Attacking Clipper with timing info?
Could this timing attack be used to obtain the various keys used by Clipper devices? Jim_Miller@suite.com
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 13 Dec 1995, Jim Miller wrote:
Could this timing attack be used to obtain the various keys used by Clipper devices?
Jim_Miller@suite.com
The Clipper chip itself does not use digital signatures and public key encryption. It only implements an block cypher. You were probably talking about Capstone which does use PK crytpo and digital signatures. Capstone uses DSS as the digital signature which is explicitly pointed out in the summary of the timing attack. I don't think what algorithm it uses for key exchange has been releases yet, but it probably is vulnerable. So Capstone is indeed vulnerable to timing attacks. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMM9n1bZc+sv5siulAQFiogP/ZoGwK/gJpEyGhfQhHx8MM9pA/BPO36ZK C/lFiOn1DhisqV+o2uYz8noRInr76fhO2drxCzACq1hCt3EAq9rXTmTDZeQOxHQS 6nT8VE5GJH54TwbTn5yeG2w7FUUDFeOYyu/aGQTIztAaUwJ3vLJSnP6ze50BTXI9 JJeziR8yBqE= =b6p3 -----END PGP SIGNATURE----- finger markm@voicenet.com for Public Key http://www.voicenet.com/~markm/ Key-ID: 0xF9B22BA5 Fingerprint: bd24d08e3cbb53472054fa56002258d5 -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT d- s:- a? C++++ U+++>$ P+++ L++(+++) E--- W++(--) N+++ o- K w--- O- M- V-- PS+++>$ PE-(++) Y++ PGP+(++) t-@ 5? X++ R-- tv+ b+++ DI+ D++ G+++ e! h* r! y? ------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNED MESSAGE-----
From: jim@bilbo.suite.com (Jim Miller) Date: Wed, 13 Dec 95 15:10:25 -0600
Could this timing attack be used to obtain the various keys used by Clipper devices?
Jim, Without having the details of the algorithm, I suspect the answer is 'remotely possible, at best'. However, to extend what I suspect you were getting at: It would be very interesting to determine if the NSA knew about this crypto-design problem and put effort into making Clipper chips resistant to this timing based attack. Without access to internal documents, I suspect this would be hard to determine. We could learn something about the NSA by studying the Clipper chip (or the follow-on PCMCIA product containing SKIPJACK, Capstone). If it could be shown that Clipper chips require a different amount of time/current to encode/decode traffic, then we could conclude one of the following: (A1) The NSA knew about the problem, expected to be able to use the behavior as an illegal backdoor and thus did nothing to close it. (A2) The NSA knew about the problem, expected that no one (including themselves) would be able to exploit the behavior, and thus did nothing to close it. (A3) The NSA didn't know about the problem. Conclusions A1 and A3 would tend to make the NSA look bad. A2 would be fine, if the NSA expectation was found to be valid. To restate, without internal documents, outsiders would have little ability to determine which conclusion to draw even if differences in behavior were detected. If it could be shown that Clipper chips require a fixed amount of time/current to encode/decode traffic, then we could conclude one of the following: (B1) The NSA knew about the issue and compensated for it. (B2) The NSA didn't know about the issue and got lucky. I discount B2 as a valid option. Actually, if the answer was B1, my respect for the NSA would creep up a notch. :-) Regards, Loren - -- Loren J. Rittle (rittle@comm.mot.com) PGP KeyIDs: 1024/B98B3249 2048/ADCE34A5 Systems Technology Research (IL02/2240) FP1024:6810D8AB3029874DD7065BC52067EAFD Motorola, Inc. FP2048:FDC0292446937F2A240BC07D42763672 (708) 576-7794 Call for verification of fingerprints. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMM+HTf8de8m5izJJAQGWJwP8CUJIagN5cyZhRc9Qxq4+u4d/1H7wfAzi OKa+m4XlfEsCKxF9x6vnYXcC2jGKpU43RbCVsLN/FLJjptWuBczXzPMdS1Uu0nPU yVWse7eVx0Jl0dbTpUxm0Z966G4cwmnX0Npq6BnVFlp7mNFJGZv157K17vsHwvYB apf4IwtPqdI= =CDP6 -----END PGP SIGNATURE-----
participants (3)
-
jim@bilbo.suite.com -
Loren James Rittle -
Mark M.