D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Hardware Encrypted SD

 

On 30/11/13 01:27, John Allsup wrote:
> 1. Make sure it doesn't look like encrypted data. 1a. Consider
> steganographic methods of encoding data in a possibly custom
> variant of a FullHD video codec. 1b. Basically, you're looking for
> decisions between multiple valid choices that an encoder has to
> make, and then perturbing those decisions in a way that allows you
> to get your data back out, but otherwise means you just have a
> typical Youtube style video. 2. Hardware/software is a red-herring
> (at raw hardware level you have an encoded sequence of bits,
> between that and what you see on your computer are layers of
> algorithmic combinatorics that work the same whether done in
> hardware or software -- the only thing in hardware encryption is a 
> physics-derived source of random data, like what they do with the 
> Premium Bonds draw -- and that can be supplied from outside your
> storage mechanism anyway).
> 
> For serious encryption, also, you want your OS functionality to be 
> almost trivial.  Off the shelf is a no-go for this stuff, and
> possibly you need a few years serious research to figure out the
> details... that aside such things are possible in principle.
> 
> John


Now, you've definitely brought up a few interesting points in your
last couple of emails but I have bad news for you I'm afraid.

If you roll your own crypto, you are going to fail. And fail hard. If
you've recently won a Nobel Prize for mathematics recently I might
have to recant, but otherwise, you do NOT want to do this. The history
of cryptography is littered with the corpses of "good ideas".

No no no. Forget all your security through obscurity approaches: I
presumably don't need to tell you that isn't going to work. People
much cleverer than you and I are going to see through that very
quickly. The whole point of modern crypto is to exploit the inherent
properties of NP hard mathematical phenomena - yes, everybody knows
the principles of these systems but until somebody makes a true
general purpose quantum computer they remain effectively unbreakable,
unless you know a way around the second law of thermodynamics.

I don't know if you have much experience with modern tools such as
Encase and other law enforcement forensic toolkits - I do.
Steganographically concealed files jump out almost immediately, it's
hardly a new idea and we know how to look for the tell-tale signatures
of people trying to be clever. And I've got access at work to several
very big GPGPU clusters to make DIY-crypto advocates feel a lot less
clever very quickly.

Now I understand what you're saying - your reference to Go is
particularly interesting as I've recently been learning Arimaa* with a
couple of friends (I can play Go as well, although I do genuinely suck
at it!). Arimaa was developed by an AI specialist who was motivated by
the famous Kasparov/Deep Blue match-up to develop a chess variant that
wouldn't be as amenable to computer-based algorithmic processing as
the classic version, and to this date (it was only started in 2004 I
think) no computer has ever beaten a top player. There are certain
classes of problems that historically have been very unfriendly to
computers and I think that's what you're trying to get at: however
your window of exploitation by necessity is going to be limited.
Probably very limited, if you look at the sort of automated deep
learning that AI's are now capable of. See Google's advances in this
recently**, or the descendant of Deep Blue, IBM's Watson (which beat
the top human players at Jeopardy not long ago).

So while your approach is interesting, it will fail for all the usual
reasons. But thank you for playing.

Regards



PS> I have long been obsessed with chess (unlike Go, I'm pretty damn
good at it) and the Kasparov/Deep Blue facedown: so much so, that I
actually have an IBM RS6000 machine fully functional in my garage
rack. This is the same machine that a modified and not commercially
released version of in a 4-way SMP cluster actually comprised the
original Deep Blue. I'm the only person I know who thinks that that is
a good reason to spend that much money on Ebay buying vintage computers :]



* http://en.wikipedia.org/wiki/Arimaa
** http://www.theregister.co.uk/2013/11/15/google_thinking_machines/

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq