricity "too cheap to meter".
We don't see the world as it is, we see it as we are.
-- Anais Nin
Suppose Eve inserts a resistor in the transmission line. Now she can measure two voltages instead of one, and I'm pretty sure the difference in standard deviation will reveal the choice of resistors at each end of the line.
If Eve fears that her resistor might be detected, she can use the intrinsic resistance of the wire instead. Unless we assume superconducting transmission lines...
Nice try, though. This is probably related to the issue of determining who is talking when eavesdropping on a two-wire telephone line.
AC
First, Cryptography is hard. Even professional cryptographers with decades of experience still get it wrong -- often. Considering as this guy has essentially no previous experience (he's an EE professor), it's already near certain that he's dead wrong.
He is doing cryptography in the quantum cryptography sense--a secure, non-interceptable channel--not in the algorithmic cryptography sense. He is well-qualified to talk about the kinds of systems he is talking about.
Second, he doesn't provide "absolutely secure" communications. He provides non-interceptable communications. He's totally ignoring authentication, non-repudiation, man-in-the-middle attacks, and half a dozen other very important problems. (It's also not a cipher, but we'll ignore that slip.)
Again, he isn't trying to do any of those things; he is proposing a way of creating a physically secure channel, in the same sense that quantum cryptography is.
And to top it all off, he's depending on the precise values of voltage and current,
Wrong again. He is proposing a system in which resistances are altered in steps. That's no different and no more analog than any other digital system.
This is such bad research that I can't wait until Bruce Schneier get ahold of this.
Unless Schneier is an expert on electronics, Schneier isn't qualified to say anything about this.
Yes, this guy's system probably doesn't work. But, really, your response is even dumber than his proposal.
I'll confess my understanding of this is sketchy at this point. But as I read it the concept is this one has a wire connecting two resistors. The Johnson noise in the wire is determined jointly by the resistors. Both sides, sender and receiver are changing the resistance values simultaneously with the sender putting in the message and the receiver putting in random crap which gets added to the signal. A person monitoring the voltage in the middle can't tell what fraction of the noise came from which side. Therefore the message can't be extracted. Clever. Oddly it's a lot like the bell's theorem experiment in QM where both sides are changing their filters.
What seems to be the flaw in this is that he assumes that the attacker must inject current unidirectionally to determine which resistance is at which end. Perhaps another means exists, courtesy of the speed of light.
Namely if you monitor the voltage at two points along the wire then you can distinguish between a wave proapgating from left to right and right to left. So you can now determine what fraction of the noise is coming from the left and what is coming from the right. Even if the noise level made his hard to do, there's also the moment of the resistor switch to capture. Each time the resistor is changed, even if it were perfectly synchronous, the left side's noise will reach the left tap sooner he the right tap.
This last effect could possibly be masked by injecting large amounts of noise into the system during the switch. (but of course this would also mask any current injection by the attacker as well). But the former effect of the noise signals propagation might still be detectable.
Some drink at the fountain of knowledge. Others just gargle.
There is also the slight problem of the common clock which must be available at each end. Somehow both sides need to be synchronised which implies either quite expensive atomic clocks or a side channel containing the information. Either limits the practibility of the idea.
they have about as much to do with each other as a shoe and a condom (both are pieces of "clothing").
In my case... they both cover a foot
As I mentioned, this is 100% secure, and any reasonably well-written book on cryptography will confirm that. To be 100% secure, however, the keystream must be as large as the data being encrypted, and must be absolutely random -- any degree of predictability can lead to breakage (e.g. search for "Venona").
The biggest shortcoming of a one-time pad is the key: first you have to generate an absolutely random key, and then you have to distribute that key to the people at both ends of the communication securely. The usual problem is that if you can communicate that key reliably, then you could normally communicate the data reliably just as easily. As such, a one-time pad is typically only useful in fairly limited situations like a spy receiving a DVD-ROM full of key material during a f2f visit, then using the key out in the field. For more typical scenarios it's rarely useful though.
This scheme seems to cure one, but definitely not both of those problems. It's basically a way of using two one-time pads simultaneously, so that the receiver can deduce the sender's key at any point, but what is transmitted over the wire basically depends on both his own key and his partner's key (not exactly an XOR, but a bit like it). If all the attacker does is collect the voltages on the line, I wouldn't be too surprised if this really is secure.
That doesn't mean there aren't any shortcomings though. One obvious problem is that both ends still have to generate absolutely, 100% random keys. Another problem is a man in the middle attack. If the pattern of resistor changes can be predicted, then the attacker only has to find the value once at one end to break all subsequent communications over the channel. Since the scheme doesn't (at least by itself) provide any kind of confirmation of who's on the other end of a line, a man in the middle has a pretty easy time with things.
Another approach would be to tap into the line at two points, preferably widely separated. Since the current only travels over the wire at (about) 2/3rds the speed of light, when one end changes a resistor, the change in voltage/current will be detectable first closer to that end, and some time later at the other end. Two widely separated measurments would allow an attacker to figure out which end changed resistors at any given time. Ultimately, the degree of separation does't even have to be particularly huge -- larger separation just reduces the precision of timing necessary, but even one foot apart gives about a nanosecond.
The universe is a figment of its own imagination.
Wow, that's so wrong. I wonder who modded you up.
The best cryptographic and digital security is one that is very public, that has had many hundreds of people pounding on it for years trying to find flaws.
A secret system is likely to be broken as soon as someone more skillful than the designers learns of its existance.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Just send someone an OTP DVD generated by hotbits and keep a copy for yourself. Use the DVD only for key exchange and use AES for the data stream. No one can crack a one-time pad unless you make a mistake. This won't work for e-commerce, but it works wonderfully for terrorist and spies. For the extra paranoid, use the OTP data for encryption, but you'll eventually need a new one (re-using OTP data renders it crackable).