Presented at Kiwicon X: The Truth is In Here (2016)
Nov. 17, 2016, noon
It's been known for some years now that encryption can be highly susceptible to fault attacks in which a memory or CPU glitch leads to a catastrophic failure of security. These types of faults occur mostly in conference papers, but there's one situation in which they're expected as part of normal operations: When the crypto is operated in a high-radiation environment like a nuclear reactor. This talk looks at the effects of radiation on computer security mechanisms (and computers in general), and outlines means of protecting crypto in environments where you need to expect data and computation results to modify themselves at random. Anyone planning to have children in the future should avoid sitting in the first two rows during the demo.
Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit, "Cryptographic Security Architecture: Design and Verification" (Springer, 2003), and a perpetually upcoming book on security engineering. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.