Schneier on Security

Clive Robinson • August 22, 2012 3:32 AM

@ Autolykos,

Of Law Enforcment (LE),

Now they are seriously screwed and need strict laws agains cryptography. Oh, and harsh punishments, how could I forget about those? B

Almost the first thing I thought of after reading the article (and replying to @Nick P’s post ) is “this is a warm up act for a new Crypto Law dog and pony show from the FBI et al”.

Like Bruce I’ve come to the conclusion over many years that the hard part of using crypto is rarely ever talked about, and that’s as they say in the auto industry “The nut behind the wheel” driving it along.

Yes we have theoreticaly strong algorithms but take AES for instance even before the final round candidates had been selected the practical implementations you could down load (and nearly everybody did) were flawed and broken.

Put simply one of the “requirments” for the “refrence implementations” was “speed” so they were very optomised for this and this opened up a can of worms with “timing side channels” through which the key data hemorraged. IIRC Peter Gutmann developed the first practical attack via the iAx86 cache to be shown within weeks of the final candidate selection. You can read a very indepth paper about the AES cache timing issues at http://cr.yp.to/antiforgery/cachetiming-20050414.pdf from back in 2005 which Bruce mentioned in Cryptogram. You can also have an interesting read over at Peter Gutman’s (2nd) home page, http://www.cs.auckland.ac.nz/~pgut001/

Thus the issue is how do you get the works done on high in the ivory tower of theory down to the rocks dirt and soil of the users of “common clay” every day objects of human existance? You would think it would be easy if you look at a car, telephone or even pencil sadly not. In security unlike almost every other endevor everything realy does matter even if you don’t know why (and others won’t tell you). It is said there is many a slip twix cup and lips, and in most places a little spit and polish solves the spillage problem, not so in security where like poison even the tiniest spilt drop can kill inadvertantly.

So can we make a secure smart phone or computer, in theory yes but in practice we don’t yet know enough. And this is partly due to not having the ability to measure things in a meaningfull way such that we can make comparitive tests that have meaning.

Do I think Apple has done it, lets put it this way the odds are very very much against them and so are quite a few TLA’s (though some like the DoD are very interested in improving things). Is it “kid sister proof” well that depends on the kid sister and if she knowss where to look for info/tools. Is it LEO proof, yes and no it depends on the value that the crime has both financial and political, if it’s below some bar then they won’t expend the resources to get at the data, hence the idea from the UK’s RIPA where they just jail you till you can prove a negative, as it moves the cost from the LEO’s budget to that of the courts and prison service. As for the big budget Gov TLA’s and many corporates, not a chance it’s secure against these guys.

Clive Robinson • August 23, 2012 4:35 PM

@ RichieB,

AFAIK Blackberry devices have an end-to-end encrypted tunnel to the Blackberry Enterprise Server which is typically placed on premise at the customer.

That is only true of Blackberries where the business has an “Enterprise Server” where Blaackberries are used by small businesses or individuals the “server” is run by RIM.

A lot of details leaked out a year ago due to the London 2011 Summer Riots. It appears that the UK police got to know a lot of things very quickly, probably a lot faster than the usual “Warrant Process” would alow…

It would also appear that India was not interested in business users but individuals who might be breaking “purity rules” etc. Thus it would appear to be for privacy invasion not industrial espionage or looking for what we in the west would consider criminal activity.

Clive Robinson • August 24, 2012 5:05 AM

@ RichieB,

“iPhone 4S, iPad 2 and the new iPad support is limited to jailbroken devices only.”

Hmm what an interesting statement that is.

Look at it this way LEO’s cannot “jailbreak” a device as that is “tampering with the evidence” and the phone becomes “fruit of the poisoned vine” and thus inadmisable in court (in theory).

But extra judicial (EJ) TLA’s who have no interest in going through the legal process will happily “jail break” a phone prior to gathering intel from it.

Thus the LEO’s need legislation to “compel” the owner to reveäaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, and the EJ-TLA’s need legislation or equivalent to ensure a “back door” for easy jailbreaking etc.

If I remember correctly the Communications Assistance for Law Enforcment Act (CALEA) has provision for such back doors depending on what is deamed as exchange and terminating equipment.

In the UK a phone that can do call transfer (which all mobiles/cells can do) is considered a combination of both exchange and terminating equipment thus under that view all mobiles/cells would be required under CALEA to have an LE back door. And If I remember Correctly that argument was made against Skype and other VoIP phones.

Clive Robinson • August 24, 2012 12:46 PM

@ Nick P, Wael,

The “right” way of doing that is to clone the original phone

The question is can you clone the important bits such as the partial but “secret” encryption key stored in hardware?

If not then your flash HD clone will be no closer to being unlocked than it was before.

Now I don’t “know” the internal details of the iPhone as I’ve not investigated it (as I don’t want Apples legal bods on my back) so I can only go on what others have said. And many have said that the key is “unavailable” as it’s based on a secret “stored in hardware” that is then oneway hashed with the PIN to produce the encryption key.

If this is true (and I have my doubts) then the guessing will have to be done on the original phone.

Clive Robinson • August 25, 2012 5:12 AM

@ Nick P,

I figure the guys working on this stuff are a few grades above the Mac OS X & iOS coders, yet I’m not convinced ahead of time it’s extremely well designed. Let them prove that

We are both in agreement here and as I’ve already said personaly I believe it is backdoored in some way due to CALEA requirments etc.

The problem is I don’t know enough about the design. Apple is keeping schtum on the important bits. Thus all I have to work with is information about the design as described by others and my own experiance. As others have described it the design is the equivalent of a simple IME on the external Data Bus of the CPU such that all data going to off chip storage is encrypted.

Which to be quite honest is at a low level a very awkard design due to having seperate address spaces for I/O to devices etc for control purposes so I reserve judgment on the description. It would at this very low level also make it a likely contender for security bypass etc.

But back to the point of LEO’s and data at rest and what is legislated currently. CALEA only applies to active communications from the device, not what is stored on it. I’m also aware that Apple may have “received advice” on the design as it’s the phone of choice for frontline troops on active service [1]. And as we know the NSA took a “crackberry” and did some work on it to make the “Obhamaberry” which is reputed to be secure enough for Presedential use…

The question though was not about what access a TLA or equivelent might have at any time or by an LEO when the phone is in it’s active state but, “What access does an LEO have to the data at rest?”

Which is a very limited and limiting case for LEO’s currently because they “cannot tamper with evidence” as it alows it to be excluded and the chances are the case goes with it.

So they either need the phone to have already been tampered with (jailbroken) that makes it vulnerable or some equivalent (backdoor) route to get to repeatedly try passcode guessing [2]. Also with regards the passcode we don’t know if it’s been “length limited” in some way [3]

One of my concerns as I’ve already indicated is the real quality of the entropy or guessability of the “embedded secret” [4] and if Apple keeps a record by serial number etc [5].

For instance lets say a product manufacturer needs to produce a lot of factory embeded secrets, true entropy is going to be a real issue for many reasons.

However faux or determanistic entropy is fairly easy you just use AES in CTR mode or if you are realy cheap, use the product serial number and just AES encrypt it with a “secret key”. Either way the output appears to have good entropy, but the reality is it’s easily calculated upon request without having to reveal the “secret key”.

To little is known about how the Apple embedded secret is generated to say what the security of it actually is.

But getting back to the question of LEO’s getting at data at rest without tampering, the solution if no access is seen as a problem by the legislature will be further bad legislation. There are three possible out comes to this,

1, Relaxation of evidentiary rules and laws.
2, Mandating a LEAF or equivalent.
3, Legislation to force “compulsion”.

The cheapest option for the Gov is 2, the favourite for the US private prison profitiers is 3 and 1 will inevitably spill over into other areas of evidence.

As 1 is a currrent favourit attack by various LEO’s and the judiciary appear happy to play along and 2 is problematical (Clipper Chip, CALEA debacles) and the UK got RIPA through my guess is they are going to go after 3…

[1] As I’ve said before Apple are opening a new manufacturing facility in Texas and I’ve heard rumours it’s going to eventually be “silicon up”.

[2] The fact that passcode guessing is possible tells us Apple has not done the IME design correctly already so my confidence in the design is not high.

[3] Passcodes, Passwords and Keys have been known to get either “truncated” or partialy zeroed by “implementation mistakes” due to API’s etc.

[4] History tells us that poor entropy is a major failing of many security products from Netscape all the way through to current routers generating PK certs…

[5] We know from the RSA debacle that keeping secret seeds is not unknown and may be standard practice for some US companies.

Clive Robinson • August 26, 2012 5:44 AM

@ Dan Smith,

Or am I misreading this? Does this mean all 9999 combinations can be tried on a locked ipad that i set to wipe after 10 tries

Yes and no.

No if you are trying from the standard input.

From what has been said (by others) it would appear that the count / wipe function is high up the software stack. If you can get an application onto the phone you can get around this.

The exact mechanism I don’t know it could be as simple as clearing the failed attempt counter or more complicatedly work with the APIs further down the stack thereby bypassing the counting mechanism altogether.

If you “own the CPU” then there are multiple ways to do this sort of thing.

And to be honest I’m not sure that Apple can stop the embbeded secret being read out.

If the secret can be read out by a root privileged app then there is no reason to actually do the passcode cracking on the iPhone with it’s comparativly limited power SoC CPU. You’ld put it up on a system based around GPU’s or FPGA’s or rent cloud time and do it in a very short period of time even with telephone number length passcodes.

Clive Robinson • August 27, 2012 2:16 AM

@ Dan Smith,

Some of the hardware hacks RobertT mentioned are very old and were known about back in the early days of “Cable Settop Boxes” when all memeory (apart from registers) where external to the CPU.

If you think back just a little while BIOS security in your PC relied on “battery backed RAM” simply taking the battery out, or pulling the appropriate pin header link on the Motherboard did the equivalent.

These sorts of attack are “physical” not “software” and work from the bottom of the security stack up (software is top down).

Are there ways to protect against this sort of bottom up physical attack? the simple answer is “If tampering is allowed ultimatly no”.

Hence my comments in the post above about constraints on LEO’s with “evidence tampering”. Obviously extra judicial TLA’s and well financed NGO’s such as corporations/criminals/individuals are not constrained by the judicial process unless for some reason they wish to be.

So the question is how do you “raise the bar” on physical attacks. Well the way you go about making things more dificult for the adversary is by the age old process of “encapsulation”, as seen with “strong boxes” and “safes”.

Basicaly you work on surrounding the sensitive circuits with some kind of physical barrier be it a case with specialised screws as seen on set top boxes through various metal cases that are spot welded etc. As these cases are relativly weak defencive measures modern methods usually involve various types of encapsulating plastic that set very hard, are very strong, and resistant to most types of disolving agents.

However there are several downsides,

Firstly and most importantly is it makes the manufacturing process extreamly complicated and very much more expensive. This is not just from the plant/equipment and process side, but also on the “rework” side as well. And it also adds considerable delays in the manufacturing process while the plastics set/cool/cure.

The second downside is that whilst providing quite a difficult challenge to the majority of the law abiding population as a single measure it does not add significantly to the actual security because most plastics can be fairly easily machined in some way by mechanical cutting / grinding / drilling, or by the application of heat in various forms or disolving in some quite lethal chemicals.

Thus other secondary precautions have to be made, this is usually by adding or “loading” the plastic with various particals to make mechanical machining of the plastic difficult. Thus various fillers such as quartz, carbide, carborundum and even diamond dust to quickly ware down cutting edges and soft metal dusts to clog up and bind ebrasives and serated cutting tools. Other fillers can be used to limit the effects of chemicals and crude thermal attacks.

However even these measures have their failings. For instance thermal energy can be supplied in vary precise and controled ways by a laser or even refined forms of arc/plasma cutters that provide very localised vapourisation of material without causing the bulk temprature of the plastic to rise by more than a fraction of a degree.

The partial solution to this is “active prevention”. That is the circuits remain powered and rely on disruption or detection.

The oldest form of this is to use battery backed RAM and make the supply to the RAM very vulnerable. One method is to use “hair fine” enameled wire and randomly coil it over the circuit before the plastic is added. Thus any cutting attack stands a reasonable probability of cutting the wire before the circuits under attack are exposed.

But as we know RAM can have it’s contents “frozen in place” by the use of liquid nitrogen etc so “in theory”, the unit could be cooled down and a laser used to burn down to the power connection on the RAM chip and a the hair fine wire bypassed.

All such detectors can in theory can be bypassed in similar ways all the attacker has to have is a good knowledge of how the system works and spend time practicing and refining their techniques. And as the iPhone is a.