Ed Gerck <[EMAIL PROTECTED]> writes:
> Each chip does not have to be 100% independent, and does not have to
> be used 100% of the time.
> Assuming a random selection of both outputs and chips for testing, and
> a finite set of possible outputs, it is possible to calculate what
> sampling ratio would provide an adequate confidence level -- a good
> guess is 5% sampling.

Not likely.

Sampling will not work. Sampling theory assumes statistical
independence and that the events that you're looking for are randomly
distributed. We're dealing with a situation in which the opponent is
doing things that are very much in violation of those assumptions.

The opponent is, on very very rare occasions, going to send you a
malicious payload that will do something bad. Almost all the time
they're going to do nothing at all. You need to be watching 100% of
the time if you're going to catch him with reasonable confidence, but
of course, I doubt even that will work given a halfway smart attacker.

The paper itself describes reasonable ways to prevent detection on the
basis of most other obvious methods -- power utilization, timing
issues, etc, can all be patched over well enough to render the
malhardware invisible to ordinary methods of analysis.

Truth be told, I think there is no defense against malicious hardware
that I've heard of that will work reliably, and indeed I'm not sure
that one can be devised.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to