Schneier on Security
A blog covering security and security technology.
« Wired on Identity Theft |
| Diebold Opti-Scan Voting Machine »
June 29, 2005
Sandia's New Wireless Technology
When dumb PR agents happen to good organizations:
Sandia Develops Secure Ultrawideband Wireless Network
The newly developed ultrawideband network, said the researchers at Sandia, is compatible with existing Internet protocols, which means that current Internet applications will be able to use standard transmission techniques and even high-level encryption up to and beyond 256 bits....
The newly developed network, said the researchers, is compatible with existing Internet protocols, which means that current Internet applications will be able to use standard transmission techniques and even high-level encryption up to and beyond 256 bits, which is currently double the amount considered essential for secure Internet transactions.
Wow. 256 is a lot of bits. I wonder where they put them all.
Posted on June 29, 2005 at 12:54 PM
• 22 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Upto and beyond... what a quaint phrasing, isn't it usually either upto or beyond? It makes one wonder why they're so gung ho about 256 bits indeed.
And a 256 bit Caesar cipher or ROT256 still doesn't amount to much. It being a US govt. sponsored technology I'll assume for the moment they're talking AES256.
The article states:
"One level of protection is provided by encryption Latest News about encryption, said lab spokesperson Michael Padilla. Another comes from the fact that signals over ultrawideband wireless -- a next-generation communications technique that is based on transmitting short-duration pulses -- are difficult to distinguish from background radio frequency noise in general."
Security through "next-generation obscurity"...
Um... So they've developed a new network layer, below the IP level, which may or may not be secure... and you can use encryption over the top of it? Bravo, and this deserves recognition for its use of encryption why?
Can't you already use encryption over the top of TCP/IP anyway, or am I just imagining https, ssh,...?
The actual carrier that they are using is harder to detect and harder to jam. But won't it cause sporadic interference on large chunks of the "wireless" spectrum? That's going to be so nice for everyone in the area.
I have to admit that I love the complete cluelessness of the author. "There is no carrier" Surely without a carrier you can't have a signal. The fact that the carrier is spread over a wide range of frequencies and so is very low power at any given frequency does not make it less of a carrier does it?
Steganography and Wireless, soon in a WLAN near you?
The only thing below the IP layer (in a standard IP network) is the physical layer. It sounds to me like they've created a physical layer where the transmission of radio information is difficult to detect (at least according to them).
Yes, you're correct; you can encrypt IP.
Scratch the last comment; looking at RFC 793 and 2401, the correct responses are:
1) The protocol under the IP layer is the local network protocol.
2) You can encrypt (and authenticate) IP v4 or IP v6 via RFC 2401.
It sounds smackingly like frequency hopping. No carrier? Sounds like a phone modem hopped up on megahertz.
No, trust me, it does not have a carrier. Its does have some similarities to frequency hopping.
There is a fair bit of stuff out there if you google for ultra wideband.
without a carrier, you can still have a transmission. With a carrier signal, you need to detect the presence of the carrier frequence, lock onto it, and then depending on the type of transmisson, watch it's phase or its amplitude changes, or changes in frequency.
Spread-spectrum technologies work more or less "without a carrier". They dump small amounts of energy across a wide range of frequencies. Then, the receiver is watching the same wide range of frequencies, and separates the range into "buckets". If enough buckets are receiving energy, then it can assume that there's a signal there. Then the physical layer 1s and 0s can be combined using something like manchester encoding to provide actual logical bits (physical layer clocked at 2x the logical rate, with a logic change for every logical bit space, no intermediate change for 0s, and an intermediate change for 1s).
This is grossly oversimplified (because I only know the simplified version of how it works).
So, to me, it basically sounds like they're doing spread spectrum (nothing new), over a very wide frequency range, and tossing a layer of encryption on each "packet" of data that crosses the physical layer.
Perhaps it's more like frequency hopping for single sideband (ssb). Ssb doesn't use a carrier and one of its sidebands.
With frequency hopping, the carrier exists, but continually moves in a pattern. For some systems, it's sequential, others it's semi-random. Semi-random allows multiple devices to communicate at the same time, on the same range, with a low-likelyhood of stepping on each other. Redundancy is built in so that a fairly high number of "hops" can be squashed and the data still comes through.
With spread-spectrum, you generate a signal that contains a large number of frequencies simultaneously, but at a fairly low level.
By it's nature, an infinitely short duration impulse contains all frequencies from DC to Daylight (and beyond). Less ideal impulses contain less bandwidth (less HF and less LF energy).
"carrier" is being used in 2 different senses here.
There is the frequency that the baseband signal is being modulated to. That has to exist.
With spread spectrum you simply have lots of different frequencies that the signal is being modulated to simultaneously. with frequency hopping you have a single carrier that moves around (as has already been pointed out)
Then there is the question of whether or not energy is being output at that frequency.
You can output a "suppressed carrier" signal independant of the modulation used (SSB/DSB (single-side-band/double-side-band) or whatever).
As for the encryption, I'll just VPN/SSL over the top if I want security.
Here is the original press release from Sandia: http://www.sandia.gov/news-center/news-releases/...
Apparently, the interesting part is neither the usage of UWB, nor the possibility to use encryption, but the combination of UWB and AES-256 at the MAC or physical layer.
Yeah, that's where the mysterious 256 bit come from.
It seems that Wireless NewsFactor is afraid to overstrain their readers with complex abbreviations as AES. Even in the citation they replaced "combined with AES" with "combined with [encryption]". All in all, they rendered the news almost irrelevant.
Maybe the theory is that illiterate marketing folks re-write all your communications before they go over the air, making them totally unintelligible. ("Up to and beyond 256 bits..." reminds me of a meaningless advertising slogan that has been one of my pet peeves for more than 20 years, but it refuses to die: "Save up to 50% and more".) A second layer of security might involve an attorney.
You're describing a one-way hash, not an encryption algotithm.
It's impossible to recover the plaintext after marketers and lawyers have been at it.
Unfortunately it's not even a very useful hash because it's randomised by the marketer and redundant information is added by the lawyer.
@Thomas: I think you're neglecting that one particular area of expertise at Sandia is red tape, which anyone who has ever done business with the government will tell you is an inverse function for all marketing. I'm not sure how they're coping with the legal obfuscation, but while it seems intuitively obvious that there is no inverse function in this case, I don't think any mathematician has been brave enough to attempt a proof.
"Steganography and Wireless, soon in a WLAN near you?"
Yeah, it only works if you're browsing pr0n... now there's an encryption standard that would take off!
Davi I think you will find that the journo was trying to describe "Spread Spectrum Communications" (SSC) after it was explained to them by an "expert" (who probably did not understand it either or could not explain it)....
Of the two basic types of SSC it sounds more like direct sequence which uses DSBSC modulation (no-carrier) for the "spreading" code sequence (chip) modulation than frequency hopping which might or might not have a carrier depending on the data modulation technique (not the spreading code "chip" modulation technique).
It might also be a very bad discription of another CDMA or other pulse/time controled multiple access system.
Spread Spectrum has many advantages, one of which is that it will alow effective communications below the noise floor of a non coherant reciever. It will also allow the co-existance of disparat modulation systems in the same spectrum allocation.
It is the properties (amongst others) that makes 802.11 work (semi) effectivly in the congested 2.5Ghz Industrial Scientific and Medical (ISM) licence exsempt band which also has microwave ovens, car alarms, bluetooth, video links and all maner of other systems occuping it.
It just goes to show what happens when an "expert" tries to simplify things for a Journo who then tries to put it in a way we all understand ;)
Let's get the actual specs and check, you never know it might be new original and cute (to a technologist ;)
Call me kooky, but everytime I see the words "secure" and "wireless" in the same sentence in a positive meaning, I want to twitch. RF wireless is inherently insecure for the simple fact that anyone with the right equipment can listen to and record the broadcast. "Secure" networking should only be done over wires. This ensures a physical level of security where somebody has to actually intercept the wire to get at the signal. I know I know, there are applications (like the battlefield) where wireless networking is needed, and it needs to be as secure as you can make it. But people who are using it should be aware that by its very nature, a RF wireless network has a level of vulnerability not present in wired communication.
Although I'm reasonably familiar with DSSS (direct sequence spread spectrum) and frequency hopping SS, I didn't know much about UWB so I read up on it over the weekend. A couple of points which might help edify those also wondering.
By carrierless, they mean it quite simply in the regular sense; it's a baseband system. When you're not actually transmitting a "1" bit, the transmitter is not radiating any energy at all (modulo physical realisability). Practical duty cycles are on the order of half a percent for broadband systems, and much lower for tactical digital voice radios (one example I read about was for a duty cycle of 80 ppm).
It certainly isn't security by obscurity. Like DSSS and frequency hoppers, the system is keyed and obtains a "process gain" advantage against an opponent who does not know and cannot guess the keying sequence. The process gain represents the ratio of powers required to obtain equivalent performance for jamming, interception, or detection of the system. UWB achieves a process gain by dividing up each bit transmission period into many slices and concentrating the transmitted power into one of these (pseudorandomly selected) slices. For example, a system transmitting a 1.544 Mb/s T1 link (648 ns/bit) with a pulse width of 2.53 ns, would have 256 "slots" where each pulse could be transmitted. If each pulse slot is selected through a CSPRNG, then the opponent has no choice but to spread his jamming power over all 256--but the transmitter has concentrated all of its power into one slot, so if it had an average power of, say, 4 W, it is very briefly transmitting at 1 kW. Similarly an opponent trying to intercept a signal at the limit of interception will not know which slot to listen to, so he is forced to either listen to all 256 (thus getting 256 times as much noise energy), or risk listening to the wrong slot and missing it altogether.
The main interest in UWB arises from the fact that practically realisable process gains in simple, low cost transceivers seem to be much larger than practically realisable process gains from DSSS or frequency hopping. For UWB the process gain is approximately equal to the inverse of the duty cycle. So if you have a duty cycle of 0.39%, an opponent will require approximately 256 times as much radiated power to attain the same level of jamming effectiveness as he previously needed against a simple transmitter otherwise identical to yours (i.e. same average power output, same range, same antenna, same signal transmitted). Or alternatively, the maximum range at which he can jam you is reduced by a factor of 16 times. For the above mentioned tactical digital voice radio, the process gain is a power ratio of 12,500 times, or range ratio of 1/112 th -- an opponent who could previously jam me from, say, 10 km away, must now get to less than 100 m. By contrast civilian DSSS or frequency hoppers have process gains between about 10 and 64, while the best military systems are only about 1,000.
All three systems, through broadening their bandwidth, are also able to lower their spectral density, i.e. average transmitted power per Hz of bandwidth. This "loses the signal in the grass" (noise), making it much harder to even detect that a transmission is occurring. However it seems to me as though UWB, like frequency hopping, would not be as resistant to detection as DSSS is. In DSSS, the instantaneous power is spread over a wide bandwidth. In frequency hopping, only the average is, the instantaneous power is as high as usual. Thus if you merely wish to detect a frequency hopper and not intercept its whole signal, you need only listen to one of its frequencies; if you start getting bursts of power on that frequency roughly 1/(process gain) of the time, a frequency hopper is present. Similarly for UWB, you only need to concentrate on one of the time slices, when you keep getting pulses in it you know a UWB transmitter is present.
All of the above about jam resistance only applies if the opponent does not know the spreading code. If forced to use a public spreading code (as the FCC required for CDMA phones and 802.11 frequency hoppers), then it only applies to accidental interference, not deliberate jamming.
UWB has a couple of other advantages. Like both frequency hopping and DSSS, it allows multiple transceivers to share the same bandwidth, by using different spreading codes. And like DSSS (with very fast chipping rates) but unlike frequency hopping, it is also immune to most multipath interference, provided the path length variation is more than the speed of light x the width of a pulse (typically, just under 1 m). However some DSSS systems (CDMA) actually get ~improved~ signal strength through multipath interference, UWB is just immune to it.
Another advantage of UWB is that most of the work can be done in software. Unlike DSSS, the RF side of the system is relatively simple and can be shared by a variety of otherwise quite different systems. (In the past frequency hoppers also required some fancy RF circuitry, but with the rising prevalence of digital radio this is no longer the case.)
If you are interested in the more technical asspects of Ultra WideBand Signalling systems and how the fit within SS systems and other communications systems in general have a look at,
It is interesting to note that although the initial "magic" systems where (and still are) commercialy not realisable, the later OFDM systems are geared up and ready to run on a laptop or PC near you any time soon ;)
The developers obviously read: Garfinkel, S. (2002) Web Security, Privacy, and Commerce. 2edn. O'Reilly, United States of America. http://www.oreilly.com/catalog/websec2/index.html
p58: ``It should be pretty clear at this point that there is no need, given the parameters of cryptography and physis as we understand them today, to use key lengths that are larger than 128 bits."
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.