Beruflich Dokumente
Kultur Dokumente
Liviu Itoaf
Introduction
Kleptography Usage of subliminal channels Trojans; viruses; backdoored cryptographic algorithms Spying; tracking documents; tracking digital money Historical necessities and motivation Gus Simmons - The History of subliminal channels, 1998 Is it a bad thing ? Subliminal channel is not a covert channel Time-line analysis: quality or defect of DSA ?
Cryptographic context
Prisoners' dilemma (1984)
translated to an Alice-Bob problem
Correctness:
channel can be made public Subliminal channel usage cant even be detected
Application overview
Exploit broad- and narrowband channel OpenSSL 0.9.8r Applications:
Watermarking, leaking keys, spy networks, marking and tracking digital documents
Broadband channel
The simplest one: hide 160 bit message in random k Both communicators must know both private keys Generate keys $ ./crypto.exe --gen-keys Sign $./crypto.exe --sign-with-msg file prv_key.pem Verify signature $openssl dgst -dss1 -verify pub_key.pem -signature file.sig <file Extract message $./crypto.exe --get-msg file file.sig prv_key.pem
Narrowband channel
Eliminates impersonation issue Idea:
prime number p sharing Set k s that r is quadratic residue modulo p
Signing:
$./crypto.exe --sign-with-leak file rv_key.pem
Application description
2 parts: Broadband channel and 14-bit narrowband OpenSSL: pem, bn, and evp APIs Build: on Linux and Windows (Cygwin)
With static libcrypto.a or ssleay32.dll SSL rebuilt for debugging symbols
Limitations:
Risks for k not random or in narrow interval
Extract private key x OpenSSL bug on Debian OTP solution
Future work
Subliminal channels in visual cryptography Automatic checks for OpenSSL upgrades/vulnerabilities Minimize detection with a low rate of secret message Use improved quadratic residue algorithm Store generated keys in software containers (PKCS #12) Source code verifications: Leaks; keys in memory; core files Randomness for k parameter (achieved through scripts)
Conclusions
Application can be used as a good starting point If used correctly, the subliminal channels in DSA are completely stealth Schemes exist for preventing subliminal channels
Ideas by Yvo Desmedt and Gus Simmons Raise awareness (information theft) In some ways, cryptography is like pharmaceuticals. Its integrity may be absolutely crucial. Bad penicillin looks the same as good penicillin Philip Zimmermann
References
Xianfeng Zhao, Ning Li Reversible Watermarking with Subliminal Channel Tzung-Her Chen - A Novel Subliminal Channel Found in Visual Cryptography and Its Application to Image Hiding Gustavus J. Simmons The history of subliminal channels, EEE Journal (1998) Yvo Desmedt Abuses in Cryptography and How to Fight Them http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/ http://rdist.root.org/2009/05/17/the-debian-pgp-disaster-that-almostwas/ Bruce Schneier Applied Cryptography, 2nd edition, Wiley 1996
Happy signing!