Schneier on Security
A blog covering security and security technology.
« Privacy Violations by Facebook Employees |
| The Problems of Profiling at Security Checkpoints »
January 19, 2010
Google vs. China
I'm not sure what I can add to this: politically motivated attacks against Gmail from China. I've previously written about hacking from China. Shishir Nagaraja and Ross Anderson wrote a report specifically describing how the Chinese have been hacking groups that are politically opposed to them. I've previously written about censorship, Chinese and otherwise. I've previously written about broad government eavesdropping on the Internet, Chinese and otherwise. Seems that the Chinese got in through back doors installed to facilitate government eavesdropping, which I even talked about in my essay on eavesdropping. This new attack seems to be highly sophisticated, which is no surprise.
This isn't a new story, and I wouldn't have mentioned it at all if it weren't for the surreal sentence at the bottom of this paragraph:
The Google-China flap has already reignited the debate over global censorship, reinvigorating human rights groups drawing attention to abuses in the country and prompting U.S. politicians to take a hard look at trade relations. The Obama administration issued statements of support for Google, and members of Congress are pushing to revive a bill banning U.S. tech companies from working with governments that digitally spy on their citizens.
Of course, the bill won't go anywhere, but shouldn't someone inform those members of Congress about what's been going on in the United States for the past eight years?
In related news, Google has enabled https by default for Gmail users. In June 2009, I cosigned a letter to the CEO of Google asking for this change. It's a good thing.
EDITED TO ADD (1/19): Commentary on Google's bargaining position.
Posted on January 19, 2010 at 12:45 PM
• 35 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
@Bruce "got in through back doors installed to facilitate government eavesdropping"
I seem to remember some PItA during the 90s...he kept going on and on and on about the complete wrongness of approach for LEO key escrow and the bad badness of the Clipper chip ... what was his name now...it's right on the tip of my tongue...a real math/crypto geek...
I wonder what ever happened to him?
(oh yeah Clinton was a liberal--pull the other one it's got bells on.)
What's most amazing about all this:
- Google went public when most companies don't even when they're obliged to by law
- Google named (or strongly hinted at) the perpetrator
- It's clearly willing to fold its operations in China over this, when most companies would bend over backward
I know that people in the Tor community have expressed concerns that even https-based Google Mail sessions still use http for some web requests such as images, which expose cookies to replay attacks; it'll be interesting to see whether this vulnerability is closed as well.
I know, right? I damn near jumped out of my chair when I read Google's response. It's about time some powerful company sticks it to the Chinese for their passive-aggressive BS. Of course, they will just steal the PageRank algorithm and build their own search engine (Chinoodle?).
@ Dave Page
A *lot* of sites with HTTPS support use HTTP for sensitive information. To me, this is a big issue. For the unwary user, it's basically a high bandwidth covert channel that could possibly leak a ton of information. For instance, sites which only do SSL on the login can expose the users password when they use the "Change Password" feature over HTTP. It gets much worse than that and semi-secure sites are a gold mine for MITM attackers. I think every web session should be encrypted unless there's a strong reason not to do it.
First off, I wonder if such a bill would have a clause allowing US tech companies to work with governments that digitally spy on citizens as long as said government was the US.
Second, Bruce, you've mentioned several times how the adversary national security faces has changed from the highly funded soviet union into lesser funded terrorist groups. What are your thoughts on Chinese hackers pushing national security back in the direction of fearing a highly funded, technically literate, organized opponent?
In particular, if China did use backdoors meant for US eavesdropping, that would imply that companies such as google need to go back to defending against nations instead of script kidies.
I know you've written about it before, Bruce, but what does it mean when companies and people in the US say "we no longer trust China" yet essentially all of our electronics and computer gear are manufactured in China, both consumer and military? What's inside the machine now?
"... and members of Congress are pushing to revive a bill banning U.S. tech companies from working with governments that digitally spy on their citizens."
Any Tor user worth his/her salt with a mind left does not use Gmail, MS-Live, or any other such e-mail service.
Instead, a free service like:
Nick P: "I think every web session should be encrypted unless there's a strong reason not to do it."
Strong reason: It costs a lot of money.
And we have not yet come to the point where users pay for security either. Free mail or $5/mo secure mail, any takers? (except for you geeks who read this :)
This is one of the reasons why I run my mail server myself. Well, I still have to trust my hosting provider, but this approach closes a lot of stupid holes (unless I screw things up, but then I could blame myself only).
On the other hand, most SMTP sessions are unencrypted and I don't care to encrypt 99,9% of my email. So what?
Interesting thing is the comment on 'backdoors' as in the UK and Europe we are assured by our governments that there aren't any such facilities!
@Strobe Light Nostriled Elephant
What makes you think that Safe Mail isn't an NSA honeypot to attract folks with something to hide?
"In particular, if China did use backdoors meant for US eavesdropping, that would imply that companies such as google need to go back to defending against nations instead of script kidies."
Not only companies, but people as well. And the nation they are defending against ins't on the other side of the world either. Well, you named the one that inserted the back doors...
It's only expensive because market forces have made it that way. The VPN's and encrypted communications software I use are fast enough to be very responsive on dialup, much less broadband. SSL, public keys, certs, etc. add lots of time and complexity. For instance, many protocols use asymmetric crypto to sign each message, when they could just sign a symmetric signing key and then HMAC them with optimized algorithms. Even better, use an authenticated mode (some new protocols do this) for a fast cipher. This would make the whole experience better.
If there was a market for it (read: admins were using it), then we could get more fast and standardized encryption and it would be cheap. It's already cheap for my clients using VIA Nano/Eden stuff: those cheap processors have built-in fast crypto and are an example of market pressure making crypto cheaper. Custom web apps, like built with Silverlight, can already be sped up using right algorithms.
To me, the inhibitor is that the use of slow protocols and inefficient platforms is the norm in web programming.
As Nick P points out many of the protocols are quite simply glacial in the way they work.
There are technical and physical reasons pluss caution.
On simple physical limitation is travel time. It does not matter how many bits you can cram into a fat pipe the laws of physics put an upper limit on just how fast they can get there in "Normal Space".
Thus if you have a protocol that forwards and backs thats a round trip time you cannot beat.
A lot of security protocols have many to&from round trips. So there is something to be gained in optomisation.
Then there are technical reasons there is a certain minimum of information that has to get securly from one end of a pipe to another so that a secure link can be set up.
But it has a hidden issue caution how much data sould go down any given path and what sort of segregation / encapsulation do you use for that data.
If you send 101 1K files you might have 5K of overhead and four round trip times per file...
Zip the files into one file and you can save 500K of overhead and 400 hundred round trip times.
And if the zip used gives you a 50% data compression then you've saved another 50K of transmitted data.
This is a very real issue that "security protocol design" does not tend to go into much. Because it is easier for security purposes each file is an entity in it's own right therefore it should be segregated and independently encapsulated.
We need to take a step or two up the stack and start agrigating like data in various ways to cut protocol overhead. Not just in bits but in time...
In response to
"Of course, the bill won't go anywhere, but shouldn't someone inform those members of Congress about what's been going on in the United States for the past eight years?"
I think the outrage from Congress is less about "how dare a government use a company to help spy on its citizens!" and more about "how dare someone do something we don't like!" I've basically abandoned the notion that Congresscritters act based on a rational and consistent set of principles on the proper role of government.
Agreed, though, it is highly hypocritical.
we're in control - it's our money going to china. if you don't like them don't buy chinese stuff. maybe you can live with less stuff but that's made here and supports jobs here.
hard to do, i know. somehow political, i know.
We already do this. TLS, for example, basically only uses public key cryptography to create a shared secret which then can be used as a key material for a symmetric algorithm.
Besides that, performance is not really the main reason. Yes, establishing a TLS link does take several round trips until the handshake is complete ... so what?
If you're stuck on dialup the 3 seconds max additional latency induced by the handshake are among the least of your worries, especially since it's only an issue during connection setup.
Likewise, if for example you want to build an Apache TLS Offload engine, you can do that in an afternoon with 100 USD in hardware costs and Free Software.
The main problem hindering widespread adoption of cryptography is authentication. Unless you know or are reasonably sure to whom you are encrypting, you might as well not bother at all.
Of course the fact that x509's trust model is not exactly stellar isn't really helpful, either.
"Strong reason: It costs a lot of money."
And it should not...
One of the problems of asymetric cryptography is that it also has asymetric workload. Apart from highly specialised tasks workload should be on the client not server end.
When the protocol was originaly devised Netscape made a serious mistake even for that time, in that they put the high workload at the server not the client.
This is wrong for a number of reasons,
1, User CPU capability : user requirment ratio will almost always be better than Server CPU capability : server request requirments.
2, Putting the high Work Factor (WF) load on the server not the client makes DoS considerably easier. That is the Work Factor Difference (WFD) between the client and server per client request is is WFD^-2 easier. That is if you have client work factor (WF) of 1 for a request to a server work factor of 3, and it takes 10 clients requests to fully load the server (30 WF) the server capacity is 10 client requests. However turn the work factor around and you now have a 30 client request capcity (for the same 30WF) at the server but as opposed to a total client WF of 10 you now have a total client WF of 90 or WFD^2.
3, Client end tasks can (and should) be general and thus have sub optimal resource utilisation. Server end tasks can (and should) be specific and thus have optimal resource utilisation.
That is wherever appropriate server end data storage and usage should be designed for minimum resource utilisation the bulk of the handeling for display etc should fall on the client.
This "put the load on the client" reduces service costs whilst also reducing infrastructur workfactor therefor increasing given capacity. Also it alows the end user at the client end to decide where they are going to spend their hard earned resources.
I think you get the point and it is esspecialy noticable in crypto protocals.
And the nurse is aproching with a bag and drip stand 8(
Interesting linked article, but it does suffer slightly from quoting Mark Klein as some sort of industry expert on NSA / telecom collaboration. As has been discussed here in the past:
Klein has no evidence to back up his allegations. He saw something at AT&T which he interpreted as a covert NSA monitoring program, but this interpretation was pure conjecture. Maybe there is a covert NSA monitoring program in American phone companies (although several have categorically denied it in statements to their customers), but the equipment Klein saw is actually normal network performance monitoring equipment that you would routinely see in that facility.
The only link to the NSA is that a co-worker, uninvolved with the project, told Klein that a certain other person was an NSA agent. We don't know the context of that one statement; it may well have been a joke.
Then why the need for congress giving telco's blanket immunity from prosecution for illegal wiretaps?
I agree with your comments on performance. I have built such devices and they inspired my post. It's point was to argue against encryption being way too "slow" or "expensive" to use for most or all connections. As for how public key works, I thought TLS used symmetric HMAC for authentication, but wasn't sure my memory was right. I appreciate your confirming it. The speed of these products can be further improved with on-chip acceleration, like the VIA processors I mentioned, and the use of faster algorithms (e.g. Salsa20, Skein).
On your other point, I think it a fallacy to say that encryption without authentication is useless. Authentication is preferable, but there's still a benefit: without encryption, your traffic is broadcast to anybody or everybody; with encryption, it's broadcast to just one peer/client/server. This means your traffic is directly exposed to at-most one attacker. A script kiddie sniffing on a company network would have to perform active attacks to seize the session, rather than just passively listening. As for authentication, I advise clients to use pre-placed session or public keys, maybe remotely updated, rather than CA's and PKI stuff. The alternative is quite complex, very easy to get wrong, and has produced the bulk of vulnerabilities in SSL-like protocols and platforms.
Google has thousands of servers and terminates tens/hundreds of Gbps of traffic. Enabling encryption for gmail by default costs lots of money, ssl accelerators or bigger server farms + operational expenses, you don't do that until users care enough to give you credit for it.
It astonishes me how western companies can even consider doing business in China. Just today the Chinese announced their economic growth figures and many in the west drop their jaws at how well they are doing. Wise up - do you really believe anything the Chinese government says ?
Well done Google - now get out!
Re: "Google has enabled https by default for Gmail users ... It's a good thing."
Unfortunately this change has in effect broken many HTML emails (including those previously received) with linked images, because browsers such as IE8 default to not loading HTTP images into HTTPS pages without properly explaining the issue.
The world would have been saved many $10M in collateral damage if Google had given us a little warning.
@ Steve Nutt,
"It astonishes me how western companies can even consider doing business in China."
Beleve it or not as late as the 1970's people where saying that about the USA.
For almost the same reasons they say it about China today.
Go google "chinese knock off" to see why.
"Just today the Chinese announced their economic growth figures and many in the west drop their jaws at how well they are doing."
Not my jaw, when you take a close look at the "trade practicies" of some of their generals, etc you'd think they had been taken lessons of the Nigerians.
"Wise up - do you really believe anything the Chinese government says ?"
No but you have to think about what the rest of the world knows from movment of goods etc.
Conservativly I would say there is either one heck of a lot of waste in China or they are exporting more than they say.
So why would they "under report" well have a look at what they are doing in Africa right now, and the importation taxes they avoid paying as a "developing nation".
> Then why the need for congress giving telco's blanket immunity from prosecution for illegal wiretaps?
The bill in question is not for protection in case of *illegal* wiretaps, it is for protection against civil suits in the case of assisting with legal ones.
And why? Because there is an enormous difference between telecoms assisting in interceptions (which we know occurs, the evidence pops up in courts all the time) and wholesale siphoning of all traffic (which Klein claims is happening, on the basis of pretty well no evidence.)
@Greg at January 20, 2010 5:00 AM:
Jung znxrf lbh guvax gung Fnsr Znvy vfa'g na AFN ubarlcbg gb nggenpg sbyxf jvgu fbzrguvat gb uvqr?
Bar pbhyq fnl gur fnzr nobhg nal ba-yvar pbaarpgvba naq freivpr gbqnl, rfcrpvnyyl gur freivprf bcrengvat jvgubhg fhpu frpher srngherf. Lbh'ir ernq nobhg gur frperg ebbzf va grypbf evtug, jryy vs vg'f nyernql fb jvqrfcernq, jul fcrphyngr bire fbzrguvat juvpu qbrf bssre n orggre zbqry bs frphevgl (Gbe + FFY) jura qbar pbeerpgyl, rfcrpvnyyl vs lbh snpgbe va gur hfr bs rapelcgvba gb lbhe pbairefngvbaf jvguva Fnsr-Znvy.arg vafvqr FFY naq Gbe (naq FFU/ICA?). Vs gurl jnag gb crry ncneg ynlref bs rapelcgvba va beqre gb ernq nobhg zl unezyrff naq obevat pbairefngvbaf jvgu zl sevraqf naq snzvyl, zber cbjre gb gurz, V ubcr gurl fnl Uryyb fbzrgvzr qhevat gur penpxvat cebprff.
> shouldn't someone inform those
> members of Congress about what's been
> going on in the United States for the
> past eight years?
No - for heaven's sake don't let congress don't tell them. Let the bill pass and let all hell break loose over the issue, so joe six-pack will come to feel what the feds are doing.
His claims don't really matter. We know there's wholesale siphoning of traffic because they admitted to Echelon in the past. That was even more serious. Additionally, the comments made by telecoms and government officials point to them doing it. Otherwise, why admit it? And if you were the NSA, operating something like Echelon, wouldn't you be trying to get critical info like calling patterns? If you can already get away with siphoning whole portions of the sky, would it be so hard to get telecoms to "cooperate" with homeland security?
I really don't see what your issue is here. Is it just this one guy's opinion being treated as true that bothers you or the claim that they spy on massive amounts of communications, possibly your calling record too? I think the later has been proven conclusively over time. The former doesn't even matter. If dude is a liar, we still have good sources for their activities, starting with their own admissions to Congress.
Google vs China. Simple. Money and monetary policies, not such strawmen attacks, such as PDF and Gmail issues.
What, USA crying about little spying tech, while we do far more with everything?
USA, how lame, using such weak claims against, china.
Reminds me of 4th Indiana Jones, ~"Put your hands down, your embarrassing us."
USA, how lame, reminds me of pre 9/11 days, flying airplanes with cockpit doors wide open, or weak. Amazing state of denial, we have gotten used to accept.
Google has become so arrogant, uncaring and too big for its britches in terms of interaction with users around the world who have made it what it is. Google better realize that it is NOT invincible and stop pushing its weight around in countries that are more than a match for it. I am glad China will teach it a lesson. Google has bitten off more than it can ever chew! I applaud China with glee!
"What, USA crying about little spying tech, while we do far more with everything?"
I think that it is a mistake to think that the imperfect (or often worse) actions of the US government excuses the Chinese government's actions.
Curious criticism, because for once google actually seems to be acting in a pro-user fasion. China "teaching Google a leason" will not teach Google a leason about treating its users right. Rather it will send the message that Google has to play ball with governments in the future, nomatter how questionable their actions.
With HTTPS default, Google is now worth more as it has made it's users email scarce.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.