Schneier on Security
A blog covering security and security technology.
« Me at RSA 2012 |
| How Information Warfare Changes Warfare »
April 13, 2012
Friday Squid Blogging: Squid Fiction
Great short story in Nature.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on April 13, 2012 at 4:48 PM
• 30 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Story from the local paper on the no-fly list, including info on a lawsuit challenging it. And a description of the appeal process:
After about four months -- the average time for appeals -- the travelers receive a letter with a redress number.
The letter does not indicate whether the appeal was successful. Travelers only knows whether they are cleared to fly by buying a new ticket, entering the redress number in the reservation and showing up at the airport to try to board.
And the reason is...
Confirming people are on the no-fly list could lead them to change their behavior or identity -- making it tougher for the government to track, he said.
I dunno, doesn't keeping them from flying kind of force someone to change their behavior anyway? And doesn't the fact that someone gets denied boarding again after the appeals process kind of imply that they're still on the list? Are alleged terrorists really expected to say to themselves, "Gosh, I've been kept off a plane for mysterious reasons again! It could be that government has decided I'm too dangerous to be allowed to fly, but I'm sure there are plenty of other possible explanations!"
The WSJ has a searchable database of medical codes from the latest revision of the International Classification of Diseases here. As anyone who's worked with EDI will expect, there's an insane level of specificity in the codes. Searching for "terrorism", here's an enumeration of all possible forms:
- Terrorism involving explosion of marine weapons
- Terrorism involving destruction of aircraft
- Terrorism involving other explosions and fragments
- Terrorism involving fires, conflagration and hot substances
- Terrorism involving firearms
- Terrorism involving nuclear weapons
- Terrorism involving biological weapons
- Terrorism involving chemical weapons
- Terrorism involving unspecified means
- Terrorism involving suicide bomber
- Terrorism involving other means
- Terrorism, secondary effects
Almost every one of these has nine possible codes, categorizing the patient and indicating what general stage of treatment and/or observation they're at.
There's also one lone code for "Victim of crime and terrorism".
(Note for NoScript users: you'll need to allow scripts from wsj.net and yahooapis.com.)
I recently had the pleasure of listening to a regional DHS head in Science and Technology. I was one of about two people in the audience who found the talk interesting. He was a chemist by training and found himself in the right place at the right time to end up in DHS.
One of the projects he talked (briefly) about was the Brooklyn Bridge and reinforcing the drop cables with 12 foot tall sleeves. Obviously anyone with shaped charges could still cut the cables by placing the explosive on top of the sleeves but after giving it some thought, it wasn't threat they were worried about. They were worried about someone taking a hack saw (or gridinger) and cutting the cables surreptitiously. If done carefully it could be very hard to detect until the bridge collapsed. For that particular attack you only need to guard the first 7 feet or so but if you buy 7 feet you might as well supersize it to 12.
He talked about using OnStar to track vehicles instead of having a high speed pursuits. I had to be the token tin-foil-wearing paranoid and ask about the safeguards that were in place. Unfortunately having not slept more than two hours I couldn't articulate the question properly. What I really wanted to know if the privacy department he mentioned was proactive or reactionary, and if it had the authority to force changes or just recommend them.
The main take away was that DHS is involved in a huge number of projects and is insanely busy. When it comes to evaluating if something is security theater, they just don't have the time. They are too busy playing catchup.
I find it worrying that they are side tracked by security theater but at least they are too distracted to go too far in any one direction.
Is this the same Kip Hawley that Bruce routinely engages and tends to come out smelling like polecat remains on the interstate? Why, he almost sounds rational and reasonable. Will he be the next person uninvited to a Congressional hearing?
Or, is this a teaser to make his upcoming book profitable?
The following is from some years ago but may be of interest on the issue of social engineering. Back in 2004, Thomas C. Greene (associate editor of The Register) described a sting operation that was carried out by a group of hackers.
The operation involved a Web site on which the hackers had placed pictures of naked girls. These pictures did not legally constitute kiddie porn, but they would be attractive to parties who were seeking out kiddie porn or material related to pedophilia. Buried among the links on the site with the "lolita" images was a link to a second Web site that reportedly offered downloads of privacy tools and links to privacy/anonymity services. The second site was operated by the hackers and was of a nondescript nature.
Among the downloads offered on the second site was a malware removal utility from Moosoft called The Cleaner. This copy of The Cleaner utility had been spiked by the hackers to deploy an instance of the SubSeven remote access rootkit. Although the newer version of the SubSeven rootkit could not be detected by the older version of The Cleaner utility, the offered version of The Cleaner utility would otherwise work as normal. For the sake of not arousing suspicion on the part of paranoid pedophiles, this was a useful aspect. Letting visitors to the "lolita" site stumble upon the Trojaned download via a series of links also helped to lower suspicion, even though it probably meant that a greater percentage of visitors would not get their PCs infected.
A PC that was infected by the SubSeven rootkit would notify the hackers via an IRC channel, and the hackers would search infected systems for kiddie porn and information as to the system's owner, with the purpose of providing information and evidence to law enforcement via anonymous e-mail services. (In some cases, evidence that has been illegally obtained by private parties as opposed to being illegally obtained by law enforcement can be legally admissible in court.) To be sure, Mr. Greene mentioned that it is not known as to whether anyone was actually prosecuted as a result of the sting.
Source: Computer Security for the Home and Small Office by Thomas C. Greene (Apress, 2004), pages 85-86.
I totally agree with the suggestions for better airport security.
It seems like the liquid ban remaining in place stems from 3 different issues, the first being concerns of what the extra liquid screening means to already long queues at airport security, the second being concerns of whether every single airport x-ray machine in use the world over is capable of carrying out the increased liquid scans necessary to allow the ban to be removed (and how hard it is to test every single machine and verify that it will pick up the threats) and the third being concerns about the chance, however remote, that the new scanning will miss a threat (even if that's only a 0.000000001% greater risk than the current liquid restrictions, ANY increase in risk no matter how slight seems to be totally unpalatable for political reasons)
@ Blog Reader One,
The operation involved a Web site on which the hackers had placed pictures of naked girls. These pictures did not legally constitute kiddie porn, but they would be attractive to parties who were seeking out kiddie porn or material related to pedophilia.
I was told of a "sting site" that was set up a few years ago that relied on a similar technique.
The site relied on the fact that those searching for illegal material could not "search pictures" but could "search URL words" thus a link would contain a series of words such as "young teenage model" to get to one level (of Korean Models wearing swim suits etc). And more links with even more suggestive names like "pre teenage model" from that page to the next level down and so on. From what I was told by an LEO none of the pictures on the site actually contained under age girls let alone naked pictures, in fact the pictures apppear to have been stolen on mass from a model agency site in Korea. However the images at the lowest levels with very explicit link names contained images with embeded malware that resulted in a root kit being put onto any MS machine that accessed them.
What I was told was that the root kit looked for all image files on a users machine and "hashed" them and sent the hash and the file name back to another server (also in China). It also loaded up a mini encrypted web server that accessed a hiden directory into which it did copy very explicit and in most parts of the world illegal images.
What the LEO did not disclose was how the actual site was found and perhaps more importantly the actual purpose behind the site, that is if it was for blackmail or as a distributed repository of illegal images or other activity.
The concern with the ANUs system is that although the source of noise is random the machine measuring it isn't.
Although it's only a headline piece they do say "the results must be perfect because quantum vacuum is perfectly random" - great except for the 60hz you pickup from the wiring, the local FM station, the stuck bit in the ADC, the PC bus that drops the top bit when it gets busy.....
Hardware RNGs are just as hard as PRNG and need just as much testing
Is it better for the NSA that the public believes their capabilities are greater than they actually are, or that their capabilities are greater than the public thinks they are? Does it depend?
If these so-called honey pots really existed (which I doubt) they were terribly designed. There is an inherent contradiction between describing someone as "paranoid pedophile" and then expecting them to fall for the obvious tricks described in this thread. Anyone who fell for these honey pots weren't paranoid but rather gullible.
From what I have read lots of pedophiles have been caught using limewire or some other P2P program. There was a case in my local area last month with just that set of facts. I'm not trying to imply with the following remark that I think pedophilia is OK but let's get real: that's like shooting fish in a barrel.
That why I think most of these honey pots are FUD. The people who talk about them make exaggerated claims. If any of these web sites actually worked, they didn't catch the paranoid ones. On the contrary, they caught the ones that didn't even have the most rudimentary clue as to how the internet works.
In high school, I knew hackers who tried to justify their actions by targeting people who "deserved" whatever harm they'd do. They were commonly targeting both child porn sites and pedophiles. They racked up plenty of success with both. This was before things like Tor went mainstream. There were proxies, tools that claimed to hide your IP (but didn't), etc. that were exceedingly easy to trace.
The pedophiles are often gullible in practice, if not in person. They would get careless or get a false sense of security for accessing a "private" forum. Or they were passing "encrypted" files with "innocent-sounding names." I gave the hackers a protocol to reduce the risk of them technically receiving or distributing child porn themselves. This included manually pulling HTML of the suspected forums, but not images. (Captions said it all. They like to brag.) Additionally, I had heard FBI used hashes so the pics didn't have to be opened & recommended the same.
I don't know if any arrests or prosecutions happened. This group was more likely to torment their targets emotionally and financially. They'd also destroy the computer. One claimed to be able to remotely brick the BIOS. (I know how to do that, too, but I don't know if his method was the same.)
Well, I haven't talked to that group in a long time. Their aliases have probably changed or they grew up like I did, quiting the black hat nonsense. I think our old schemes could be modernized. However, I think Tor is overrated on this: a few hackers I talked to told me that Freenet and recently I2P is where a lot of the trades are. I don't care to verify b/c even researching that stuff can carry legal risks. I'll leave it to the FBI. ;)
Hint to Feds or cybercrime investigators: Freenet is based on Java, quite an insecure platform. It may be possible to develop an attack on Java that subverts the JVM and leaks internal Freenet information. This information or other information might be used to exploit related nodes & put all the pieces together. Or just read the plaintext as it is produced from a compromised node. Hashing & covertly time stamping the material might help in court, along with a keylogger to show solicitation.
@ aikimark and NobodySpecial
Nice link and discussion points. I'd like to add that this statement bothered me:
"Vacuum noise is one of the ultimate sources of randomness because it is intrinsically broadband and its unpredictability is guaranteed by quantum theory. Because of this, we are able to generate billions of random numbers every second."
I'd hardly say any theory in the space of theoretical physics is guaranteed. Replacements and tweaks are being made all the time about many fundamental forces. One future discovery may be that the vacuum isn't truly random or isn't random under all circumstances. As in, one might be able to change its observable properties in a certain physical location (i.e. the generator) using a manipulative technology.
This, in addition to NobodySpecial's comments, shows that the machine might give us randomness with high confidence, but not a guarantee. I prefer to combine methods together so that true randomness continues if one or more input sources fail. That could be expensive, but is justifiable if 99+% true randomness is needed.
Correct. "guarantee" is ambitious, given that quantum mechanics and QED are both theory-based science/technology, subject to change in light of new experimental results.
I posted this news article because the RNG is measuring/sampling quantum vacuum! I think that's amazing. Even more astounding, they hope to productize the technology into a package the size of a thumb drive.
Bruce, commenting here on this unbelievable tidbit you wrote about in Crypto-Gram:
"On the Friday before, at the request of the TSA, I was removed from the witness list. The excuse was that I am involved in a lawsuit against the TSA, trying to get them to suspend their full-body scanner program. But it's pretty clear that the TSA is afraid of public testimony on the topic, and especially of being challenged in front of Congress. They want to control the story, and it's easier for them to do that if I'm not sitting next to them pointing out all the holes in their position. Unfortunately, the committee went along with them."
This is astonishing. What you have to say really has to be heard and the rationale provided by the TSA is unbelievable.
The fact that you are involved in a lawsuit regarding the TSA and whole body scanners should disqualify you from testifying?
In fact, wouldn't these facts suggest that you are uniquely QUALIFIED to provide relevant testimony at the hearing?
Remove the "dis" from "disqualified" and we see what should be the obvious implications here.
Are they saying that only people with no concern about or involvement in the relevant issues should be testifying?
Actual knowledge/experience/involvement in the topic at hand disqualifies one from testifying before the committee? Really?
Wow. Security theater and now government oversight theater at its best (worst).
It gets harder to prove your identity:
@ Nick P,
"Vacuum noise is one of the ultimate sources of randomness because it is intrinsically broadband and its unpredictability is guaranteed by quantum theory. Because of this, we are able to generate billions of random numbers every second.
I get the feeling the person writing that does not quite know what they are talking about or cannot adequately communicate it (A problem that oft leads me to be ponderous in my comments ;-)
For instance we could get considerably more bits per second per dollar using different techniques (one of which being the decay of radioisotopes and miniaturised detectors).
The (supposed) "real advantage" of "vacuum noise" and similar quantum noise sources is that (in theory) not only is the bandwidth very high it is essentialy flat as well thus in effect the siignal available is without "bias".
One of the hardest parts of designing a TRNG of any quality is "to sort the wheat from the chaff" when it comes to the noise output.
Overly simplisticaly you can look at the noise output being measured in several "domains" (amplitude, time, frequency, phase, etc) and in each one of these domains the noise can be considered to consist of two parts. The first is the "truly random" signal you are looking to use that has to be seperated from the second signal which is some kind of "non random" bias.
Now ignoring for the minute the method by which the two signals are combined, there is the significant problem of removing the bias. To do it you need to "exactly model and synchronize it" otherwise you leave artifacts behind or simply move the non random "signal energy" from one domain into another.
For instance let us assume that your first step in measuring the signal in the "time domain" is to take the output of your detector and put it through a "zero crossing detector" after removing any DC offset...
Ignoring the imperfection of the detector and it's inherant "self noise" and limited bandwidth etc the logical first step for an engineer would be to remove the DC off set.
Well the normal way engineers remove a DC offset is to use a "decoupling capacitor" in series pass configuration with the signal unfortunatly this immediatly puts a frequency dependent amplitude on the resulting signal as well as a frequency dependent phase shift due to unavoidable impedance issues forming a "single pole high pass filter".
When the "high pass" problem is pointed out the next way many engineers suggest is to "recover the DC offset and then subtract it from the signal"... However there is a problem with this is that your recovered DC signal irrespective of how you do it still has a frequency component and a coresponding time/phase delay related to the effective cut off frequency.
So you end up not removing the non random DC off set in it's entirety just some of it. The remaining signal energy goes into changing the original signal timing (due to delay/phase) so it actually changes the signal you are trying to measure in the time domain.
But there is another problem "system noise" and "environment noise" removing these from your signal is well neigh impossible. And that's before you start considering "injected noise" from some external source be it a buy product of other activities (such as using electric motors, walkie talkies, mobile phones, computers, etc, etc) or an active attack on the system by an adversary.
So even if the "vacuum noise" is "guaranteed" by quantum therory, the measurment process to convert it into a real world signal is going to add bias...
So "yeah (yawn yawn) nice theory" now lets talk about a real world product in what is going to be price sensitive market...
Which brings us back to simple TRNG's where the output does contain some bias, entropy pools to store it and the use of good quality crypto algorithms to spread the entropy around on a determanistic process that is to all intents and purposes "non determanistic" to an adversary because they do not know the "secret key".
All of which can be made for a BOM of less than 10USD in suitably large volume.
"Which brings us back to simple TRNG's where the output does contain some bias, entropy pools to store it and the use of good quality crypto algorithms to spread the entropy around on a determanistic process that is to all intents and purposes "non determanistic" to an adversary because they do not know the "secret key".
All of which can be made for a BOM of less than 10USD in suitably large volume."
The highlight of your typically long post. ;)
"All of which can be made for a BOM of less than 10USD in suitably large volume."
I only wish I had a $10 TRNG BOM budget. Most products want to hear a TRNG BOM costs of single pennies. Even high dollar products expect very good results for well under 50 cents.
Another problem that is worth mentioning is the likelihood that a VERY knowledgeable adversary will modify the PCB, or maybe even the chip, to specifically undo some of the RNG bias cancellation methods implemented on chip or suppressed on the PCB (high quality caps replaced by leaky caps or Cap sizes decreased to change the power supply filter pole).
WRT to any TRNG: generating billions of random numbers per second, you have to deal with the frequency dependence of PSRR (power supply rejection rato) A good opmp has maybe 100dB rejection at 1Hz but less than 20dB rejection at 100Mhz. At multiple GhZ (i..e billions of samples per second) active electronics have very little ability to reject power supply noise. This means the noise must be passively filtered which requires multi-pole LC / RC filters. Unfortunately typical surface mount components have self resonant frequencies of around 500Mhz. (say 10nF ceramic cap with 1nH inductance s a typical component)
So even if the source is perfectly random the measurement system has many real world limitations which "shape" the TRNG output.
@B .... DHS is worried about what on the Brooklyn Bridge? They are kidding? They are not really wasting money over this really?
The BBC aired a program probing into the UK security Services (specificaly MI6 or SiS). Out of it came an extrodinary (at least for most Brits) allegation that MI6 and the CIA had kidnapped and rendition flighted a man and his wife to Libya in 2004 at the behest of the then UK Prime Minister Tony Blair MP so he could "Walk Tall" in Washington...
What makes this different is that due to the fall of Libya and the defection shortly prior to that of the Libyan security head to whom the man and his wife were delivered. The story has been confirmed not just by the statments of the man and the defectoor but also by copies of paperwork from the UK...
The journalist Simon Jenkins who works for both the BBC and Guardian has written an artical about this.
But more importantly he also mentions a crazy decision by UK Judges involved in the extradition to the US of a UK citizan for Terrorism. What beggers belief is their reasoning which is to put it politly extreamly suspect and shows signs of pandering to political whim. In esssence as far as the UK is now concerned you are a terrorist if you express simple opposition to the actions of others who hold positions in the government or security forces of any nation...
@ Clive Robinson
It's unsurprising. The US has been doing rendition for years, along with Patriot Act enemy combatant nonsense. I do recall that some journalists were put on the Do not fly list after publishing criticisms of the Bush administration. This sort of thing happens too much. It's mainly due to lack of accountability.
A) squid quipu!! K
B) I'm acquainted with a former sysadmin (also, iirc, known personally to Bruce) who was in charge of some very big pipes connecting a Major University campus to the net, and was unofficially on friendly terms with an FBI agent.
When he stumbled on clearly child-exploitive porn in the honest execution of his duties, he'd Do Lunch with the feeby and pass along sufficient hints . . .
Personally, I have no ethical problems with this behavior.
let me re-orthograph that so it gets through:
squid quipu! L♥♥♥E IT!
If you liked the linked story, you may also like Alien Registration. Spoiler alert: it's not about security.
The Harvard Political Review Online has a story that might be of some interest.
It's titled "The End of Cryptanalysis" and is in part about the claim that the NSA can break AES,
Oh and it mentions Bruce and this blog :)
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.