[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Attacking Clipper with timing info?

To: [email protected]
Subject: Re: Attacking Clipper with timing info?
From: Loren James Rittle <[email protected]>
Date: Wed, 13 Dec 95 20:10:56 CST
Cc: [email protected]
Comments: Hyperbole mail buttons accepted, v3.16.
In-Reply-To: <[email protected]> ([email protected])
Reply-To: [email protected]
Sender: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----

>From: [email protected] (Jim Miller)
>Date: Wed, 13 Dec 95 15:10:25 -0600

>Could this timing attack be used to obtain the various keys used by  
>Clipper devices?

Jim,

Without having the details of the algorithm, I suspect the answer is
'remotely possible, at best'.

However, to extend what I suspect you were getting at:

It would be very interesting to determine if the NSA knew about this
crypto-design problem and put effort into making Clipper chips resistant
to this timing based attack.  Without access to internal documents,
I suspect this would be hard to determine.  We could learn something
about the NSA by studying the Clipper chip (or the follow-on PCMCIA
product containing SKIPJACK, Capstone).

If it could be shown that Clipper chips require a different amount of
time/current to encode/decode traffic, then we could conclude one of
the following:

(A1) The NSA knew about the problem, expected to be able to use the
     behavior as an illegal backdoor and thus did nothing to close it.
(A2) The NSA knew about the problem, expected that no one (including
     themselves) would be able to exploit the behavior, and thus did
     nothing to close it.
(A3) The NSA didn't know about the problem.

Conclusions A1 and A3 would tend to make the NSA look bad.  A2
would be fine, if the NSA expectation was found to be valid.  To
restate, without internal documents, outsiders would have little
ability to determine which conclusion to draw even if differences
in behavior were detected.

If it could be shown that Clipper chips require a fixed amount
of time/current to encode/decode traffic, then we could conclude
one of the following:

(B1) The NSA knew about the issue and compensated for it.
(B2) The NSA didn't know about the issue and got lucky.

I discount B2 as a valid option.  Actually, if the answer was B1,
my respect for the NSA would creep up a notch. :-)

Regards,
Loren

- -- 
Loren J. Rittle ([email protected])	PGP KeyIDs: 1024/B98B3249 2048/ADCE34A5
Systems Technology Research (IL02/2240)	FP1024:6810D8AB3029874DD7065BC52067EAFD
Motorola, Inc.				FP2048:FDC0292446937F2A240BC07D42763672
(708) 576-7794				Call for verification of fingerprints.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMM+HTf8de8m5izJJAQGWJwP8CUJIagN5cyZhRc9Qxq4+u4d/1H7wfAzi
OKa+m4XlfEsCKxF9x6vnYXcC2jGKpU43RbCVsLN/FLJjptWuBczXzPMdS1Uu0nPU
yVWse7eVx0Jl0dbTpUxm0Z966G4cwmnX0Npq6BnVFlp7mNFJGZv157K17vsHwvYB
apf4IwtPqdI=
=CDP6
-----END PGP SIGNATURE-----

References:
- Attacking Clipper with timing info?
  - From: [email protected] (Jim Miller)

Prev by Date: Timing Attack Paper
Next by Date: Mike Godwin Re: Is there a lawyer in the house?
Prev by thread: Re: Attacking Clipper with timing info?
Next by thread: Re: Attacking Clipper with timing info?
Index(es):
- Date
- Thread