Re: Random Data from Geiger Counter

New Message Reply About this list Date view Thread view Subject view Author view

Michael Paul Johnson (mpj@ebible.org)
Tue, 07 Jul 1998 12:24:06 -0600


At 08:54 AM 7/7/98 -0700, bill.stewart@pobox.com wrote:
>>>I'm not convinced this is true: I can't influence the way a sample
>>>decays, but surely I can inject my own alpha/beta/gamma particles into
>>>the system at predictable moments? I'm not saying this is cheap or easy,
>>>but surely possible.
>>
>>This would be essentially impossible to do without being detected, because
>>the equipment needed to do so would have to be both large and near the
>>detector. Not only that, but it would be essentially impossible to
>
>The folks who run a large radioactivity source about 93 million miles away
>might disagree on the need for nearness, though their source is
>relatively detectable :-)

Detectable, yes, but not a threat to such a random number generator because
it is relatively weak in ionizing radiation measured on Earth, compared to
a nearby sample that is much weaker in absolute terms -- and therefore not
accurately measurable to a remote party like ionizing radiation from the
sun might be.

>Unless your target has a physically secure environment,
>which most people's houses and laboratories aren't, it doesn't take
>a cyclotron to add some extra radioactivity near the detector,
>just a bit of radioactive material. If you can't blackbag a radioactive
>source into the detector itself, you can send radioactive paper mail,
whether
>junk mail for the wastebasket or free samples of yellow sticky notes.

The point is not in just raising the background radiation level. That is
admitedly easy. It is in controlling the timing of the radioactive pulses
in such a way as to skew your random numbers (and therefore cryptographic
keys). You can't do that by simply placing radioactive material near the
detector, unless you put enough there to totally saturate the detector
(which hostile act is easily detectable with a sanity check on the detector
output).

Assuming for the moment that an adversary is likely to vary the ambient
background radiation by adding or removing radioactive material, then a
simple countermeasure is to simply derive random numbers from the bits like
the hotbits site does. Because the bits are determined by the relative
timing of sequential pulses, and not by the average pulse rate, the quality
of random numbers is unaffected by the average radiation flux. (The useful
bit rate may increase if you send me radioactive free samples, though.)

Now, assume an attack with a pulsed x-ray source. There will still be
background radiation pulses that were not generated by the external source.
Therefore, all I need to do is hash the output of my bit generator and make
sure that I take no more bits out than what I expect to be good based on my
background. This would be sufficient to overcome this attack.

Those two attacks now taken care of, I can concentrate on the real threat
and increase physical security of the generator.


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:11 ADT