Question about the vulnerability of encryption

  • Thread starter GTOM
  • Start date
799
47
I know, once a good encryption is properly established, the whole computing capacity of Earth couldnt crack it in reasonable time.
But could the hackers intercept the keys? For example, a surveillance camera communicating with a server through an optical cable, and the cable has an included wiretap like device from the very start. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesnt sound extremely hard. The opposite (key from camera to server) is more difficult, but not theoretically impossible is it?
They speak about uncrackable quantum internet, i dont know whether the costs of it is prohibitive in case of a minor system anytime soon. On the other hand, if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isnt it?
 
654
148
I know, once a good encryption is properly established, the whole computing capacity of Earth couldnt crack it in reasonable time.
Bribery/blackmail/torture is probably cheaper than cracking the crypto at this point. But who would do that?
 

Ibix

Science Advisor
Insights Author
5,123
3,420
But could the hackers intercept the keys?
Yes. As far as I know, it's the easiest way to defeat encryption.
 
1,308
674
For data to be useful, it should be available in original form somewhere. A good encryption has only one meaning: it is already easier to crack that point (or: points) than bother with the encryption itself.
For common users the most commonly accepted encryption is adequate to provide this - since the average security of most systems are quite lacking.
 
799
47
In my example, the server (that gets the data of cameras that monitor a city) is located in a secure building, so hit the head of the ones operating that isnt an option. Also that server surely dont have a basic windows firewall. Maybe bribery could help, but the goal is only to prevent tracking some persons.
 

anorlunda

Mentor
Insights Author
Gold Member
7,106
3,909
. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesnt sound extremely hard.
Key distribution is also a a well know weak point in many systems. Maximum security comes when you use a different means to distribute keys than the means used to send data. In your example, don't let the server send keys.
 

f95toli

Science Advisor
Gold Member
2,924
416
But could the hackers intercept the keys? For example, a surveillance camera communicating with a server through an optical cable, and the cable has an included wiretap like device from the very start. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesnt sound extremely hard. The opposite (key from camera to server) is more difficult, but not theoretically impossible is it?
Most encryption that is in common use is based on asymmetric keys; the most famous example being RSA which is used for most data communication, The point here is that the key that is used to encrypt the information can NOT be used to decrypt the information and the two keys are only related via some really complicated mathematical relation or process (e.g factorising primes) which can only be done one way.
Hence, it does not matter if they see the key; they can't do anything useful with it.

They speak about uncrackable quantum internet, i dont know whether the costs of it is prohibitive in case of a minor system anytime soon. On the other hand, if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isnt it?
It is has been in commercial use for a few years but is still quite expensive (and currently it can only be used for point-to-point communication) . The point here is that the link itself is secure in that the users can immediately tell if someone is trying to eavesdrop in some way and can just discard that key.

There is course nothing preventing someone from accessing the information some other way. Encryption can obviously only protect encrypted data; if there is some way to get hold of the data before/after the encryption step then nothing helps.
 

Klystron

Gold Member
401
426
[snip...]if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isnt it?
Ideally, the camera control network, camera software update channels, and maintenance networks are isolated and secured. Even small innocuous ports on servers in locked data centers are vulnerable to exploitation when the prize is worth the cost.

Consider advantages of separate secure networks for each facet of the configuration. End user camera data requirements should not define the command and control networks. Multiplexors and data routers require at least as much protection as the cameras and data servers. Inhibiting surveillance does not require hacking data channels. Redirecting raw video output also defeats encryption.
 
799
47
Most encryption that is in common use is based on asymmetric keys; the most famous example being RSA which is used for most data communication, The point here is that the key that is used to encrypt the information can NOT be used to decrypt the information and the two keys are only related via some really complicated mathematical relation or process (e.g factorising primes) which can only be done one way.
Hence, it does not matter if they see the key; they can't do anything useful with it.



It is has been in commercial use for a few years but is still quite expensive (and currently it can only be used for point-to-point communication) . The point here is that the link itself is secure in that the users can immediately tell if someone is trying to eavesdrop in some way and can just discard that key.

There is course nothing preventing someone from accessing the information some other way. Encryption can obviously only protect encrypted data; if there is some way to get hold of the data before/after the encryption step then nothing helps.
Well, in order to fool surveillance, they dont need exactly to decrypt data.
Rather send false data with proper encryption.
 

Want to reply to this thread?

"Question about the vulnerability of encryption" You must log in or register to reply here.

Related Threads for: Question about the vulnerability of encryption

  • Posted
Replies
1
Views
1K
  • Posted
Replies
5
Views
448
  • Posted
Replies
2
Views
5K
  • Posted
Replies
7
Views
2K
Replies
6
Views
5K

Physics Forums Values

We Value Quality
• Topics based on mainstream science
• Proper English grammar and spelling
We Value Civility
• Positive and compassionate attitudes
• Patience while debating
We Value Productivity
• Disciplined to remain on-topic
• Recognition of own weaknesses
• Solo and co-op problem solving
Top