Kleptography and covert channels. Meltdown and Spectre – an error, or a carefully prepared comunication channel?
The usage of cryptography for data protection has become a widespread phenomenon. However, in the hands of attackers, the same cryptography can become a dangerous tool. It can be misused and abused, as is the case with any tool or weapon. And the possibilities are going way beyond the current straightforward ransomware.
Attackers can install so-called covert channels which they can use to secretly steal sensitive information. This concerns physical devices as well as the mathematical algorithms themselves. The power of cryptography, the actual tool we use against hackers, is now on their side. Sophisticated and well-implemented covert channel is almost impossible to detect.
Can we somehow detect a malicious intent of a software or hardware vendor? Can we defend ourselves against these kinds of attacks? How far can the usual data loss prevention really go when facing the covert channels arsenal?
Jiří Pavlů
Holds a bachelor degree in mathematical methods of information security form MFF UK. He specializes in theoretical cryptography, especially on the security and usability of symmetric ciphers, and coding theory. He is a cryptologist of the competence centre of Raiffeisen Bank International group.
Tomáš Rosa
Holds Ph.D. in cryptology, his doctoral dissertation was awarded the Best Doctoral Work Award of the rector of ČVUT in 2004. He studied on FEL ČVUT and MFF UK in Prague. He deals with mathematical and physical methods of computer security, especially in embedded and radio applications. His work also improved a number of world-wide standards – TLS protocol, EMV scheme, Bluetooth, and GNSS. He is the chief cryptologist of the competence centre of Raiffeisen Bank International group.
Phone: +420 737 215 220
E-mail: