[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
Kent Borg
kentborg at borg.org
Mon Oct 28 11:42:34 PDT 2013
On 10/28/2013 04:20 AM, John Gilmore wrote:
> Could the injected code be sufficiently subtle to detect and store or
> report entropy events like packet timing, without becoming
> sufficiently obvious that the malware's presence is detected on the
> network?
No.
Knowing "packet timing" isn't good enough. It is the interrupt timing
that matters, and even that isn't good enough, at least not in the case
of a fast CPU with a GHz+ system clock: you have to know the value of a
fast counter at the moment that it is sampled as part of servicing the
interrupt.
The clock the attacker needs to know doesn't even exist outside the chip
in question. An attacker needs to infer very precise phase angles here,
or a bit or more of entropy will slip through on that interrupt.
And you expect to measure this via malware running on a cheap printer
plugged into feet of ethernet cable plus an ethernet switch plus more
cabling between it and the computer that gets the interrupt? The
malware might make an estimation of interrupt timing, but it can't get
down to the last LSB of that clock at the moment when the CPU gets
around to reading it.
We are talking not just an off-chip measurement of a signal that doesn't
exist off-chip, we are talking about doing it from outside the box, when
the box isn't trying to cooperate.
Making timing measurments precisely is hard to do in the best possible
and most carefully engineered circumstances.
-kb
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cypherpunks
mailing list