Subliminal Channels In Digital Signatures -or- Why it's VERY Important To Verify Trustworthiness of Encryption Programs

Presented at DEF CON 12 (2004), Unknown date/time (Unknown duration)

A number of papers about a subliminal channel in the Digital Signature Algorithm were published more than ten years ago, allowing for communication through digital signatures in an undetectable manner. The subliminal channel is generally viewed as a method of legitimate but hidden communication, but it can also be used for leaking secret information (such as keys) in a undetectable way to anyone who knows what to look for. I will present on how this subliminal channel works, and demonstrate using a patched version of the GNU Privacy Guard how to use it for both benign and malicious reasons, both of which have little to no prior implementation in encryption programs.

Presenters:

• Seth Hardy
  Seth Hardy is involved in both research and implementation in the field of cryptology, both as part of a university research group and independently. His primary interest is the mathematics side of crypto, so he's been involved in a number of projects which involve translating new and better concepts from math into a working implementation in code. Seth has presented his work at a number of conferences, usually with his good friend Jose.

Similar Presentations:

• DeepSec 2017 „Science First!“ / Out-Of-Order Execution As A Cross-VM Side Channel And Other Applications
• DEF CON 12 (2004) / Subliminal Channels In Digital Signatures
• The Fifth HOPE (2004) / Making Use of the Subliminal Channel in DSA