Schneier on Security

Clive Robinson • April 18, 2021 6:30 PM

@ vas pup, ALL,

A neuromagnetic view through the skull
First noninvasive measurements of fast brain signals

My first thought was “lie detector”, as we know conventional lie detectors do not work and you can learn how to fake them.

Then some idiot –in India if memory serves– stuck people in fast mri scanners and started seeing different parts of peoples brains light up when they were telling the truth and lying…

So this has the potential to be turned into another brain scanner and no doubt some other idiot will do the same tests as last time and say it works.

I suspect that a decice using this technology will be down in the low thousands of dollars to make, small and easily transportable, unlike an fMRI that costs hundreds of thousands of dollars to get up and running, is large and requires a specialised room thus is not easily transportable (18 wheeler tractor and long body container).

Clive Robinson • April 20, 2021 4:20 PM

@ Anders,

It apears to be a load of nonsense. That is it just replaces one name service with a set of surveillance faults, to another name service with a very slightly different extra few faults plus all the original name service faults.

The problem with name services is two fold,

1, The traffic is fairly obvious even tucked under HTTPS.

2, No real anoynimity either for connction or request

Whilst there are ways to partially solve the first problem, the second problem is much much harder if not realy possible to solve currently because it involves making a data base search on a database that is under somebody elses control…

Then on diging around for more info I saw this…

“Because hsd is written in JavaScript, it can be repackaged for use in a web browser.”

Do me a favour javaScript for security, and surveillance proofing? Err No, not two decades ago and certainly not now or in the future.

Clive Robinson • April 21, 2021 6:47 AM

@ Weather, ALL,

@clive, you don’t see a bug in a GPU inside a CPU?

Unfortunately rather more than most can enumerate, and even then that will be a very small subset of the total.

What I realised back in the early 1990’s if not before, was that what we now call the “computing stack” was vulnerable to both intentional and unintentional vulnerabilities. Ranging across the “full stack” from the very bottom of quantum physics all the way up through national legislation, international standards, treaties, and beyond. And perhaps more importantly nobody gave damn about it, because they were either to parochial or in love vith a false romanticism of technology as a solution to all mankinds ills.

The simple fact is technology has no personality, no beliefs, no inteligence, it knows not right or wrong and works in any which way “directing minds” tell it to, and above all of that it’s unreliable at best.

People should take the time to read the paragraph above, every day untill they take it on board as a fundemental tenent of reality.

The reason is it gathers together most of the failings of mankind and gives them form.

Humans are 99.9% products of the history of their environment over unimaginable generations of time. We are instinct not logic and we are reactive not proactive and most of us lack the ability to do anything other than think sequentially. To us “times arrow” or progression realy is the way we see the limited perspective we have on the universe. To use B follows A, even though we can clearly see A to Z happening all at the same time in parallel and by and large all intetacting all of the time.

We automatically seperate out things to not just simplify them, but also so we can see them along times arrow’s trajectory as ever longer chains of cause and effect.

It’s easy to analyse such chains, moderatly harder to analyse trees that are chains that branch but still head in the same direction. But what about meshes or nets where direction is in multiple directions. Even a single feed forward loop where one chain in a tree rejoins another chain it previously branched from is more dificult to analyse than most can even comprehend. Even if it is negative thus tends to stability rather than positive that tends to discontinuities or cusps where the laws of chaos rule but appears to most to be random. But what about feedback? Most think they understand the notion but try explaining that it is always non linear, due to the progression of time it has no choice but to be exponential, and how exponential even though it is just repeated percentages in turn can become a cyclic wave form in multiple dimensions (see e^ix derivatives and resultant series).

Most engineers “trip, stumble and often fall” over the implications of two simply interacting additons the interaction of which can rotate so easily around the unity circle producing an oscillator, that is also hellishly unstable in amplitude against time, and thus can only be controled by very non linear behaviour, again expressed in polynomial series of derivitives. Nature is the essences of infatesimals some call “the calculus of existance”.

So simple at the root but so complex and almost mystical within just a couple of steps and seamingly beyond control, just some how predictable on mass by probability. Thus as with Brownian motion we seak to hide the simple of the very many that becomes impossibly complex and seek refuge in the broad brush strokes of the average result.

And there by we leave open disaster. Probability is assumed to be “undirected” on an individual level and that some average will always always happen. Well it does not it’s easy to see two different cyclic functions when added together make a waveform where at one point they both add and at another they subtract. The result is more complex especially if the wave forms are not near harmonically related. That is “close in” the wave form looks either chaotic or random to the observer. But look over a time period of two or three times the reciprocol of their difference frequency and you see a near perfect sine way envelop, just as you would expect from amplitude modulation.

Now in nature there are hundreds of thousands of cyclic waveforms adding and subtracting, but at some point they will all add to some maximum and subtract to some minimum, when might not happen in the expected life time of our universe and be of such fleeting apperance that we could probably not see it if we were observing it at the time.

Now consider a “directing mind” controling two or more of those cyclic waveforms… They decide exactly when the maximum peaks and minimums appear not the observer. If they can get either a minimum or a maximum to coincide with some event then they have a vulnerability they can use.

Thus every system has a hole over which security is not applied by design. The more fundemental that hole is the harder it can be to exploit but the greater the devistation it causes…

From an attackers point of view at every layer that engineers create to reduce complexity there is between an area of apparent chaos from which they can fashion a vulnerability. The further up the computing stack the easier it is to create, but the further down the more devistating it can be. For engineers the problem at first appears to be the other way around, individual vulnerabilities at the top of the stack are easy to solve those at the bottom of the stack seemingly impossible.

The reality is that at the top of the stack individual vulnerabilities have small scope, but there are so many you can not prevent them singly[1]. Whilst at the bottom of the stack there are relatively few instances but their scope so broad as they “bubble up”[2] the only limitation on them is the difficulty of effective implementation. However there is a very nasty set of attacks, that “reach around” from the top of the stack to the bottom of the stack. RowHammer is one such as all of a conventional consumer level computers security rests on the state of bits in memory. If you can change just a single bit of your chosing then it’s game over for security thus privacy. Similar attacks use “hyper fine timing” as a method of instrumentation to read bits of data out, such as encryption keys and similar. It’s why I mentioned to you the other day about “evolving” encryption keys in memory not just into “round keys” but also changing them in memory, prefereably stored as “data shadows” (XOR of several bytes etc that only get reconstructed in a CPU register just before use in a round but also with the constituant bytes changed very regularly so that such hyperfine timing attacks can not realisticaly work[3]).

Without going into what they are, there are other sub classes of reach around attacks than just the two of “memory bashing” of Rowhammer and “hyperfine timing” of cache instrumentation. What I can say is that there are some known “halfway” attacks the most well known being I/O DMA most usually with high speed thus high bandwidth serial protocols. Unlike reach around attacks these are “local” not “remote” attacks. However it takes no great brains to work out that if a remote attacker can suborn a local hardware device then the attack becomes local. This is exactly the same as reaching sideways form one computer behind a firewall/IDS to attack all the others without the impediment of the firewall/IDS. Which brings us to the akward dirty little secret of the gaping hole in the use of IOMMU’s. If the IOMMU gives me access to the IO device, and it’s possible to implant malware on it, then it’s game over, because even though the IOMMU can deny me access when others are using it, I’ve put my attack further down the stack than the IOMMU so it offers no protection what so ever, nix, nowt, nothing. The eventual result is just the same as being able to “flip a bit in memory” with RowHammer.

So to answer your question,

“It depends”

Not just at what level in the computing stack the GPU is, but if it can be used as a local attack point to either bubble up from that point or reach down and bubble up from there.

Effectively the GPU will let you do both “hyperfine timing” to read data and bit flipping by “memory bashing” of RowHammer. Thus it will give the keys to the kingdom, and the ability to look inside securty enclaves and all sorts of other things. All before you start talking about other potential attack vectors it offers simply by the way it can bypass software security controls.

Why is this possible? Well it goes back long before Intel came up with the 4004 4bit BCD microprocrssor in 1971. Back when CPU’s were made with chips containg two NOR gates and earlier. In fact back in the times of the use of discrete transistors back befor 1962.

All “digital logic” is in fact “analog circuitry” as high gain saturable amplifiers with multiple inputs. If you so wish you can solder such gates up yourself out of transistors and diodes or use Op-Amps. It’s not difficult just requires a little lateral thinking.

Howrver when you build storage components be they two simple single transistor NOR gates or more complex clocked latches you will discover two problems,

1, Time delays not just on rise and fall times of the output circuit, but time delays through the logic circuit from input to output.

2, In those delay periods the circuit has one or more points of analog near linear operation.

Thus the faster you switch them the more time they spend being analog, with all the attendent problems. One of which is “metastability” which can and does result in “soft errors” or latchup especially in storage components with the wrong bit value getting stored. Whilst there are things you can do to reduce the probability of it happening you can not stop it entirely. When you look at using capacitors as storage components in what is called DRAM much more of the circuit acts in a linear fashion, in fact those microscopic capacitors are always analog and either charging up or discharging down towards some value. It’s why they are called DRAM with the D actually standing for “Dynamically Refreshable”. If you don’t refresh them often enough then they loose the values they are holding. Refresh them to rapidly –a simple read of a bit row is refresh– then strange analog effects such as the adding of multiple waveforms starts happening. In RowHammer the attacker thus decides where all the signals maximise or minimise thus “flip a bit”…

But there were a whole load of other issues with their roots in that time period. In effect engineers facing a probabilistic problem, chose to go for average results and fix the problem some other way (parity circuits and the like) and push the problem up the stack where it eventually became the software engineers problem to solve. They opted to likewise keep pushing the problem up the computing stack… This attitude became endemic and in effect the mantra of “Software will solve all” which it obviously can not, but it was a usefull conceite that enabled the hardware industry to rapidly move forward.

It’s now over sixty years later the chickens are comming home to roost. Attackers have realised they have to basic waus to avoid software security,

1, Go above it and get at the squishy humans who are both autherised and to trusting.

2, Go below where if you control the storage of bits then software is your slave, not your master.

Are there solutions to these problems?

Something tells me the first can never be solved, over trusting is part of the human condition that alows societies to form and prosper. So no “over trusy” no “society”. No “society” no “technology”.

Can we solve the second problem? Well no is the real answer but most certainly yes in practice against external attackers.

I’ve gone on more than long enough for one post. But I’ve discussed what needs to be done in some depth on this blog in the past (search for Castles v Prisons or C-v-P or CvP in conversations between me @Nick P and @Wael, though be warned when the blog moved a short while ago it screwed up all the text formatting of many earlier posts, which makes the much harder to read).

In essence you use probabilistic techniques and voting circuits. As well as many many simple RISC CPU’s all with their own very very local memory (think the fastest cache used as just ordinary RAM). With hardware hypervisors that stop the simple CPU’s periodically and inspect not just their memory but also the registers for signs of malware attempts. The hypervisors also look at “timing signitures” of functions and their limits and raise flags in the hypervisor system. From a programers perspective they do not right those functions, as with Unix Shell Scripting they work at a higher level plumbing them together. This reduces low level bugs where vulnerabilities tend to occure and makes the programmers time more productive.

[1] It’s why for some time now I talk about attack instancrs being in classes. It’s absolutly pointless trying to stop instances in design, you have to stop classes, and the broader the class you can cover the better. Which is why “air gaps” are a good mitigation, but “energy gaps” are considerably better (but not by any means perfect). To look at it another way thr so called “fire drill” is very very rarely an “instance mitigation” it is infact an “evacuation drill” that is a “class mitigation” that covers a larger set of both natural instances such as earthquake, tsunami, hurricanes, etc and a whole number of human originated instances such as bomb threats, air raids, and even terrorists flying planes into buildings (one of the less realised heros of 9/11 was “the pain in the ass” that held regular fire drills for his company housed in the twin towers. Though he did not survive, most of the company personnel did because they did not panic they “followed the drill”, the reason he did not survive is “fire marshalls” are like the captain of a ship, their duty is to ensure everyone else is safe and away, before they leave, if there is insufficent time… Having been not just a fire marshall but a senior health and safety rep, you kind of quickly realise you will only get thanked after a real disaster that you are lucky enough to have time to get away from. So spare a thought for all those “pain in the asses” that make you do such drills, in a grumpy sort of way they love you all.).

[2] I call them “bubbling up attacks” for a good reason. If you have ever looked in a tall Champagne flut glass, you will see that all the bubbles start imposibbly small (from nucleatin sites) usually as a stream. They get bigger as they rise pushing increasing levels of champagne (security) out of the way. Importantly you as an observer realy do not have any idea at what point on the surface of the champagne they are going to arive. All you see like Brownian motion is an “chaotic path” that becomes ever more random in your eyes, that is you quickly only get to see the average effect of a near even layer of bubbles across the entire surface, each bursting appatently randomly. The fact is that the position of each bubble can be precicely worked out as the process is actually not random but chaotic. However so sensitive is it to it’s start conditions and the effects of other bubles you can not make any measurments with the level of acuracy required to do the otherwise quite simple calculations.

[3] I call it “Probabilistic Security” and it’s obviously both a direct resource trade off and an attacker defender ratio resource usage trade off. That is as long as you change the data shadows faster than an attacker can measure even one bit with any certainty it’s game over for them and a win for you. However if they can read just fast enough to get even one bit with better than 50% probability then it’s evebtionaly game over for you, unless you take other measures. The trade off is in resources used by both parties,and in ratio with regards to each other. As the atacker you can in theory run multiple attacks in parellel thus do a resource against time trade off for an increased probability of success. As the system owner you can increase the rate at which you change the round subkeys but also how often you actually flush the keys out of system RAM thus the cache on which the attacker is doing the timing. But for you it is also a resource trade off in that the amount of system time you are shuffling the subkey bits around comes of the time available for other things to happen, and ultimately reduces resources available to the users. The upside is whilst as the system owner your time trade off is linear, the effect it has on an attacker is to some positive power (ie effectively increasing exponentialy).

Clive Robinson • April 22, 2021 11:27 PM

@ SpaceLifeForm, Rachel, ALL,

Besides the absolute stupidity of interpreting a ‘Bag of Bits’ on the fly, the machine is not even trying to make a secure raw copy for other forensic investigators to review.

Think what is that telling you about the so called justice process?

It’s been known for quite some time that due to financial cut backs most LEO’s are nolonger using independent forensic services where ever they can. One way they do this is to have “in house” forensics[1] carried out by “Detectives”. Who if they are lucky have been on a two day death by viewfoil training course, and been given hundreds of pages of handouts to study in their spare time but at best only rudimentary hands on experience.

So it’s like taking a MS Office user and sitting them down at a CLI only *nix box and being told “you can use vi”.

Thus they “Parrot talk” their way from hand scribled notes from those voluminous training guides.

Cellebrite know this, so they just hack together “automated work flow” systems as “Hot features sell”. Which means they are little more than “push the button to see pretty pictures and flashing lights” boxes not unlike 1980’s film stage props. But importantly where the “box” does all the work, like one of those “Smoking Monkey Automatons”[3] the Victorians thought so ammusing, it runs through a fixed cycle of actions.

Such tools are less sophisticated than most AV packages for your PC. They generaly run through a connect process, then just read the memory into a checksum process with a “whitelist” to ignore system files, a “blacklist” to flash up known bad files and display tools for the rest. The display tools will use an “extension list” or “magic number list” to decide what stripped down tool to use to display the file. Why stripped down, well in part to try and hide the fact that they are shall we say “borrowed code” in disguise and in part to “integrate” in their “work flow system”, but also importantly because it’s “less” code on disk with less support required as in theory less lines of code means less bugs on the “1 in 5 Principle”. So when the user has finished gawping at what is displayed they press another button. Finally a report is generated and made available. Which of course is not backed up by a propper copy such that it can independently be tested, as that’s still on the device in the evidence locker or down the local pawn shop or where ever is most convenient, kind of like those transcripts of police interview video tapes that accidently get lost or reused…

But at ~$15,000 these Cellebrite systems are not just cheap but very fast compared to a forensic service. If pushed the company will no doubt end up saying they are “in the field investigative tools” for finding evidence, kind of like Sherlock Holmes magnifying glass, not evidentiary systems to meet the sort of standards courts once asked for.

Which for the tax payer is fine as politicians say they “expect productivity improvments thus more results for the same money”…

Thus the justice system is now “select a name from the hat and make them look guilty” and keep that sausage machine cranking them out, just add cheaper ingredients untill even chewed up newspapers will do (remember soggy toilet tissue is the next rung down, just chuck in some chlorinated chicken guts to ballance it up).

[1] Forensics should never be carried out by LEO’s as it breaks a very important barrier. Most miscarragies of justice are because of “confirmation bias” in the individual investigating LEO’s accompanied by “group think” in investigating teams, who’s promotion prospects go up with closing cases and miscarragies of justice do not for years if at all (see current head of UK Met Police). Thus the investigative impartiality of LEO’s gets thrown out of the window very very very early on in an investigation. We know this because of the number of cases where it has been found where the investigators and the prosecutors illegal withhold evidence from defence teams especially as such revelations follow the “iceberg effect” where by far the greater part is out of sight (some say less than 1 in 10,000 cases of withheld evidence ever come to light due to the way the entire system works, others indicate it’s higher where LEO’s simply chose not to follow or ignore leads etc).

[2] Parrots do not talk human languages, they just learn to “make the right noises” thus get a reward. That is whilst it looks superficially clever, even mice can be trained to drink out of a water dispenser the principle is the same “right action gives expected reward”.

[3] Victorian automatons are delightful ammusments for a few moments, then the illusion goes away as the actions cycle through the same fixed routine. You can see this with this clip,

https://m.youtube.com/watch?v=N-VJgrfD84k

Where even the grand music can not stop it getting dull after a few moments. They were realy designed not to impress the owners, but to impress any guests they might have. I have an incense burner that looks like a happy dragon which puffs smoke, it atleast serves a purpose other than being vaguely ammusing as a table piece.

Clive Robinson • April 29, 2021 3:46 PM

@ Winter, Joe K, Moderator,

Sounds plausible. But that does not invalidate @-‘s argument.

Both are plausable, but looking at the recent attack history my thinking would be more in alinment with @- especially,

“Also an attempt to “play favourites” off against each other. Something I suspect @Clive Robinson will not fall for.”

Having just read the @anonymous post,

https://www.schneier.com/blog/archives/2021/04/friday-squid-blogging-squid-shaped-bike-rack.html/#comment-375215

It did make me smile, lets just say it’s a little too obvious and on it’s own might be considered a “damming with faux praise” attack.

But it has certain “tells” within it that makes me suspect the reality is it is a setup designed to “create sides” thus division thus more opportunity to fill the space up with attacks against @Winter under a variety of different handles. But as on previous occasions I suspect the attacking entity will make more of their “tells” and give the game away.

@ Moderator,

I strongly suspect the attacks on @Winter are not realy anything to do with @Winter, but a faux excuse to launch attacks on this blog.

Likewise although the attacks appear at a surface level to be anti-vaxer, again I suspect it is a “cover” or faux excuse for the attacks.

Whilst I can not be certain I have reason to believe the attacks are actually aimed at silencing our host @Bruce as there is a history of this going back for rather more than a year.

What other long term posters/readers may think I don’t know but the attacks started quite some time ago around the time our host started moving from the technical to the more human side of attacks and their motivations but got significantly worse around starting around five years ago.

Others have mentioned that it might be “out of Russia” whilst I can not say it’s not as “attribution is hard very hard” my gut feeling is again that is being used as a smoke screen to hide behind, and the actual attacker is a lot lot closer to home than Moscow.

Clive Robinson • April 29, 2021 8:17 PM

@ Winter, Joe K, Moderator,

And if you look at the time of my above (3:46PM) and,

https://www.schneier.com/blog/archives/2021/04/biden-administration-imposes-sanctions-on-russia-for-solarwinds.html/#comment-375574

(6:45PM) You will see a little more information has leaked, and “so the game goes on”.

Anyway, time for me to do some less entertaining work.