Totally Secure Non-Quantum Communications?

An anonymous reader writes "TEES is reporting that Dr Laszlo Kish, an associate professor at Texas A&M, has proposed a 'classical, not quantum, encryption scheme that relies on classical physical properties -- current and voltage. He said his scheme is absolutely secure, fast, robust, inexpensive and maintenance-free and relies on simultaneous encrypting of information by both the sender and the receiver.' The scheme uses properties similar to Johnson noise along with Kirchoff's Law to provide what he hopes to be an easier method of secure communications. Arxiv also has the full text [PDF Warning] of the paper."

A lesson for venture capital

[Dster76]

From TFA:

Kish said that the dogma so far has been that only quantum communication can be absolutely secure and that about $1 billion is spent annually on quantum communication research.

I guess the quantum bubble is about to burst.

Re:A lesson for venture capital

[ettlz]

As I understand it, quantum cryptography is only used as a method of key distribution, which then put into a "normal" cryptosystem like AES. The supposed advantage over asymmetric public-key distribution is that it can't be broken by a quantum computer. However, it is still vulnerable to man-in-the-middle attacks, and encryption is worthless without authentication — so why consider quantum cryptography in the first place?

Re:A lesson for venture capital

[Dster76]

From http://en.wikipedia.org/wiki/Quantum_cryptography

In Quantum Cryptography, traditional man-in-the-middle attacks are impossible due to Heisenberg's uncertainty principle. If Mallory attempts to intercept the stream of photons, he will inevitably alter them if he uses an incorrect detector. He cannot re-emit the photons to Bob correctly, which will introduce unacceptable levels of error into the communication.

If Alice and Bob are using an entangled photon system, then it is virtually impossible to hijack these, because creating three entangled photons would decrease the strength of each photon to such a degree that it would be easily detected. Mallory cannot use a man-in-the-middle attack, since he would have to measure an entangled photon and disrupt the other photon, then he would have to re-emit both photons. This is impossible to do, by the laws of quantum physics.

Other attacks are possible. Because a dedicated fiber optic line is required between the two points linked by quantum cryptography, a denial of service attack can be mounted by simply cutting the line or, perhaps more surreptitiously, by attempting to tap it. If the equipment used in quantum cryptography can be tampered with, it could be made to generate keys that were not secure using a random number generator attack.

Re:A lesson for venture capital

[LoveShack]

I guess the quantum bubble is about to burst.

Well, it both is and isn't.

Re:A lesson for venture capital

[Minna+Kirai]

Quantum Encryption is p2p.

People no longer understand p2p as "point to point", but rather "peer to peer". Point2Point cannot use significant IP addresses, but Peer2Peer must use them (or something similar).

Which means when Bob and Alice trade IP addresses,

I hope you meant "IP address" in some metaphorical way. There is no way QC can be applied to operate over an internet with real IP address. IP requires routing, and routing means packet-forwarding, but QC depends on an photonic signals that are irreproducible, and thus unroutable.

you ought to be able to have each other's IPs

Do you know the IPs of every mail-order vendor from which you might wish to order?

What you're doing is repeating the usual QC-request to have the initial exchange of recognition data left off of the vulnerability analysis, because it is in fact susceptible to every kind of man-in-the-middle assault.

Interesting....

[DigitalReality]

I'm shocked.

Re:Interesting....

[ichigo+2.0]

Currently it would seem there is some resistance to your pun.

Re:Interesting....

[RobinH]

Currently it would seem there is some resistance to your pun.

But you must admit it does have potential. :)

Credibility

[A+beautiful+mind]

"James Bond may use the fanciest, most expensive and high-tech devices to thwart would-be eavesdroppers, but in a pinch, the super-spy can use one Texas A&M engineer's simple, low-cost scheme to keep data secure from the bad guys."

This is the first sentence from the article. I'm sorry, but I cannot take anything in that article seriously. On another note the guy has an interestingly hungarian sounding name.

Too much hype

[KiloByte]

his scheme is absolutely secure, fast, robust, inexpensive and maintenance-free

Haven't we heard this before?
Generally, if something sounds too good to be true, it usually is neither good nor true.

Implementation

[GigsVT]

This sounds very good in theory, but it may be difficult to implement securely.

For example, he claims an eavesdropper could inject current to measure voltage drops, but would be discovered on the first attempt. If the eavesdropped can send a pulse of current that is so small as to not be registered on the endpoint equipment (which say samples the line at 1X sampling rate), but the attacker is injecting and sampling at a rate 100X faster, the attacker's pulse will be so far above the nyquist bandwidth of the endpoints that they will never see it.

I admit I only read the abstract, he may address this later on in the paper.

Why must non-cryptographers be so dumb?

[khaydarian]

There's so much wrong with this, I don't know where to start.

First, Cryptography is hard. Even professional cryptographers with decades of experience still get it wrong -- often. Considering as this guy has essentially no previous experience (he's an EE professor), it's already near certain that he's dead wrong.

Second, he doesn't provide "absolutely secure" communications. He provides non-interceptable communications. He's totally ignoring authentication, non-repudiation, man-in-the-middle attacks, and half a dozen other very important problems. (It's also not a cipher, but we'll ignore that slip.)

He also assumes (from the abstract) that an eavesdropper can only eavesdrop by injecting current into the wire, which is blatantly false. One could easily tap the magnetic field generated by current in the wire, without drawing very much power from the wire at all.

And to top it all off, he's depending on the precise values of voltage and current, which means this is an analog system. Analog systems are notoriously difficult to build precisely -- which is why we're using digital everywhere.

This is such bad research that I can't wait until Bruce Schneier get ahold of this.

Re:Outdated and irrelevant

[osu-neko]

Eh? Much like quantum communication systems, this is aimed at providing secure point-to-point communications. Almost everything you said above is utterly irrelevant to the question at hand. It doesn't solve any of the problems you bring up because it isn't meant to. Moving to hydrogen powered cars doesn't solve problems of secure Internet communcations, either. That doesn't make them a step backwards...

Re:Would this idea defeat the system?

[DrJimbo]

Eavesdropper wraps a wire around the communication wire, to measure the signal by induction. Would this be detectable? Or would this allow undetectable interception?

Yes, that would be detectable. For the same reason that we need a lot of falling water to turn the generators in hydro power plants. The energy (signal) in your wrapped wire does not come for free. It reduces the energy in the communication wire and is thus detectable.

Another way to see it: if the signal in your induction pickup were truly undetectable then we could wrap billions of similar induction pickups around the communications wire and generate electricity "too cheap to meter".

How this works and why it will fail

[goombah99]

I'll confess my understanding of this is sketchy at this point. But as I read it the concept is this one has a wire connecting two resistors. The Johnson noise in the wire is determined jointly by the resistors. Both sides, sender and receiver are changing the resistance values simultaneously with the sender putting in the message and the receiver putting in random crap which gets added to the signal. A person monitoring the voltage in the middle can't tell what fraction of the noise came from which side. Therefore the message can't be extracted. Clever. Oddly it's a lot like the bell's theorem experiment in QM where both sides are changing their filters.

What seems to be the flaw in this is that he assumes that the attacker must inject current unidirectionally to determine which resistance is at which end. Perhaps another means exists, courtesy of the speed of light.

Namely if you monitor the voltage at two points along the wire then you can distinguish between a wave proapgating from left to right and right to left. So you can now determine what fraction of the noise is coming from the left and what is coming from the right. Even if the noise level made his hard to do, there's also the moment of the resistor switch to capture. Each time the resistor is changed, even if it were perfectly synchronous, the left side's noise will reach the left tap sooner he the right tap.

This last effect could possibly be masked by injecting large amounts of noise into the system during the switch. (but of course this would also mask any current injection by the attacker as well). But the former effect of the noise signals propagation might still be detectable.

Re:Padlock by Via?

[Old+Wolf]

they have about as much to do with each other as a shoe and a condom (both are pieces of "clothing").

In my case... they both cover a foot

Problems

[Jerry+Coffin]

For years, there has been one encryption scheme that has been known to be 100% secure (at least against a simple cipertext-only attack): the one-time pad. This is most often (but not necessarily) implemented as a simple XOR between bits in a key stream and bits in the text to be encrypted. The receiver decrypts the message by re-XORing the received bits with the same key stream to retrieve the original data.

As I mentioned, this is 100% secure, and any reasonably well-written book on cryptography will confirm that. To be 100% secure, however, the keystream must be as large as the data being encrypted, and must be absolutely random -- any degree of predictability can lead to breakage (e.g. search for "Venona").

The biggest shortcoming of a one-time pad is the key: first you have to generate an absolutely random key, and then you have to distribute that key to the people at both ends of the communication securely. The usual problem is that if you can communicate that key reliably, then you could normally communicate the data reliably just as easily. As such, a one-time pad is typically only useful in fairly limited situations like a spy receiving a DVD-ROM full of key material during a f2f visit, then using the key out in the field. For more typical scenarios it's rarely useful though.

This scheme seems to cure one, but definitely not both of those problems. It's basically a way of using two one-time pads simultaneously, so that the receiver can deduce the sender's key at any point, but what is transmitted over the wire basically depends on both his own key and his partner's key (not exactly an XOR, but a bit like it). If all the attacker does is collect the voltages on the line, I wouldn't be too surprised if this really is secure.

That doesn't mean there aren't any shortcomings though. One obvious problem is that both ends still have to generate absolutely, 100% random keys. Another problem is a man in the middle attack. If the pattern of resistor changes can be predicted, then the attacker only has to find the value once at one end to break all subsequent communications over the channel. Since the scheme doesn't (at least by itself) provide any kind of confirmation of who's on the other end of a line, a man in the middle has a pretty easy time with things.

Another approach would be to tap into the line at two points, preferably widely separated. Since the current only travels over the wire at (about) 2/3rds the speed of light, when one end changes a resistor, the change in voltage/current will be detectable first closer to that end, and some time later at the other end. Two widely separated measurments would allow an attacker to figure out which end changed resistors at any given time. Ultimately, the degree of separation does't even have to be particularly huge -- larger separation just reduces the precision of timing necessary, but even one foot apart gives about a nanosecond.