Secure IDE? (fwd)

Sarad AV jtrjtrjtr2001 at yahoo.com
Sun Aug 3 04:13:15 PDT 2003 

hi,

> This isn't a communications protocol. We're talking
> about
> disk storage. The only circumstances where an
> attacker
> could use this as an attack vector would be if the
> attacker
> could take multiple snapshots of the disk, possibly
> replacing
> blocks at later times.
> 
> Peter
> 

Thank you-i get that.The attacker might certainly like
to try it ,if it is a banking DatBase.


Bill Stewart" <bill.stewart at pobox.com> wrote
>However, there's an emerging application for which
>disk drives are more vulnerable, which is remote
>storage.
>Some of the new disk interface standards, like Fibre
>Channel,
>and probably some of the flavors of iSCSI,
>can operate over distances of 20km and longer over
>fiber,
>leading to businesses like colocation centers in New
>Jersey
>providing big disk drive farms for New York City
>financial businesses
>which have their mainframes in Manhattan.
>For applications like that, it is important to do
>good IVs,
>because control of the disk drive doesn't imply
>control of the machine.


okay-lets look the same in a communication protocol.
We have digital cash transactions between Bank A and
Bank B.

Say I am an employee of Bank A.
I don't keep the IV as secret,i just append the IV
along with the cipher text which i have chained using
a chaining mode and send it to bank B.There is a man
in the middle M,who also sniffs out the IV,now he can
successfully perform a block replay attack.

I can think of one way this can be prevented.
It would take us to share a common seed value (a
secret)between Bank A and Bank B.


1.Bank A uses a pseudo random number generator like
Tauss88 with a period of nearly 2^80 or MT19937 with a
period of 2^19937-1 and generates the first IV using
the generator.


2.This IV,is used for chaining but the IV itself is
not transmitted along with the cipher text to the bank
of B.

3.Once the chained cipher text reaches bank of B, they
use the common seed to generate the first IV and this
IV can be used to obtain the actual cipher text.

4.Continue steps 1 to 4 till the period of the
generator.If we use Taus88 we can get nearly 2^80 IV's
and if we use MT19937 we can get upto 2^19937-1 IV's.



We also dont need to hash the IV's itself though they
form a linear recurring sequence, since they are not
transmitted from Bank A to Bank B and we derive no
information of the IV from any number of blocks of the
chained cipher text.

In this way the attacker can no longer perform block
replay attacks.


The funny part is that I have seen some cryptographic
utilities simply appened the IV to the chained cipher
text and transmit to a receiver.


Regards Sarath.

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

More information about the cypherpunks-legacy mailing list