Slashdot Mirror
Simple Comm Technique Beats Quantum Crypto
Atario wrote us with a link to a New Scientist article about an innovative new way of encrypting communications. An engineer at Texas A&M may have a way to exploit the thermal properties of a wire to create a secure channel. The result could be an effectively impenetrable way of securing communications, possibly outperforming quantum cryptography keys. "In their device, both the sender Alice and the receiver Bob have an identical pair of resistors, one producing high resistance, the other low resistance. The higher the total resistance on the line, the greater the thermal noise. Both Alice and Bob randomly choose which resistor to use ... Half the time ... they will choose different [resistances], producing an intermediate level of thermal noise, and it is now that a message can be sent. If Bob turns on his high resistor, and records an intermediate level of noise, he instantly knows that Alice has chosen her low resistor, in essence sending a bit of information such as 1 or 0. Kish's cipher does this many times, sending a random series of 1s and 0s that can form the basis of an encryption key, the researchers say."
But if I understand correctly, and I want to do this over ethernet, for example, that means that it is a) unroutable and b) my ethernet endpoints would have to be aware of my security preferences ?
Religion is what happens when nature strikes and groupthink goes wrong.
Try this:
5 5.300?DCMP=NLC-nletter&nsref=mg19426055.300
http://www.newscientist.com/channel/tech/mg194260
Seems to me to be a dupe of http://it.slashdot.org/article.pl?sid=05/12/10/171 4256
Hey don't blame me, IANAB
If Eve or Mallory get to the wire first, then the "normal" wire state that Alice and Bob see will include their taps.
Eavesdropping on this wouldn't do any good. From an eavesdropper's point of view, there are three noise levels, two of which mean nothing and one of which means a bit has just been transferred from A to B or from B to A. An eavesdropper can't tell which direction the bit is going or what the value of the bit was.
SPYING is big business, and avoiding being spied on an even bigger one. So imagine if someone came up with a simple, cheap way of encrypting messages that is almost impossible to hack into? American computer engineer Laszlo Kish at Texas A&M University in College Station claims to have done just that. He says the thermal properties of a simple wire can be exploited to create a secure communications channel, one that outperforms quantum cryptography keys. His cipher device, which he first proposed in 2005, exploits a property called thermal noise. Thermal noise is generated by the natural agitation of electrons within a conductor, which happens regardless of any voltage passed through it. But it does change depending on the conductor's resistance. Kish and his collaborators at the University of Szeged in Hungary say this can be used to securely pass information, or an encryption key, down any wire, including a telephone line or network cable. In their device, both the sender Alice and the receiver Bob have an identical pair of resistors, one producing high resistance, the other low resistance. The higher the total resistance on the line, the greater the thermal noise. Both Alice and Bob randomly choose which resistor to use. A quarter of the time they will both choose the high resistor, producing a lot of noise on the line, while a quarter of the time they will both choose the low resistor, producing little noise. If either detect a high or a low amount of noise in the line, they ignore any communication. Half the time, however, they will choose differently, producing an intermediate level of thermal noise, and it is now that a message can be sent. If Bob turns on his high resistor, and records an intermediate level of noise, he instantly knows that Alice has chosen her low resistor, in essence sending a bit of information such as 1 or 0. Kish's cipher does this many times, sending a random series of 1s and 0s that can form the basis of an encryption key, the researchers say (http://www.arxiv.org/abs/physics/0612153). That message is also secure. For a start, as Kish notes, it takes an "educated eavesdropper" to even realise information is being sent when there seems to be just low-level noise on the line. If they do try to eavesdrop, they can only tell a message is being sent, not what it is, because it's impossible to tell whether Alice has a high or low resistor turned on, and whether the bit of information is a 1 or a 0. What's more, eavesdropping on the line will naturally alter the level of thermal noise, so Alice and Bob will know that someone is listening in. Kish and his team have now successfully built a device that can send a secure message down a wire 2000 kilometres long, much further than the best quantum key distribution (QKD) devices tried so far. Tests show a signal sent via Kish's device is received with 99.98 per cent accuracy, and that a maximum of just 0.19 per cent of the bits sent are vulnerable to eavesdropping. The error rate is down to the inherent resistance of the wire, and choosing a larger wire in future models should help reduce it further. However, this level of security already beats QKD. What's more, the system works with fixed lines, rather than the optical fibres used to carry photons of light at the heart of quantum encryption devices. It is also more robust, as QKD devices are vulnerable to corruption by dust, heat and vibration. It is also much cheaper. "I guess it's around a hundred dollars, at most," Kish says. "This is a system that should be taken seriously," says security specialist Bruce Schneier, who founded network security firm BT Counterpane. He says he was seduced by the simplicity of the idea when it was first proposed by Kish, and now wants to see independent tests of the working model. "I desperately want someone to analyse it," he says. "Assuming it works, it's way better than quantum."
Man wird am besten für seine Tugenden bestraft.
> Although I don't recall seeing anything about it on his website.
That would be: http://www.schneier.com/crypto-gram-0512.html#15
It can be attacked passively: http://arxiv.org/pdf/physics/0601022
'nuff said :)
--
Slashcode bug # 497457 - unfixed since December 2001 - Go look it up!
o/~ Join us now and share the software
... or better: is Kish any electrical engineer ? ...
... . Furthermore, if Eve1 and Eve2 listen in a distance of only a few meters, they can auto-correlate the signal(s) and find the direction from which it travels. No, that is even simple, because the levels - as we know - are H and L. So the autocorrelation of H can be found out without much ado; either H travels right-to-left or left-to-right. Voilà. L doesn't disturb the autocorrelation function. Along the line, any line, higher spectral components are reduced; another rule all electrical engineers know: any practical system is by default a lowpass. When Eve1 and Eve2 simply record the signal, close to Alice and close to Bob, they can find out where the higher spectral components are to be found. Meaning, the sender of H is known.
...
To me, this whole matter with his formulae of the noise of a resistor is just hocus pocus; as much as the math is correct. But any reasonable electrical engineer knows these
What Kish rather seems to propose, is the injection of noise into a link; noise at two levels, nevermind if they are derived from a resistor, short-circuited or not, or any other noise generator.
Over. What he then says is the following:
If Alice sends high noise level ('H'), Bob will send low ('L') noise level; and vice versa.
The man-in-the-middle will have tri-state noise: LL,LH/HL,HH. LL and HH are out. The assumption in that paper, hidden behind a lot of barrage, is: LH and HL will appear identical to the eaves-dropper. Alice. however, when sending L, can pass an information quantum (since Bob will switch to H, knowing Alice sends L); while Alice sending H, Bob will switch to L, knowing Alice sends H).
The theory of Kish is, that Eve will have no clue if she intercepts HL or LH. Which only works in theory.
Because any electrical engineer deserving his title will tell you that those sources won't produce noise of identical spectrum in the first place. Therefore, the spectra will change, giving you a sequence of jumps. The maximum you have to do is toggling
Much ado about nothing, me thinks
When I read this, I had a flash back to a Dr. Who episode.(paraphrasing)
Army General: Trust me doctor this place is impenetrable.
Doctor: The problem with impenetrable is that it sounds too much like unsinkable.
Army General: Well whats wrong with that?
Doctor: Ask the passengers of the Titanic.
I always get a little bit itchy whenever people start throwing superlatives around like unbreakable, impenetrable, etc. Nature, Human ingenuity, or Human stupidity all have a nasty habit of proving us wrong.
"I'm making perfect sense, you're just not keeping up."
I read Schneier's page because I respect the guy, and I figured he'd know what he was talking about. It already seemed trivially vulnerable to a man-in-the-middle attack, but I wanted to see if I was the only one.
Looks like I'm right:
He actually details a few more problems:
But then, I guess it's the best we've got:
Don't thank God, thank a doctor!