Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

Totally Secure Non-Quantum Communications? 235

Posted by ScuttleMonkey from the i-wouldn't-use-the-word-totally-yet dept.
An anonymous reader writes "TEES is reporting that Dr Laszlo Kish, an associate professor at Texas A&M, has proposed a 'classical, not quantum, encryption scheme that relies on classical physical properties -- current and voltage. He said his scheme is absolutely secure, fast, robust, inexpensive and maintenance-free and relies on simultaneous encrypting of information by both the sender and the receiver.' The scheme uses properties similar to Johnson noise along with Kirchoff's Law to provide what he hopes to be an easier method of secure communications. Arxiv also has the full text [PDF Warning] of the paper."
This discussion has been archived. No new comments can be posted.

Totally Secure Non-Quantum Communications? More

Totally Secure Non-Quantum Communications?

Comments Filter:

  • A lesson for venture capital (Score:4, Funny)

    by Dster76 ( 877693 ) on Saturday December 10, 2005 @01:35PM (#14229128)
    From TFA:

    Kish said that the dogma so far has been that only quantum communication can be absolutely secure and that about $1 billion is spent annually on quantum communication research.

    I guess the quantum bubble is about to burst.

    • Re:A lesson for venture capital (Score:4, Informative)

      by ettlz ( 639203 ) on Saturday December 10, 2005 @01:43PM (#14229173) Journal
      As I understand it, quantum cryptography is only used as a method of key distribution, which then put into a "normal" cryptosystem like AES. The supposed advantage over asymmetric public-key distribution is that it can't be broken by a quantum computer. However, it is still vulnerable to man-in-the-middle attacks, and encryption is worthless without authentication — so why consider quantum cryptography in the first place?
      • From http://en.wikipedia.org/wiki/Quantum_cryptography [wikipedia.org]

        In Quantum Cryptography, traditional man-in-the-middle attacks are impossible due to Heisenberg's uncertainty principle. If Mallory attempts to intercept the stream of photons, he will inevitably alter them if he uses an incorrect detector. He cannot re-emit the photons to Bob correctly, which will introduce unacceptable levels of error into the communication.

        If Alice and Bob are using an entangled photon system, then it is virtually impossible to
        • It works if Mallory pretends to be Bob to Alice, and Alice to Bob. He can simply decrypt and re-encrypt, forwarding the packets between them. Both parties need to be sure of who is on the other end of the line, and in a practical system it may not be possible to check many kilometres of fibre for tampering.
          • Quantum Encryption is p2p. Which means when Bob and Alice trade IP addresses, Mallory would need to convince Bob that her IP is Alice, and Alice that her IP is Bob, which is tough. I mean, if you're trading sensitive info, you ought to be able to have each other's IPs.
            • I mean, if you're trading sensitive info, you ought to be able to have each other's IPs.

              If I were paranoid, think I'd rather exchange CDs at a nondescript restaurant in Prague!

            • Quantum Encryption is p2p.

              Yes, but without overlay network. Quantum cryptography works only for directly connected hosts, so it is basically useless except in some very special scenarios. I think the only reason quantum crypto (and that should be properly 'quantum modulation' or the like) as well as quantum computation is so popular today is because it captivates peoples imagination. Since quantum crypto is really just key excahnge, you could allways replace it with pre-comottated random keys in the neighb

            • Re:A lesson for venture capital (Score:4, Informative)

              by Minna Kirai ( 624281 ) on Saturday December 10, 2005 @06:27PM (#14230476)
              Quantum Encryption is p2p.

              People no longer understand p2p as "point to point", but rather "peer to peer". Point2Point cannot use significant IP addresses, but Peer2Peer must use them (or something similar).

              Which means when Bob and Alice trade IP addresses,

              I hope you meant "IP address" in some metaphorical way. There is no way QC can be applied to operate over an internet with real IP address. IP requires routing, and routing means packet-forwarding, but QC depends on an photonic signals that are irreproducible, and thus unroutable.

              you ought to be able to have each other's IPs

              Do you know the IPs of every mail-order vendor from which you might wish to order?

              What you're doing is repeating the usual QC-request to have the initial exchange of recognition data left off of the vulnerability analysis, because it is in fact susceptible to every kind of man-in-the-middle assault.
      • ...so why consider quantum cryptography in the first place?

        It is like speech recognition, VR, kitchen helper robots, ....

        It does not make a lot of sense technologically, but you can get grant money for it easily, because it matches what nonexperts think computing should be able to do for them. Stupid, but very human.

    • Re:A lesson for venture capital (Score:5, Funny)

      by LoveShack ( 190582 ) <jamesNO@SPAMjameswilliams.me> on Saturday December 10, 2005 @01:52PM (#14229218)
      I guess the quantum bubble is about to burst.

      Well, it both is and isn't.

  • Interesting.... (Score:4, Funny)

    by DigitalReality ( 903767 ) on Saturday December 10, 2005 @01:37PM (#14229137)
    I'm shocked.

  • Credibility (Score:4, Insightful)

    by A beautiful mind ( 821714 ) on Saturday December 10, 2005 @01:37PM (#14229139)
    "James Bond may use the fanciest, most expensive and high-tech devices to thwart would-be eavesdroppers, but in a pinch, the super-spy can use one Texas A&M engineer's simple, low-cost scheme to keep data secure from the bad guys."

    This is the first sentence from the article. I'm sorry, but I cannot take anything in that article seriously. On another note the guy has an interestingly hungarian sounding name.
    • ummmmm.... "James Bond may use the fanciest, most expensive and high-tech devices to thwart would-be eavesdroppers"

      Are you talking about pistol? I know it is probably the most effective technology against the weakest link in any security applications. Not sure about whether the Texas A&M guy can come up with something simpler :)

    • Re:Credibility (Score:2, Insightful)

      by slashdotmsiriv ( 922939 )
      Read the academic paper (letter) not the announcement on A&M's site. The announcement is most likely not written by the good professor himself. The paper on the other hand, although it is a first draft and in the form of letter appears well written and substantiated. And a professor of EE in Texas A&M is a good enough title to provide credibility, I mean come on dude, we read hundreds of bogus articles on slashdot posted by ignorant journalists or wannabe patent owners and you raise an issue of cred

      • Re:Credibility (Score:2, Insightful)

        by josecanuc ( 91 ) *

        The announcement is most likely not written by the good professor himself.

        You're correct; the article was written by an employee of the communications department of the TAMU engineering program. The article was written for the "general public" audience. Also, the reporter him/herself is unlikely familiar with secure communication and quantum cryptography principles. The professor was interviewed by the reporter. He likely, either by choice or necessity, had to describe his paper in a context outside the

    • Then why don't you read the paper [opensubscriber.com], referred to from the article?

      There probably are a hell lot of people like me out there; I personally have a lot of difficulties reading pure-technical texts... my mind gets distracted and I don't remember the things I read. When a text is written a bit more lively way, it helps me stay focussed on the article and everyone's happy...

    • TFA says:

      The only way an eavesdropper can determine which resistance is being used at which end is to inject current into the communication channel and measure the voltage and current changes in different directions. Doing this, though, exposes the eavesdropper, who is discovered with the very first bit of information extracted.

      But the circuit will get current induced in it from other sources anyway, adjacent phone lines, power lines, etc. How do the two ends of the link distinguish between accidental ind

      • Also, you can measure it at both ends of the line, and then from the phase of the changes deduce which side made which changes.

        I thought I had heard a similar claim long ago about modem signals (at least, with newer modulations, not the ones with discrete tones for each direction) - the modem on each end can understand the other side only by subtracting out its own signal (which, of course, it knows) - an eavesdropper listening in wouldn't be able to separate them out.

  • Too much hype (Score:4, Insightful)

    by KiloByte ( 825081 ) on Saturday December 10, 2005 @01:37PM (#14229140)
    his scheme is absolutely secure, fast, robust, inexpensive and maintenance-free

    Haven't we heard this before?
    Generally, if something sounds too good to be true, it usually is neither good nor true.

  • Implementation (Score:5, Insightful)

    by GigsVT ( 208848 ) on Saturday December 10, 2005 @01:38PM (#14229147) Journal
    This sounds very good in theory, but it may be difficult to implement securely.

    For example, he claims an eavesdropper could inject current to measure voltage drops, but would be discovered on the first attempt. If the eavesdropped can send a pulse of current that is so small as to not be registered on the endpoint equipment (which say samples the line at 1X sampling rate), but the attacker is injecting and sampling at a rate 100X faster, the attacker's pulse will be so far above the nyquist bandwidth of the endpoints that they will never see it.

    I admit I only read the abstract, he may address this later on in the paper.
    • I'm not sure if this is at all relevant, but Lineman's phones (imagine your old school corded phone, but instead of the cord it has two alligator clips) has a 9v battery inside it so that when they clip onto the line from the phone box, there's no voltage drop.

      • Re:Voltage drop? (Score:2, Insightful)

        by GigsVT ( 208848 )
        In this case you'd want to measure the voltage drop properties of the line to figure out what resistances were on either end.

      • Re:Voltage drop? (Score:3, Informative)

        by johnny cashed ( 590023 )
        as an owner of 2 butt sets (lineman's phones) I can say that this isn't always true. My old western electric rotary one is batteryless. It is still handy for just that reason (and yes, I can still dial out with it on POTS service). My newer Chesilvale needs a 9v battery to work, but it also has a speakerphone in it and more features. I don't believe the battery is there to prevent detection (eliminating voltage drops).

        The is more to a butt set than it being a corded phone with alligator clips. It ha

    • Re:Implementation (Score:2, Insightful)

      by SagSaw ( 219314 )
      ...but the attacker is injecting and sampling at a rate 100X faster, the attacker's pulse will be so far above the nyquist bandwidth of the endpoints that they will never see it.

      Keep in mind that the energy from the attacker's pulse doesn't just go *poof* and disappear. It will be aliased to frequencies within the bandwidth of the endpoint(s) and might still be detected.

    • How this works and why it will fail (Score:4, Interesting)

      by goombah99 ( 560566 ) on Saturday December 10, 2005 @03:53PM (#14229819)
      I'll confess my understanding of this is sketchy at this point. But as I read it the concept is this one has a wire connecting two resistors. The Johnson noise in the wire is determined jointly by the resistors. Both sides, sender and receiver are changing the resistance values simultaneously with the sender putting in the message and the receiver putting in random crap which gets added to the signal. A person monitoring the voltage in the middle can't tell what fraction of the noise came from which side. Therefore the message can't be extracted. Clever. Oddly it's a lot like the bell's theorem experiment in QM where both sides are changing their filters.

      What seems to be the flaw in this is that he assumes that the attacker must inject current unidirectionally to determine which resistance is at which end. Perhaps another means exists, courtesy of the speed of light.

      Namely if you monitor the voltage at two points along the wire then you can distinguish between a wave proapgating from left to right and right to left. So you can now determine what fraction of the noise is coming from the left and what is coming from the right. Even if the noise level made his hard to do, there's also the moment of the resistor switch to capture. Each time the resistor is changed, even if it were perfectly synchronous, the left side's noise will reach the left tap sooner he the right tap.

      This last effect could possibly be masked by injecting large amounts of noise into the system during the switch. (but of course this would also mask any current injection by the attacker as well). But the former effect of the noise signals propagation might still be detectable.

      • The way I understand it is more like this.

        Say each side has a free running RNG producing 1 bit per clock. So either side might be 0 or 1 on any given clock.

        The properties of Kirchoff's laws make for an easy way for the transmission bus to sum the endpoint values, such that only the sum is shown to an eavesdropper.

        So the bus can have 3 values, 0, 1 or 2. If it's 0 or 2 it's easy to tell what state the endpoints are in, but if it's 1, the endpoints are at opposite states.

        That's the crux of this, when the bu
      • Namely if you monitor the voltage at two points along the wire then you can distinguish between a wave proapgating from left to right and right to left. So you can now determine what fraction of the noise is coming from the left and what is coming from the right. Even if the noise level made his hard to do, there's also the moment of the resistor switch to capture. Each time the resistor is changed, even if it were perfectly synchronous, the left side's noise will reach the left tap sooner he the right tap.
  • This article (uses the words 'proposed' and 'absolutely secure' in the same paragraph. You can't trust such a claim about a proposed system until it's been implemented, distributed, deployed, and pounded on for years by cryptanalysists.

    Oh, the sensationalism!
    • How would cryptanalysists be helpful here? You did read the article, right? About a way of making it impossible to tap communications without it being detectable immediately at the endpoints? Since the topic of the article has nothing do with encryption, I fail to see how having crypanalysists "pound" on it for years will help expose any problems...

  • Pinch of NaCl (Score:2, Insightful)

    by Chaffar ( 670874 )
    *Disclaimer* I have no expertise whatsoever in the field but I'm very skeptical of what is being claimed.

    The only way an eavesdropper can determine which resistance is being used at which end is to inject current into the communication channel and measure the voltage and current changes in different directions. Doing this, though, exposes the eavesdropper, who is discovered with the very first bit of information extracted.

    But what if the eavesdropper was present from the very beginning, how will they be

    • *Disclaimer* I have no expertise whatsoever in the field but I'm very skeptical of what is being claimed.

      Since WHEN has that ever stopped anyone from posting on slashdot?

  • Sounds like Snake Oil... (Score:3, Informative)

    by nweaver ( 113078 ) on Saturday December 10, 2005 @01:48PM (#14229196) Homepage
    Sounds like snake oil, similar to http://www.schneier.com/blog/archives/2005/12/snak eoil_resear.html [schneier.com]
  • There is no such thing as what this guy is claiming to have created. Every so often someone pulls something like this out of their arse and starts making all kinds of fantastic claims that are quickly accepted as true by the uninformed.

    There is no such thing as a perpetual motion machine, an honest politician, or perfect encryption. All three exist in theory, but never in reality.

    It may be that this new scheme does represent a method of encryptions that is on-par with the best existing methods, or perhaps
    • There is no such thing as a perpetual motion machine, an honest politician, or perfect encryption. All three exist in theory, but never in reality.

      Well, let's see. The perpetual motion machine doesn't exist, in theory, because the laws of thermodynamics and whatnot essentially rule it out. Of course, it may exist in somebody's theory, but their theory would be at odds with actual, working theories that correspond with reality.

      You're closer to the mark when it comes to the honest politicians. I think t
    • Seems like there's prior art to your perpetual motion notion. :-)
  • "The only way an eavesdropper can determine which resistance is being used at which end is to inject current into the communication channel and measure the voltage and current changes in different directions."

    How about recording the signal after it has been transmitted through some output at the other end? This bugging would not interfere with the signal being transmitted but would still record the information for transmittal later? If you are transmitting the information through a computer, I think s

  • Very interesting but what about tolerance? (Score:2, Informative)

    by Anonymous Coward
    What happens if a thermal fluctuation in the wire causes the loss? How can we tell this from an eavesdropper? To make this work surely the tolerances of all components need to be 0%. Nobody has ever made a 0% tolerance resistor, its a purely theoretical component. Which makes me wonder if this has actually been tested in the lab. Perhaps I'm missing something?

  • Why must non-cryptographers be so dumb? (Score:3, Insightful)

    by khaydarian ( 848707 ) on Saturday December 10, 2005 @01:53PM (#14229229)

    There's so much wrong with this, I don't know where to start.

    First, Cryptography is hard. Even professional cryptographers with decades of experience still get it wrong -- often. Considering as this guy has essentially no previous experience (he's an EE professor), it's already near certain that he's dead wrong.

    Second, he doesn't provide "absolutely secure" communications. He provides non-interceptable communications. He's totally ignoring authentication, non-repudiation, man-in-the-middle attacks, and half a dozen other very important problems. (It's also not a cipher, but we'll ignore that slip.)

    He also assumes (from the abstract) that an eavesdropper can only eavesdrop by injecting current into the wire, which is blatantly false. One could easily tap the magnetic field generated by current in the wire, without drawing very much power from the wire at all.

    And to top it all off, he's depending on the precise values of voltage and current, which means this is an analog system. Analog systems are notoriously difficult to build precisely -- which is why we're using digital everywhere.

    This is such bad research that I can't wait until Bruce Schneier [schneier.com] get ahold of this.

    • First, Cryptography is hard.

      It is. On the other hand, since crytography has nothing to do with the problem he's working on, this is an irrelevant observation.

      He's totally ignoring authentication, non-repudiation, man-in-the-middle attacks, and half a dozen other very important problems.

      Yup. He's also ignoring global warming, terrorism in Israel, and numerous other very real problems that are nevertheless irrelevant to the problem at hand. You appear to have misunderstood what problem he's attempting

      • On the other hand, since crytography has nothing to do with the problem he's working on

        Nothing? What about the fact that the mass-media is describing his project as "an encryption scheme"?

        True, what he's doing isn't technically encryption. But since false claims to the contrary have been made, then cryptography has become relevant, if only to debunk.

        Note that it isn't Dr. Kish's fault that the word "encryption" has been wrongly invoked- blame goes to whoever coined the "quantum encryption" misnomer.
    • First, Cryptography is hard. Even professional cryptographers with decades of experience still get it wrong -- often. Considering as this guy has essentially no previous experience (he's an EE professor), it's already near certain that he's dead wrong.

      He is doing cryptography in the quantum cryptography sense--a secure, non-interceptable channel--not in the algorithmic cryptography sense. He is well-qualified to talk about the kinds of systems he is talking about.

      Second, he doesn't provide "absolutely secu

      • Unless Schneier is an expert on electronics, Schneier isn't qualified to say anything about this.

        Schneier does not have to be an expert on electronics, if he can show he can recover the message.

        I'm a CS student/TA/Network administrator (so I'm no electronics expert) but my solution would be very simple (a man in the middle attack):

        1)Buy two of these encryption boxes
        2)Cut wire (wait until the devices are off or not monitored if necessary)
        3)Put a device on each end of the cut wire.
        4)Listen from one side, eave

  • IT seems to me that they are assuming perfect channels which don't introduce random noise ?

    FTFA: The way the eavesdropper gets discovered is that both the sender and the receiver are continuously measuring the current and comparing the data," Kish said. "If the current values are different at the two sides, that means that the eavesdropper has broken the code of a single bit. Thus the communication has to be terminated immediately."

    And it also assumes that measureing equipments themselves are calibera

  • "Security by Obscurity" (Score:3, Insightful)

    by ratboy666 ( 104074 ) <fred_weigel@[ ]mail.com ['hot' in gap]> on Saturday December 10, 2005 @02:02PM (#14229265) Journal
    Yes, again. The attacker doesn't know which resistor is at which end. And taps the middle.

    Of course, the attacker may be the receiver, in which case she KNOWS the value at one end. And that is the trivial breaking case.

    Ratboy.
    • Using a secret key is not really "security by obscurity"...
      • Of course it is.

        If you have a 1024 bit key, an attacker has a 1/(2^1024) chance to find your key in 1 guess. Its 1 pidgeonhole in a really large matrix.

        How is that much different than lining up a crazy amount of "If you do this when this is this at this" variables that roughly equal to the domain of chance of 2^1024?

        For example, say I have a small Linux device that I compiled for root only (wifi mesh point). I dont want others to easily find this device, so first I turn it into a brouter and only certain IP
        • Well, in that case "security by obscurity" would not be a bad thing, but a rather meaningless term describing all imaginable security systems. =) If that's what you believe you just need to learn what the expression actually refers to:

          "In cryptography and computer security, security through obscurity (sometimes security by obscurity) is to some a controversial principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to ensure security. A system relying on security t
          • ---For example, if somebody stores a spare key under the doormat in case they are locked out of the house, then they are relying on security through obscurity."

            I understand what is traditionally means, but what difference does it make if it's 1 doormat or 10^10 of them? You're still relying on secrecy and obfusication to get people who you want to have permission to get it, and keep out all others.
  • The best security exists in a world where nobody understands how it works or knows it exists. Taking that into account tomorrow's secure technology is secure with the knowledge and tools we have today, but may not be so ten years after the secure technology is in the wild.

    The best you can hope for is being a few steps ahead of the people who want to take advantage of your provide data. This is not to say that working on security improvements is worthless, rather that you will always have to work on better t
    • The best security exists in a world where nobody understands how it works or knows it exists.

      Every time I listen to my wife talk to one of her friends I'm reminded of just how true this is.

    • Good luck trying to break one time pad. Even 300 years from now. You'll also need god luck while trying to break RSA with a big enogh key if we don't make a quantum computer. Oh, I almost forgot, good luck trying to break the current used symetric criptography systems, even 30 yeas from now.

      The brest seurity is not the one done with the newest technology. The best security is the one with the toghest weak link. But if you are only taking the technology into account, the best security is the one done with t

      • The brest seurity is not the one done with the newest technology.

              Damned right. Those hook-and-eye bras have been around forever, and I'll be damned if I can break into those easily.
      • Good luck trying to break one time pad.

        Even so, you'll have better luck if you understand how it works. Then you'll know to send the ninjas to break into the right cabinet and photograph the pages of random numbers for later use. Historically, OTP has been broken, when the pads were created with a biased RNG.

        Everything is breakable, and knowledge allows you to hurt anything more effectively.
    • Wow, that's so wrong. I wonder who modded you up.

      The best cryptographic and digital security is one that is very public, that has had many hundreds of people pounding on it for years trying to find flaws.

      A secret system is likely to be broken as soon as someone more skillful than the designers learns of its existance.
  • He said his scheme is absolutely secure...

    I just stop reading at this point. Perhaps saying that it is "thought to be secure at the current state of knowledge", but if there's one thing we should have learned already, it's that nothing is absolute.

  • Technical discussion (Score:2, Insightful)

    by acaspis ( 799831 )

    Suppose Eve inserts a resistor in the transmission line. Now she can measure two voltages instead of one, and I'm pretty sure the difference in standard deviation will reveal the choice of resistors at each end of the line.

    If Eve fears that her resistor might be detected, she can use the intrinsic resistance of the wire instead. Unless we assume superconducting transmission lines...

    Nice try, though. This is probably related to the issue of determining who is talking when eavesdropping on a two-wire tele

  • A classical counterpart of quantum criptography... How could anyone imagine researching such a thing?

    Of course, the process is so weak that I can alread imagine a way of breaking it: One could insert low intensity pseudo-random noise (that mixes with the termal noise) and measure the current. He'll be able to get near half the bits this way.

    The author is also a bit naive, assuming that the resistence changes will be imediate. Since that is impossible, one can insert some current into the system during the

  • It's potentially a private channel, but it's not an encrypted channel, because there's no key. Anyone with a valid receiver gets the same message.

  • something to wonder about (Score:3, Informative)

    by geoff lane ( 93738 ) on Saturday December 10, 2005 @04:40PM (#14230033)
    The thermal noise in the circuit will limit both the rate of data exchange and the confidence that a tap will be detected (or a false positive.) Over a long distance, the quality of the connection will be an important factor.

    There is also the slight problem of the common clock which must be available at each end. Somehow both sides need to be synchronised which implies either quite expensive atomic clocks or a side channel containing the information. Either limits the practibility of the idea.

  • Problems (Score:4, Informative)

    by Jerry Coffin ( 824726 ) on Saturday December 10, 2005 @04:55PM (#14230092)
    For years, there has been one encryption scheme that has been known to be 100% secure (at least against a simple cipertext-only attack): the one-time pad. This is most often (but not necessarily) implemented as a simple XOR between bits in a key stream and bits in the text to be encrypted. The receiver decrypts the message by re-XORing the received bits with the same key stream to retrieve the original data.

    As I mentioned, this is 100% secure, and any reasonably well-written book on cryptography will confirm that. To be 100% secure, however, the keystream must be as large as the data being encrypted, and must be absolutely random -- any degree of predictability can lead to breakage (e.g. search for "Venona").

    The biggest shortcoming of a one-time pad is the key: first you have to generate an absolutely random key, and then you have to distribute that key to the people at both ends of the communication securely. The usual problem is that if you can communicate that key reliably, then you could normally communicate the data reliably just as easily. As such, a one-time pad is typically only useful in fairly limited situations like a spy receiving a DVD-ROM full of key material during a f2f visit, then using the key out in the field. For more typical scenarios it's rarely useful though.

    This scheme seems to cure one, but definitely not both of those problems. It's basically a way of using two one-time pads simultaneously, so that the receiver can deduce the sender's key at any point, but what is transmitted over the wire basically depends on both his own key and his partner's key (not exactly an XOR, but a bit like it). If all the attacker does is collect the voltages on the line, I wouldn't be too surprised if this really is secure.

    That doesn't mean there aren't any shortcomings though. One obvious problem is that both ends still have to generate absolutely, 100% random keys. Another problem is a man in the middle attack. If the pattern of resistor changes can be predicted, then the attacker only has to find the value once at one end to break all subsequent communications over the channel. Since the scheme doesn't (at least by itself) provide any kind of confirmation of who's on the other end of a line, a man in the middle has a pretty easy time with things.

    Another approach would be to tap into the line at two points, preferably widely separated. Since the current only travels over the wire at (about) 2/3rds the speed of light, when one end changes a resistor, the change in voltage/current will be detectable first closer to that end, and some time later at the other end. Two widely separated measurments would allow an attacker to figure out which end changed resistors at any given time. Ultimately, the degree of separation does't even have to be particularly huge -- larger separation just reduces the precision of timing necessary, but even one foot apart gives about a nanosecond.

    • In this case, there is no need to transfer keying material. The receiver injects the random noise himself, so it's not really related to the one time pad, it's more like the idea of public key cryptography (in a very indirect way, before criticizing please read Ellis' paper [cesg.gov.uk]).

      But you're right. Man in the middle would work like a charm, and that propagation method might work too (not my area of expertise).

      • Re:Problems (Score:2, Interesting)

        by GigsVT ( 208848 )
        In that link you cited the reciever only is injecting noise, in this system both sides are generating a stream of random bits.

        It does have similarity in that it combines the knowledge of what random choices the reciever made along with the resulting line condition, but the end result is the construction of a OTP that is mirrored on both ends. (Literally mirrored, both ends will have an inverse copy of each other, all the bits will be NOT'ed).

        It's important to note that the actual payload data is not sent du
  • I have quite a high fever, so this might not be as inspired as I think.. ;)
    But the syncronization of the clocks initially has to be very precise. In fact, so precise that a lot of information has to be sent over to get it exact. It would be physically beautiful if it turns out that in order to get perfect synchronization you'd have to exchange enough information initially to make it a one-time pad. (and thus useless)

    OTH, the method is not really an encryption scheme, so perhaps it would be surprising if the
  • this should work great. Unfortunatly I'm only physically connected to my hub so I don't know how well this is going to scale.
  • Peeking at the paper, it seems that the receiver somehow introduces noise to the channel, garbling the sender's signal. He then recovers the message by deducing what the sender chose because he knows what his noise is.

    A similar principle was used about 50 years ago, although maybe using a different method. I've not seen the paper about this device (Bell project C43), but the Ellis Paper on non-secret encryption [cesg.gov.uk] (PDF, sorry) makes a brief description of the device in item 6.

    Oh, if I were attacking that devic

  • Absolutely secure communication already exists (Score:3, Informative)

    by Jaime2 ( 824950 ) on Saturday December 10, 2005 @10:19PM (#14231414)
    Just send someone an OTP [wikipedia.org] DVD generated by hotbits [fourmilab.ch] and keep a copy for yourself. Use the DVD only for key exchange and use AES for the data stream. No one can crack a one-time pad unless you make a mistake. This won't work for e-commerce, but it works wonderfully for terrorist and spies. For the extra paranoid, use the OTP data for encryption, but you'll eventually need a new one (re-using OTP data renders it crackable).

Slashdot Top Deals

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Close