Question about the vulnerability of encryption

  • Thread starter Thread starter GTOM
  • Start date Start date
  • Tags Tags
    Encryption
Click For Summary

Discussion Overview

The discussion revolves around the vulnerabilities of encryption, particularly in the context of key interception and the potential for hacking surveillance systems. Participants explore various scenarios involving encryption methods, the security of data transmission, and the implications of physical access to devices.

Discussion Character

  • Debate/contested
  • Technical explanation
  • Conceptual clarification

Main Points Raised

  • Some participants assert that once a good encryption is established, it is theoretically unbreakable by computational means, but they question the security of key distribution.
  • There is a suggestion that intercepting keys is a feasible method for hackers to defeat encryption, particularly through physical means such as wiretaps.
  • One participant notes that key distribution is a known weak point in many systems and proposes using different methods for key distribution than those used for data transmission.
  • Another participant explains that common encryption methods, like RSA, rely on asymmetric keys, making it difficult to utilize intercepted keys effectively.
  • Concerns are raised about the potential for physical access to devices, such as surveillance cameras, which could allow for data manipulation or interception outside of encryption vulnerabilities.
  • Participants discuss the concept of a quantum internet, noting its potential for secure communication but also its current limitations and costs.
  • There is mention of the possibility of sending false data with proper encryption as a means to deceive surveillance without needing to decrypt actual data.

Areas of Agreement / Disagreement

Participants express a range of views on the vulnerabilities of encryption, particularly regarding key interception and physical access to devices. There is no consensus on the best methods for securing communication or the effectiveness of current encryption practices.

Contextual Notes

Participants highlight various assumptions regarding the security of encryption methods, the effectiveness of physical security measures, and the implications of different encryption technologies. Limitations in the discussion include the dependence on specific definitions of security and the unresolved nature of key distribution methods.

GTOM
Messages
982
Reaction score
68
I know, once a good encryption is properly established, the whole computing capacity of Earth couldn't crack it in reasonable time.
But could the hackers intercept the keys? For example, a surveillance camera communicating with a server through an optical cable, and the cable has an included wiretap like device from the very start. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesn't sound extremely hard. The opposite (key from camera to server) is more difficult, but not theoretically impossible is it?
They speak about uncrackable quantum internet, i don't know whether the costs of it is prohibitive in case of a minor system anytime soon. On the other hand, if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isn't it?
 
Technology news on Phys.org
GTOM said:
I know, once a good encryption is properly established, the whole computing capacity of Earth couldn't crack it in reasonable time.
Bribery/blackmail/torture is probably cheaper than cracking the crypto at this point. But who would do that?
 
GTOM said:
But could the hackers intercept the keys?
Yes. As far as I know, it's the easiest way to defeat encryption.
 
For data to be useful, it should be available in original form somewhere. A good encryption has only one meaning: it is already easier to crack that point (or: points) than bother with the encryption itself.
For common users the most commonly accepted encryption is adequate to provide this - since the average security of most systems are quite lacking.
 
  • Like
Likes   Reactions: Klystron
Obligatory XKCD on security:

security.png
 
  • Like
Likes   Reactions: nsaspook, jim mcnamara and m4r35n357
In my example, the server (that gets the data of cameras that monitor a city) is located in a secure building, so hit the head of the ones operating that isn't an option. Also that server surely don't have a basic windows firewall. Maybe bribery could help, but the goal is only to prevent tracking some persons.
 
GTOM said:
. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesn't sound extremely hard.
Key distribution is also a a well know weak point in many systems. Maximum security comes when you use a different means to distribute keys than the means used to send data. In your example, don't let the server send keys.
 
GTOM said:
But could the hackers intercept the keys? For example, a surveillance camera communicating with a server through an optical cable, and the cable has an included wiretap like device from the very start. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesn't sound extremely hard. The opposite (key from camera to server) is more difficult, but not theoretically impossible is it?

Most encryption that is in common use is based on asymmetric keys; the most famous example being RSA which is used for most data communication, The point here is that the key that is used to encrypt the information can NOT be used to decrypt the information and the two keys are only related via some really complicated mathematical relation or process (e.g factorising primes) which can only be done one way.
Hence, it does not matter if they see the key; they can't do anything useful with it.

They speak about uncrackable quantum internet, i don't know whether the costs of it is prohibitive in case of a minor system anytime soon. On the other hand, if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isn't it?

It is has been in commercial use for a few years but is still quite expensive (and currently it can only be used for point-to-point communication) . The point here is that the link itself is secure in that the users can immediately tell if someone is trying to eavesdrop in some way and can just discard that key.

There is course nothing preventing someone from accessing the information some other way. Encryption can obviously only protect encrypted data; if there is some way to get hold of the data before/after the encryption step then nothing helps.
 
  • Like
Likes   Reactions: GTOM
GTOM said:
[snip...]if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isn't it?
Ideally, the camera control network, camera software update channels, and maintenance networks are isolated and secured. Even small innocuous ports on servers in locked data centers are vulnerable to exploitation when the prize is worth the cost.

Consider advantages of separate secure networks for each facet of the configuration. End user camera data requirements should not define the command and control networks. Multiplexors and data routers require at least as much protection as the cameras and data servers. Inhibiting surveillance does not require hacking data channels. Redirecting raw video output also defeats encryption.
 
  • Like
Likes   Reactions: GTOM
  • #10
f95toli said:
Most encryption that is in common use is based on asymmetric keys; the most famous example being RSA which is used for most data communication, The point here is that the key that is used to encrypt the information can NOT be used to decrypt the information and the two keys are only related via some really complicated mathematical relation or process (e.g factorising primes) which can only be done one way.
Hence, it does not matter if they see the key; they can't do anything useful with it.
It is has been in commercial use for a few years but is still quite expensive (and currently it can only be used for point-to-point communication) . The point here is that the link itself is secure in that the users can immediately tell if someone is trying to eavesdrop in some way and can just discard that key.

There is course nothing preventing someone from accessing the information some other way. Encryption can obviously only protect encrypted data; if there is some way to get hold of the data before/after the encryption step then nothing helps.
Well, in order to fool surveillance, they don't need exactly to decrypt data.
Rather send false data with proper encryption.