Schneier on Security

...the guy was arretsed again and forced to pay the bill.

While looking for an English version of this article (without success) I found this gem (in English):
http://www.haaretz.com/hasen/spages/660712.html
"According to the police, the gang members used special welding equipment to break into businesses' safes and instruments used to jam cellular phones to neutralize alarms around the safes... The suspects were arrested two weeks ago, and allegedly caused damages totaling millions of shekels."

As Bruce suddenly gives me yet another reason to learn Hebrew....

This brings us back to the most simple of security lessons. No matter how great the technology is, there's usually a very simple way to defeat it. Of course, a proper risk assessment would've found that and they would've realised that the state should pay the phone bill.

@cyphertube

Erm, how about having the system poll periodically (say, every 1-2 hours) and if it's not heard from, send an officer? *I* don't want to pay the felon's phone bill, it's already cost enough to prosecute them.

...brilliant. :)

Since I cannot read Hebrew, I have a simple question.

Why not just unplug the phone line?

@Ralph

Even simpler. I like it.

@Preston

That's what I was thinking. Why didn't he just cut the line? It's the same as having the service shut off.

I'm not sure how leg-shackle phone devices typically work in California - but I heard of one guy who wanted to violate his home detention and attend a party at his buddy's house next door. So he brought his landline phone with him to the party - attached with a new 100 foot phone cord.

"he brought his landline phone with him to the party - attached with a new 100 foot phone cord"

Hey, if prisoners are expected to foot the bill (pun intended) for the communication link, then it should be common sense that market forces will lead them to easily defeat (pun not intended) or enhance the link. I am thinking a new wifi or even satellite shims are bound to be developed for the more affluent convicts. Maybe Martha already has one? If I can pay $200 to watch my home cable connection anywhere I can get the Internet...just imagine all the prisoners using Starbucks and other "hot-spots" as their new perimeter.

"Why didn't he just cut the line? It's the same as having the service shut off."

Ah, the old pull the plug method. That's what many people used to do with the satellite TV boxes that relied on a dial-tone to report usage. And if you pulled the plug at the right moment during the connect sequence the data was lost instead of cached...

While from a security point of view cutting the phone line or waiting for the service to be cut are almost the same (having the service cut off it slightly more risky, since you don't know if the state is going to catch on and get the phone turned back on). One is a whole lot easier to "talk your way out", if your found out.

Depending on the people involved another attack would be covering the shackle with tinfoil or leaving the area for short peroids of time, every now and then, staying at home, and see if either they start ignoring the system from false positives, or if they still get pinged if the phone is off the hook.

Being about to generate alarms at will and seeing the response is a powerful thing.
Yes, you do run the risk of them saying bugger it, and putting more security in....

Prehaps a better system is having the system call at random times, or have the shackle poll at some kind of hashed time (random from the prisoners point of view, but the main system knows when its meant to be called).

@cyphertube
man, what does it cost to have a phone over there? Your system needs it? Pay the damn phone bill. Turn off toll calls, sure as hell its better then the security not working, or, having to put more security in.

'Cut the line' etc.

Or why not have a buddy call your number, generating a busy signal, so the system can't dial in or out.

Good for occassional trips to the corner store!

What a joke! It is akin to a police asking a thief to stay put till the police finishes restroom break.

@Ravi Char

If you can hold him at home without an unacceptable risk to the public, then do so.

Its a trade off, and for most of the people the police drag in (at least in NZ - I haven't traveled much) it would work, and its cheap, and that does have a lot going for it.

yeah, the process has a bug :) - and that may need fixing.

"why not cut line":
maybe because that would be more illegal, sort of actively working around the system? Whereas not paying phone bills is just not paying phone bills.

If the legal system had any clue at all it would be part of the sentencing conditions that the prisoner has a working phone line. So getting the phone cut off or anything like that is good for a trip into real custody.

I'm not a fan of this - if you want a cheap legal system why not try rehabilitation rather than "community care". CC hasn't worked for the mentally ill and I can't see how it would work for criminals any better than simply a shorter sentence.

Yes there are probably numerous attacks possible on electronic home detention systems. But a significant point that people seem to have missed is that home detention is only used for relatively trusted minor offenders, more or less as a privilege. It is actually in the trustee's interest that the system (and trustee) continue to be trusted, since the alternative is real prison. Conversely a hardened or desperate convict will never be given this type of detention in the first place since he will simply cut the device off and run.

Having said that, it obviously shouldn't be TOO easy to circumvent since these people have demonstrated that they probably do succumb to temptation. This tends to mean the system should be at least tamper evident, should be randomly but frequently audited, and should be fairly sensitive to signal timings in order to make relay attacks hard. One type of signal which is very timing sensitive is GPS. However nowdays inexpensive microprocessor clocks are fast enough that it may be sufficient to simply measure the shackle's response time to a (cryptographic, replay resistant) signal from a fixed point. 0.1 microsecond resolution is easily achieved and at speed of light transmission will limit movement to a few tens of metres; this cannot be bettered by any form of relaying.

Example protocol: during idle time, the shackle increments a counter it shares with the base station, and does two encryptions of it with a 64 bit block cipher with two different keys. Periodically (perhaps once per second) the base station sends the first encryption as a challenge. If they match (initial comparison can be done in hardware), the shackle responds with the second encryption as fast as possible. If they don't match, the shackle decrypts the challenege to check if its counter has gone out of synch, and updates it if the difference is between, say, 0 and 100,000. Back at the base station, we simply record responses and response times for later audit, together with a MAC. Both devices erase keys upon detecting tampering.

I'm a techtard but a brilliant criminal, so forgive me if this is technically impossible: wouldn't it be simple to mimic the shackle's signal with another device, and leave it in the home while tiptoeing through the outside world with glee? The monitoring agent could even dial in regularly and "find" the convict "still at home". No?

if i were a criminal on home detention with an electronic shackle reporting on me through my phone line, and i wanted to go to a party, here's what i'd do:
i'd phone the microsoft help desk and leave the phone off the hook.
the robot would repeat the options over and over while i was out getting drunk!

@ Preston L. Bannister, et. al.

Why not disconnect the phone line? See:

@Roger
"It is actually in the trustee's interest that the system (and trustee) continue to be trusted"

Not paying the phone bill makes it "plausibly deniable" that the result was intentional. The article states this also.

Compare with some (partially) stenographic file systems....

Why not make a lot of very long phone calls -- innocently, of course -- to test the response to an unavailable line? If the system is tolerant of this, then simply call time-and-temperature, leave the phone off the hook, and come back tomorrow.

>>What a joke! It is akin to a police asking a thief to stay put till the police finishes restroom break.<<

Typically these are low risk prisoners who are very happy to be at home as opposed to prison. The last thing they want is to screw that up.

I'm guessing that the system already has a safeguard against cutting the phone line. I'm sure people have tried it before. That would explain why he let the phone company cut off his service. They are most likely different from a technical standpoint, not just a legal standpoint.

@ Blair "man, what does it cost to have a phone over there?"

The last time I was in Israel, putting in a phone line was a months-long undertaking involving a bureaucratic labyrinth that is unequalled by even our Federal Government here in the USA.

You'll have an easier time trying to run a dual OC3 to the middle of Yellowstone National Park than to undertake to get new residential phone service to an apartment in downtown Haifa.

Pay your own bill?

Sheesh. At least when the FBI puts a wiretap on your line, they take care of getting CallerID for you...

Since I don't know the details of how it checks that you're somewhere. What bout VOIP, ie. Vonage or Skype. You could take your Vonage router to anyone's house with broadband and presto you're "home". Furthermore you could use a WiFi service ( http://www.verizonwireless.com/b2c/promotion/... ) route your VIOP service through your laptop and you could be anywhere in the covered area.

Yes, this would require a laptop and somekind of powersupply, but you could run all of this equipment off your car's power.

I know that's probably a bit rambling, but it seems so easy to circumvent those precautions.

Since I don't know the details of how it checks that you're somewhere. What bout VOIP, ie. Vonage or Skype. You could take your Vonage router to anyone's house with broadband and presto you're "home". Furthermore you could use a WiFi service ( http://www.verizonwireless.com/b2c/promotion/... ) route your VIOP service through your laptop and you could be anywhere in the covered area.

Yes, this would require a laptop and somekind of powersupply, but you could run all of this equipment off your car's power.

I know that's probably a bit rambling, but it seems so easy to circumvent those precautions.

Why not just use a GSM modem in the base unit? GPS would be difficult to use, if the unit was in the house, but you could always keep track of what cell tower it is associated to. You could also just use it as a backup to the landline ("Hey, the landline went away!")

what happens if you just unplug the phone line. does it record and report after you replug in?