[145824] in cryptography@c2.net mail archive
Re: Randomness, Quantum Mechanics - and Cryptography
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Sep 7 15:20:24 2010
Date: Tue, 7 Sep 2010 15:18:21 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: John Denker <jsd@av8n.com>
Cc: Marsh Ray <marsh@extendedsubset.com>, Jerry Leichter <leichter@lrw.com>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>
In-Reply-To: <4C868AD9.9000807@av8n.com>
On Tue, 07 Sep 2010 11:56:25 -0700 John Denker <jsd@av8n.com> wrote:
> The true noise level depends only on gain, bandwidth,
> temperature, and resistance. Blasting the system
> with RF will not lower the temperature, so that's
> not a threat.
One could, however, run the card one is trying to attack under reduced
temperature and hit it with RF at the same time.
The question is, can you make it more expensive to do that than to,
say, buy a new parking card or whatever else the smart card is being
used for. If the attack is fairly cheap and repeatable and yields
something reasonably valuable, you have a problem. If you can make the
attack expensive and only yield something cheap, you're doing well.
> So unless you have a scenario where
> the RF lowers the resistance, lowers the gain,
> and/or lowers the bandwidth
> _in a way that the calibrator cannot detect_
Don't assume, though, that the attacker can't lower the temperature in
most of the circuit, keep the tiny thermometer you included at room
temperature, and inject RF at the same time. Don't even assume they
will need to rip the device apart to do it. The only question is, can
you make it expensive enough to succeed to protect what you're trying
to protect.
Perry
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
