Comments

Turk January 10, 2014 4:33 PM

A great read!

January 7, 2014
NSA Insiders Reveal What Went Wrong
http://www.huffingtonpost.com/2014/01/08/nsa-insiders_n_4562889.html

In a memo to President Obama, former National Security Agency insiders explain how NSA leaders botched intelligence collection and analysis before 9/11, covered up the mistakes, and violated the constitutional rights of the American people, all while wasting billions of dollars and misleading the public.

G January 10, 2014 5:20 PM

How to bypass Yahoo mail 2FA:

  1. Connect from your iPhone using just the old 1FA password, using the built-in Yahoo mail profile
  2. err… that’s it.

CONCERNED January 10, 2014 5:57 PM

This post is a request for Bruce Schneier to tell the readers of this blog what his opinions are regarding the security risks of using Intel’s ‘Sandy Bridge’ Chip vPro – I3 – i5 – i7 etc. with the 3G radio built into the chip.

Bruce is there any way to prevent a spy from connecting to the computer with these chips. Do you think AMD has the same type of vulnerbility.

Do you think it could be safer to use an Android Tablet with another type of chip – a non intel chip to replace the laptop.

Please give us your opinions as soon as possible, because I need to purchase a new laptop soon, and if necessary I will purchase a larger Tablet that I could also run Ubuntu Linux.

Thanks

moz January 10, 2014 6:09 PM

So Bruce; We notice that you don’t seem to be in the RSA conference list. I guess persona non grata after not having fully supported the NSA?

I guess the main questions are: Do you feel that we should be supporting the boycott? Should lack of trust extend to the kind of companies which don’t seem to take the breach seriously?

Nick P January 10, 2014 8:42 PM

NSA revelations have led many to make movie references like Enemy of the State. I rewatched it myself. All the conspiratorial thinking and pervasive surveillance brings another old movie to my mind though.

https://www.youtube.com/watch?v=c3gI9ms8Fdc

Good flick. Watching it again tonight. The kind of battle Truman faces in understanding and escaping their world is similar to what’s waiting for someone doing the same in our surveillance state. Just no movie magic to help.

Figureitout January 11, 2014 12:26 AM

Nick P
–Movie’s hilarious; hopefully it never gets that bad…then again we already have tv shows aptly named “big brother” and “real world” where people willing submit to virtually 24/7 surveillance.

OT
–Forgot to mention this when talking about a local payment system that had either failed spectacularly or was hacked. When in an Arby’s (I know fatty crap, sorry) squirting out my honey mustard to dip my grease sticks, the manager there conveniently blurted out the 4-digit “admin code” to the payment terminal while I’m literally 10ft. away. I repressed said info b/c it’s immoral but I wonder what I could’ve done w/ it and how I could get a chance to their systems.

Previously on the blog I mentioned how one system in a little VIP bar room; we wanted music and the waittress was away. Well it turned out to be connected to someone’s desktop, appeared to be the manager’s, and we could basically watch what s/he was doing, saw employee names/payment info, and s/he was listening to iTunes…how cute.

Figured you all would find that funny, just how stupidly easy security can be ruined. It’s funniest when it’s purely accidental…until someone malicious stumbles upon it.

Ok, now for the story I meant to post:
Sources: We were pressured to weaken the mobile security in the 80’s

http://www.aftenposten.no/nyheter/uriks/Sources-We-were-pressured-to-weaken-the-mobile-security-in-the-80s-7413285.html

Here’s another Defcon video on completely bypassing the laughibly weak security; I’m kind of curious and may try some of them out myself.

http://www.youtube.com/watch?v=DU8hg4FTm0g

How many engineers work at telecom companies and THIS is the best protection they can offer consumers?! Worthless.

And it makes me think about a bigger picture, which is 2-factor authentication, b/c banking fraud is in the news again over at “Crebs 0n Sekurity”; sure it’s “out of band” (not really), but trivially hackable so a well planned attack waiting for that token on a small company would be more doable than I’m comfortable with. He’s also pushing LiveCD’s again. I finally got around to trying Puppy Linux out (using it now) and I like it. Works great on my infected laptop (having eyebrow-raising issues w/ my older desktop); just have to rearrange the boot order in the BIOS. So to the new readers that haven’t tried LiveCD’s, look up BIOS key (F2, F3, F8, etc.) and go to the “Boot” options, and position CD to boot before the harddrive. Just google or DDG puppy linux (just an example one to try out), download the ISO file, download the CD burner and go at the recommended speed. Then put the disk in, and reboot. The CD takes over from there. The “newbie” slacko version of Puppy Linux has a lot of features…almost too much for me…but very user-friendly. Hopefully this helps anyone computer-illiterate; and since you know what to do it’s best to implement on a computer that is solely for banking/whatever.

Lastly, since I have a hard time really trusting any hardware that can actually do some encryption, I’m resorting to TI-graphing calculators b/c I want them air-gapped and no goddamn hidden radios on hidden freqs…Still bet there’s an easy exploit for them since it’s a popular Z80 and the security needs to come from OTP’s…not to mention the tiny computing power, small keys…I’m focused however on removing radio side channels here. It takes like 15 minutes to encrypt a 32-char HEX msg in an AES program (don’t know for sure if even right algo….). Any way, for the math geeks out there wanting some approachable cryptography w/ their calculators, check it out: http://www.ticalc.org/pub/83plus/basic/programs/encryption/

Simon January 11, 2014 6:22 AM

@mrme
That guy writes horribly, I mean it’s less than I would expect from a high school term paper.

moz January 11, 2014 7:21 AM

@Figureitout;

The actual cipher isn’t really an interesting discussion at this point. GSM came from an era when there were strict export controls on cryptography and the weakening was pretty explicit; the standard even has the correct parts for fixing the problem (for future phones) by simply adding a new cipher:

What is interesting comes in the second part: “The encryption can be turned off”. There are a bunch of things around this

  1. why is the cryptography not done end to end where possible?
  2. why didn’t the phone verify the network (as it does in UMTS/3G)?
  3. why are temporary verification secrets and keys sent GSM network to GSM network unencrypted?
  4. why is the customer never informed of the current encryption status (e.g. with a coloured padlock icon)?

Some of those design choices can be put down to laziness and cost saving, however for example doing end to end decryption from GSM phone to GSM phone and only decrypting at the network border when sending out to PSTN would a) be simpler and cheaper and b) be much more secure. If small changes were made to the current design then this could even be done in a way which would allow “lawful interception” inside the network without much difficulty, so the excuse about having to monitor criminals doesn’t make much sense either, however that would increase costs for someone who wanted to do mass monitoring.

This is not nearly “the best protection they can offer”. This is “the best protection they are allowed to offer”. It seems that it’s another case where a large amount of economic damage and risk has been imposed on everyone in order to make systematic mass spying easier for a small group of our elite “spymasters”.

Jacob January 11, 2014 7:40 AM

@CONCERNED – although you specifically addressed Bruce, please let me chime in:
The 3G function is not a fully operational self-contained radio module inside the Intel CPU. It is a radio sub-module as a part of the vPRO technology. The vPRO technology requires both an appropriate chipset and suitable CPU to allow remote management and signage. In addition, it requires a specific Intel LAN chipset, and normally you pay extra for such capabilities.
Also, you need to enable the vPRO in the BIOS, and run the AMT (Active Management Technology) drivers to make the vPRO sing, and it is up to you whether to do these or not.

Now for the radio. Traditionally, the vPRO technology supported only ethernet connectivity. Lately Intel added a 3D sub-section for cellular management to selected CPU/Chipset models. Having a vPRO enabled laptop that would support both the normal LAN management (normal op) and the new 3G management would require, for the latter, to have some RF support circuitry (at the minimum a chip antenna) outside the Intel devices – otherwise the transmission range would be minimal.

If you plan to connect your laptop to the internet via LAN, then the fact that there is a radio sub-module in the CPU is irrelevant – the vPRO can operate (if you enable the relevant BIOS switch and run the AMT drivers, that is) via the wires/WiFi, and any possible security compromise could come through this.
If this is an air-gapped device, then you don’t need the vPRO management – just flip the vPRO BIOS section off and don’t run the AMT drivers.
Your computer would be as secured as a non-vPRO model.

The only concern I can see is if you need the vPRO technology for an isolated LAN operation, without an internet connection, and you are concerned that the radio section will be active too.

Frederick J.Ide January 11, 2014 9:36 AM

Regarding the above entry by Turk (NSA Insiders Reveal What Went Wrong)— beside the video–the memo itself is on the net and I think everybody should read it and help get it out on the news.
Cryptome has a copy as do other sites. I believe this document has the power to perhaps save this country–If it gets the public behind it!!
FJI

Frederick J. Ide January 11, 2014 9:38 AM

Regarding the above entry by Turk (NSA Insiders Reveal What Went Wrong)— beside the video–the memo itself is on the net and I think everybody should read it and help get it out on the news.
Cryptome has a copy as do other sites. I believe this document has the power to perhaps save this country–If it gets the public behind it!!
FJI

CONCERNED January 11, 2014 9:58 AM

Thanks Jacob.

I work in finance and travel a lot in the US and worry about data on my laptop.

I currently have a Macbook Air which has been great for how I use it but it has been dropped to many times and I need to buy a new computer.

I would like to get a new Macbook Air with the i7 chip but after reading about the Intel vPro chip with the 3G radio backdoor I went to Intel’s web site and watched the video about how someone could use the 3G backdoor to communcate with a computer even if it is turned off. Very scary.

I currently use both a Verizon and At&T portable hotspot wifi devices to connect to the internet and also use public wifi.

All my data is encrpted but according to what I have read the vPro 3G radio chip could enable a hacker to capture my password and steal my data.

I have not seen any laptops without Intel chips that I like. I have also read the AMD chips may have backdoors.

I am researching android tablets as a possible replacement for my Macbok Air, and I have read that I could also install Ubuntu Linux on an Android tablet or phone side by side with Android.

I am familure with ubuntu because I use it on my home desktop.

I would appreciate any suggestions that you and the other readers can offer me, and I hope that Bruce will offer his opinions also.

Thanks.

J Taylor January 11, 2014 11:57 AM

@Figureitout:

Sources: We were pressured to weaken the mobile security in the 80’s
http://www.aftenposten.no/nyheter/uriks/Sources-We-were-pressured-to-weaken-the-mobile-security-in-the-80s-7413285.html

from the article:



Audestad says that the British were not very interested in having a strong encryption. And after a few years, they protested against the high security level that was proposed.

One of them is Peter van der Arend from Netherlands. He tells Aftenposten how he «fought» with the British about this case – especially in a meeting in Portugal.

– The British argued that the key length had to be reduced. Among other things they wanted to make sure that a specified Asian country should not have the opportunity to escape surveillance.

It wouldn’t surprise if real reason Brits wanted a short key length is to be able to spy on anyone they want. After all that is probably one of their attempts to keep some of the old authority they had a century ago.

Best choice would be to kick UK out of EU, to begin with. Let them join Amerika.

Me-oh January 11, 2014 2:14 PM

@CONCERNED

Avoid Android as that is a security and privacy nightmare. To be fair though all the major OS are security nightmares. You can install Ubuntu on some tablets BUT you normally lose the touch function. If you are serious about Ubuntu on a tablet explore these pages:

http://wiki.ubuntu.com/Touch

If you are really serious and do not care about the touch function use Puppy Linux.

Zaphod January 11, 2014 3:16 PM

@J Taylor.

Ha ha ha… please kick them out. Ha ha ha.

Not that it will make any difference to their surveillance capabilities.

Z.

Skeptical January 11, 2014 4:01 PM

Speculation that the US disclosed the presence of a small number of personnel in Somalia because they suspected such information might soon be reported from documents taken by Snowden, from Lawfare

Not sure I agree with it. Details about the Defense Intelligence Agency’s assessment that Snowden took 1.7 million files, most relating to non-NSA military operations, remain non-existent. I’d like to know how confident the DIA is in its assessment, and, if possible, at least a general description of the methodology that allowed it to assess its confidence level.

I can think of several good reasons why the reports of the DIA assessment should be doubted (for one, they come from two Congressmen with reason to exaggerate such assessments), but also several good reasons why it might be accurate.

Snowden should seize this moment to provide clarity on what he took. Providing clarity on what he took would not permit the US Government to cover up tracks; it would actually impel faster disclosure. However, certain journalists would also lose exclusives as some programs were disclosed by the government.

Such clarity would also aid in attempts for leniency, and would significantly impact public opinion as a good faith effort to limit unnecessary damage. It would also not allow opponents of reform to distract from the issues by questioning Snowden’s intentions.

Nothing can be done for him from a leniency vantage unless he takes steps to close off some of the potential, and actual, unnecessary damage. And such steps would help focus the public discussion, and the effort for reform, by settling questions of Snowden’s intentions.

The only people who stand to lose from Snowden taking these small steps are those who benefit from their exclusive access to information he acquired.

Ultimately, for Snowden to bring this to a resolution for himself, I think he’ll need to simultaneously work to limit unnecessary damage while maintaining focus on the controversial programs he’s leaked. If he can do that, and show the public that’s what he’s doing, effectively, then he may eventually end up with a significant but not crushing prison sentence, and a very vivid, well-compensated life as an activist.

I don’t think it will be easy for him to do. There will be a lot of interests arrayed against such a move; and it would involve additional, significant self-sacrifice. But it’s the only viable endgame I see.

Figureitout January 11, 2014 4:05 PM

moz
What is interesting comes in the second part: “The encryption can be turned off”.
–Yeah, that’s what was for me too. What’s the point of calling it a 64-bit key w/ 10 zeros at the end? The coercion of engineers working on it and how simply it can be bypassed. How many people communicate private info over a cell phone “out the box” w/ a service provider?

The more I look at it, it’s absolutely atrocious. But I’ve already isolated myself enough so I need a phone # people can call…

Here’s this too:

    Cell phone tracking costs as little as $0.04 an hour, say privacy researchers

http://www.digitaltrends.com/mobile/cell-phone-tracking-costs-little-0-04-hour-say-privacy-researchers/

J Taylor
–We need a better system. An entire overhaul. 3G, 4G, SucksG. It all sucks.

tz January 11, 2014 5:09 PM

peephole that would trade a little liberty for a little security deserve neither.

I would note there is a “National Security Agency”, but no “National Liberty Agency”.

Clive Robinson January 11, 2014 7:04 PM

@ Figureitout,

With regards GSM ISDN and POTS “backdoors” to alow servailance I’ve given the story before, having been involved with the process.

Firstly you have the perhaps akward fact to accept that the US intel agencies are neither the brightest or best and have always been behind the curve on “tricks of the trade”, what they specialise in is “mass production” and “funding”, not “finesse”. Britain has traditionaly been the led the way, due to having very limited physical and financial resources, but the reality is the real inovators are criminals who don’t “play at stealing” because it’s their living. Some criminal organisations are more security concious than the best of governments and terrorists. For instance it was the “mafia” who designed and placed electronic surveilance on atleast one of the US TLA’s long befor it was the other way around. And history shows that during prohibition the “gangsters” were running very effective intel operations against the authorities at all levels from the Whitehouse down.

The reason for this is quite simple “Government service does not pay untill you get your pension” and “Crime does not have pension benifits because you never retire”. Crime be it direct illegal activities or skating on the edge activities of busines, generaly pays better than government service ever will. And at the end of the day the brightest and best minds want recognition, money or power, or some combination thereof, it’s why we have “Brain Drains” etc, and why the NSA amongst others can not get the staff it wants.

The British have always been “outsiders” to their nearest neighbours on the continent and for various reasons ended up with an Empire it neither wanted or could aford, which made it a target for some of the continentals at one time or another (historical point – it’s the actions of the French not the British which gave rise to the situation that led to American Independance and later it was the French via Napolean that alowed America to invade Canada and after Britain and other nations had finaly nailed Napolean, Britain helped kick America back out of Canada and then kick the American president out of the presidential palace, and gut it with fire, which is why after painting over the burn marks it’s now called “The Whitehouse”). Thus Britain from before Henry VIII had some of the best spies and inteligence networks in Europe, until Victoria supposadly spiked some of them.

During WWI and WWII a model of industrial war and inteligence came into being, Britain produced the ideas and the US the manufacturing. After WWII Britain was bankrupt, and contrary to what was belived by many at the time was not “enjoying the riches of Empire”, the only assets it had was in the heads of it’s engineers and scientists. Unlike the US that actually expanded it’s intel organisations after WWII, Britain savagly cut it’s intel services down to MI5(home), MI6(foreign), and the signals services of DWS, MI8 and GCHQ. Most of those who left returned to their pre-war activities and provided the brains behind much of the inovation that due to resources and political threat of ‘lend lease’ ended up in the US, as did many of the brains.

MI5 after an initial shaky start embraced technical intel gathering in both survailance and antisurvailance techniques. Because contrary to what is portrayed the Russian’s were (and still are) running rings around all western nations intel services.

MI5 had it’s own “Special Relationship” through the “Post Master General” with the General Post Office (GPO) that much later became British Telecom and later just BT. For various reasons the GPO became the world leaders in “Digital Telephony” and it’s System-X was the forerunner and major technical input to ISDN and SS7 which underpined amongst other things GSM. MI5 needed the special relationship with the GPO not just for “tapping telephones” but also relaying the audio from many other covert bugging devices back to the various intel centers where it was processed. All this work was carried out by the “Secret Squirrels” who were “Post Office Engineers” who had been “vetted” to do Secret Work.

The MI5-GPO special relationship was as with other relationships MI5 had two way, therefor they became clearly aware of just what effect the future of digital telephony would have on their counter espionage activities(ie what we now call “going dark”). Thus as the GPO was the technical lead for digital telephony MI5 ensured all technical negotiations for standards were done through them one way or another to ensure “backdoors” were put into all national and international standards.

I’ve seen this in progress first hand and have commented on it on this blog a number of times in the past well prior to Wikileaks and Ed Snowden revelations.

When what the NSA had been doing to standards was “released to the world” I was very very surprised that no journalist pointed out it’s what the UK had been doing for years or the term for it “finessing” is a peculiary British word which comes from playing contract bridge a card game that is again peculiar in many ways to upper/middle class British intelegensia found around the old Universities like Cambridge and Oxford where the intel services used to recruit their personel.

The fact that the NSA actually “ham fisted” not “finnesed” it’s standard perverting activities with NIST is a major indicator of a problem within the NSA and much US intel thinking, it’s the “Sledge-hammer” aproach of over confidence due in the main to having a way to large budget, which makes the “brut-force” method of throwing money not brains at a problem the dominent thought process. Thus we see the issues of “buying in zero days” and “outsourcing activities” to contractors at all levels.

That said if you ever attend international standards processess you will see the other 5Eyes nations representatives “playing tag” via “landing zones” etc to “sell a dummy” to get the required backdoors past other national representatives. Usually promoted as a “safety”, “test” or “availability/reliability” feature. Usually it’s more subtal than the US requirment to have GPS in every phone or a CALEA interface, and thus frequently does not apear on the radars of privacy organisations.

jeff January 11, 2014 9:02 PM

My friend and her partner recently returned from a trip to New York, on both the inbound and outbound journey which included a stopover in LA they received boarding passes with TSA pre check printed on them. I fail to understand how this could have happened being that they are both non US citizens who have never signed up to or paid for the TSA pre check program which anyways is only open to US citizens…. ?

not now January 11, 2014 10:43 PM

Google DARPA narrative control
Same guys gave us TIA…now implemented by NSA after being de funded by congress as dangerous to democracy.

Figureitout January 11, 2014 11:23 PM

Clive Robinson
–Sure criminals may be inventive in the short term, but what about the damage from their actions on others who may be on the cusp of a breakthru? What about the wasted time now w/ all the security procedures? As far as hacking, I really don’t mind it if they leave a funny sign that I’ve been hacked (happened quite a few times), but it’s the malicious persistence hacking all my computers and destroying components that crosses a line to potential retaliation.

I’m not going to comment anymore on the intelligence of US intel agents as frankly I’m sick of them being near me. They live in my neighborhood and the cables from my house are open, exposed, and tapped, so I guess I’m stuck w/ them for a while. I’m not attacking them obviously so they can find my tricks and they seem to enjoy ganging up on a single individual living in his parent’s basement; sure hope it’s an appropriate use of resources. I purged my entire global network b/c it was infected; I don’t care I only need a single girl, preferably an engineer/scientist. Besides my grandmother nearing death and financial issues; I really want to come up w/ a new circuit or even better a “basic” component. There must be more. The transistor isn’t that old at all and it was a revolutionary component. My dad recently showed me his original oscillator design (that didn’t look very complicated) that went into 30 million tvs; apparently his dad was pretty proud of that…what have I invented? Jack-sh*t; and I don’t want my ideas stolen and I don’t even have anywhere secure to work. He had the luxury of growing up in the country where you can do anything you want basically and let the creativity flow (I think I study better there and cut off internet, only to download papers/software).

Now having said all that personal stuff, do you ever feel guilty having done the work you did? Do you feel like it was the best use of your talents? Do you ever feel used? Sorry I figure I better ask b/c who knows maybe your next trip the hospital will be your last…

FBI DISINFO January 12, 2014 12:17 AM

Those articles about the feds not being able to ID someone using Hot Spot Shield are bullwhack. It is easy to unmask a Hotspot user with Flash. I used Hotspot shield all week. when i went to the site http://www.whatsmyip.org to see if my IP was masked, the proxy IP showed up. Now the scary part.
When i click on a new tab for Firefox, my browser history is visible – guess what shows up: a screen capture of the http://www.whatsmyip.org AND my REAL IP ADDRESS.

DONT use that product if you are seriously privacy concerned, use your neighbors WIFI

Clive Robinson January 12, 2014 4:03 AM

@ Figureitout,

    Now having said all that personal stuff, do you ever feel guilty having done the work you did?

My career –if you can call it that– has jumped from place to place and the bulk of it has been about keeping people safe and making things more robust in various ways, my regrets in that area are the usual hindsight ones of “with what I now know I could have done it better”. Even when doing FMCE stuff my regrets are “could have done better”. As for my “wearing the green” it was interesting but again it was mainly about protecting people and their communications from others hostile to them. Other “gov work” I did was during the hight of the “cold war” and European terrorism was very real and an ever present threat to life and limb. I chose to work on the anti or counter side of technology –it’s way more interesting– for a couple of reasons, firstly it is defensive as opposed to offensive technology, secondly you have to know way more about threats and the way they work than those creating or using offensive technology. Look at it this way making explosive devices is fairly simple finding and dismantaling them after they’ve been armed is not, especialy if the attacker has built in extras to stop you doing so, developing tech to protect those who are targeted by the attacker is saving lives. These days I don’t work in those areas either the need for them declined significantly in the 90’s and only got an upswing since GWB kicked off the current “war on terror”. It’s clearly nothing of the sort and what was only defensive tech has been weaponised and loaded into offensive not defensive systems, not because there is a need for it but because various Gov’s are throwing money at the idea.

However as has been observed about various creatures “they don’t change their spots”, and once you know a beast spotting it’s spore is almost sub concious. It’s that way with the intel game. Having long ago thought up anti-survaillance systems and techniques you can only do that if you realy “know the beast” you are defending against. And as I’ve said before being an uninvolved bystander who has had the training etc you can spot people being followed by the behaviour of those doing the following. Likewise you can spot the foot prints of the intel agencies in standards because there are only so many ways they can do it, you don’t have to be “on their team” or anybody elses. As I keep saying technology is agnostic, it’s the brain of the user that decides the use. Also all forms of “testing” are equally methods of “surveillance” because that is what testing is, likewise all forms of “safety” are methods of constraint, repression and correction because that is what they are.

Further you can see what the intel agencies are upto because they are to obvious, and sometimes you can think of better ways of achiving the same goal in better and more subtal ways, if you have a “fine sense of hinky thinking”. And perhaps more importantly you can also see how to use subtle against obvious. As I’ve indicated the intel agencies nolonger attract “the brightest or best”, and the lack of finesse shows to even those without knowledge of the beast.

As for,

    Do you feel like it was the best use of your talents?

To answer that you first have to define what you mean by “best” because it means very different things to different people. But that aside, what you do or can do is defined by your environment rather more than most would care to admit. So perhaps if the question was “have you done the best you were alowed to do with your talents?” you can see why logicaly the answer to the original question is always going to be “no” from an honest persons perspective.

Likewise with,

    Do you ever feel used?

The honest person will always answer yes.

It has been said that “people without regrets are either not human or have never lived” as we live we should be learning and thus see things in a different light. What we call “wisdom” is the phonix from the ashes of failure, more, much more is learnt from mistakes than success. It’s also the reason people say “Failure is the price of success”, “Those who fail to learn from history will be cursed to re-live it” and the dred Chinese saying/curse of “May you live in interesting times”.

Ultimatly life is about death it’s the bit before that, that maters. As long as you give back more than you take you can consider your life a success. Importantly in life it’s the little things you do that count not the big things, because it’s the little things those that are close to you remember.

Oh and remember tell only bad jokes, they make you human and everybody gets a laugh, clever jokes are either to much work to find funny or make people think you are trying to make them look stupid.

For instance “Why did the chicken cross the Mobious

Clive Robinson January 12, 2014 4:17 AM

Grurrr, a thousand curses on this smart phone…

To finish my above,

For instance,

Q: Why did the chiken cross the Mobius strip?
A: To get to the other… er… um.

Is mildly amusing to a topologist.

But are you even smiling at it, or the sentance befor this one which can also be considered a pun, how about laughing? No probably not.

beer gapped January 12, 2014 6:45 AM

In the end, NSA’s Kevin Igoe will continue co-chairing the IETF CFRG Crypto Forum Research Group despite the criticism and call for his removal.

An update on the story and links to further details is at: http://arstechnica.com/security/2014/01/nsa-employee-will-continue-to-co-chair-influential-crypto-standards-group/

As the CFRG list thread grew rather long, I link the key messages below.

The original request of removal by Trevor Perrin addressed to Lars Eggert, IRTF Chair:
http://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html

Kenvin’s own comment, where he didn’t address any of the factual issues rasied in the request of removal:
http://www.ietf.org/mail-archive/web/cfrg/current/msg03644.html

Lars Eggert’s response and decision:
http://www.ietf.org/mail-archive/web/cfrg/current/msg03736.html

Nick P January 12, 2014 10:11 AM

@ Bruce Schneier

So, you’re with a new company now. That company no doubt makes extensive use of IT & ITSEC products. The leaks you regularly share show that certain vendors have backdoors in their products and others are easy to backdoor. The discussions on your blog led to the idea of foreign sourced hardware, OS’s like OpenBSD/Linux, open routers/firmware, etc. as ways to manage such risk.

Will you recommend your company ditch closed, US hosted proprietary solutions in exchange for alternatives? Or will your company continue to use the mainstream solutions? As is or with some kind of compartmentalization?

Just curious how you would approach it.

Clive Robinson January 12, 2014 10:48 AM

@ Beer Gapped,

    In the end, NSA’s Kevin Igoe will continue co-chairing the IETF CFRG Crypto Forum Research Group despite the criticism and call for his removal

The result is as I expected.

That said Lars Eggert’s comment and decision come across quite badly. In effect “the decision was made, now here’s some justification to keep you quiet”.

Basicaly Lars has ignored the substantive claim and is ignoring the fact that even a simple secretary has very considerable power to put in a fix by minuting meetings in a slanted way, aranging meetings when major objectors will be unavailable, and by various tricks involving updating and circulating documentation.

Also a Co-Chair –irrespective of what Lars claims– he has a protected status unlike ordinary members, in that he has taken on a demanding task that few others would due to more important commitments (which is a “red flag” warning in of it’s self). Thus ailienating or removing a Co-Chair is a subject that is treated with a great deal of trepidation by those in judgment and thus are much more likely to ascribe “innocent mistakes” etc to Co-Chair actions that others find anything but mistakes.

Further this has a secondary effect in that a Co-Chair can easily become “difficult to work with” for those with differing views and most –unlike Trevor Perrin– will simply find other things to do rather than “push up hill” a pile of “fan spray” the Co-Chair hands out.

I suspect that now a number of people will do a “Trevor” at a much higher level and that such an escalation will continue untill the Co-Chair “Jumps, Falls or is Pushed”. If this is not done I can see RFC2014 getting replaced.

The board of the IETF needs to be seen to act and soon lest others form a rival standards group etc.

As has been observed befor “Ceaser’s wife is not above suspicion” and neither are IETF Co-Chairs…

Benni January 12, 2014 11:41 AM

this here is an interesting site (unfortunately in german), which has information on the nsa and cia networks and in germany and the connection to US military bases: http://www.geheimerkrieg.de/
It tells, how the agencies gather data and then use this to assasinate persons in somalia, from a drone control center of the us military in germany. Technically, obama was correct, when he said that in germany, there would be no launshing point for drone attacks. The launshing pad is in africa. But the operators that fly the drones are located in germany.

By the way, I think this is an interesting video;

http://www.youtube.com/watch?v=7oIzT6GB_l0

First, get an Iphone. then turn the localization off. If you have language settings of the phone set for german language (where the 9/11 terrorists planed their attack), or frensh, (a language spoken in many african states) , then you can ask the iphone about several religions, e.g christianity, buddism, and get a wikipedia page.

But if you are asking for informations on islam, your Iphone will refuse to answer and ask you to first put the localization feature on. Apparently, someone at apple thinks that muslims must be carefully tracked.

beer gapped January 12, 2014 11:59 AM

@ CONCERNED re. Intel vPro:

In case you don’t trust (or have no option/access to) turning off vPro from the BIOS as Jacob suggested above, there exist a few i7 cpu’s which reportedly don’t have vPro support at all. E.g. the i7-3630QM (http://ark.intel.com/products/71459) and a few other. I don’t know if any of these are an option on current Apple notebooks.

Having said this, do anybody know how and why vPro is not supported on those chips? Is the supporting logic really missing from the processor die, or is it merely disabled in a more or less permanent way? With high end laptop motherboards supporting vPro, it would be a neat hack to quietly re-enable and exploit vPro support in CPU supposedly lacking it.

Benni January 12, 2014 12:04 PM

“with ask the I-phone”, I ment siri, of course. I do not know wether the i-phone behaves similarly, if one uses arabic language settings.

Clive Robinson January 12, 2014 2:19 PM

@ Benni,

    If you use skype to exchange https internet links, then these links are shortly after visited by someone with an IP from Redmond.

IIRC this or something very similar came up a while ago and Micro$haft came up with some story or other implying it was either benign or for the users protection. Neither of which appeared to explain the observed effects.

Simon January 12, 2014 3:14 PM

Fireball incidents leapt from average few per year to hundreds per year, just in the past four years. These will grow far worse in 2014 and along with other bizarre unexplained phenomenon will affect radio communications. Reject pseudo-scientific explanations.

Bryan January 12, 2014 4:15 PM

@Simon
In all likelihood it is just that more fireballs are getting reported to the people tracking them.

Adjuvant January 12, 2014 5:16 PM

Still catching up here, so apologies if this has already been discussed, but here’s the latest communiqué from Veteran Intelligence Professionals for Sanity, signed by several leading NSA whistleblowers (Binney, Drake, Loomis, and Wiebe), discussing what went wrong at the NSA.

Simon January 12, 2014 7:16 PM

@Bryan – most definitely not. In fact, irrational sweeping dismissal is itself a phenomenon. It is quite common in the security field. Innumerable comments on this blog exemplify this. Someone reports an important noteworthy incident, then a bunch of people jump in without a shred of inquiry and without any basis, to sweep away the whole thing as “fear mongering” or “stupid users” or worse. They don’t have the foggiest idea. Imagine someone running into a pub shouting for help, everyone just sits there laughing. This is itself a growing problem in society. Contempt, scoffing, it’s worse than ever. And as far as the fireballs are concerned, that more people are reporting them doesn’t even make sense. The total number of reports is irrelevant, they are correlated into actual fireball or bolide incidents. A hundred people may witness a single event, some even catch it on video. That is a fireball. You’re saying it’s just that more people are reporting them? There are more fireballs than ever, period. Visit the AMS website and follow their investigations. If you couldn’t care less, than why did you even comment? I’m really interested to know. I see this stuff in security all the time.

Nate January 12, 2014 9:22 PM

@Simon: Hmm. From the AMS site: http://www.amsmeteors.org/fireballs/fireball-report/

467 Events found in 2005
517 Events found in 2006
591 Events found in 2007
730 Events found in 2008
701 Events found in 2009
954 Events found in 2010
1637 Events found in 2011
2151 Events found in 2012
3525 Events found in 2013

Reported events (not the same as total reports) certainly are increasing. The list of significant events, though, seems to fluctuate up and down from 2008 to 2013. If it shows an overall increase, it’s an extremely noisy one.

http://www.amsmeteors.org/fireballs/estimated-trajectories-2008-2013/

Nick P January 12, 2014 10:28 PM

It’s that time again: papers with cutting edge security tech!

Hopefully I won’t have to do this again for a while as I just went through almost a years worth of ACM and IEEE submissions. The more practical or interesting ones were filtered through to become this list. Threw in a few crypto papers so cryptogeeks can have fun too. A few really exciting pieces of work in here. Enjoy.

MinimaLT: Minimal-latency Networking Through Better
Security by Petulo et al

“Minimal Latency Tunneling (MinimaLT) is a new net-
work protocol that provides ubiquitous encryption for max-
imal confidentiality, including protecting packet headers.
MinimaLT provides server and user authentication, exten-
sive Denial-of-Service protections, privacy-preserving IP mo-
bility, and fast key erasure. We describe the protocol,
demonstrate its performance relative to TLS and unen-
crypted TCP/IP, and analyze its protections, including its
resilience against DoS attacks. By exploiting the proper-
ties of its cryptographic protections, MinimaLT is able to
eliminate three-way handshakes and thus create connections
faster than unencrypted TCP/IP.”

{Nick: Reading that abstract makes me say “hell yeah good work!”}

Anon-Pass: Practical Anonymous Subscriptions by Lee et al

“We present Anon-Pass, a protocol and system
for anonymous subscription services that allow users to anon-
ymously authenticate while preventing mass sharing of
credentials. Service providers cannot correlate users’ actions,
yet service providers are guaranteed that each account is in
use at most once at a given time.
A central tension in anonymous subscription services is
balancing a service provider’s computational resource use
with users’ desire for flexible access. Anon-Pass focuses on
practical anonymity, for example, in multi-media services,
making all accesses to different items (e.g. articles, songs)
appear to be from different users, but not decorrelating ac-
cess to different parts of the same item. This level of practical
anonymity allows Anon-Pass to provide users with flexible
service at low cost to the provider. We measure the perfor-
mance of a prototype and use it in several services including a
music streaming service and an unlimited-use subway pass.”

ASIST – architectural support for instruction set randomization by Papadogiannakis et al

“Code injection attacks continue to pose a threat to today’s computing systems, as they exploit software vulnerabilities to inject and execute arbitrary, malicious code. Instruction Set Randomization (ISR) is able to protect a system against remote machine code injection attacks by randomizing the instruction set of each process. This way, the attacker will inject invalid code that will fail to execute on the randomized processor. However, all the existing implementations of ISR are based on emulators and binary instrumentation tools that (i) incur a significant runtime performance overhead, (ii) limit the ease of deployment of ISR, (iii) cannot protect the underlying operating system kernel, and (iv) are vulnerable to evasion attempts trying to bypass ISR protection.

To address these issues we propose ASIST: an architecture with hardware and operating system support for ISR. We present the design and implementation of ASIST by modifying and mapping a SPARC processor onto an FPGA board and running our modified Linux kernel to support the new features. The operating system loads the randomization key of each running process into a newly defined register, and the modified processor decodes the process’s instructions with this key before execution. Moreover, ASIST protects the system against attacks that exploit kernel vulnerabilities to run arbitrary code with elevated privileges, by using a separate randomization key for the operating system. We show that ASIST transparently protects all applications and the operating system kernel from machine code injection attacks with less than 1.5% runtime overhead, while only requiring 0.7% additional hardware.”

Bringing Java’s Wild Native World under Control by Sun et al.

“For performance and for incorporating legacy libraries, many Java applications contain native-code components written in unsafe languages such as C and C++. Native-code components interoperate with Java components through the Java Native Interface (JNI). As native code is not regulated by Java’s security model, it poses serious security threats to the managed Java world. We introduce a security framework that extends Java’s security model and brings native code under control. Leveraging software-based fault isolation, the framework puts native code in a separate sandbox and allows the interaction between the native world and the Java world only through a carefully designed pathway. Two different implementations were built. In one implementation, the security framework is integrated into a Java Virtual Machine (JVM). In the second implementation, the framework is built outside of the JVM and takes advantage of JVM-independent interfaces. The second implementation provides JVM portability, at the expense of some performance degradation. Evaluation of our framework demonstrates that it incurs modest runtime overhead while significantly enhancing the security of Java applications.”

CipherXRay: Exposing Cryptographic Operations and
Transient Secrets from Monitored Binary Execution by Li et al

“To enable more effective malware analysis, forensics and
reverse engineering, we have developed CipherXRay – a novel
binary analysis framework that can automatically identify and
recover the cryptographic operations and transient secrets from
the execution of potentially obfuscated binary executables. Based
on the avalanche effect of cryptographic functions, CipherXRay
is able to accurately pinpoint the boundary of cryptographic
operation and recover truly transient cryptographic secrets
that only exist in memory for one instant in between multi-
ple nested cryptographic operations. CipherXRay can further
identify certain operation modes (e.g., ECB, CBC, CFB) of the
identified block cipher and tell whether the identified block cipher
operation is encryption or decryption in certain cases.
We have empirically validated CipherXRay with OpenSSL,
popular password safe KeePassX, the ciphers used by malware
Stuxnet, Kraken and Agobot, and a number of third party
softwares with built-in compression and checksum. CipherXRay
is able to identify various cryptographic operations and recover
cryptographic secrets that exist in memory for only a few
microseconds. Our results demonstrate that current software
implementations of cryptographic algorithms hardly achieve any
secrecy if their execution can be monitored.”

Certified Computer-Aided Cryptography: Efficient Provably
Secure Machine Code from High-Level Implementations by Almeida et al

“We present a computer-aided framework for proving con-
crete security bounds for cryptographic machine code imple-
mentations. The front-end of the framework is an interac-
tive verification tool that extends the EasyCrypt framework
to reason about relational properties of C-like programs ex-
tended with idealised probabilistic operations in the style
of code-based security proofs. The framework also incor-
porates an extension of the CompCert certified compiler to
support trusted libraries providing complex arithmetic cal-
culations or instantiating idealized components such as sam-
pling operations. This certified compiler allows us to carry
to executable code the security guarantees established at the
high-level, and is also instrumented to detect when compi-
lation may interfere with side-channel countermeasures de-
ployed in source code.
We demonstrate the applicability of the framework by ap-
plying it to the RSA-OAEP encryption scheme, as standard-
ized in PKCS#1 v2.1. The outcome is a rigorous analysis
of the advantage of an adversary to break the security of as-
sembly implementations of the algorithms specified by the
standard. The example also provides two contributions of
independent interest: it bridges the gap between computer-
assisted security proofs and real-world cryptographic imple-
mentations as described by standards such as PKCS,and
demonstrates the use of the CompCert certified compiler in
the context of cryptographic software development.”

Countering Intelligent Jamming with Full Protocol
Stack Agility by Corbett et al
{IEEE members only}

“This project aims to create a moving-target
in the network protocol stack, specifically focused on
mitigating intelligent jamming (IJ) attacks. An intelli-
gent jamming technique goes beyond applying brute-
force power at the physical link and instead exploits
vulnerabilities specific to protocols or configurations. An
IJ-equipped attacker that can gain a foothold into a
network by understanding and exploiting vulnerabilities
can operate with a much lower chance of detection and
a much more highly targeted impact on the network.
For example, one intelligent jamming technique exploits
MAC layer packet structure to selectively jam packets
originating from or destined to a specific user. This work
attempts to introduce protocol agility at all layers of the
stack to make such protocol driven attacks infeasible. Our
prototype counter-intelligent jamming (CIJ) system lever-
ages software-defined radio (SDR) and software-defined
networking (SDN) technologies that make this approach
feasible. SDRs are based on implementing communication
algorithms in software as close to the RF signal as possible.
SDRs are used for protocols like modulation and coding
at the physical and data link layers. SDN provides an
interface and abstractions allowing software definition of
network forwarding behavior such as routing. We use
the SDR/SDN combination to enable a holistic approach
that applies a variety of moving-target defenses across the
network stack.”

Demo: Inherent PUFs and Secure PRNGs on
Commercial Off-the-Shelf Microcontrollers by Herrewege et al
{ACM members only}

“Research on Physically Unclonable Functions (PUFs) has
become very popular in recent years. However, all PUFs
researched so far require either ASICs, FPGAs or a micro-
controller with external components. Our research focuses
on identifying PUFs in commercial off-the-shelf devices, e.g.
microcontrollers. We show that PUFs exist in several off-the-
shelf products, which can be used for security applications.
We present measurement results on the PUF behavior
of five of the most popular microcontrollers today: ARM
Cortex-A, ARM Cortex-M, Atmel AVR, Microchip PIC16 and
Texas Instruments MSP430. Based on these measurements,
we can calculate whether these chips can be considered for
applications requiring strong cryptography.
As a result of these findings, we present a secure bootloader
for the ARM Cortex-A9 platform based on a PUF inherent to
the device, requiring no external components. Furthermore,
instead of discarding the randomness in PUF responses, we
utilize this to create strong seeds for pseudo-random number
generators (PRNGs). The existence of a secure RNG is at
the heart of virtually every cryptographic protocol, yet very
often overlooked. We present the implementation of a strongly
seeded PRNG for the ARM Cortex-M family, again requiring
no external components.”

DNS for Massive-Scale Command and Control by Xu et al

“Attackers, in particular botnet controllers, use stealthy messaging systems to set up large-scale command and control. To systematically understand the potential capability of attackers, we investigate the feasibility of using domain name service (DNS) as a stealthy botnet command-and-control channel. We describe and quantitatively analyze several techniques that can be used to effectively hide malicious DNS activities at the network level. Our experimental evaluation makes use of a two-month-long 4.6-GB campus network data set and 1 million domain names obtained from alexa.com. We conclude that the DNS-based stealthy command-and-control channel (in particular, the codeword mode) can be very powerful for attackers, showing the need for further research by defenders in this direction. The statistical analysis of DNS payload as a countermeasure has practical limitations inhibiting its large-scale deployment.”

DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows by Cheng et al

“Most commodity peripheral devices and their drivers are geared to achieve high performance with security functions being opted out. The absence of strong security measures invites attacks on the I/O data and consequently posts threats to those services feeding on them, such as fingerprint-based biometric authentication. In this article, we present a generic solution called DriverGuard, which dynamically protects the secrecy of I/O flows such that the I/O data are not exposed to the malicious kernel. Our design leverages a composite of cryptographic and virtualization techniques to achieve fine-grained protection without using any extra devices and modifications on user applications. We implement the DriverGuard prototype on Xen by adding around 1.7K SLOC. DriverGuard is lightweight as it only needs to protect around 2% of the driver code’s execution. We measure the performance and evaluate the security of DriverGuard with three input devices (keyboard, fingerprint reader and camera) and three output devices (printer, graphic card, and sound card). The experiment results show that DriverGuard induces negligible overhead to the applications.”

Efficient User-Space Information Flow Control by Niu and Tan

“The model of Decentralized Information Flow Control (DIFC [17])
is effective at improving application security and can support rich
confidentiality and integrity policies. We describe the design and
implementation of duPro, an efficient user-space information flow
control framework. duPro adopts Software-based Fault Isolation
(SFI [22]) to isolate protection domains within the same process. It
controls the end-to-end information flow at the granularity of SFI
domains. Being a user-space framework, duPro does not require
any OS changes. Since SFI is more lightweight than hardware-
based isolation (e.g., OS processes), the inter-domain communica-
tion and scheduling in duPro are more efficient than process-level
DIFC systems. Finally, duPro supports a novel checkpointing-
restoration mechanism for efficiently reusing protection domains.
Experiments demonstrate applications can be ported to duPro with
negligible overhead, enhanced security, and with tight control over
information flow.”

Gadge Me If You Can Secure and Efficient Ad-hoc Instruction-Level Randomization
for x86 and ARM by Davi et al

“Code reuse attacks such as return-oriented programming are
one of the most powerful threats to contemporary software.
ASLR was introduced to impede these attacks by dispersing
shared libraries and the executable in memory. However, in
practice its entropy is rather low and, more importantly, the
leakage of a single address reveals the position of a whole li-
brary in memory. The recent mitigation literature followed
the route of randomization, applied it at different stages such
as source code or the executable binary. However, the code
segments still stay in one block. In contrast to previous
work, our randomization solution, called XIFER, (1) dis-
perses all code (executable and libraries) across the whole
address space, (2) re-randomizes the address space for each
run, (3) is compatible to code signing, and (4) does neither
require offline static analysis nor source-code. Our proto-
type implementation supports the Linux ELF file format
and covers both mainstream processor architectures x86 and
ARM. Our evaluation demonstrates that XIFER performs
efficiently at load- and during run-time (1.2% overhead).”

HyperCheck: A Hardware-Assisted Integrity
Monitor by Wang et al

“The advent of cloud computing and inexpensive multi-core desktop architectures has lead to the widespread
adoption of virtualization technologies. Furthermore, security researchers embraced virtual machine monitors (VMMs) as a new mechanism to guarantee deep isolation of untrusted software components, which coupled with their popularity promoted VMMs as a prime target for exploitation. In this paper, we present HyperCheck, a hardware-assisted tampering detection framework designed to protect the integrity of hypervisors and operating systems. Our approach leverages System Management Mode (SMM), a CPU mode in x86 architecture, to transparently and securely acquire and transmit the full state of a protected machine to a remote server. We have implement two prototypes based on our framework design: HyperCheck-I and HyperCheck-II, thatvary in their security assumptions and OS code dependence. In our experiments, we are able to identify rootkits that target the integrity of both hypervisors and operating systems. We show that HyperCheck can defend against attacks that attempt to evade our system. In terms of performance, we measured that HyperCheck can communicate the entire static code of Xen hypervisor and CPU register states in less than 90 million CPU cycles, or 90 ms on a 1 GHz CPU.”

Muen – An x86/64 Separation Kernel for High Assurance 2013 Buerki and Rueegsegger

“A separation kernel (SK) is a specialized microkernel that provides an execution environment
for multiple components that can only communicate according to a given policy and are otherwise
isolated from each other. Hence, the isolation also includes the limitation of potential side- and
covert channels. SKs are generally more static and smaller than dynamic microkernels, which
minimizes the possibility of kernel failure and should ease the application of formal verification
techniques.
Recent addition of advanced hardware virtualization support for the Intel x86 architecture
has the potential of greatly simplifying the implementation of a separation kernel which can
support complex systems.
This thesis presents a design of a separation kernel for the Intel x86 architecture using the
latest Intel hardware features. An open-source prototype written in SPARK demonstrates the
viability of the envisioned concept and the application of SPARK’s proof capabilities increases
the assurance of the correctness of the implementation.”

PICCO: A General-Purpose Compiler for Private
Distributed Computation by Zhang et al

“Secure computation on private data has been an active area of re-
search for many years and has received a renewed interest with
the emergence of cloud computing. In recent years, substantial
progress has been made with respect to the efficiency of the avail-
able techniques and several implementations have appeared. The
available tools, however, lacked a convenient mechanism for im-
plementing a general-purpose program in a secure computation
framework suitable for execution in not fully trusted environments.
This work fulfills this gap and describes a system, called PICCO,
for converting a program written in an extension of C into its dis-
tributed secure implementation and running it in a distributed envi-
ronment. The C extension preserves all current features of the pro-
gramming language and allows variables to be marked as private
and be used in general-purpose computation. Secure distributed
implementation of compiled programs is based on linear secret
sharing, achieving efficiency and information-theoretical security.
Our experiments also indicate that many programs can be evaluated
very efficiently on private data using PICCO.”

PHANTOM: Practical Oblivious Computation
in a Secure Processor by Maas et al

“We introduce Phantom , a new secure processor that ob-
fuscates its memory access trace. To an adversary who can
observe the processor’s output pins, all memory access traces
are computationally indistinguishable (a property known as
obliviousness). We achieve obliviousness through a crypto-
graphic construct known as Oblivious RAM or ORAM. We
first improve an existing ORAM algorithm and construct an
empirical model for its trusted storage requirement. We then
present Phantom, an oblivious processor whose novel mem-
ory controller aggressively exploits DRAM bank parallelism
to reduce ORAM access latency and scales well to a large
number of memory channels. Finally, we build a complete
hardware implementation of Phantom on a commercially
available FPGA-based server, and through detailed exper-
iments show that Phantom is efficient in both area and
performance. Accessing 4KB of data from a 1GB ORAM
takes 26.2us (13.5us for the data to be available), a 32×
slowdown over accessing 4KB from regular memory, while
SQLite queries on a population database see 1.2 − 6× slow-
down. Phantom is the first demonstration of a practical,
oblivious processor and can provide strong confidentiality
guarantees when offloading computation to the cloud.”

OASIS: On Achieving a Sanctuary for Integrity and Secrecy
on Untrusted Platforms by Owusu et al

“We present OASIS, a CPU instruction set extension for ex-
ternally verifiable initiation, execution, and termination of
an isolated execution environment with a trusted computing
base consisting solely of the CPU. OASIS leverages the hard-
ware components available on commodity CPUs to achieve
a low-cost, low-overhead design.”

Monitor Integrity Protection with Space Efficiency and
Separate Compilation by Niu and Tan 2013

“Low-level inlined reference monitors weave monitor code into a
program for security. To ensure that monitor code cannot be by-
passed by branching instructions, some form of control-flow in-
tegrity must be guaranteed. Past approaches to protecting moni-
tor code either have high space overhead or do not support sepa-
rate compilation. We present Monitor Integrity Protection (MIP),
a form of coarse-grained control-flow integrity. The key idea of
MIP is to arrange instructions in variable-sized chunks and dynami-
cally restrict indirect branches to target only chunk beginnings. We
show that this simple idea is effective in protecting monitor code
integrity, enjoys low space and execution-time overhead, supports
separate compilation, and is largely compatible with an existing
compiler toolchain. We also show that MIP enables a separate ver-
ifier that completely disassembles a binary and verifies its security.
MIP is designed to support inlined reference monitors. As a case
study, we have implemented MIP-based Software-based Fault Iso-
lation (SFI) on both x86-32 and x86-64. The evaluation shows that
MIP-based SFI has competitive performance with other SFI imple-
mentations, while enjoying low space overhead.”

{Nick: People doing projects should learn MIPS or SPARC. Just like my last list, it seems most prototypes in this one are done on those.)

Practical and Post-Quantum Authenticated Key Exchange
from One-Way Secure Key Encapsulation Mechanism by Fujioka et al
{ACM members only}

“This paper discusses how to realize practical post-quantum authen-
ticated key exchange (AKE) with strong security, i.e., CK+ secu-
rity (Krawczyk, CRYPTO 2005). It is known that strongly secure
post-quantum AKE protocols exist on a generic construction from
IND-CCA secure key encapsulation mechanisms (KEMs) in the
standard model. However, when it is instantiated with existing
IND-CCA secure post-quantum KEMs, resultant AKE protocols
are far from practical in communication complexity. We propose
a generic construction of AKE protocols from OW-CCA secure
KEMs and prove CK+ security of the protocols in the random ora-
cle model. We exploit the random oracle and instantiate AKE pro-
tocols from various assumptions; DDH, gap DH, CDH, factoring,
RSA, DCR, (ring-)LWE, McEliece one-way, NTRU one-way, sub-
set sum, multi-variate quadratic systems, and more. For example,
communication costs of our lattice-based scheme is approximately
14 times lower than the previous instantiation (for 128-bit secu-
rity). Also, in the case of code-based scheme, it is approximately
25 times lower.”

Process Authentication for High System
Assurance by Almohri et al

“This paper points out the need in modern operating system kernels for a process authentication mechanism, where a
process of a user-level application proves its identity to the kernel. Process authentication is different from process identification. Identification is a way to describe a principal; PIDs or process names are identifiers for processes in an OS environment. However, the information such as process names or executable paths that is conventionally used by OS to identify a process is not reliable. As a result, malware may impersonate other processes, thus violating system assurance. We propose a lightweight secure application authentication framework in which user-level applications are required to present proofs at run time to be authenticated to the kernel. To demonstrate the application of process authentication, we develop a system call monitoring framework for preventing unauthorized use or access of system resources. It verifies the identity of processes before completing the requested system calls. We implement and evaluate a prototype of our monitoring architecture in Linux. The results from our extensive performance evaluation shows that our prototype incurs reasonably low overhead, indicating the feasibility of our approach for cryptographically authenticating applications and their processes in the operating system.”

Sechduler: A Security-Aware Kernel Scheduler by Haghani et al
{ACM members only}

“Trustworthy operation of safety-critical infrastructures necessitates
efficient solutions that satisfy both realtimeness and security re-
quirements simultaneously. We present Sechduler, a formally ver-
ifiable security-aware operating system scheduler that dynamically
makes sure that system computational resources are allocated to
individual waiting tasks in an optimal order such that, if feasible,
neither realtime nor security requirements of the system are vio-
lated. Additionally, if not both of the requirements can be satisfied
simultaneously, Sechduler makes use of easy-to-define linear tem-
poral logic-based policies as well as automatically generated Büchi
automaton-based monitors, compiled as loadable kernel modules,
to enforce which requirements should get the priority. Our ex-
perimental results show that Sechduler can adaptively enforce the
system-wide logic-based temporal policies within the kernel and
with minimal performance overhead of 3% on average to guarantee
high level of combined security and realtimeness simultaneously.”

SHAMROCK: Self Contained Cryptography and
Key Management Processor by Utin et al
{ACM members only}

“In this poster, we describe a one-size-fits-many Intellectual
Property (IP) core which integrates advanced key management
technology and streaming encryption into a single component to
protect data in-transit.”

{Nick: something to imitate with an open design perhaps.}

THINC: A Virtual Display Architecture
for Thin-Client Computing by Barratto et al

“Rapid improvements in network bandwidth, cost, and ubiq-
uity combined with the security hazards and high total cost
of ownership of personal computers have created a growing
market for thin-client computing. We introduce THINC, a
virtual display architecture for high-performance thin-client
computing in both LAN and WAN environments. THINC
virtualizes the display at the device driver interface to trans-
parently intercept application display commands and trans-
late them into a few simple low-level commands that can be
easily supported by widely used client hardware. THINC’s
translation mechanism efficiently leverages display semantic
information through novel optimizations such as offscreen
drawing awareness, native video support, and server-side
screen scaling. This is integrated with an update delivery ar-
chitecture that uses shortest command first scheduling and
non-blocking operation. THINC leverages existing display
system functionality and works seamlessly with unmodified
applications, window systems, and operating systems.
We have implemented THINC in an X/Linux environ-
ment and compared its performance against widely used
commercial approaches, including Citrix MetaFrame, Mi-
crosoft RDP, GoToMyPC, X, NX, VNC, and Sun Ray. Our
experimental results on web and audio/video applications
demonstrate that THINC can provide up to 4.8 times faster
web browsing performance and two orders of magnitude bet-
ter audio/video performance. THINC is the only thin client
capable of transparently playing full-screen video and au-
dio at full frame rate in both LAN and WAN environments.
Our results also show for the first time that thin clients can
even provide good performance using remote clients located
in other countries around the world.”

{Nick: Thin clients can help with many security issues. Some already made to run on GEMSOS & MILS kernels. This should help their performance issue.}

Virtual Browser: a Virtualized Browser to Sandbox
Third-party JavaScripts with Enhanced Security by Cao et al

“Third party JavaScripts not only offer much richer features
to the web and its applications but also introduce new threats.
These scripts cannot be completely trusted and executed
with the privileges given to host web sites. Due to incom-
plete virtualization and lack of tracking all the data flows,
all existing approaches without native sandbox support can
secure only a subset of third party JavaScripts, and they
are vulnerable to attacks encoded in non-standard HTML/-
JavaScript (browser quirks) as these approaches will parse
third party JavaScripts independently at server side without
considering client-side non-standard parsing quirks. At the
same time, native sandboxes are vulnerable to attacks based
on unknown native JavaScript engine bugs.
In this paper, we propose Virtual Browser, a full browser-
level virtualized environment within existing browsers for
executing untrusted third party code. Our approach sup-
ports more complete JavaScript language features including
those hard-to-secure functions, such as with and eval. Since
Virtual Browser does not rely on native browser parsing
behavior, there is no possibility of attacks being executed
through browser quirks. Moreover, given the third-party
Javascripts are running in Virtual Browser instead of native
browsers, it is harder for the attackers to exploit unknown
vulnerabilities in the native JavaScript engine. In our de-
sign, we first completely isolate Virtual Browser from the na-
tive browser components and then introduce communication
by adding data flows carefully examined for security. The
evaluation of the Virtual Browser prototype shows that our
execution speed is the same as Microsoft Web Sandbox[27],
a state of the art runtime web-level sandbox. In addition,
Virtual Browser is more secure and supports more complete
JavaScript for third party JavaScript development.”

{Nick: Interesting is all I’ll say. Merits further research & evaluation before I’d speak to its security.}

librando: Transparent Code Randomization for Just-in-Time Compilers by Homescu et al
{ACM members only}

“Just-in-time compilers (JITs) are here to stay. Unfortunately, they
also provide new capabilities to cyber attackers, namely the ability
to supply input programs (in languages such as JavaScript) that will
then be compiled to executable code. Once this code is placed and
marked as executable, it can then be leveraged by the attacker.
Randomization techniques such as constant blinding raise the
cost to the attacker, but they significantly add to the burden of
implementing a JIT. There are a great many JITs in use today, but not
even all of the most commonly used ones randomize their outputs.
We present librando, the first comprehensive technique to harden
JIT compilers in a completely generic manner by randomizing their
output transparently ex post facto. We implement this approach
as a system-wide service that can simultaneously harden multiple
running JITs. It hooks into the memory protections of the target OS
and randomizes newly generated code on the fly when marked as
executable.”

Protecting Sensitive Web Content from Client-side Vulnerabilities with CRYPTONs by Dong et al.

“Web browsers isolate web origins, but do not provide direct abstrac-
tions to isolate sensitive data and control computation over it within
the same origin. As a result, guaranteeing security of sensitive web
content requires trusting all code in the browser and client-side ap-
plications to be vulnerability-free. In this paper, we propose a new
abstraction, called C RYPTON, which supports intra-origin control
over sensitive data throughout its life cycle. To securely enforce
the semantics of C RYPTONs, we develop a standalone component
called C RYPTON -K ERNEL, which extensively leverages the func-
tionality of existing web browsers without relying on their large
TCB. Our evaluation demonstrates that the C RYPTON abstraction
supported by the C RYPTON -K ERNEL is widely applicable to pop-
ular real-world applications with millions of users, including web-
mail, chat, blog applications, and Alexa Top 50 websites, with low
performance overhead.”

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks by Karlof et al

“We introduce TinySec: the first fully-implemented link layer encryption architecture for wireless sensor networks. In our design, we leveraged recent lessons learned from design vulnerabilities in… 802.11b and GSM. Conventional protocols tend to be very conservative in their security guarantees, typically only adding 16-32 bytes of overhead. With small memories, weak processors, limited energy, and 30 byte packets, sensor networks can’t afford this luxury. TinySec addresses these extreme resource constraints with careful design; we explore the tradeoffs among different cryptographic primitives and use the inherent sensor network limitations to our advantage when choosing parameters to find a sweet spot for security, packet overhead, and resource requirements. TinySec is portable to a variety of hardware and radio platforms. Our experimental results on a 36 node distributed sensor network application clearly demonstrates that software based link layer protocols are feasible and efficient, adding less than 10% energy, latency and bandwidth overhead.”

N-Variant Systems A Secretless Framework for Security through Diversity by Cox et al

“We present an architectural framework for systematically using automated diversity to provide high assurance detection and disruption for large classes of attacks. The framework executes a set of automatically diversified variants on the same inputs, and monitors their behavior to detect divergences. The benefit of this approach is that it requires an attacker to simultaneously compromise all system variants with the same input. By constructing variants with disjoint exploitation sets, we can make it impossible to carry out large classes of important attacks. In contrast to previous approaches that use automated diversity for security, our approach does not rely on keeping any secrets. In this paper, we introduce the N-variant systems framework, present a model for analyzing security properties of N-variant systems, define variations that can be used to detect attacks that involve referencing absolute memory addresses and executing injected code, and describe and present performance results from a prototype implementation”

{Nick: Clive Robinson you might like reading this one considering your interest in voter-based schemes.}

Bryan January 12, 2014 10:43 PM

@Simon

Yes, I’m familiar with AMS. I grew up with astronomy and have reported all the fireballs and bolides I’ve seen over the years to them. Astronomy and Aurora watching have been previous hobbies of mine. With greater numbers of people with smart phones, they are actually reporting the events they see. If there was a real increase, then we’d be hearing about it from the scientific community, and we aren’t. Also the sky watching cameras and radio reflection detectors are not seeing an increase in average numbers.

From AMS’s own web site:
“”While the AMS fireball log has many uses and benefits, based on the AMS reports alone it is not possible to make conclusions about an increase or decrease in fireball/bolide events from year to year. However, the data shows that reports submitted to the society have been increasing and a significant increase in large events was specifically noticed in 2012. This warrants further study. A pairing of DOD bolide data with AMS event data would prove useful to the scientific research of meteors striking Earth. In addition, the AMS reports identify the date, time, location and relative size of significant fireball events. This information could be useful in pinpointing events inside the DOD’s data sets. The AMS makes all report data available through our website and encourages the use of our data.””

Clive Robinson January 13, 2014 1:02 AM

@ Simon,

There several reasonable reason for the increase in numbers on the AMS site, here are a couple,

The increase in fireballs maybe genuine and due to more larger objects hitting earth. There are many reasons why this might happen, it’s estimated that some 15,000 tons of space bourn debries hits the earth each year the size of which range from tiny grains of dust to objects several meters in diameter most burn up without reaching the earths surface. You would expect fluctuations in physical sizes in any large population of random objects. However the amount of luminence and time each object produces are very nonlinear with size, so a normal variation could produce a significant increase in the numbers of objects that are sufficiently visable to pass comment.

However the increase in sightings could be due to other factors. Firstly the US population is increasing thus there are more pairs of eyes to see events. Secondly due to increasing efficiency of lighting the amount of light polution in more populated urban areas is droping. These two facts would provide a gental upward trend in reporting irrespective of other factors. However you need to also think about social trends as well which have knock on effects. The number of people carrying visual recording devices such as camera phones has increased at a rate that few would have dared predict even five years ago, thus the oportunity of “having something to show” has rissen very dramaticaly. An object lesson in this are the Russian “dashboard cameras” so many of which accidently recorded a fireball, these were shown by many many news broadcasters around the world. Thus fireballs are now seen as newsworthy items. Thus not only is evidence by visable record vastly increased so is the likelyhood of these records being reported.

But do not under estimate peer preasure, I’ve seen many shooting stars in my life and when in company I’ve said things like “did you see it?” to which the answer is usually no. Whilst fireballs are much longer in duration the same effect does apply. Now some people are looking for any excuse to say something like “your seeing things” or “your making it up” and thus imply the observer is deluded in some way. This sort of social preasure would stop many people from even saying something let alone report it, however with a picture of a fireball the less observant cannot claim “your seeing things” etc. And importantly an inverse effect happens –sometimes called the “me-too” effect– and other people will say they saw something (even if they didn’t) thus it becomes a topic of conversation and is much more likely to be picked up by news services making a media event.

Now how you would remove these biases from the sighting reports requires the use of resources to gain an independent base line, which requires funding and thus the lower the cost of implementing an automatic system the more likely it is to occur. But untill it’s done sighting reports will remain a very unreliable way of indicating the trend of events.

Clive Robinson January 13, 2014 1:59 AM

@ Nick P,

That’s a posting length to rival any I’ve ever made 🙂

Thus I’ll pass the crown over to a more worthy contestant 😉

More seriously thanks for the list it’s going to take a while to work through.

I do not do published paper reviews for personal use these days due to the effects of “publish or die” and fake conferances etc set up to pander to the stupidity of some academic organisations telling students “You have to publish two papers at international conferances to graduate” (I posted about this occring in India on a squid page a couple of weeks ago). Likewise “readers” and others finding quite deliberatly papers students have not put in their review list that are at best tangental but have the advantage of making the chosen student victim look negligent in dowing a “bredth review” (yes this sort of petty vindictive activity occurs quite regularly).

Basicaly the signal to noise ratio is so low due to the dross it’s a near full time job reading papers. Worse many that should at best be a half page letter have been stretched to ten or more page papers, and work which might have made one decent paper is now spread over several papers.

So when I say thanks for doing the leg work you know I realy apreciate it.

Now for something in return 😉 when doing my usal scan around I came across a refrence to a blog, which has some quite intersting pages on it,

http://www.yosefk.com/blog/hardware-macroarchitecture-vs-mircoarchitecture.html

Jim January 13, 2014 4:02 AM

Quietnet:

Quietnet: near-ultrasonic messaging service sends chat by chirps

“Simple chat program using near ultrasonic frequencies. Works without Wifi or Bluetooth and won’t show up in a pcap.

Note: If you can clearly hear the send script working then your speakers may not be high quality enough to produce sounds in the near ultrasonic range.
Usage

run python send.py in one terminal window and python listen.py in another. Text you input into the send.py window should appear (after a delay) in the listen.py window.

Warning: May annoy some animals and humans.”[1]

https://github.com/Katee/quietnet
[1] https://kate.io/
via: http://boingboing.net/2014/01/11/quietnet-near-ultrasonic-mess.html

Mike the goat January 13, 2014 4:49 AM

Figureitout: (been away for a few days on travel so a bit behind), re your reply to a comment stating that encryption could be turned off…. I share your anger at these so called Internet standards that expose a potential user to what is essentially a downgrade attack. IPSEC for example famously has support for “null” encryption – which results in encapsulated packets being moved around with no actual encryption taking place. Why on earth the designers of the protocol would allow such an option is beyond me.

Mike the goat January 13, 2014 4:53 AM

Jim: yeah since the badBIOS “scare” came on the scene several people have made PoCs to show that ultrasonic networking is indeed possible. Perhaps ultrasonic isn’t quite accurate as we are talking about frequencies just at the cusp of human hearing. Teens and younger people are more likely to detect sound in the 18-20khz range used by the original PoC that was posted about a month ago (I linked it on here when it came out), I imagine this one is similar in its implementation. Nonetheless very interesting. You’d only need a low speed side channel to cause a whole lot of trouble (key leakage etc)

Nick P January 13, 2014 11:57 AM

@ Clive Robinson

Thanks for the link. I’ll check it out.

Re papers

Yeah, I agree. It’s probably the reason I’m about the only person doing it. The thing I’ve found easiest with a list the size of mine is to just look at abstracts, jot down which sound most interesting, and then look at them first. Even if you only looked at five after sorting by abstract I’m sure you’d pull out the best work of the bunch.

moz January 13, 2014 3:54 PM

What a lovely conversation with so few astro-turfers; mus have been the weekend I guess?

@Figureitout

What’s the point of calling it a 64-bit key w/ 10 zeros at the end?

With a trivial change you can later improve your security (against brute force attacks) by up to 2^10 times taking you from below DES levels (DES was the standard at the time) up to quite a bit stronger.

Please note that the designers of GSM were very careful and clever in a number of places. In the end (in a different way) the cryptographic infrastructure of GSM was entirely replaced in UMTS whilst maintaining full backwards compatibility. This makes the “mistakes” they made and continue to make look even more interesting.

@Mike the goat

Why on earth the designers of the protocol would allow such an option is beyond me.

It’s for what Clive earlier called “testing”. I seem to remember this was quite controversial at the time. It would be interesting to have a review of who supported what.

…Lars has ignored the substantive claim and is ignoring the fact that even a simple secretary has…

Looked at from the outside, from a person who never heard of Lars before the discussion, his response looks like a master of the art of dissemble. Note, though, that he mentions that he received a number of private mails. I bet quite a few of them were very clever, and I bet that they spotted the holes in the arguments against Kevin Igoe. It’s quite likely that he’s just echoing the private mails.

The problem with Kevin is not that he has a “conflict of interest”. We have no way to know that and any attempts to divine that from his own actions or inaction will only be used to undermine other, honest, chairs later.

The real problem is that, if he did have a conflict of interest, Kevin would never have to admit it. If you or I deliberately hide information about insecurities in a standard, and we get found out then we may be liable for damages or, if done fraudulently, even prosecution. Kevin could be doing that “for reasons of national security”. In this case he would be protected by sovereign immunity.

The second problem is that the organisation that Kevin works in (though probably not Kevin himself) has access to a bunch of information the rest of us do not have. Kevin’s coworker could very easily see, in their monitoring, someone at IBM working on a new strong proposal for Kevin’s workgroup and someone at NIST proposing a protocol with a flaw known only to the NSA. Suggest to Kevin that the IBM person would be the right one to review a new authentication mechanism and you delay the IBM proposal enough to get the NIST one in. Kevin doesn’t even need to know he’s being used, just do a good job in a bad environment.

Probably both Lars and Kevin need to go. The credibility of their standard is severely damaged by their inability to see the problem.

Tony H. January 13, 2014 8:15 PM

@Clive
MI5 had it’s own “Special Relationship” through the “Post Master General” with the General Post Office (GPO) that much later became British Telecom and later just BT. For various reasons the GPO became the world leaders in “Digital Telephony” and it’s System-X was the forerunner and major technical input to ISDN and SS7 which underpined amongst other things GSM.

Every country and company has its own, often overblown, idea of its importance in the history of whatever it does. So while the Brits think they invented and put into production “Digital Telephony” with System X, so do the Americans with their long line of AT&T/Western Electric/Bell Labs switches (4ESS etc.), and the Canadians with the Nortel DMS100/300 etc. And who knows how many also-rans — Alcatel (France), Siemens (Germany), the Japanese, Dutch, etc. may honestly believe they were first.

If you look at the actual out-of-the-lab, not-captive, in-service dates for digital switching, Nortel is the clear winner with the DMS10 and DMS100. As for SS7, it is largely indistinguishable from SS6, which in turn is pretty much AT&T’s CCIS from the 1970s.

Not to say, of course, that these don’t all contain nice features for the intelligence services, but the Brits have no particular claim to fame here.

Nate January 13, 2014 9:07 PM

One huge, obvious exploit possibility I haven’t seen anyone mention so far, but which jumps to mind when RSA Security is mentioned. They’re now owned by EMC who also own…. VMware.

How many corporates run VMware? And the hypervisor has access to everything at the kernel level down on every server it runs. And how many sysadmins are capable of auditing a proprietary hypervisor for undocumented features? Especially one that’s already sending a whole lot of network packets and basically only does remote access and control as its day job?

If I were the NSA, I’d have already, a couple of years back, had a quiet word with the EMC people, who already seem on quite good terms. I’d ask for a very simple thing: a little backdoor built into all shipping versions of VMware, to allow remote access at will into the filesystem, memory and process tree of entire clouds of virtual servers. I’d ask for it to be built in such a way that no exploit code ever appears on the virtual machines themselves. Why would it? The hypervisor already has the rights to do anything.

Then I’d sit back, and completely at my time and leisure, I’d be able to browse through every single virtual server on most of the corporate networks on the planet, and bring them up on my big Star Trek wallscreen in my Captain Picard chair, with no messy exploits or persistence tools required.

Maybe I’d also have similar chats with Microsoft about VirtualPC, and Amazon about EC3. But VMware would be the main one to get access to corporate data.

That’s what I would do if I were the NSA. It would be an extremely obvious, simple, lowest-hanging-fruit enabling mass surveillance at scale of high-value corporate data which we’ve already established they have a huge “economic” interest in. The only one who might get burned would be EMC, but who’s going to find out?

Am I being paranoid to consider this as a possibility?

Nick P January 14, 2014 12:05 AM

@ Nate

Good thinking. The NSA and VMware partnership was actually well known as I posted their HAP efforts here years ago. You can even buy it from General Dynamics. I recommended it for people looking for an affordable, strong COTS solution who were more worried about non-NSA attackers.

That the injected NSA HAP tech might have a backdoor should be assumed.

Figureitout January 14, 2014 12:43 AM

Clive Robinson
Other “gov work” I did was during the hight of the “cold war” and European terrorism was very real and an ever present threat to life and limb.
–You see…I see these same arguments used today…I take it intel agents of the past weren’t like the ones today creating problems to “solve” and I guess I have to trust your opinion as I was neither alive nor cognizant. I don’t really agree w/ “royalty” having secure phone lines though when everyone else has to use a system like GSM.

I don’t know. All this bull, sure wouldn’t mind moving to my dad’s place and get a tractor/work on my computer. I would definitely fix up the place security wise, secure a power supply. Just like “playing the game” w/ agents, seems like it’s not really worth my time to think about it and I’ll end up w/ nothing productive/constructive w/ all this negative energy. Even on the farm though you’re not safe from society, my dad told me he used to have trout in the creeks around his house until the massive chicken coop upstream “had a little oopsie” and spewed ungodly amounts of chicken sh*t into the stream and killed all the life for a while. Since then no big fish, and just having been there, someone managed to really chuck a piece of garbage unreasonably far on the land and I know my grandma’s caretaker threw some trash on the land.

As for the joke, funny just had to look up a mobius strip. Freaky shape. I had a joke but it’s a little to mortal…wasn’t very good anyway.

Nick P
–Have you tested or tried to implement any of these new ideas? Some of them I’m having a hard time seeing. Also, just a thought, couldn’t memory encryption disastrously be used against you if you lose control of it? Sometimes I wonder if pure plaintext code as low as we can get is better; for small devices heavily isolated that is.

Mike the goat
Why on earth the designers of the protocol would allow such an option is beyond me.
–Blackmail and the gun barrel to the temple. You’ve seen it; I’ve seen their total disregard for rule of law. Seriously though, these standards people need to grow up and realize the responsibility they have.

woz
–The main thing I have a big problem w/ is the bypassing of encryption. This is how attacks work in the real world; when I see ciphertext cryptanalysis doesn’t even cross my head, screw that. The fact that it’s SO easy to bypass is unacceptable of a standards body and thanks for telling us 30 years later…

Figureitout January 14, 2014 12:50 AM

Nick P
–Admittedly I have a hard time seeing them b/c I’ve only read the abstracts and not all the papers; got them on a flash. And it’s like a decent sized book of papers so probably will be a while. Anyway, just wondering about actual implementations of these ideas.

Charlie January 14, 2014 3:02 AM

Have you seen <a href=”http://www.youtube.com/watch?v=ioQmbEoYL0M>this video? It demonstrates a particularly delightful arbitrary code execution technique in a Mario game.

This game has a bug that causes the program to jump to a known location in working memory. Normally, it’s just a crash, but if you have Mario do a sufficiently long, complicated dance, you can control the contents of that working memory.

They have a piece of custom hardware that connects to the (serial) controller ports and mimics a controller. It performs a Mario dance that keys in and executes a bootloader. That bootloader then uses the same port to handshake with the attack hardware and download a new executable to run.

Exploits in 18-year-old game consoles are probably a limited market, but it’s a great attack.

<a href=”http://www.youtube.com/watch?v=ioQmbEoYL0M>http://www.youtube.com/watch?v=ioQmbEoYL0M

Clive Robinson January 14, 2014 4:44 AM

@ Figureitout,

As I said most of the Gov stuff I did was then only defensive amongst other things jaming devices for bomb disposal robots and for squads on patrol in areas where IEDs from the likes of the IRA were killing not just soldiers but civilians as well. I was also involved with protection of long haul HF comms in the days when Gov Sats were not realy in use very much (they had probs have a look at why HMS Shefield did not detect the inbound French exocet missile).

Since then electronics has moved on a pace and SatComms is by far the prefered method and the equipment is now not much bigger than a smart phone where as back then you were looking at a squad of people and a landrover to shift a basic SatComm secure voice link.

The problem with this miniturisation is it’s now fairly easily possible to weaponise what previously could only be used deffensivly, and now make it offensive.

Case in point is GPS guidence systems for standard artillery shells. Originaly GPS was not seen as part of an offensive weapon but for navigation and back then even though agnostic to it’s use it was not used much to guide weapons or their platforms inertial navigation was the prefered systems for that.

bind_to_localhost January 14, 2014 5:29 AM

@Nate: “I’d ask for a very simple thing: a little backdoor built into all shipping versions of VMware”

It is very difficult to opt out from remote access in vmware-server. Now I think this was the little backdoor you are talking about.

The free vmware-server-2.0.1.156745 was binding address 0.0.0.0 for ports 902, 8222, 8333, 8308, 8307, 8009 and 8005. This address 0.0.0.0, which means remote access, could not be easily configured. https://bugs.gentoo.org/show_bug.cgi?id=291011#c4 stated back in 2009 about how to get vmware-server to bind to localhost instead, using dev-python/python-ptrace-0.6 and /opt/vmware/server/lib/webAccess/tomcat/apache-tomcat-6.0.16/conf/server.xml.

Hallie G. January 14, 2014 5:43 AM

These Guys Are Creating a Brain Scanner You Can Print Out at Home

http://www.openbci.com/
https://github.com/OpenBCI

“Bootstrapped with a little funding help from DARPA — the research arm of the Department of Defense — the device is known as OpenBCI. It includes sensors and a mini-computer that plugs into sensors on a black skull-grabbing piece of plastic called the “Spider Claw 3000,” which you print out on a 3-D printer. Put it all together, and it operates as a low-cost electroencephalography (EEG) brainwave scanner that connects to your PC.”

HP January 14, 2014 7:39 AM

@Figureitout: “It takes like 15 minutes to encrypt a 32-char HEX msg in an AES program”

You should try the HP 48GX (or 48SX or 48G or 48S), it will be faster, and fully documented.

Bryan January 14, 2014 9:20 AM

“”(they had probs have a look at why HMS Shefield did not detect the inbound French exocet missile)””

I seam to remember the reason was Exocets are French so they were classed as friend, and the system ignored it. Oops!!!

Nick P January 14, 2014 9:54 AM

@ figureitout

“Also, just a thought, couldn’t memory encryption disastrously be used against you if you lose control of it? Sometimes I wonder if pure plaintext code as low as we can get is better; for small devices heavily isolated that is.”

If it’s unrecoverable for us, it’s unrecoverable for them. That’s same as solid disk encryption. I know this because recovery companies couldn’t get my several years of work back when my main HD and backup failed within a month of each other. Remember, though, that data can be extracted from the system to other media in a secure backup process. The resulting data can be stored in whatever way you want, even unencrypted. Different tradeoffs for different people.

“Admittedly I have a hard time seeing them b/c I’ve only read the abstracts and not all the papers; got them on a flash. And it’s like a decent sized book of papers so probably will be a while. Anyway, just wondering about actual implementations of these ideas.”

I’m not promoting any of these as the next best thing. Of all the papers I saw in security sections of ACM and IEEE, I thought these might interest Schneier readers more than most. And some might lead to a useful piece of software. Far as implementation, quite a few have been implemented by authors and some are online for download. Papers also often have enough detail that someone can reimplement from scratch.

My last big paper release has the best techniques. These are a supplement release that might add something useful to them. MinimaLT is particularly exciting seeing who it comes from. The one implementing SFI is also interesting as that’s one of leading techniques in defense. And several seamlessly introduce randomization. No secret that I like presenting attackers with a scrambled picture of things. A few were kind of radical (eg PHANTOM) so they’re mainly there for a thought-provoking read.

name.withheld.for.obvious.reasons January 14, 2014 5:23 PM

@ Bruce Schneier

Bruce, wanted to suggest that EFF take a new tact in the Jewel vs NSA case. Using the refusal of the supreme court to recognize standing, sayng that EFF could not establish or prove that they were under surveillance. Using the verizon evidence to establish the case for a “general surveillance” had occurred and the fact that the court could not demonstrate any priori/knowledge regarding the programs resulted in injury to EFF and its case.

Figureitout January 14, 2014 9:27 PM

Clive Robinson
–Ok, yeah miniaturization is a problem for me (Intel’s Edison being a primary example) b/c interfacing is hell (I really hate when wires twist and hang by a tiny single wire, makes me cringe).

HP
–Hey thanks, checked out the wiki for the HP-48 series.

    The HP-48 series of calculators support a stack-based programming language named Reverse Polish Lisp (RPL), a combination of Reverse Polish Notation (RPN) and Lisp. RPL adds the concepts of lists and functions to stack-based programming, allowing the programmer to pass unevaluated code as arguments to functions, or return unevaluated code from a function by leaving it on the stack. In spite of the name, RPL resembles Forth more closely than Lisp.

I want to get a Forth system running eventually so pretty neat. One little nitpick was an Infrared comms port (I want no remote control)…even though that would be kind of fun to play with (I actually just found an old infrared peripheral for an old computer, going to play w/ it see what it can do).

Nick P
–Man that would suck…That’s really mean. Speaking of which I’ve got a few harddrives ruined by viruses and I wanted to read the data off them; looks a little harder than I initially thought. Another fun side project but it’s way off on the backburner for now.

No secret that I like presenting attackers with a scrambled picture of things.
–Yeah no kidding, I know. 🙂 Kidding of course.

Figureitout January 15, 2014 11:50 AM

HP
–Merci encore mais je ne peu pas parle français bien. Oui et pour TI, BASIC est lentement aussi…Interessant peut-être binaire et la français. 🙂 Avez-vous ecrivé une programme?

HP January 16, 2014 3:02 AM

@Figureitout: “Interessant peut-être binaire et la français.”

Sorry, I am unable to parse that. Please ask questions in english.

I only wrote one binary program, without assembler, following the pages before p265 of that book.
It counted from 0 to 65535, with the counter at the beginning of the video memory. The least significant bits were gra, other could be read. I think it only took one second to execute.
I also wrote many RPL programs. No backup; the 48GX is now stored at a friend’s flat.

Figureitout January 16, 2014 5:17 PM

HP
–Oh just a little poorly worded joke about learning binary language and french. Nice, I’ve just done some little math programs; learning z80 asm. Just visited hpcalc.org…there’s a lot of cool programs! Man now I’m getting interested…Stop it lol 🙂

Figureitout January 17, 2014 12:23 AM

Cryptocurrency Update
So hilarious…Previously I posted about “norris coin” and “coinye” alt coins. Well turns out norris coin is down (cue the norris jokes):

http://arstechnica.com/tech-policy/2014/01/chuck-norris-can-shut-down-your-wannabe-bitcoin-with-just-his-fingers/

and coinye is sputtering too. Here’s a screenshot of the homepage b/c it may go down tomorrow and the latest (they got a new coin logo):

http://snag.gy/ezWCA.jpg
http://arstechnica.com/tech-policy/2014/01/coinye-is-dead-long-live-coinye-kanye-west-lawsuit-prompts-disarray/

Ok, so if that is not hilarious enough; some assclowns out there made another coin….”koindashian”. Too much lol.

http://koindashian.com/

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.