Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Simple Comm Technique Beats Quantum Crypto

Zonk posted more than 7 years ago | from the dot-dot-dash-dot-dot-dash-dash-dot dept.

Security 164

Atario wrote us with a link to a New Scientist article about an innovative new way of encrypting communications. An engineer at Texas A&M may have a way to exploit the thermal properties of a wire to create a secure channel. The result could be an effectively impenetrable way of securing communications, possibly outperforming quantum cryptography keys. "In their device, both the sender Alice and the receiver Bob have an identical pair of resistors, one producing high resistance, the other low resistance. The higher the total resistance on the line, the greater the thermal noise. Both Alice and Bob randomly choose which resistor to use ... Half the time ... they will choose different [resistances], producing an intermediate level of thermal noise, and it is now that a message can be sent. If Bob turns on his high resistor, and records an intermediate level of noise, he instantly knows that Alice has chosen her low resistor, in essence sending a bit of information such as 1 or 0. Kish's cipher does this many times, sending a random series of 1s and 0s that can form the basis of an encryption key, the researchers say."

Sorry! There are no comments related to the filter you selected.

Cool. (5, Interesting)

bytesex (112972) | more than 7 years ago | (#19291519)

But if I understand correctly, and I want to do this over ethernet, for example, that means that it is a) unroutable and b) my ethernet endpoints would have to be aware of my security preferences ?

Re:Cool. (0)

Anonymous Coward | more than 7 years ago | (#19291561)

Since when did ethernet become routable?

Re:Cool. (1, Informative)

bytesex (112972) | more than 7 years ago | (#19291703)

No. Obviously, that's not what I meant. I mean that the higher level, routable protocol on top of ethernet would become unroutable, because it's the lower level ethernet that has to be aware, between to electrical endpoints, of my security wishes. Since I can't expect to be able to export those wishes beyond the borders of my network, I'd have a problem. Also, I'd have to have much tighter integration between the levels in my network, as security is usually negotiated on the highest levels, whereas electrical current is the lowest. Did I formulate it precisely enough for your preferences now ?

Re:Cool. (4, Informative)

Architect_sasyr (938685) | more than 7 years ago | (#19292007)

I'm friends with one of the team working on the single electron quantum crypto thingy (hey, it's beyond my brain and I'll admit it). They run the cryptography between secured nodes. So, based on that and my vague recollection of how it works, the Quantum boys have it non-routable too... it's a point-to-point security chain... the end point's are what is vulnerable, but there is no way to sniff between them (think of it as the Tor nodes are vulnerable to a malicious server, but not the link between them).

Hope that clears up any debate this would generate.

And I don't know about the rest of the community, but I read the original post and thought "yep, got it in one". Apparantly I understand these things a little better than most.

Re:Cool. (0)

Anonymous Coward | more than 7 years ago | (#19291659)

It's no different from quantum cryptography in that respect.

Well, they quote Bruce saying it's good. (2, Informative)

khasim (1285) | more than 7 years ago | (#19291665)

From TFA:

"This is a system that should be taken seriously," says security specialist Bruce Schneier, who founded network security firm BT Counterpane. He says he was seduced by the simplicity of the idea when it was first proposed by Kish, and now wants to see independent tests of the working model. "I desperately want someone to analyse it," he says. "Assuming it works, it's way better than quantum."

Although I don't recall seeing anything about it on his website. Bruce knows a lot more than I do, but this just sounds weird.

And not just Ethernet. Any wire that has a repeater or relay or amplifier sounds like it would break this.

And don't forget man in the middle attacks. If Eve or Mallory get to the wire first, then the "normal" wire state that Alice and Bob see will include their taps.

Re:Well, they quote Bruce saying it's good. (4, Informative)

Lagged2Death (31596) | more than 7 years ago | (#19291701)

If Eve or Mallory get to the wire first, then the "normal" wire state that Alice and Bob see will include their taps.

Eavesdropping on this wouldn't do any good. From an eavesdropper's point of view, there are three noise levels, two of which mean nothing and one of which means a bit has just been transferred from A to B or from B to A. An eavesdropper can't tell which direction the bit is going or what the value of the bit was.

Sure they can. (1)

khasim (1285) | more than 7 years ago | (#19291771)

All Eve has to do is to have two taps on the wire. She can watch the signal propagate from one to the other and determine who sent it.

And I'm not seeing why there would be three noise levels on the wire. You'd start off with the plain wire. Then Eve's taps. Then Eve would see the wire characteristic change when Alice put her resistor on. So she'd know that information. Then she'd see it change again when Bob put his resistor on. So she'd have that information also.

All Alice and Bob would know is the state AFTER Eve's taps went in.

So Eve would have all of the information.

Re:Sure they can. (3, Informative)

tomz16 (992375) | more than 7 years ago | (#19293193)

You are incorrect... If Eve gets to the wire first, then Alice and Bob may not know that there is a tap, but the tap is still worthless. Only the party at an enpoint would know what resistor THEY have put in, allowing them to deduce the resistor used at the other end. The person in the middle would only have the (worthless) piece of information that Alice and Bob differed in the resistor that they chose.

Noise endpoint 1 endpoint 2

High high high
Medium high low
Medium low high
Low low low

You throw out the high/low noise cases. In order to know what the other person is doing in the medium case you need to know what resistor YOU put in!

-Tom

P.S. one of my professors proposed this method during a casual conversation a few years back. It's and idea that has been kicked around for a while, and in my opinion is very solid.

P.P.S. there is no directionality to the signal here.

Re:Sure they can. (1)

tomz16 (992375) | more than 7 years ago | (#19293271)

P.S. to myself... The only way this would work is if EVE :
1) Got to the wire first
2) Cut the wire severing the connection between Alice and Bob
3) had 6 resistors, two to make up for the missing length of wire, and 4 to use in the scheme.
4) Even would pretend to be Alice on one end, and Bob on the other, relaying the messages in between while saving a copy for herself.

Re:Well, they quote Bruce saying it's good. (2, Insightful)

smallfries (601545) | more than 7 years ago | (#19292413)

But he didn't mention eavesdropping, he mentioned man in the middle attacks. Just like a quantum link this is vulnerable to man in the middle attacks when used without a separate authenticated channel.

Moderate +1... (1)

Joce640k (829181) | more than 7 years ago | (#19293317)

This does nothing to prevent man-in-the middle attacks. If I can get physical access to your wire to eavesdrop I can also cut it completely and put myself in the middle.

Still, it's a nice piece of thinking.

Re:Well, they quote Bruce saying it's good. (5, Informative)

eblot (1108019) | more than 7 years ago | (#19291789)

> Although I don't recall seeing anything about it on his website.
That would be: http://www.schneier.com/crypto-gram-0512.html#15 [schneier.com]

Mod parent up! (1)

khasim (1285) | more than 7 years ago | (#19291833)

Thanks!

And Bruce does note that it is vulnerable to a man in the middle attack.

MITM... (4, Informative)

SanityInAnarchy (655584) | more than 7 years ago | (#19293565)

I read Schneier's page because I respect the guy, and I figured he'd know what he was talking about. It already seemed trivially vulnerable to a man-in-the-middle attack, but I wanted to see if I was the only one.

Looks like I'm right:

Even more basic: It's vulnerable to man-in-the-middle attacks. Someone who can intercept and modify messages in transit can break the security. This means you need an authenticated channel to make it work -- a link that guarantees you're talking to the person you think you're talking to. How often in the real world do we have a wire that is authenticated but not confidential? Not very often.

He actually details a few more problems:

For those keeping score, that's four practical problems: It's only link encryption and not end-to-end, it's bandwidth-limited (but may be enough for key exchange), it works best for short ranges and it requires authentication to make it work. I can envision some specialized circumstances where this might be useful, but they're few and far between.

But then, I guess it's the best we've got:

But quantum key distributions have the same problems. Basically, if Kish's scheme is secure, it's superior to quantum communications in every respect: price, maintenance, speed, vibration, thermal resistance and so on.

Re:Well, they quote Bruce saying it's good. (1)

nacturation (646836) | more than 7 years ago | (#19293433)

Little known Bruce Schneier fact: [geekz.co.uk] he cryptanalyzed this in his sleep, he just forgot the answer when he woke up.
 

Re:Well, they quote Bruce saying it's good. (1)

Schraegstrichpunkt (931443) | more than 7 years ago | (#19293787)

Although I don't recall seeing anything about it on his website.

It was on his blog [schneier.com] last December.

In any case, the system can be defeated using a directional coupler.

Re:Cool. (1)

Yvanhoe (564877) | more than 7 years ago | (#19291907)

I think here the conditions are the same as the typical quantum crypto test : the goal is to secure a line, not a connection

Re:Cool. (1, Funny)

RazzleDazzle (442937) | more than 7 years ago | (#19292319)

Note: Did not RTFA

Does it work with wireless?

hrm... (0)

Anonymous Coward | more than 7 years ago | (#19291521)

wow, /.'d before the first post

dupe? (5, Informative)

roguegramma (982660) | more than 7 years ago | (#19291543)

Seems to me to be a dupe of http://it.slashdot.org/article.pl?sid=05/12/10/171 4256 [slashdot.org]

Re:dupe? (1)

rpp3po (641313) | more than 7 years ago | (#19291567)

Indeed. Read the comments of the old article to easily understand why this 'news' is not only no news but complete BS.

Well, yes, it *is* a dupe, but... (4, Funny)

Hobart (32767) | more than 7 years ago | (#19292041)

Seems to me to be a dupe of http://it.slashdot.org/article.pl?sid=05/12/10/171 4256 [slashdot.org]
...you have to understand, that when the algorithm was first published, Bruce Schneier roundhouse kicked it so hard it just completed its eighteen month trip around the sun, and arrived back at the frontpage.

--
Slashcode bug # 497457 - unfixed since December 2001 - Go look it up [sourceforge.net] !

Re:Well, yes, it *is* a dupe, but... (0, Redundant)

Nimey (114278) | more than 7 years ago | (#19292905)

Not true at all! Bruce roundhouse kicked it, but misjudged it so that it was going into the Sun.

Chuck Norris walked out to the Sun (without a spacesuit, of course) with plenty of time to spare, then roundhouse kicked the Solar System so that the algorithm made it back to where Bruce intended it.

Security through Lack of Reference? (2, Insightful)

vertigoCiel (1070374) | more than 7 years ago | (#19291555)

From what I can gather from the summary (the New Scientist domain seems to be blocked by the PRC to those in China, so I can't RTFA), the security of this lies in the fact that Eve cannot seperate the message from the inherent thermal noise of the channel. However, wouldn't she be able to decode the message by trial and error by hooking her own resistors? Surely she doesn't have to have identical resistance just around 10 or 100 Ohms of the average.

Could someone correct me if I'm wrong (which I think I am)?

Re:Security through Lack of Reference? (0)

Anonymous Coward | more than 7 years ago | (#19291597)

No, the security lies in the fact that one signal (an "intermediate" level of noise) is being used to encode two states (Alice|Bob = 01 or 10). For any given bit, Eve can't deduce which of the two it is, whereas both Alice and Bob know their own bit and thus can figure out the other's.

Practically speaking, Eve has to rely upon the fact that Alice's and Bob's resistors can't be identical, and hope that 01 and 10 produce measureably distinct values for the "intermediate" noise.

Re:Security through Lack of Reference? (1)

swimin (828756) | more than 7 years ago | (#19291947)

What I don't understand, Is why can't eve find out the approximate resistances of the two resistors, cut the wire, and transmit and record the message simultaneously. This requires eve to know the approximate resistances of the two resistors, instead of a key of indeterminate length as in standard cryptography.

Re:Security through Lack of Reference? (1)

neomunk (913773) | more than 7 years ago | (#19293185)

That is a 'man in the middle attack', and it is indeed vulnerable to that method.

Quantum cryptography is vulnerable too (1)

Myria (562655) | more than 7 years ago | (#19293699)

Even quantum cryptography is vulnerable to such an attack, so in this respect there is no loss with this resistor system. There is no true solution to the man-in-the-middle problem.

Re:Security through Lack of Reference? (2, Informative)

asuffield (111848) | more than 7 years ago | (#19293101)

Of course, there doesn't seem to be any reason to bother, because you can get exactly the same effect in software with a simple Diffie-Helman key exchange [wikipedia.org] (and that's probably more secure anyway, because it doesn't rely on the precision of hardware resistors). The essential security properties appear to be identical: a secure channel is established between two endpoints, but the identify of those endpoints is not authenticated in any way, so all you know is that you're securely talking to somebody.

In both cases, you can authenticate the endpoints by prior exchange of key material. I can't see why you would want to do this in complicated, strange hardware when you can do it perfectly easily in existing software. This is the method by which ssh operates, if you have validated the host key correctly, or SSL/TLS, if you have provided the appropriate certificates.

The point of quantum encryption was that we might someday be able to prove it cannot be broken, if we can show that quantum physics works how we think it does (we are uncertain whether Diffie-Helman can be broken, like all other modern cryptographic algorithms, and have no idea whether we'll ever be able to prove it secure). No such proof appears possible with this method.

Re:Security through Lack of Reference? (1)

Austerity Empowers (669817) | more than 7 years ago | (#19293679)

I bet if eve sent out her own noise, she'd be able to tell what resistors the other two where using by measuring the reflections and be reasonably undetectable while she did it. She might even be able to use the noise either person sent out to do the same thing and remain passive.

I always thought the value of quantum cryptography was that the states were truly discrete and impossible to measure without at the same time changing them and making the intruding presence known. The scary part about quantum crypto is that I personally don't understand quantum mechanics well enough to feel comfortable with it, and worse, I don't think quantum physicists really do either.

That said I can't RTFA because the server died...

Re:Security through Lack of Reference? (1)

26199 (577806) | more than 7 years ago | (#19291605)

It's a bitstream -- high/low resistance being one and zero -- and to get the message back you need to guess exactly the sequence of ones and zeros as Alice or Bob used.

If you guess the wrong sequence you don't get any indication that your guess was wrong -- you just get the wrong message. Similar idea to a one-time pad; if you use the wrong decryption key you can get any message at all with no indication that it wasn't the right message.

Re:Security through Lack of Reference? (0)

Anonymous Coward | more than 7 years ago | (#19291723)

Alice and Bob each have half the encryption info since they each created half of it. You, as the third party have none of the info, so you can have all the resistors you want, but it ain't gonna help you.

Not just a one-time pad? (0)

Anonymous Coward | more than 7 years ago | (#19291565)

It sounds like Alice and Bob need to coordinate in advance when they will use their low and high resistors. In which case, they're using a one-time pad and already secure.

Re:Not just a one-time pad? (1)

asobala (563713) | more than 7 years ago | (#19291575)

It sounds like Alice and Bob need to coordinate in advance when they will use their low and high resistors. In which case, they're using a one-time pad and already secure.

No. (rtfa?) It's very similar to quantum cryptography, just without the quantum.

Re:Not just a one-time pad? (0)

Anonymous Coward | more than 7 years ago | (#19291615)

In Quantum Cryptography, if there is an eves dropper, it is not possible for anyone to eaves drop. If some one broke the line and tried to eaves drip, it would be seen at the other end that something went wrong.

Now, how would that property be met in this cryptography?

When the bit is created, you have no info (1)

benhocking (724439) | more than 7 years ago | (#19291805)

When a bit is created, all the eavesdropper knows is that one person chose high-resistance and the other person chose low-resistance. Alice and Bob know this, too. However, since they know which setting they chose (or, more accurately, their computer does), it's a simple matter of deducing what setting the other person chose. For the eavesdropper to deduce what Alice chose, he has to know what Bob chose - but to deduce what Bob chose he has to know what Alice chose.

key distribution, not encryption (0)

Anonymous Coward | more than 7 years ago | (#19292195)

One thing to note is that the article is confusing. Another poster pointed out a link to the entry in Bruce Schneider's blog where he talks about this, and clears up this point: this algorithm doesn't transmit any information, like the article claims. It is used to make a random key for later use in a regular encryption algorithm. What was confusing me was that if Alice and Bob keep choosing random bits, there's no way to control the flow of information. The bits that are recognized as valid are when Alice chooses a 1 and Bob a 0, or Alice a 0 and Bob a 1. Either one can tell what happened, but only after they have made their choices. So this is only good as a mutual random number generator, which you could then use as a key for regular encryption. It could then be subject to any weaknesses in the encryption algorithm used (eg. if the encryption scheme could be easily broken by a quantum computer - or worse, by a classical computer using a known flaw - the ability to do key distribution would be useless).

The Schneider post also notes that this scheme is very bandwidth-limited; in the test system, the product of bandwidth times meters of wire between the two parties was about 2e6. So if you're a kilometer apart, you're limited to 2000 baud. If you're on opposite sides of North America, 1 baud. Bandwidth isn't so important if you're only using it for key creation/distribution, but this is still very limiting.

And, it is still not clear that there wouldn't be huge vulnerabilities in the scheme. One person here suggested that if Eve can place two taps and look at signal propagation on the line, she could determine who had the 1 or the 0. Someone else suggested the problem of man-in-the-middle attacks.

No - this is generating a one time.. (0)

Anonymous Coward | more than 7 years ago | (#19291641)

Alice and Bob choose randomly; no need to coordinate. They end up with a stream of shared random bits, generated when they choose different resistors from each other, which is more or less good enough to use as a one time pad (actually they should probably mix them a bit to avoid problems with their equipment).

Here's a schneier.com blog posting about this..

http://www.schneier.com/blog/archives/2005/12/tota lly_secure.html [schneier.com]

and another

http://www.schneier.com/blog/archives/2006/02/more _on_kishs_c.html [schneier.com]

Essentially this is about solving the problem that one time pads are very difficult to transport.

slashdotted. (0, Offtopic)

Js Eagle (1105471) | more than 7 years ago | (#19291587)

Looks like the site was already slashdotted :(

Seems too dependent on copper (0)

Anonymous Coward | more than 7 years ago | (#19291599)

Identical resistors of different resistances... I hope "identical" means "within 1%", because that's what you can actually buy (yes, I know there are 0.5% resistors, but they become 1% after you solder them). Also, temperature coefficients change a resistor's resistance (not much, but again, it depends on how identical this needs to be).

But most importantly, this dictates a copper connection between the sides; neither fiber optics, lasers, nor radio aren't going to support this. On top of that, a pair of wire cutters and a circuit board gets me a pretty successful man-in-the-middle attack, right?

Re:Seems too dependent on copper (1)

edwarddes (199284) | more than 7 years ago | (#19291755)

A .5% resistor is not all that impressive. Look at a the Susumo Co part number RG1005N-101-P-T1 which is a 0.02% 100 ohm resistor.
http://www.susumu.co.jp/english/pdf/products-j01-0 1.pdf [susumu.co.jp] for more info

Re:Seems too dependent on copper (0, Troll)

timmarhy (659436) | more than 7 years ago | (#19291837)

right because thats what they use in consumer grade $10 nic's, dumbass

Re:Seems too dependent on copper (0)

Anonymous Coward | more than 7 years ago | (#19292615)

Yeah, cause consumer grade equipment on hardware encrypted lines is what it's all about, dimwit.

Re:Seems too dependent on copper (1)

jointm1k (591234) | more than 7 years ago | (#19291861)

On top of that, a pair of wire cutters and a circuit board gets me a pretty successful man-in-the-middle attack, right?

So how do you know who is using which resistor?

man-in-the-middle vulnerability (0)

Anonymous Coward | more than 7 years ago | (#19292167)

1. Eve sets up communication with Alice and Bob, respectively posing as the other
2. In the random resistor-switching sequence, Eve uses her (4) resistors to establish a unique key to work with each party
3. Eve decrypts/encrypts the sent messages on the fly

-RJ

Re:man-in-the-middle vulnerability (1)

Garridan (597129) | more than 7 years ago | (#19292485)

There exist these little beasts called "variable resistors" which allow tuning down to hundredths of a percent. Now. However, let's make your job easy, and say that we'll restrict to integer-valued resistors between 1kohm and 2kohm. Alice and Bob have agreed upon one "low" resistor, and one "high" resistor. You've got a 1 in 1 million chance to correctly guess at their resistors. And you only get one guess: if you sit in the middle with the wrong resistors for even a few bits, Alice and Bob will know immediately that their line has been compromised, and cease transmission. Or worse, they'll send garbabe, that you won't recognize as such, and do some timing analysis which would reveal your exact location to their agents. Welcome to Guantanamo.

Re:Seems too dependent on copper (0)

Anonymous Coward | more than 7 years ago | (#19293529)

Does it matter who's using which? When they switch resistors, the man in the middle would be able to detect that a change had ocurred. So you know the exact number of bits, but not necessarily which represent 1 and which 0, yes?

But, wouldn't Bob-High and Alice-High represent, by the nature of this trick, 1 and 0 (or 0 and 1) respectively?

So you would inherently have two possible interpretations of the data, one correct and one directly inverted.

Seems to me that if you have 1000011001 and 0111100110 as your only two possiblities for what Bob and Alice are sending, and if they're not bothering with additional crypto...

Of course, IAALAM*, so take it with a grain of salt.

*I Am a Liberal Arts Major

PAIRS of resistors (3, Insightful)

Etherwalk (681268) | more than 7 years ago | (#19291919)

Identical pairs of resistors.

I read it the same way you did at first; it's poorly worded.

This sounds like it's someone trying to think outside the box, given a basic knowledge of quantum cryptography. "Well, what else sort of works like light polarization? What is there that, if intercepted, doesn't give the interceptor any more information than said polarization does in the case of quantum cryptography?"

Of course, one of the advantages of quantum is that you can Detect eavesdroppers, because if they listen to more than a few bits they flip more of your bits than probability would reasonably allow for. It isn't only about how much information the eavesdropper can obtain--it's about whether or not you'll realize they're there.

Google cache link: (0, Troll)

Anonymous Coward | more than 7 years ago | (#19291613)

cache [64.233.167.104]

Re:Google cache link: (1)

rustalot42684 (1055008) | more than 7 years ago | (#19292201)

That's not a cache, and it definitely NOT +1 informative. Goatse Troll!

It only works on a direct connection (2, Interesting)

Anonymous Coward | more than 7 years ago | (#19291643)

The system works because the sender and receiver have a direct electrical connection. If you have such a connection, that means that you have an unbroken wire between the two with nothing else connected to the line. You usually don't even get such a connection if you lease cables from the telephone company. The only way such a connection exists is if the wire is owned by the organization that employs the sender and receiver.

Under the conditions stated above, cryptography isn't very important. The most important thing is to ensure the physical integrity of the wire.

The cryptography isn't as unassailable as they think. Given two taps on the line, I can tell who switched which resistor when. For instance, if station A switches in a low resistance, the tap nearer to station A will detect the effect (low noise) of the switch first.

Maybe I'm missing something important but this idea doesn't seem as smart as they think it is.

So, hot tubes make for secure comms? (0)

Anonymous Coward | more than 7 years ago | (#19291707)

Heh.

Man in the middle (2, Insightful)

anwyn (266338) | more than 7 years ago | (#19291709)

This is a secure way to agree to agree on a one-time pad, or other key, but it is subject to man in the middle attacks. How does fred know that it is alice other end of the line switching resistors, or is it darth the man in the middle swiching resistors?

TFA (someone said it was /.'ed) (4, Informative)

milo_a_wagner (1002274) | more than 7 years ago | (#19291783)

SPYING is big business, and avoiding being spied on an even bigger one. So imagine if someone came up with a simple, cheap way of encrypting messages that is almost impossible to hack into? American computer engineer Laszlo Kish at Texas A&M University in College Station claims to have done just that. He says the thermal properties of a simple wire can be exploited to create a secure communications channel, one that outperforms quantum cryptography keys. His cipher device, which he first proposed in 2005, exploits a property called thermal noise. Thermal noise is generated by the natural agitation of electrons within a conductor, which happens regardless of any voltage passed through it. But it does change depending on the conductor's resistance. Kish and his collaborators at the University of Szeged in Hungary say this can be used to securely pass information, or an encryption key, down any wire, including a telephone line or network cable. In their device, both the sender Alice and the receiver Bob have an identical pair of resistors, one producing high resistance, the other low resistance. The higher the total resistance on the line, the greater the thermal noise. Both Alice and Bob randomly choose which resistor to use. A quarter of the time they will both choose the high resistor, producing a lot of noise on the line, while a quarter of the time they will both choose the low resistor, producing little noise. If either detect a high or a low amount of noise in the line, they ignore any communication. Half the time, however, they will choose differently, producing an intermediate level of thermal noise, and it is now that a message can be sent. If Bob turns on his high resistor, and records an intermediate level of noise, he instantly knows that Alice has chosen her low resistor, in essence sending a bit of information such as 1 or 0. Kish's cipher does this many times, sending a random series of 1s and 0s that can form the basis of an encryption key, the researchers say (http://www.arxiv.org/abs/physics/0612153). That message is also secure. For a start, as Kish notes, it takes an "educated eavesdropper" to even realise information is being sent when there seems to be just low-level noise on the line. If they do try to eavesdrop, they can only tell a message is being sent, not what it is, because it's impossible to tell whether Alice has a high or low resistor turned on, and whether the bit of information is a 1 or a 0. What's more, eavesdropping on the line will naturally alter the level of thermal noise, so Alice and Bob will know that someone is listening in. Kish and his team have now successfully built a device that can send a secure message down a wire 2000 kilometres long, much further than the best quantum key distribution (QKD) devices tried so far. Tests show a signal sent via Kish's device is received with 99.98 per cent accuracy, and that a maximum of just 0.19 per cent of the bits sent are vulnerable to eavesdropping. The error rate is down to the inherent resistance of the wire, and choosing a larger wire in future models should help reduce it further. However, this level of security already beats QKD. What's more, the system works with fixed lines, rather than the optical fibres used to carry photons of light at the heart of quantum encryption devices. It is also more robust, as QKD devices are vulnerable to corruption by dust, heat and vibration. It is also much cheaper. "I guess it's around a hundred dollars, at most," Kish says. "This is a system that should be taken seriously," says security specialist Bruce Schneier, who founded network security firm BT Counterpane. He says he was seduced by the simplicity of the idea when it was first proposed by Kish, and now wants to see independent tests of the working model. "I desperately want someone to analyse it," he says. "Assuming it works, it's way better than quantum."

Impossible in practise (0)

Anonymous Coward | more than 7 years ago | (#19291799)

"identical pair of resistors". Yep. Blows the whole method right there. Might as well have said "assuming perfect entropy quantum encryption"

Re:Impossible in practise (1)

Goaway (82658) | more than 7 years ago | (#19293521)

Maybe you should try to attack the actual method, and not the verbal description of it.

Already Broken (5, Informative)

Anonymous Coward | more than 7 years ago | (#19291845)

It can be attacked passively: http://arxiv.org/pdf/physics/0601022 [arxiv.org]

Re:Already Broken (1)

phage434 (824439) | more than 7 years ago | (#19293097)

Another example of fine high quality reporting by New Scientist. It's a shame to see a formerly somewhat respectable rag turn into this.

Re:Already Broken (1, Informative)

Anonymous Coward | more than 7 years ago | (#19293413)

Not only that but it was broken just a month or so after the initial announcement (which by the way was over a year ago).

Old news.

I'm always amazed by these people that make such outrageous claims like unbreakable encryption. Considering all the the bizarre stuff that has been done in breaking systems I can't imagine claiming something like this. There is always a way to break it, always. I imagine even quantum cryptography is breakable, that is if we ever get a practical system.

crappy crappy method (2, Informative)

timmarhy (659436) | more than 7 years ago | (#19291855)

This can only be applied where there's a direct electrical connection, hence ruling out it's usefulness in any real application. even IF this were applied via some software protocol it does nothing to validate that alice is actually alice and not the feds.

Speed of light? (3, Informative)

The New Andy (873493) | more than 7 years ago | (#19291889)

If you had two sniffing devices, one near Alice, one near Bob then I speculate that if the frequency of the devices is high enough then they will be able to tell who had which resistor active.

This reminds me of another crypto method where the receiver adds noise to the line. The theory is that they know what the noise is, so they can remove it, but Eve can't get it because she doesn't know what the noise was. It falls down under the same attack because the signal is only propagated at the speed of light, not instantaneously.

MOD PARENT UP (1)

Schraegstrichpunkt (931443) | more than 7 years ago | (#19293611)

Moderators: Please mod the parent post up. This attack obviously didn't get enough attention last time this technique was posted to Slashdot.

Digital communications (1)

aembleton (324527) | more than 7 years ago | (#19291967)

I haven't been able to read the article thanks to the /. effect. However; from the description of the article it seems to rely on analogue connection between two points. In reality how often does this happen these days? Surely most communications are digitised at some point where upon the effects of altering the resistance of the circuit will be removed or at least altered enough not to be useful. You could set up a physical circuit for secure communications, but then it would be possible to listen in using other techniques as a wire carrying a current emits an electromagnetic field which could be picked up. Like I said, I haven't read the article so maybe this is all explained in there.

Re:Digital communications (1)

Software Geek (1097883) | more than 7 years ago | (#19293719)

Ummm, in answer to your question... ALL telecommunications occur over analog connections. At the lowest, physical, layer of the protocol stack, physical devices send and receive analog signals as electrical pulses, light pulses, or radio waves. Higher levels of the protocol stack may be digital, but the lowest one is always analog.

That, of course, doesn't change the fact that attempting to encrypt the physical layer is just wrongheaded. Your communications are then only secure if you can arrange a secure physical link (In this case using copper wire!) for every hop. Much more convenient and reliable to encrypt a higher layer of the stack.

Alice and Bob should just get a room (4, Funny)

WhoBeDaPlaya (984958) | more than 7 years ago | (#19291995)

'nuff said :)

Re:Alice and Bob should just get a room (1)

AdamWill (604569) | more than 7 years ago | (#19293541)

I was thinking of asking someone to let me know where Alice, Bob and Eve all live. I just bought a job lot of cheap resistors on eBay and I need to unload 'em in a hurry...

split line in 2, pretend to be other party, repeat (0)

Anonymous Coward | more than 7 years ago | (#19292047)

So Eve cuts the link in two, and simulates Alice to Bob, and Bob to Alice. In this position, he knows perfectly well who is sending what, so can record whatever's sent.

There is no solution to man-in-the-middle (0)

Myria (562655) | more than 7 years ago | (#19293767)

There is no solution to the attack you're describing. Even quantum cryptography fails against this.

Random noise. (1)

Frozen Void (831218) | more than 7 years ago | (#19292071)

Why not use randomly generated numbers,and insert data into the stream using its own contents as location pointer?(which i did with some ciphers http://www.invisionplus.net/forums/index.php?mforu m=stormtower&showtopic=5 [invisionplus.net] )

Re:Random noise. (1)

Twinkle (84777) | more than 7 years ago | (#19292103)

Random or pseudo-random? If the latter, all the PRNG's I know of are far weaker than all the cipher algorithms I know of. There's probably a good reason why this idea isn't seen in commercially deployed secure solutions.

Re:Random noise. (1)

Frozen Void (831218) | more than 7 years ago | (#19292597)

From http://random.org/ [random.org] which is ok for expirementing i guess.For real-world applications,hardware RNGs are required.

Re:Random noise. (1)

Goaway (82658) | more than 7 years ago | (#19293559)

Anybody can create a cipher they themselves cannot crack. Did you do any real cryptanalysis of that system?

Is Schneier enough of an electrical engineer ? (4, Interesting)

udippel (562132) | more than 7 years ago | (#19292075)

... or better: is Kish any electrical engineer ?
To me, this whole matter with his formulae of the noise of a resistor is just hocus pocus; as much as the math is correct. But any reasonable electrical engineer knows these ...
What Kish rather seems to propose, is the injection of noise into a link; noise at two levels, nevermind if they are derived from a resistor, short-circuited or not, or any other noise generator.

Over. What he then says is the following:
If Alice sends high noise level ('H'), Bob will send low ('L') noise level; and vice versa.
The man-in-the-middle will have tri-state noise: LL,LH/HL,HH. LL and HH are out. The assumption in that paper, hidden behind a lot of barrage, is: LH and HL will appear identical to the eaves-dropper. Alice. however, when sending L, can pass an information quantum (since Bob will switch to H, knowing Alice sends L); while Alice sending H, Bob will switch to L, knowing Alice sends H).
The theory of Kish is, that Eve will have no clue if she intercepts HL or LH. Which only works in theory.
Because any electrical engineer deserving his title will tell you that those sources won't produce noise of identical spectrum in the first place. Therefore, the spectra will change, giving you a sequence of jumps. The maximum you have to do is toggling ... . Furthermore, if Eve1 and Eve2 listen in a distance of only a few meters, they can auto-correlate the signal(s) and find the direction from which it travels. No, that is even simple, because the levels - as we know - are H and L. So the autocorrelation of H can be found out without much ado; either H travels right-to-left or left-to-right. Voilà. L doesn't disturb the autocorrelation function. Along the line, any line, higher spectral components are reduced; another rule all electrical engineers know: any practical system is by default a lowpass. When Eve1 and Eve2 simply record the signal, close to Alice and close to Bob, they can find out where the higher spectral components are to be found. Meaning, the sender of H is known.

Much ado about nothing, me thinks ...

Re:Is Schneier enough of an electrical engineer ? (2, Insightful)

jmv (93421) | more than 7 years ago | (#19292429)

Furthermore, if Eve1 and Eve2 listen in a distance of only a few meters, they can auto-correlate the signal(s) and find the direction from which it travels.

Not even a need to auto-correlate. If you measure both the current and voltage in one point of the transmission line, you can figure out which way the signals are going. On top of that problem, I can't really see that method scale in the Gbps, while I can easily imagine the single-photon methods scaling that high.

Re:Is Schneier enough of an electrical engineer ? (1)

arnoldfrend (1108055) | more than 7 years ago | (#19292635)

Outstanding observations by the both of you. I believe there is an attack based on these considerations. As to jmv's thoughts on implementation, I don't think that it is meant to be used for actual message transmition. Complicated things like this can be useful for establishing a AES key or something more likely to facilitate transfers on the Gbps scale.

Re:Is Schneier enough of an electrical engineer ? (1)

bbhack (98541) | more than 7 years ago | (#19293313)

There is no signal, only noise. Noise has no direction if it is not due to EMI, inductive coupling, or such. This is noise at electron level, which is omidirectional, or adirectional if you prefer. The key is that the thermal noise is that type of noise.

Just a guess.

Re:Is Schneier enough of an electrical engineer ? (1)

Schraegstrichpunkt (931443) | more than 7 years ago | (#19293745)

Not unless Einstein was wrong.

Kish's system depends on Alice's actions having an effect on Bob. That effect is going to propagate---at most---at the speed of light.

The problem here is that Kish is an electrical engineer, rather than a physicist. As an engineer, he's used to throwing away unimportant details. The problem (which is a common problem among otherwise competent engineers who try to design cryptosystems) is that those "unimportant" details are exactly what an attacker is going to use to break your system.

This system was discussed on Bruce Schneier's blog [schneier.com] last year, and it should be looked at with a healthy dose of skepticism.

Re:Is Schneier enough of an electrical engineer ? (0)

Anonymous Coward | more than 7 years ago | (#19292437)

Alice. however, when sending L, can pass an information quantum (since Bob will switch to H, knowing Alice sends L)

While the rest of your post is mostly correct (someone else linked a study showing that by picking some off-center point of the wire, it's easy to determine the relative resistance of segment C-A and C-B, and thus determine who has which resistor) the purpose of the proposed technique was not to send information, but to create a set of random bits for encrypting information to send some other way. In other words, Alice doesn't "send" L, she's simply picking random resistances, and Bob doesn't switch resistors based on Alice's choice, he's also picking random resistances. When both people pick opposite resistances, no information is "sent", a bit of a shared key is created.

Re:Is Schneier enough of an electrical engineer ? (0)

Anonymous Coward | more than 7 years ago | (#19293723)

The system was already broken over a year ago. I have no idea why stuff like this makes the front page.

I love how they state conjecture as fact in the article title: Simple Comm Technique Beats Quantum Crypto

O RLLY?

What would this be good for? (2, Interesting)

grumbel (592662) | more than 7 years ago | (#19292077)

What would this or quantum cryptography be good for in practical terms? From what I understand they only work for a single connection, i.e. when Alice wants to talk to Bob they have to have a wire running from one to another. Which means that range is rather limited and it also means it would be easy to attack. Somebody could simply cut the wire and thus forcing Alice and Bob to fall back to other insecure means of communication or to not communicate at all.

Are there ways to use these secure channels to build a real redundant network where traffic could be rerouted when lines fail? Or would the routers end up being the weak spot? Making it just as insecure as every other network?

Are there any other types of uses where those connections might be useful or are they no more theoretical toys?

Re:What would this be good for? (3, Insightful)

evilviper (135110) | more than 7 years ago | (#19292401)

What would this or quantum cryptography be good for in practical terms?

Two offices, say, across town, that want to communicate very securely.

Somebody could simply cut the wire and thus forcing Alice and Bob to [...] not communicate at all.

When would that possibly be a problem? That would basically require some strange situation with a totalitarian government that wants to disrupt communications between two end points, but apparently doesn't actually want to get access to the unencrypted information itself.

If it's just some rival company trying to disrupt service, a line crew goes out, fixes the line, and they're back up and running before they even want/need to change the encryption key.

And what would be the point, since you could just as easily cut the other communications lines (eg. OC3s), the power lines, etc., etc.

Re:What would this be good for? (2, Insightful)

grumbel (592662) | more than 7 years ago | (#19292823)

### When would that possibly be a problem? That would basically require some strange situation with a totalitarian government that wants to disrupt communications between two end points, but apparently doesn't actually want to get access to the unencrypted information itself.

The point is: When I disrupt your valuable crypto channel long enough you simply can't use it and have to fall back to other means of less secure means of communication which I then can intercept.

### And what would be the point, since you could just as easily cut the other communications lines (eg. OC3s), the power lines, etc., etc.

Other lines of communication can be easily made redundant, since they don't have to directly go from A to B. They can take as many hops in between as they want and if somebody destroys a segment, the traffic can simply be rerouted around that destroyed segment.

Re:What would this be good for? (1)

Veinor (871770) | more than 7 years ago | (#19292701)

Actually, in quantum crypto, the only connection that couldn't be done over Ethernet would be the one where they agree on their key for their one-time pad. That one requires transmission of polarized photons, which obviously requires a special connection. After that, they can communicate using whatever method you feel like, using the generated key as a one-time pad. So cutting the connection after they've generated the bits from the photons doesn't prevent them from using those bits, just from generating any more.

Impenetrable == Unsinkable (4, Insightful)

MajorBlunder (114448) | more than 7 years ago | (#19292283)

The result could be an effectively impenetrable way of securing communications, possibly outperforming quantum cryptography keys.

When I read this, I had a flash back to a Dr. Who episode.(paraphrasing)

Army General: Trust me doctor this place is impenetrable.

Doctor: The problem with impenetrable is that it sounds too much like unsinkable.

Army General: Well whats wrong with that?

Doctor: Ask the passengers of the Titanic.

I always get a little bit itchy whenever people start throwing superlatives around like unbreakable, impenetrable, etc. Nature, Human ingenuity, or Human stupidity all have a nasty habit of proving us wrong.

Obligatory (1)

hcdejong (561314) | more than 7 years ago | (#19293371)

Inconceivable!

Re:Obligatory (1)

KillerBob (217953) | more than 7 years ago | (#19293907)

You keep using that word. I do not think it means what you think it means.

Not worth 2c of consideration (2, Interesting)

Anonymous Coward | more than 7 years ago | (#19292371)

FTA the reasoning is: "...

[a] it takes an "educated eavesdropper" to even realise information is being sent when there seems to be just low-level noise on the line.

[b] If they do try to eavesdrop, they can only tell a message is being sent, not what it is, because it's impossible to tell whether Alice has a high or low resistor turned on, and whether the bit of information is a 1 or a 0.

[c] What's more, eavesdropping on the line will naturally alter the level of thermal noise, so Alice and Bob will know that someone is listening in."

a.) is security-by-obscurity, so is b.); and we all know what to say about that little assertion.

c.) is simply rubbish, I can place a tap on the line with a high impedence buffer that will be indetectable to both Bob and Alice but which allows me to measure the noise and recover the signal.

Quantum encryption is quite different, the tap actually disrupts the signal so that both Bob and Alice know immediately they're being listened to even if though don't know how. This scheme seems to be arguing that Bob and Alice will hear the equivalent of clicks-on-the-line aka mid 20thC techniques and be able to deduce tapping. I don't think that's been possible since the digitization of the phone system during the 80's and 90's.

In fact, let's get serious. This guy is talking about "level of noise" aka amplitude modulation as used in AM radios, but using the background noise as the carrier signal. This as got more in common with steganography than quantum encryption.

QC is secure, this isn't (0)

Anonymous Coward | more than 7 years ago | (#19292631)

This protocol relies of the transmission of classical information Alice to Bob, stored in orthogonal states. These are always, from a quantum information theoretic standpoint, in principle distinguishable by an intermediate eavesdropper. Quantum key distribution protocols such as BB84 transmit information in non-orthogonal states, which can't be distinguished, and so they are unbreakable unless quantum mechanics is wrong.

So where's Ted and Carol? (1)

iminplaya (723125) | more than 7 years ago | (#19292777)

So a transmission hidden in noise is new again? Is this like a combination of stego and throwing out chaff to confuse the radar? It's what it sounds like to me. And not very efficient either. And just how precise do the resisters or the wire have to be? What happens over time as the characteristics of the wire and resisters change? And isn't random noise kinda quantum in a way? "What's more, eavesdropping on the line will naturally alter the level of thermal noise, so Alice and Bob will know that someone is listening in." emphasis mine.

Re:So where's Ted and Carol? (1)

gnasher719 (869701) | more than 7 years ago | (#19292987)

'' So a transmission hidden in noise is new again? ''

No, there is nothing hidden in the noise. What A and B and anyone listening in can measure is whether there is a small amount of noise, a medium amount of noise, or a huge amount of noise. There is nothing hidden in the noise. But if there is a medium amount of noise, then all I know as someone listening in is that one side sent a 0 and the other side sent a 1. I don't know _which_ side sent the 0 and which one sent the 1. A and B who were sending the data know of course what they sent themselves and therefore can figure out what the other side did. I can't.

All you need to do is find a physical effect where two sides A and B each produce an input of 0 or 1, and where you can find that one chose 0 and one chose 1, but not which one chose which. In this case, the effect is noise.

Re:So where's Ted and Carol? (1)

Goaway (82658) | more than 7 years ago | (#19293583)

Is this like a combination of stego and throwing out chaff to confuse the radar? It's what it sounds like to me.

Unfortunately, that says more about you than it says about this system.

Truthiness... (1)

Nezer (92629) | more than 7 years ago | (#19292879)

I haven't read the RTFA but I have a hard time seeing how this is possible:

In their device, both the sender Alice and the receiver Bob have an identical pair of resistors, one producing high resistance, the other low resistance.


Still, somehow, this passes my truthiness test.

Re:Truthiness... (0)

Anonymous Coward | more than 7 years ago | (#19293771)

No, you just have bad reading comprehension.

one time pad (1)

drDugan (219551) | more than 7 years ago | (#19292887)


This looks interesting, great. But as long as we're in the "what is better than what" game, how is this any better than one-time pad?

If you're going to go to the work of putting down a single, dedicated wire with two fixed endpoints - it would seem a lot easier for Alice and Bob to just meet, generate 2 identical random pads (with current disks, 1TB is easy) an then Alice and Bob communicate securely until they meet next. Done.

Seriously, what keeps an attacker from just cutting the wire? Poof! no more channel.

In OTP, losing the pad is always a problem, but in this case, the two-resistor fixed endpoint has to be secure too, as this is always where the messages are decrypted. The same level of security at the endpoint is required for both systems.

Beats quantum crypto... (3, Funny)

The Living Fractal (162153) | more than 7 years ago | (#19293099)

At being hyped beyond its true usefulness!

I belive congrats are in order.

TLF

Arguments from last time.. (1, Informative)

Anonymous Coward | more than 7 years ago | (#19293501)

Many holes were picked in this scheme last time it appeared on Slashdot (in 2005), and Laszlo Kish responded to some of the criticisms in this Web log comment thread [sooke.bc.ca] .

I just don't get it (1)

morcego (260031) | more than 7 years ago | (#19293819)

I have a real problem understanding all this. Maybe my knowledge of crypto is flawed (most likely), or I simply did not understand this technique.
Crypto, from my point of view, faces 2 main problems:

1) The safe transmission of the key
2) The computational power to encode/decode the message

Asymmetric cryptography solves the first problem, while with symmetric cryptography, the second problem is much smaller.

To "solve" both, we have things like what is used with HTTPS. You first use asymmetric to transmit a symmetric key (session key), which solve #1 but is computationally expensive, then use the session key (since #1 was solved), which is much less expensive. A pretty simple and intelligent way to do things.

Now the next barrier is to improve those algorithms, for both parts of the process (symmetric and asymmetric). As far as I know, there is where quantum crypto enters. Instead of using linear computation, you use quantum.

From what I understand, this technique is trying to replace the whole process, and not what quantum crypto proposes to do. Which is odd, since you will still have the first problem I've pointed out. After all, you still need a safe channel to transmit the key (what resistors do the other side use?). And, if you already have a safe channel, why do you need cryptography ?

Ok, so you have an expensive safe channel, just like you get with asymmetric crypto. Or a darn inconvenient one (someone with a briefcase blah blah). And the whole idea of using resistance/thermal is to have an analog (not digital) cryptographic method, which is naturally (due to its lack of discrete states) much harder to break. Is that the idea ?
Isn't quantum crypto also lacking of discrete states in the same way ?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?