Question about the vulnerability of encryption

  • Thread starter Thread starter GTOM
  • Start date Start date
  • Tags Tags
    Encryption
AI Thread Summary
The discussion centers on the vulnerabilities of encryption, particularly regarding key interception. It highlights that while strong encryption is theoretically unbreakable, hackers can intercept keys during transmission, especially if they can access the communication channels, such as through wiretaps or by mimicking devices like surveillance cameras. Key distribution is identified as a critical weak point; using different methods for key distribution than for data transmission can enhance security. The conversation also touches on the potential of quantum internet technology, which offers secure communication by allowing users to detect eavesdropping attempts, although it remains costly and limited to point-to-point connections. Ultimately, while encryption protects data, if attackers can access information before or after encryption, they can still compromise security. The discussion concludes with the notion that attackers may not need to decrypt data but can instead send false data that is properly encrypted to mislead surveillance systems.
GTOM
Messages
966
Reaction score
67
I know, once a good encryption is properly established, the whole computing capacity of Earth couldn't crack it in reasonable time.
But could the hackers intercept the keys? For example, a surveillance camera communicating with a server through an optical cable, and the cable has an included wiretap like device from the very start. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesn't sound extremely hard. The opposite (key from camera to server) is more difficult, but not theoretically impossible is it?
They speak about uncrackable quantum internet, i don't know whether the costs of it is prohibitive in case of a minor system anytime soon. On the other hand, if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isn't it?
 
Technology news on Phys.org
GTOM said:
I know, once a good encryption is properly established, the whole computing capacity of Earth couldn't crack it in reasonable time.
Bribery/blackmail/torture is probably cheaper than cracking the crypto at this point. But who would do that?
 
GTOM said:
But could the hackers intercept the keys?
Yes. As far as I know, it's the easiest way to defeat encryption.
 
For data to be useful, it should be available in original form somewhere. A good encryption has only one meaning: it is already easier to crack that point (or: points) than bother with the encryption itself.
For common users the most commonly accepted encryption is adequate to provide this - since the average security of most systems are quite lacking.
 
  • Like
Likes Klystron
Obligatory XKCD on security:

security.png
 
  • Like
Likes nsaspook, jim mcnamara and m4r35n357
In my example, the server (that gets the data of cameras that monitor a city) is located in a secure building, so hit the head of the ones operating that isn't an option. Also that server surely don't have a basic windows firewall. Maybe bribery could help, but the goal is only to prevent tracking some persons.
 
GTOM said:
. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesn't sound extremely hard.
Key distribution is also a a well know weak point in many systems. Maximum security comes when you use a different means to distribute keys than the means used to send data. In your example, don't let the server send keys.
 
GTOM said:
But could the hackers intercept the keys? For example, a surveillance camera communicating with a server through an optical cable, and the cable has an included wiretap like device from the very start. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesn't sound extremely hard. The opposite (key from camera to server) is more difficult, but not theoretically impossible is it?

Most encryption that is in common use is based on asymmetric keys; the most famous example being RSA which is used for most data communication, The point here is that the key that is used to encrypt the information can NOT be used to decrypt the information and the two keys are only related via some really complicated mathematical relation or process (e.g factorising primes) which can only be done one way.
Hence, it does not matter if they see the key; they can't do anything useful with it.

They speak about uncrackable quantum internet, i don't know whether the costs of it is prohibitive in case of a minor system anytime soon. On the other hand, if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isn't it?

It is has been in commercial use for a few years but is still quite expensive (and currently it can only be used for point-to-point communication) . The point here is that the link itself is secure in that the users can immediately tell if someone is trying to eavesdrop in some way and can just discard that key.

There is course nothing preventing someone from accessing the information some other way. Encryption can obviously only protect encrypted data; if there is some way to get hold of the data before/after the encryption step then nothing helps.
 
  • Like
Likes GTOM
GTOM said:
[snip...]if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isn't it?
Ideally, the camera control network, camera software update channels, and maintenance networks are isolated and secured. Even small innocuous ports on servers in locked data centers are vulnerable to exploitation when the prize is worth the cost.

Consider advantages of separate secure networks for each facet of the configuration. End user camera data requirements should not define the command and control networks. Multiplexors and data routers require at least as much protection as the cameras and data servers. Inhibiting surveillance does not require hacking data channels. Redirecting raw video output also defeats encryption.
 
  • Like
Likes GTOM
  • #10
f95toli said:
Most encryption that is in common use is based on asymmetric keys; the most famous example being RSA which is used for most data communication, The point here is that the key that is used to encrypt the information can NOT be used to decrypt the information and the two keys are only related via some really complicated mathematical relation or process (e.g factorising primes) which can only be done one way.
Hence, it does not matter if they see the key; they can't do anything useful with it.
It is has been in commercial use for a few years but is still quite expensive (and currently it can only be used for point-to-point communication) . The point here is that the link itself is secure in that the users can immediately tell if someone is trying to eavesdrop in some way and can just discard that key.

There is course nothing preventing someone from accessing the information some other way. Encryption can obviously only protect encrypted data; if there is some way to get hold of the data before/after the encryption step then nothing helps.
Well, in order to fool surveillance, they don't need exactly to decrypt data.
Rather send false data with proper encryption.
 

Similar threads

The Feds Cracked El Chapo's Encrypted Comms Network By Flipping an Informant
Replies
2
Views
1K

Hot Threads

Recent Insights

Back
Top