Making Use of the Subliminal Channel in DSA

Presented at The Fifth HOPE (2004), July 10, 2004, 8 p.m. (60 minutes).

This talk will focus on one reason why it's extremely important to verify the trustworthiness of your encryption programs. A number of papers about a subliminal channel in the Digital Signature Algorithm (DSA) used by the United States Digital Signature Standard were published more than ten years ago. This channel allows for undetectable communication via digital signatures. The subliminal channel is generally viewed as a method of legitimate but hidden communication, but it can also be used for leaking secret information (such as keys) in an undetectable way to anyone who knows what to look for. This presentation will show how this subliminal channel works and demonstrate - using a patched version of the GNU Privacy Guard - how to use it for both benign and malicious reasons: legitimate communication using the subliminal channel, and leaking secret keys with each signature.


Presenters:

  • Seth Hardy
    Seth Hardy is involved in both research and implementation in the field of cryptology, both as part of a university research group and independently. Although he enjoys programming, his primary interest is the mathematics side of cryptography. For this reason, he's been involved in a number of projects which involve translating mathematical concepts and algorithms into working implementations in code. Seth has presented his work at a number of conferences, usually with his good friend Jose.

Links:

Similar Presentations: