Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Totally Secure Non-Quantum Communications?

Posted by ScuttleMonkey on Sat Dec 10, 2005 01:32 PM
from the i-wouldn't-use-the-word-totally-yet dept.
Encryption Security
An anonymous reader writes "TEES is reporting that Dr Laszlo Kish, an associate professor at Texas A&M, has proposed a 'classical, not quantum, encryption scheme that relies on classical physical properties -- current and voltage. He said his scheme is absolutely secure, fast, robust, inexpensive and maintenance-free and relies on simultaneous encrypting of information by both the sender and the receiver.' The scheme uses properties similar to Johnson noise along with Kirchoff's Law to provide what he hopes to be an easier method of secure communications. Arxiv also has the full text [PDF Warning] of the paper."
+ -
story

Related Stories

[+] Simple Comm Technique Beats Quantum Crypto 164 comments
Atario wrote us with a link to a New Scientist article about an innovative new way of encrypting communications. An engineer at Texas A&M may have a way to exploit the thermal properties of a wire to create a secure channel. The result could be an effectively impenetrable way of securing communications, possibly outperforming quantum cryptography keys. "In their device, both the sender Alice and the receiver Bob have an identical pair of resistors, one producing high resistance, the other low resistance. The higher the total resistance on the line, the greater the thermal noise. Both Alice and Bob randomly choose which resistor to use ... Half the time ... they will choose different [resistances], producing an intermediate level of thermal noise, and it is now that a message can be sent. If Bob turns on his high resistor, and records an intermediate level of noise, he instantly knows that Alice has chosen her low resistor, in essence sending a bit of information such as 1 or 0. Kish's cipher does this many times, sending a random series of 1s and 0s that can form the basis of an encryption key, the researchers say."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Totally Secure Non-Quantum Communications? 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • A lesson for venture capital (Score:4, Funny)

    by Dster76 (877693) on Saturday December 10 2005, @01:35PM (#14229128)
    From TFA:

    Kish said that the dogma so far has been that only quantum communication can be absolutely secure and that about $1 billion is spent annually on quantum communication research.

    I guess the quantum bubble is about to burst.

    • Re:A lesson for venture capital (Score:4, Informative)

      by ettlz (639203) on Saturday December 10 2005, @01:43PM (#14229173) Homepage Journal
      As I understand it, quantum cryptography is only used as a method of key distribution, which then put into a "normal" cryptosystem like AES. The supposed advantage over asymmetric public-key distribution is that it can't be broken by a quantum computer. However, it is still vulnerable to man-in-the-middle attacks, and encryption is worthless without authentication — so why consider quantum cryptography in the first place?
      • From http://en.wikipedia.org/wiki/Quantum_cryptography [wikipedia.org]

        In Quantum Cryptography, traditional man-in-the-middle attacks are impossible due to Heisenberg's uncertainty principle. If Mallory attempts to intercept the stream of photons, he will inevitably alter them if he uses an incorrect detector. He cannot re-emit the photons to Bob correctly, which will introduce unacceptable levels of error into the communication.

        If Alice and Bob are using an entangled photon system, then it is virtually impossible to
        • It works if Mallory pretends to be Bob to Alice, and Alice to Bob. He can simply decrypt and re-encrypt, forwarding the packets between them. Both parties need to be sure of who is on the other end of the line, and in a practical system it may not be possible to check many kilometres of fibre for tampering.
          • Quantum Encryption is p2p. Which means when Bob and Alice trade IP addresses, Mallory would need to convince Bob that her IP is Alice, and Alice that her IP is Bob, which is tough. I mean, if you're trading sensitive info, you ought to be able to have each other's IPs.
            • I mean, if you're trading sensitive info, you ought to be able to have each other's IPs.

              If I were paranoid, think I'd rather exchange CDs at a nondescript restaurant in Prague!

            • Quantum Encryption is p2p.

              Yes, but without overlay network. Quantum cryptography works only for directly connected hosts, so it is basically useless except in some very special scenarios. I think the only reason quantum crypto (and that should be properly 'quantum modulation' or the like) as well as quantum computation is so popular today is because it captivates peoples imagination. Since quantum crypto is really just key excahnge, you could allways replace it with pre-comottated random keys in the neighb

            • Re:A lesson for venture capital (Score:4, Informative)

              by Minna Kirai (624281) on Saturday December 10 2005, @06:27PM (#14230476)
              Quantum Encryption is p2p.

              People no longer understand p2p as "point to point", but rather "peer to peer". Point2Point cannot use significant IP addresses, but Peer2Peer must use them (or something similar).

              Which means when Bob and Alice trade IP addresses,

              I hope you meant "IP address" in some metaphorical way. There is no way QC can be applied to operate over an internet with real IP address. IP requires routing, and routing means packet-forwarding, but QC depends on an photonic signals that are irreproducible, and thus unroutable.

              you ought to be able to have each other's IPs

              Do you know the IPs of every mail-order vendor from which you might wish to order?

              What you're doing is repeating the usual QC-request to have the initial exchange of recognition data left off of the vulnerability analysis, because it is in fact susceptible to every kind of man-in-the-middle assault.
      • ...so why consider quantum cryptography in the first place?

        It is like speech recognition, VR, kitchen helper robots, ....

        It does not make a lot of sense technologically, but you can get grant money for it easily, because it matches what nonexperts think computing should be able to do for them. Stupid, but very human.
    • I guess the quantum bubble is about to burst.

      Well, it both is and isn't.

  • Interesting.... (Score:4, Funny)

    by DigitalReality (903767) on Saturday December 10 2005, @01:37PM (#14229137)
    I'm shocked.

  • Credibility (Score:4, Insightful)

    by A beautiful mind (821714) on Saturday December 10 2005, @01:37PM (#14229139)
    "James Bond may use the fanciest, most expensive and high-tech devices to thwart would-be eavesdroppers, but in a pinch, the super-spy can use one Texas A&M engineer's simple, low-cost scheme to keep data secure from the bad guys."

    This is the first sentence from the article. I'm sorry, but I cannot take anything in that article seriously. On another note the guy has an interestingly hungarian sounding name.

  • Too much hype (Score:4, Insightful)

    by KiloByte (825081) on Saturday December 10 2005, @01:37PM (#14229140)
    his scheme is absolutely secure, fast, robust, inexpensive and maintenance-free

    Haven't we heard this before?
    Generally, if something sounds too good to be true, it usually is neither good nor true.

  • Implementation (Score:5, Insightful)

    by GigsVT (208848) on Saturday December 10 2005, @01:38PM (#14229147) Journal
    This sounds very good in theory, but it may be difficult to implement securely.

    For example, he claims an eavesdropper could inject current to measure voltage drops, but would be discovered on the first attempt. If the eavesdropped can send a pulse of current that is so small as to not be registered on the endpoint equipment (which say samples the line at 1X sampling rate), but the attacker is injecting and sampling at a rate 100X faster, the attacker's pulse will be so far above the nyquist bandwidth of the endpoints that they will never see it.

    I admit I only read the abstract, he may address this later on in the paper.
    • I'm not sure if this is at all relevant, but Lineman's phones (imagine your old school corded phone, but instead of the cord it has two alligator clips) has a 9v battery inside it so that when they clip onto the line from the phone box, there's no voltage drop.
      • In this case you'd want to measure the voltage drop properties of the line to figure out what resistances were on either end.
      • as an owner of 2 butt sets (lineman's phones) I can say that this isn't always true. My old western electric rotary one is batteryless. It is still handy for just that reason (and yes, I can still dial out with it on POTS service). My newer Chesilvale needs a 9v battery to work, but it also has a speakerphone in it and more features. I don't believe the battery is there to prevent detection (eliminating voltage drops).

        The is more to a butt set than it being a corded phone with alligator clips. It ha
    • ...but the attacker is injecting and sampling at a rate 100X faster, the attacker's pulse will be so far above the nyquist bandwidth of the endpoints that they will never see it.

      Keep in mind that the energy from the attacker's pulse doesn't just go *poof* and disappear. It will be aliased to frequencies within the bandwidth of the endpoint(s) and might still be detected.

    • How this works and why it will fail (Score:4, Interesting)

      by goombah99 (560566) on Saturday December 10 2005, @03:53PM (#14229819)
      I'll confess my understanding of this is sketchy at this point. But as I read it the concept is this one has a wire connecting two resistors. The Johnson noise in the wire is determined jointly by the resistors. Both sides, sender and receiver are changing the resistance values simultaneously with the sender putting in the message and the receiver putting in random crap which gets added to the signal. A person monitoring the voltage in the middle can't tell what fraction of the noise came from which side. Therefore the message can't be extracted. Clever. Oddly it's a lot like the bell's theorem experiment in QM where both sides are changing their filters.

      What seems to be the flaw in this is that he assumes that the attacker must inject current unidirectionally to determine which resistance is at which end. Perhaps another means exists, courtesy of the speed of light.

      Namely if you monitor the voltage at two points along the wire then you can distinguish between a wave proapgating from left to right and right to left. So you can now determine what fraction of the noise is coming from the left and what is coming from the right. Even if the noise level made his hard to do, there's also the moment of the resistor switch to capture. Each time the resistor is changed, even if it were perfectly synchronous, the left side's noise will reach the left tap sooner he the right tap.

      This last effect could possibly be masked by injecting large amounts of noise into the system during the switch. (but of course this would also mask any current injection by the attacker as well). But the former effect of the noise signals propagation might still be detectable.

      • Namely if you monitor the voltage at two points along the wire then you can distinguish between a wave proapgating from left to right and right to left. So you can now determine what fraction of the noise is coming from the left and what is coming from the right. Even if the noise level made his hard to do, there's also the moment of the resistor switch to capture. Each time the resistor is changed, even if it were perfectly synchronous, the left side's noise will reach the left tap sooner he the right tap.
  • This article (uses the words 'proposed' and 'absolutely secure' in the same paragraph. You can't trust such a claim about a proposed system until it's been implemented, distributed, deployed, and pounded on for years by cryptanalysists.

    Oh, the sensationalism!
    • How would cryptanalysists be helpful here? You did read the article, right? About a way of making it impossible to tap communications without it being detectable immediately at the endpoints? Since the topic of the article has nothing do with encryption, I fail to see how having crypanalysists "pound" on it for years will help expose any problems...
  • *Disclaimer* I have no expertise whatsoever in the field but I'm very skeptical of what is being claimed.

    The only way an eavesdropper can determine which resistance is being used at which end is to inject current into the communication channel and measure the voltage and current changes in different directions. Doing this, though, exposes the eavesdropper, who is discovered with the very first bit of information extracted.

    But what if the eavesdropper was present from the very beginning, how will they be

  • Sounds like Snake Oil... (Score:3, Informative)

    by nweaver (113078) on Saturday December 10 2005, @01:48PM (#14229196) Homepage
    Sounds like snake oil, similar to http://www.schneier.com/blog/archives/2005/12/snak eoil_resear.html [schneier.com]
  • There is no such thing as what this guy is claiming to have created. Every so often someone pulls something like this out of their arse and starts making all kinds of fantastic claims that are quickly accepted as true by the uninformed.

    There is no such thing as a perpetual motion machine, an honest politician, or perfect encryption. All three exist in theory, but never in reality.

    It may be that this new scheme does represent a method of encryptions that is on-par with the best existing methods, or perhaps
    • There is no such thing as a perpetual motion machine, an honest politician, or perfect encryption. All three exist in theory, but never in reality.

      Well, let's see. The perpetual motion machine doesn't exist, in theory, because the laws of thermodynamics and whatnot essentially rule it out. Of course, it may exist in somebody's theory, but their theory would be at odds with actual, working theories that correspond with reality.

      You're closer to the mark when it comes to the honest politicians. I think t
  • "The only way an eavesdropper can determine which resistance is being used at which end is to inject current into the communication channel and measure the voltage and current changes in different directions."

    How about recording the signal after it has been transmitted through some output at the other end? This bugging would not interfere with the signal being transmitted but would still record the information for transmittal later? If you are transmitting the information through a computer, I think s

  • Very interesting but what about tolerance? (Score:2, Informative)

    by Anonymous Coward
    What happens if a thermal fluctuation in the wire causes the loss? How can we tell this from an eavesdropper? To make this work surely the tolerances of all components need to be 0%. Nobody has ever made a 0% tolerance resistor, its a purely theoretical component. Which makes me wonder if this has actually been tested in the lab. Perhaps I'm missing something?

  • Why must non-cryptographers be so dumb? (Score:3, Insightful)

    by khaydarian (848707) on Saturday December 10 2005, @01:53PM (#14229229)

    There's so much wrong with this, I don't know where to start.

    First, Cryptography is hard. Even professional cryptographers with decades of experience still get it wrong -- often. Considering as this guy has essentially no previous experience (he's an EE professor), it's already near certain that he's dead wrong.

    Second, he doesn't provide "absolutely secure" communications. He provides non-interceptable communications. He's totally ignoring authentication, non-repudiation, man-in-the-middle attacks, and half a dozen other very important problems. (It's also not a cipher, but we'll ignore that slip.)

    He also assumes (from the abstract) that an eavesdropper can only eavesdrop by injecting current into the wire, which is blatantly false. One could easily tap the magnetic field generated by current in the wire, without drawing very much power from the wire at all.

    And to top it all off, he's depending on the precise values of voltage and current, which means this is an analog system. Analog systems are notoriously difficult to build precisely -- which is why we're using digital everywhere.

    This is such bad research that I can't wait until Bruce Schneier [schneier.com] get ahold of this.

    • First, Cryptography is hard.

      It is. On the other hand, since crytography has nothing to do with the problem he's working on, this is an irrelevant observation.

      He's totally ignoring authentication, non-repudiation, man-in-the-middle attacks, and half a dozen other very important problems.

      Yup. He's also ignoring global warming, terrorism in Israel, and numerous other very real problems that are nevertheless irrelevant to the problem at hand. You appear to have misunderstood what problem he's attempting

    • First, Cryptography is hard. Even professional cryptographers with decades of experience still get it wrong -- often. Considering as this guy has essentially no previous experience (he's an EE professor), it's already near certain that he's dead wrong.

      He is doing cryptography in the quantum cryptography sense--a secure, non-interceptable channel--not in the algorithmic cryptography sense. He is well-qualified to talk about the kinds of systems he is talking about.

      Second, he doesn't provide "absolutely secu
      • How precise does this system have to be in order to detect the current loss due to an inductive tap? That has to be REALLY low. You'd probably get errors due to random EM all the time if you're depending on your signal quality being that perfect.
  • IT seems to me that they are assuming perfect channels which don't introduce random noise ?

    FTFA: The way the eavesdropper gets discovered is that both the sender and the receiver are continuously measuring the current and comparing the data," Kish said. "If the current values are different at the two sides, that means that the eavesdropper has broken the code of a single bit. Thus the communication has to be terminated immediately."

    And it also assumes that measureing equipments themselves are calibera

  • Yes, again. The attacker doesn't know which resistor is at which end. And taps the middle.

    Of course, the attacker may be the receiver, in which case she KNOWS the value at one end. And that is the trivial breaking case.

    Ratboy.

  • something to wonder about (Score:3, Informative)

    by geoff lane (93738) on Saturday December 10 2005, @04:40PM (#14230033)
    The thermal noise in the circuit will limit both the rate of data exchange and the confidence that a tap will be detected (or a false positive.) Over a long distance, the quality of the connection will be an important factor.

    There is also the slight problem of the common clock which must be available at each end. Somehow both sides need to be synchronised which implies either quite expensive atomic clocks or a side channel containing the information. Either limits the practibility of the idea.

  • Problems (Score:4, Informative)

    by Jerry Coffin (824726) on Saturday December 10 2005, @04:55PM (#14230092)
    For years, there has been one encryption scheme that has been known to be 100% secure (at least against a simple cipertext-only attack): the one-time pad. This is most often (but not necessarily) implemented as a simple XOR between bits in a key stream and bits in the text to be encrypted. The receiver decrypts the message by re-XORing the received bits with the same key stream to retrieve the original data.

    As I mentioned, this is 100% secure, and any reasonably well-written book on cryptography will confirm that. To be 100% secure, however, the keystream must be as large as the data being encrypted, and must be absolutely random -- any degree of predictability can lead to breakage (e.g. search for "Venona").

    The biggest shortcoming of a one-time pad is the key: first you have to generate an absolutely random key, and then you have to distribute that key to the people at both ends of the communication securely. The usual problem is that if you can communicate that key reliably, then you could normally communicate the data reliably just as easily. As such, a one-time pad is typically only useful in fairly limited situations like a spy receiving a DVD-ROM full of key material during a f2f visit, then using the key out in the field. For more typical scenarios it's rarely useful though.

    This scheme seems to cure one, but definitely not both of those problems. It's basically a way of using two one-time pads simultaneously, so that the receiver can deduce the sender's key at any point, but what is transmitted over the wire basically depends on both his own key and his partner's key (not exactly an XOR, but a bit like it). If all the attacker does is collect the voltages on the line, I wouldn't be too surprised if this really is secure.

    That doesn't mean there aren't any shortcomings though. One obvious problem is that both ends still have to generate absolutely, 100% random keys. Another problem is a man in the middle attack. If the pattern of resistor changes can be predicted, then the attacker only has to find the value once at one end to break all subsequent communications over the channel. Since the scheme doesn't (at least by itself) provide any kind of confirmation of who's on the other end of a line, a man in the middle has a pretty easy time with things.

    Another approach would be to tap into the line at two points, preferably widely separated. Since the current only travels over the wire at (about) 2/3rds the speed of light, when one end changes a resistor, the change in voltage/current will be detectable first closer to that end, and some time later at the other end. Two widely separated measurments would allow an attacker to figure out which end changed resistors at any given time. Ultimately, the degree of separation does't even have to be particularly huge -- larger separation just reduces the precision of timing necessary, but even one foot apart gives about a nanosecond.

  • Absolutely secure communication already exists (Score:3, Informative)

    by Jaime2 (824950) on Saturday December 10 2005, @10:19PM (#14231414)
    Just send someone an OTP [wikipedia.org] DVD generated by hotbits [fourmilab.ch] and keep a copy for yourself. Use the DVD only for key exchange and use AES for the data stream. No one can crack a one-time pad unless you make a mistake. This won't work for e-commerce, but it works wonderfully for terrorist and spies. For the extra paranoid, use the OTP data for encryption, but you'll eventually need a new one (re-using OTP data renders it crackable).

    • These tools are a hardware implementation of the latest encryption algorithms that the U.S. Government and many other governments around the world use to secure their information and communications.

      A hardware implementation means that the all the hard work to make information safe is done by circuitry inside the computer, rather than by using the operating system, memory and software resources.

      ...

      To aid the level and sophistication of the encryption techniques used in VIA PadLock, a twin engine random numb

    • Are you on crack? The article discusses an analog encryption scheme for transfer of information along physical lines. On the other hand, VIA Padlock is a hardware implementation of a random number generator and some encryption algorithms.

      Apart from having used the word "encryption" in the description of both of them, they have about as much to do with each other as a shoe and a condom (both are pieces of "clothing").

    • Re:Outdated and irrelevant (Score:5, Insightful)

      by osu-neko (2604) on Saturday December 10 2005, @01:54PM (#14229232)
      Eh? Much like quantum communication systems, this is aimed at providing secure point-to-point communications. Almost everything you said above is utterly irrelevant to the question at hand. It doesn't solve any of the problems you bring up because it isn't meant to. Moving to hydrogen powered cars doesn't solve problems of secure Internet communcations, either. That doesn't make them a step backwards...
    • There is no way "they" can stop the flow of information

      "They can't stop the signal, Mal!" - Joss Whedon must be part geek.

    • If you are to guess a 50/50 state without any clues whatever, why listen in at all? You know it has to be a 1 or a 0, you don't need to actually be connected to the system for that. So just guess away. If it works, you have just cracked every conceivable system of encryption, and no tools or physical access to the message necessary!

      As for "several thousand combinations"... After the first 32 bits of information you have 4,294,967,296 possibilities, so I hope you are a good guesser. :-)

    • Re:Would this idea defeat the system? (Score:4, Insightful)

      by DrJimbo (594231) * on Saturday December 10 2005, @03:12PM (#14229586)
      Eavesdropper wraps a wire around the communication wire, to measure the signal by induction. Would this be detectable? Or would this allow undetectable interception?
      Yes, that would be detectable. For the same reason that we need a lot of falling water to turn the generators in hydro power plants. The energy (signal) in your wrapped wire does not come for free. It reduces the energy in the communication wire and is thus detectable.

      Another way to see it: if the signal in your induction pickup were truly undetectable then we could wrap billions of similar induction pickups around the communications wire and generate electricity "too cheap to meter".

        • His PhD on solid state physics makes him an as good criptography expert as my current grad on computer vision (at most). Want a proof? Read my post, his proposal is at least as flawed as quantum criptography.

          I read your post. His PhD is solidstate physics makes him more than qualified to talk about this sort of thing. You on the other hand are NOT. You don't even know what cryptography means OR how to spell it. This has nothing to do with cyphers and everything to do with setting up a physically secure

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.