CSE 127: Lecture 15
The topics covered in this lecture are
extra credit project
Proofs of correctness for recursive algorithms require the use of
strong induction. See the quicksort code and the
By applying external radiation to some types of smartcards, it is
possible to change the stored key (in EEPROM cells) in a random way.
The change often is minimal, only one or two bits changed.
Furthermore, the affected bits will tend to reflect the charge leaking
from the EEPROM cell, i.e., ones will turn into zeros much more often
than the other way (exactly how the charge is interpreted depends on
the EEPROM cell design, so it may actually be zeros turning into
ones). This means that each application of external radiation is a
short random walk that is biased towards setting the key to all zeros.
By recording a plaintext/ciphertext pair at each stage, we can
determine if a guessed key is the same as the current key in the card,
even though the key is never divulged by the card's interface. We
simply run a software version of the algorithm with the guessed key
and see if the plaintext/ciphertext pair would match.
This means we can do a sequence of small-neighborhood searches, starting
backwards from the all-zeros key and search for the previous key.
If we irradiated the card too much, the number of changed bits will be
too large, and the neighborhood -- edit distance between keys -- will
be too large and the search ineffective. We may even destroy the card
and have to start from scratch.
If we apply DFA correctly, we should be able to extract the original
n-bit key with O(N2) work. This compares quite well with
O(2N) work for exhaustively searching the keyspace.
Download the DTA handout tarball.
Extract it and read the README file. This is due midnight
Friday, March 14.
These are links additional security-related information. Exploring
them is optional unless otherwise stated.
search CSE |
bsy's home page |
pgp certserver |
email@example.com, last updated Fri Mar 7 05:08:01 PST 2003. Copyright 2003 Bennet Yee.