One-Time Pads as Attack Method
1. Agents of the Enemy wish to create the appearance of you possessing document A. 2. They obtain some artifact you have emailed, or posted, or possess on your private local storage. --- Possibly even signed. Call this message B. 3. They create the XOR of A and B, the result being a 'one time pad' C. which of course, gives: private message B XOR C = target bogus message A. This result is of course not a one time pad; the plan is to accuse you of possessing materials that prove you are trading with the enemy, exchanging kiddie-porn, any of the usual things. 4. This 'one time pad' file C. somehow finds its way into your possession: it is an email attachment, embedded in some binary --- it could even be stego'ed into a GIF/JPG. 5. The agents break down the door and seize all your effects. 6. They are able to prove that you possess B and C, the XOR of which is A., a fact that is impossible to have happened at random. 7. The jury doesn't know shit, and figures that if the chances of B ^ C = A by accident are 0, then you must be guilty. I'm only looking at the general schema of an attack like this: I'm sure there are many ways the right defense could be mounted about how the files got on the client's computer, etc.etc. The interesting part of this frame-job is using something you may have already publicly posted, making denial of its origin difficult, together with a surreptitious planting of the 'pad' data. Naturally the incriminating data payload could be delivered directly, without the OTP business. But I thought it might be worth examining the implications of this theme.
00043.an@edtec.com writes: : : 1. Agents of the Enemy wish to create the appearance of you possessing : document A. : 2. They obtain some artifact you have emailed, or posted, or possess on : your private local storage. --- : Possibly even signed. Call this message B. : 3. They create the XOR of A and B, the result being a 'one time pad' C. : which of course, gives: : private message B XOR C = target bogus message A. This result is of course : not a one time pad; : the plan is to accuse you of possessing materials that prove you are : trading with the enemy, : exchanging kiddie-porn, any of the usual things. : 4. This 'one time pad' file C. somehow finds its way into your possession: : it is an email attachment, : embedded in some binary --- it could even be stego'ed into a GIF/JPG. : 5. The agents break down the door and seize all your effects. : 6. They are able to prove that you possess B and C, the XOR of which is A., : a fact that is impossible : to have happened at random. : 7. The jury doesn't know shit, and figures that if the chances of B ^ C = A : by accident are 0, : then you must be guilty. It was in part for the purpose of demonstrating this possibility that I wrote the OPT program that I later realized that I could not publish in any form under the ITAR and cannot publish in electronic form under the new Commerce Department export regulations (unless I apply for a license (that I probably cannot get) from the government, a requirement that violates the First Amendment to the United States constitution). And it was the restraints on publishing that and other crypto programs that led me to file suit to enjoin the enforcement of the export restrictions on cryptography. The problem that someone might plant a message and a one-time-pad on your machine makes for a good spy story; I would be more worried about someone claiming that I had illegal software on my machine, since they can always come up with a one-time-pad that will decode some file that I do have on my machine (if they have access to it) and have the ``decoded'' text be a copyrighted program for which I do not have a license. Do you think that Microsoft has a one-time-pad that will convert Netscape 3.1 into Word for Windows? -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH EMAIL: junger@samsara.law.cwru.edu URL: http://samsara.law.cwru.edu NOTE: junger@pdj2-ra.f-remote.cwru.edu no longer exists
participants (2)
-
00043.an@edtec.com -
Peter D. Junger