On 10/28/2013 04:20 AM, John Gilmore wrote:
Could the injected code be sufficiently subtle to detect and store or report entropy events like packet timing, without becoming sufficiently obvious that the malware's presence is detected on the network?
No. Knowing "packet timing" isn't good enough. It is the interrupt timing that matters, and even that isn't good enough, at least not in the case of a fast CPU with a GHz+ system clock: you have to know the value of a fast counter at the moment that it is sampled as part of servicing the interrupt. The clock the attacker needs to know doesn't even exist outside the chip in question. An attacker needs to infer very precise phase angles here, or a bit or more of entropy will slip through on that interrupt. And you expect to measure this via malware running on a cheap printer plugged into feet of ethernet cable plus an ethernet switch plus more cabling between it and the computer that gets the interrupt? The malware might make an estimation of interrupt timing, but it can't get down to the last LSB of that clock at the moment when the CPU gets around to reading it. We are talking not just an off-chip measurement of a signal that doesn't exist off-chip, we are talking about doing it from outside the box, when the box isn't trying to cooperate. Making timing measurments precisely is hard to do in the best possible and most carefully engineered circumstances. -kb _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography