Schneier on Security

Maybe you already know this?

http://www.heise.de/english/newsticker/news/96107

Well written! I get questions about Anonymity vs. privacy all the time. What actually surprised me by this published list was the number of government agencies that actually use Tor. Roger Dingledine spoke at Blackhat 2007 about these groups using Tor.

Two corrections: India's not a third world country, and AOL released 20 million queries, not 20,000.

Great article again, though.

This is exactly why such hacking tools (which are overwhelmingly used by terrorists, communists, criminals and Linux "enthusiasts") must immediately be banned. Those using them sentenced to the harshest possible sentances, up to and including the death penalty. Nothing is more important than the safety of my family!!

This is extremely cogently explained in this wonderful article

http://www.shelleytherepublican.com/2006/07/03/americans-demand-justice-tougher-sentencing-for-hackers.aspx

These so called Poxie Servers have the ability to bring down our Great Country and even spread disgusting lies and photos about our Great President, as unquestionable authorities such as Bill O'Reilly have attested. We should be vigilant about the threat they pose!

http://www.shelleytherepublican.com/2007/07/31/poxie-servers-the-destruction-of-americawithout-a-trace.aspx

I hope our God-fearing CIA and NSA can spy on these terrible satanists and send them of to Guantanamo Bay until they learn themselves how we do things in a good ol'fashioned Free Country.

http://www.shelleytherepublican.com/2006/05/17/domestic-spying-keep-your-eyes-open-a-patriots-duty.aspx

Freedom isn't Free! Let's ban Tor before the loonie liberals decide to use it for their next protest march or anti-Diebold anti-America jihad.

Sorry, but in terms of the level and spread of poverty and levels of illiteracy, India very much -is- a third world country. I look forward to the day when this sort of article is of historical interest only:

http://www.rediff.com/india60/2007/sep/18india60.htm

Aside from the fact that a person who wants to hide *something* is going to wind up hiding everything by using Tor, that's a lousy assumption that everybody who uses Tor is hiding something. In short, there is going to be a lot on Tor that nobody particularly wants to hide.

"If you want it to be authenticated, you need to sign it as well."

Authenticated anonymous messages; there is a concept for you. :-) Makes the onion analogy even more apropos.

@True Patriot, Normally I would not even acknowledge such close-minded ranting, but your religious republican stereotype is so thick, it must be satire. If so, nicely over-done. If you're serious, then may your God help us all. (I refuse to click your links to find out.)

Shelley The Republican is sarcasm, dude. 20 seconds on the site should tell you that. Parody. Go figure.

Years and years before the Tor network, there was the anonymous remailer network which worked more or less following the same rules. So the problem is not new. You can sniff unencrypted traffic before and after. You can even do traffic analysis without even knowing what is the information you are looking at (time stamps, volume, etc..)

I think people tend to forget a crucial point. These anonymity networks are interesting because even if some nodes are compromised (think 3-letters US agencies running a few servers), they still work as intended.

AOL made 20'000 search queries public?

No! They made 36'389'629 queries public!

"And perversely, the very fact that something is on the Tor network means that someone -- for some reason -- wants to hide the fact he's doing it."

While that's technically true, you imply that someone is doing something he shouldn't be. Personally, I use Tor because I don't want anyone to know what I'm doing while I'm readding Slashdot articles. That's hardly nefarious. It's simply an expression of my right to privacy (of which simple source anonymity is an element, even without end-to-end encryption).

Another interesting note, Tor has a very significant weak point in traffic analysis. If you're following a trail of packets to a Tor end-point, you can continue to follow that trail through the Tor network by looking for matching traffic patterns at the various ISPs allowing the route. And since Tor usually only hops traffic 3-4 times, it's not a long trail. Of course, you'd have to be an organization capable of obtaining that data from ISPs, but it's still worth noting.

Don't forget DNS leaks, peeps. Tor will leak the hostnames you resolve to your DNS server. Anyone sniffing on that segment can see what hosts your going to.

@Michael, ""And perversely, the very fact that something is on the Tor network means that someone -- for some reason -- wants to hide the fact he's doing it."

While that's technically true, you imply that someone is doing something he shouldn't be."

Actually the base quote is not even true. All that can be inferred is that the user wants to hide something, not necessarily that he wants to hide everything sent through Tor. This could be motivated by a desire to make traffic analysis even slightly more difficult.

Personally I have considered sending all my traffic through Tor even though 90% or more isn't anything I care about hiding. If I send only that which I care about hiding through Tor, it is easy to infer how much traffic I consider important to hide. I'd prefer to avoid even that information leakage.

Another point, it is unclear that the reason for using Tor is really anonymity, because the other end of the communication may be aware of the user identity (hence the oxymoronic signed anonymity). It seems that many users may be most concerned about preventing eavesdropping and traffic analysis, in other words confidentiality.

This whole area rubs up against another concept that I find interesting, which is anonymous trust. Can you establish trust with an anonymous counterparty? There are some situations in which an anonymous financial transaction might be desired by at least one party, but since financial transactions depend on mutual trust this creates an interesting challenge. Any thoughts?

"The fact that most of the accounts listed by Egerstad were from small nations is no surprise; that's where you'd expect weaker security practices."

I'm curious about this conclusion. Why is it an expectation that security practices would be weaker in a specific geographical/political region? Isn't this something that comes with institutional policies, personal preference, individual user training, etc? Or is the assumption that a smaller nation has a lesser need to practice good security, because the information it cares to transmit isn't as sensitive?

Now, as before, The Government (whether U.S.A., U.K., *stan, ...) has a hand in all of the so-called anonymizing networks. Ultimately, there is no anonymity on the Internet although there can be a degree of privacy.

Even for less important things like comments to Mr. Schneier's blog: If he cares, he can easily figure out who I am, even if I try to pretend my posts are "anonymous."

@Chris

Security is a product. Like most products (in general) you get what you pay for, and the better it is, the more it costs. Smaller and poorer countries have less money to spend, so cannot afford the kind of security that larger and richer countries can purchase.

Wether or not that's true, I don't know. But I would guess that's the line of reasoning behind the statement.

@Anonymous: Tor does not leak DNS queries. If you use SOCKS4A, DNS queries are tunneled through Tor. See http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-e0b83d1dae14b598d805a972c1e9b07f717a9be1 for details.

@DZG: Yes and no.

If you only look at software, you get the best security without paying anything. Using OpenSource software costs nothing and you can even verify the security software does what it claims to do.

Considering the whole cost, you normally must pay somebody to implement your security system. THAT is the big cost factor.

@Nyhm

I looked at the site that @True Patriot posted and at first I thought it was a big joke, but then I started to read the comments that people were leaving on the site's posts and I got a sick feeling that this person really things this way.

The real question is;
What is the context of the data you are sending?
And
Will the data be of interest to anyone listening?

Tor is not a security solution just a transport mechanism.

Having faith that ANY network is secure or anonymous is foolish. Even trusted solutions have bugs and hacks that compromise their user's security and anonymity.

"Shelley The Republican is sarcasm, dude. 20 seconds on the site should tell you that. Parody. Go figure."

That is really open to debate. Spend a little while listening to RW talk radio or watching Fox News and you'll get exactly this sort of ignorant, self-righteous, vicious fanatics and there's nothing at all sarcastic about it.

That problem is exactly why JAP exists (now also a commercial product under the name JonDo (in the interest of full disclosure, I'm one of the main developers of JonDo).

Like Tor, JAP/JonDo anonymizes internet traffic using onion routing (i.e. multiple encryption, passing traffic over several nodes, with each node only able to read enough of the traffic to pass it on to the next node).

Unlike Tor, we use know and trusted organizations to run the servers, so you get the same strong anonymization as with Tor, but you know exactly who's handling your traffic.

@not for you

There are some extremely unsettling undercurrents in the world right now.

If history is any teacher it is going to get much worse before it gets better.

My advice: Stay out of the way of the crazies.

This article shows the danger of not understanding the limitations of Tor.

Tor traffic is encrypted between Tor routers, but is un-encrypted at the last Tor-router in the path, in order to deliver it to the final destination.

So if your traffic is an unencrypted protocol (like a lot of POP email), then your account/password goes naked into the first Tor router and out of the last Tor router.

Thus it is open to spying by the first and final Tor router (as in this case), and by anyone else peering between the Tor entry/exit points and their respective source/destination.

But Tor does allow you to choose the Tor routers for your traffic, so you could pick a trusted operator like maybe EFF for that last hop.

One would hope that EFF would operate scrupulously, but you can still bet any traffic going in and out of Tor is scrutinized by governments. (In these times, I would sort of hope so, even though I don't like it.)

Anonymity from determined governments is probably impossible at this point. But if these embassies had used secure email protocols then even unscrupulous Tor operators wouldn't have their account/password info.

Of course, sometimes Tor is used only to obscure the source IP and not the traffic itself. For example, if I wanted this post to be seen by the world, but maybe I didn't want Bruce to know where I was coming from, Tor would still be sufficient.

@not for you:
Just because some of the people posting comments on shelleytherepublican believe what they are reading, doesn't mean that it's not a satire. :)

> Authenticated anonymous messages; there is a concept for you. :-)
> (hence the oxymoronic signed anonymity)

Signing an encrypted message does not reveal the identity of the signing entity off of the encrypted message if it is signed before the encryption, or a bit more formal:

Let M be the clear text, S the signature function, C the encryption function and E the encrypted message, then

E = C(S(M))

It is highly probable that those who have the means to brake the encryption also have the means to follow all of the paths through TOR.

CZ

There have been some systems which provide a sort of 'anonymous authentication' in the form of 'deniability.' It's slightly different than a normal digital signature. Instead of using a public-key system as in a normal signature (where you sign using your secret key and the other party verifies against your public key), you use a Message Authentication Code. It's symmetric and similar to a hash. (There's a Wikipedia article on the subject for anyone who's curious.)

The critical aspect of them is that they reveal the MAC after it's done being used, so that anyone after the fact can forge traffic arbitrarily. In theory at least, this means you can always have some level of plausible deniability. (Offer not valid when mere suspicion is enough to get you in trouble.)

One system which implements this is the 'OTR Messaging' IM encryption plugin. There's no real reason why you couldn't implement something similar on a more general basis, say for SSL/TLS, and encrypt arbitrary web traffic. The hard part is just getting everyone to agree on something and support/use it.

@Elmar: "Unlike Tor, we use know and trusted organizations to run the servers, so you get the same strong anonymization as with Tor, but you know exactly who's handling your traffic."

How is the admission process for new node operators defined? What measures are in place to filter out, say, NSA-run cover firms?
Furthermore, running thins like the "Dresden-Dresden" cascade does not seem to do much good with the upcoming logging legislation...
How many "international" cascades are in place?

--

@Ruminations: "So if your traffic is an unencrypted protocol (like a lot of POP email), then your account/password goes naked into the first Tor router and out of the last Tor router."

AFAIK the connection between your client and the first TOR node is encrypted.
Think about it: The whole thing would be utterly pointless if, say, HTTP requests went out in the clear.

In August 2006 someone at http://tor.unixgu.ru/ published intercepted list of usernames and passwords.

So Egerstad was not the firts one who did it. The original news in slovenian language is here:
http://slo-tech.com/script/forum/izpisitemo.php?threadID=231854&mesto=0

For english information, please check the Tor mailing list.

"perversely, the very fact that something is on the Tor network means that someone -- for some reason -- wants to hide the fact he's doing it."

And refusing to consent to a search must mean that you have something to hide?

And the use of encryption means that the contents must be private?

And the use of doorlocks must mean that there's something valuable in the house.

@Paeniteo:"AFAIK the connection between your client and the first TOR node is encrypted.
Think about it: The whole thing would be utterly pointless if, say, HTTP requests went out in the clear."

You are right, I stand corrected on that point. The traffic is encrypted upon entry in such a way that even the Tor entry point cannot snoop it.

(The content is multiply encrypted at the source using a separate key for each Tor router that it will be passing through. As the traffic is forwarded, another layer of the encryption "onion" is removed .)

All that a malicious entry point would actually know is your source IP and the next Tor router in the route. Not the content or the final destination.

Of course, you do still have the limitation of traffic going in the clear between the final Tor router and the destination, for non-secure protocols.

for everyone wondering if shelleytherepublican.com is real or not:

http://friendlyatheist.com/2006/12/01/shelley-the-republican-debunked/

apparently there were some notices on the page originally that stated that it was satire, but they were removed. The links in the blog that verify this are dead now, so who really knows ...

Thanks for the article.

"...perversely, the very fact that something is on the Tor network means that someone -- for some reason -- wants to hide the fact he's doing it."

I'd be interested to hear a little more about this conclusion. If you view anonymity and privacy as a key values e.g. in human rights terms, how does with this fit with Tor being used, say, to preserve/protect these two basic states. Tor may not be very good at doing either, but I could understand using it because I wanted to be anonymous and private as much as possible. The internet does not offer these as services to it's users yet, and willy-nilly, many interests wish to undermine both values.

I would stay FAR AWAY from JAP/JonDo. I'd trust the FBI/NSA/CIA more than I would trust JAP/JonDo.

By 'end to end' encryption do you just mean things like "only use webmail that has 'https' for the entire session" (meaning it's encrypted), or do you mean something else? Is there a way to easily encrypt all of your internet traffic? If the server doesn't encrypt things (or does so poorly), it's not possible (or at least, it's pointless) to encrypt the data you send and receive, right? If so, wouldn't part of being secure on the Internet mean not visiting certain websites at all?

Sorry if these are dumb questions. I just want to make sure I have my thoughts straight. If I use something like GMail, it sounds like my messages would definitely be sniffable if I used Tor...

@Stacy
Suppose I use TOR to post a message on this blog, and sign it with a PGP key. The key is self-signed only, so there's no connection to a real identity.
If I send another message signed with the same key, the messages are still anonymous, but you can be certain that they came from the same source.
This is pseudonymity. Very useful for whistle blowers and those who suspect their organisation has been compromised. You may be talking to the very people who are trying to stop you.

@Elmar
"Unlike Tor, we use know and trusted organizations to run the servers, so you get the same strong anonymization as with Tor, but you know exactly who's handling your traffic."

Unlike Tor, you are willing to include a back-channel purposely designed to allow your anonymity system to leak like a sieve at a moment's notice from the authorities!

http://groups.google.com/group/alt.privacy.anon-server/msg/b1899d9b0a7e5dd6?dmode=source&output=gplain

Why is it that a client only tor keeps TLS connections open for up to an hour each, sendig data every 5 minutes or so even if no app connects to tor?
What data could there possibly be that must be sent encrypted?
Another back channel by design?

I have been using Tor for a while, and have been of course using SSL to connect to GMail. Today, I ran into a man-in-the-middle attack; one of the links in the Tor chain (exit only?) was presenting a self-signed cert for *.gmail.com and *.google.com. I reset my identity (killall -1 tor) and got the right cert back (signed by Thawte).

If you're not paying attention to the certs, even using SSL over tor isn't safe.

One of the accounts compromised was for Sin Chung Kai, Hong Kong's Legislative Councillor for the Information Technology Functional Constituency. That is, he is the elected representative of the IT industry. His recent newsletter was headlined, "More education on information security is needed", I think he should enrol on a course himself!

And he used his wife's name in his password. There is a difference between preaching and practice. Don't think I'll vote for him, next election.
http://articles.yuikee.com.hk/newsletter/2007/09/a.html

how to i get past my school filter other than proxy?

Anyone who has got a copy of 'Writeprinte' would also be able to make a writeprint of anyone else. Just use trial and error, try to write like your target, and adjust the text until 'writeprint' identifies the text as your targets text...

The same applies to 'voice fingerprints', any sufficiently advanced intelligence agency could produce a tape that gives a 'voice fingerprint' of anyone else. This probably also applies to video.

HEY "ANONYMOUS" when a country still needs innoculations for bubonic plague, have tens of thousands die annually due to floods, and pay engineers what the U.S. minimum wage is, THAT'S a 3rd world country.

The Schneier article neglects to point out that the tried-and-true ID + Password has been proven ineffective against attacks. The US Department of Justice published a detailed analysis of the cases of network attacks that they prosecuted and found that ID + password was the worst way to protect a system.

One comment on this article spoke rather flippantly about using a tape recording to "spoof" a speaker biometrics system.

Tape recordings are not good for challenge-response systems which randomly select from amonth the things
a person has enrolled (and enrollment can be done incrementally). So, not only does the attacker have to make multiple recordings or somehow access all of the enrolled items, they must also have technology that can separate and combine those item in a second or two. If it takes longer the system will time out.

No tape recording will work for systems that use challenge-response for items the person never said before,
such as “What is today’s date?�

The person who sent the comment in also spoke about intelligence agencies generating what sounded as if
it could be reverse engineering on biometric models. British Telecom has been working on reverse-engineering
voice models. That is, they are trying to take a model and create a voice from it.

They have poured a lot of time and money into doing this. They still haven’t gotten a scintillating voice out
of it but they are still working on it.

Unlike BT, most hackers and other criminals want to do something as cheaply as possible. Otherwise, it isn't worthe the time and expense. So the kind of work being done by BT is not reasonable for them unless the voice they are reverse engineering will
get them a ton of money - or whatever they want. There aren't very many voices like that. I wish mine were.

Another problem is that reverse engineering would necessarily apply to the models of vendors other than the one who generated the model being reverse engineered.

For either tape recording or reverse engineering it isn’t clear whether, after spending a ton of time and money
on the project, it wouldn’t be better to simply bypass the system. That would allow the attacker to access secured
programs directly.

@ Judith

It seems to me that you cannot make you mind up whether you are talking about voice recognition in a security context or artificial voice for more arts-style or service-oriented purposes?

Nobody is in doubt that security needs improvement, but that is not an excuse to introduce worse security, i.e. system that has open vulnerabilities that can hardly be prevented without fall backs.

It seems to me that you entire argument here is based on Security by Obscurity.

Just because BT haven't been able to make a perfect voice, we should trust that merely cheating a voice recognition system is not possible and fairly easy? This does not require perfection, merely to be good enough to fool the system.

Two relevant questions here:

a) On what grounds do you claim that voices cannot and are not already made spoofable both on a generic level and certainly on a specific level? What is the argument except that you don't know about it?

b) What happens when voices are mapped and spoofed? Not any voice, but your voice and thereby your security for authorizing transactions in your name in case we begin relying on voice biometrics for authentication and identification outside your control.

Rarely do comments posted on a blog motivate me to respond. Today I am motivated by a comment by "A True Patriot."

There were many people, with similar views regarding privacy, that enabled the agenda of the National Socialist Party in Germany (circa 1933). Some of the first laws they passed were those eviscerating the right to privacy and secure/free communications (http://en.wikipedia.org/wiki/Reichstag_Fire_Decree).

It is ironic that the laws were passed under the guise of protecting the "safety" of the German citizens. Consider the following title, "Order of the Reich President for the Protection of People and State." Governments that take your civil liberties to "protect" you are only interested in enslaving you. Read some history!

The point of protecting privacy is to protect what some call "the American way of life." (a.k.a. freedom from government interference in private affairs.) Unfortunately, this way of life is quickly vanishing due to viewpoints such as yours. (See FISA legislation pending in the U.S. Congress)

I bet the Tory loyalists made the same type of Orweillian arguments against the colonists that you make now against "liberals." I can almost hear them saying .... "We must spy on the colonists so they do not revolt against the British Crown. They are 'terrorists.' We must do it to protect the "safety" of the population"

The right to dissent is (used to be) uniquely American. In fact, your right to spew quazi-treasonous venom exists because of "liberal" efforts to protect free speech. Protecting privacy, the right to protest, and stopping police-state type surveilance are some of the most patriotic activities I can think of.

how do you unblock blocked school sites
from school?

Great Article .. !

But.. India dosen't count among 3rd world countries.(u haven't been watching NEWS of late)