Question about the vulnerability of encryption

  • Thread starter GTOM
  • Start date
  • Tags
    Encryption
In summary, the wiretap could be used to intercept the keys, which would then be used to decrypt the data.
  • #1
GTOM
955
64
I know, once a good encryption is properly established, the whole computing capacity of Earth couldn't crack it in reasonable time.
But could the hackers intercept the keys? For example, a surveillance camera communicating with a server through an optical cable, and the cable has an included wiretap like device from the very start. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesn't sound extremely hard. The opposite (key from camera to server) is more difficult, but not theoretically impossible is it?
They speak about uncrackable quantum internet, i don't know whether the costs of it is prohibitive in case of a minor system anytime soon. On the other hand, if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isn't it?
 
Technology news on Phys.org
  • #2
GTOM said:
I know, once a good encryption is properly established, the whole computing capacity of Earth couldn't crack it in reasonable time.
Bribery/blackmail/torture is probably cheaper than cracking the crypto at this point. But who would do that?
 
  • #3
GTOM said:
But could the hackers intercept the keys?
Yes. As far as I know, it's the easiest way to defeat encryption.
 
  • #4
For data to be useful, it should be available in original form somewhere. A good encryption has only one meaning: it is already easier to crack that point (or: points) than bother with the encryption itself.
For common users the most commonly accepted encryption is adequate to provide this - since the average security of most systems are quite lacking.
 
  • Like
Likes Klystron
  • #5
Obligatory XKCD on security:

security.png
 
  • Like
Likes nsaspook, jim mcnamara and m4r35n357
  • #6
In my example, the server (that gets the data of cameras that monitor a city) is located in a secure building, so hit the head of the ones operating that isn't an option. Also that server surely don't have a basic windows firewall. Maybe bribery could help, but the goal is only to prevent tracking some persons.
 
  • #7
GTOM said:
. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesn't sound extremely hard.
Key distribution is also a a well know weak point in many systems. Maximum security comes when you use a different means to distribute keys than the means used to send data. In your example, don't let the server send keys.
 
  • #8
GTOM said:
But could the hackers intercept the keys? For example, a surveillance camera communicating with a server through an optical cable, and the cable has an included wiretap like device from the very start. Communication from server to camera should be minimal, so catch the data packet when the server sends the key doesn't sound extremely hard. The opposite (key from camera to server) is more difficult, but not theoretically impossible is it?

Most encryption that is in common use is based on asymmetric keys; the most famous example being RSA which is used for most data communication, The point here is that the key that is used to encrypt the information can NOT be used to decrypt the information and the two keys are only related via some really complicated mathematical relation or process (e.g factorising primes) which can only be done one way.
Hence, it does not matter if they see the key; they can't do anything useful with it.

They speak about uncrackable quantum internet, i don't know whether the costs of it is prohibitive in case of a minor system anytime soon. On the other hand, if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isn't it?

It is has been in commercial use for a few years but is still quite expensive (and currently it can only be used for point-to-point communication) . The point here is that the link itself is secure in that the users can immediately tell if someone is trying to eavesdrop in some way and can just discard that key.

There is course nothing preventing someone from accessing the information some other way. Encryption can obviously only protect encrypted data; if there is some way to get hold of the data before/after the encryption step then nothing helps.
 
  • Like
Likes GTOM
  • #9
GTOM said:
[snip...]if the wiretap can mimic the camera, or a maintenance personnel could access the memory of the camera somehow, the communication can be still hacked, isn't it?
Ideally, the camera control network, camera software update channels, and maintenance networks are isolated and secured. Even small innocuous ports on servers in locked data centers are vulnerable to exploitation when the prize is worth the cost.

Consider advantages of separate secure networks for each facet of the configuration. End user camera data requirements should not define the command and control networks. Multiplexors and data routers require at least as much protection as the cameras and data servers. Inhibiting surveillance does not require hacking data channels. Redirecting raw video output also defeats encryption.
 
  • Like
Likes GTOM
  • #10
f95toli said:
Most encryption that is in common use is based on asymmetric keys; the most famous example being RSA which is used for most data communication, The point here is that the key that is used to encrypt the information can NOT be used to decrypt the information and the two keys are only related via some really complicated mathematical relation or process (e.g factorising primes) which can only be done one way.
Hence, it does not matter if they see the key; they can't do anything useful with it.
It is has been in commercial use for a few years but is still quite expensive (and currently it can only be used for point-to-point communication) . The point here is that the link itself is secure in that the users can immediately tell if someone is trying to eavesdrop in some way and can just discard that key.

There is course nothing preventing someone from accessing the information some other way. Encryption can obviously only protect encrypted data; if there is some way to get hold of the data before/after the encryption step then nothing helps.
Well, in order to fool surveillance, they don't need exactly to decrypt data.
Rather send false data with proper encryption.
 

1. What is encryption and why is it important?

Encryption is the process of converting plain text into code to protect it from being accessed by unauthorized parties. It is important because it ensures the confidentiality, integrity, and authenticity of sensitive information.

2. How does encryption protect against vulnerabilities?

Encryption uses complex algorithms to scramble data, making it unreadable without the proper decryption key. This makes it difficult for hackers to access sensitive information even if they manage to intercept it.

3. What are some common vulnerabilities in encryption?

Some common vulnerabilities in encryption include weak encryption algorithms, outdated software, and human error. These can make it easier for hackers to access encrypted data.

4. How can encryption be made more secure?

To make encryption more secure, it is important to use strong encryption algorithms, keep software and systems updated, and regularly test for vulnerabilities. Additionally, implementing multi-factor authentication can add an extra layer of security.

5. Can encryption ever be completely secure?

No form of encryption is 100% secure, as technology and hacking methods are constantly evolving. However, using strong encryption methods and regularly updating security measures can greatly reduce the risk of vulnerabilities.

Similar threads

The Feds Cracked El Chapo's Encrypted Comms Network By Flipping an Informant
    • General Discussion
Replies
2
Views
1K

Hot Threads

Recent Insights

Back
Top