NONSTOP Crypto Query

John Young jya at pipeline.com
Fri Jan 19 17:02:48 PST 2001 

This, from David Wagner on Cryptography, is most informative:

In a paper on side channel cryptanalysis by John Kelsey, Bruce Schneier,
Chris Hall, and I, we speculated on possible meanings of NONSTOP and HIJACK:

   [...]
   It is our belief that most operational cryptanalysis makes use of
   side-channel information.  [...]  And Peter Wright discussed data
   leaking onto a transmission line as a side channel used to break a
   French cryptographic device [Wri87].

   The (unclassified) military literature provides many examples of
   real-world side channels.  [...]  Peter Wright's crosstalk anecdote
   is probably what the HIJACK codeword refers to [USAF98]. Along
   similar lines, [USAF98] alludes to the possibility that crosstalk from
   sensitive hardware near a tape player might modulate the signal on the
   tape; [USAF98] recommends that tapes played in a classified facility be
   degaussed before they are removed, presumably to prevent side channels
   from leaking. Finally, one last example from the military literature
   is the NONSTOP attack [USAF98, Chapters 3-4]: after a careful reading
   of unclassified sources, we believe this refers to the side channel
   that results when cryptographic hardware is illuminated by a nearby
   radio transmitter (e.g. a cellphone), thereby modulating the return
   signal with information about what the crypto gear is doing [AK98].
   [...]

   [AK98] R. Anderson and M. Kuhn, "Soft Tempest: Hidden Data Transmission
          Using Electromagnetic Emanations," Proc. 2nd Workshop on
          Information Hiding, Springer, 1998.
   [USAF98] US Air Force, Air Force Systems Security Memorandum 7011--
          Emission Security Countermeasures Review, 1 May 1998.
   [Wri87] P. Wright, Spycatcher, Viking Penguin Inc., 1987.
   
The above is excerpted from the conclusions of
   J. Kelsey, B. Schneier, D. Wagner, C. Hall,
   "Side channel cryptanalysis of product ciphers",
   Journal of Computer Security, vol. 8, pp. 141--158, 2000.
   http://www.cs.berkeley.edu/~daw/papers/sidechan-final.ps

Do remember, please, that these are just guesses.

Also, credit is due to Ross Anderson and Markus Kuhn for informative
discussions on this topic.

[End Wagner post]

--- 

Both the Anderson/Kuhn and USAF papers are online:

  http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf

  http://www.jya.com/afssm-7011.htm

More information about the cypherpunks-legacy mailing list