Enforcing low-profile and cryptanalysis

Steve Witham (sw@tiac.net)
Sun, 10 Nov 1996 23:26:10 -0400


>COMPUTER CRACKERS ADOPT NEW STRATEGY FOR BREAK-INS
>Recent attacks on computer systems have adopted a new strategy for cracking
>security codes, exploiting the way that imperfect computers implement
>encryption systems in the real world. Scientists at Princeton University
>and Bellcore have been working together to discover how they can force a
>computer or encoding chip to err in its calculations while encrypting a
>message and, at the same time, leak information about the message being
>encrypted. One way they found to do this is by irradiating the chip, and
>then by comparing a number of error-ridden encryptions with a single
>flawless one, they discovered they were able to crack virtually any
>public-key system. Their technique was carried a step further by
>researchers at the Weizmann Institute in Israel, allowing them to decipher
>the secret key from a 56-bit Data Encryption Standard algorithm with little
>trouble, using "differential fault analysis." This doesn't mean that
>encryption doesn't work, says Richard DeMillo, a member of the Bellcore
>team. "It's a matter of recognizing vulnerability," and doing something
>about it. (Science Magazine 1 Nov 96 p716)

There are some implications for the "play dirt" strategy: first of all, you
have to be invulnerable to any sort of attack, both by redundancy and
rerouting, and also in the sense of not revealing anything when stressed.
Sounds like we haven't achieved anything like the latter--current
cryptosystems seem to spill the beans under torture.

Second, the way the technology of cryptology evolves in our world today
is by constant attempts to defeat what has gone before. If this were
simply institutionalized--with testing on live subjects, as it were--it
would provide a way to simultaneously improve one's weapons, seek out and
attack enemies or prey, and enforce the "lie low" rule. Just constantly
shoot bullets over everyone's heads. Of course, you keep backups, don't
you?

--Steve

--
sw@tiac.net http://www.tiac.net/users/sw
"It just keeps going and going and therefore you yourself have to keep
going and going." --Energizer Bunny researcher