Friday Squid Blogging: Fossil Squid

Rare fossilized cephalopods.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on May 16, 2014 at 4:07 PM • 154 Comments

Comments

RyanMay 16, 2014 4:42 PM

Probably a lousy hash idea, but the Tiger hash has a large memory footprint from it's S-boxes.

If one used a hash algorithm to dynamically generate S-boxes to obfuscate a hash output, and then concatenated the previous output with the input and hashed it using the original hash, would this level the disadvantage of defenders versus attackers?

I'm talking about password hashing.

Although getting users to randomly generate 128-bit passwords would also work.

BenniMay 16, 2014 5:15 PM

Apparently, the german secret service BND needs some justification for its tapping of international fibers.

As in case of the NSA, preventing some imaginary threat suits the BND to justify his access to tapped fibers of "partnered services" and its own fiber tapping.

The BND now plans to spend 300 milion euro http://goo.gl/d5AJtn to create a program that should "actively prevent" industrial espionage.

By analyzing the data flowing in fibers on foreign ground, the BND figured, one could capture and delete a malware that is targeting some german company, before it arrives at the target.

The problem is just, that this program will only work if you can search through every data packet that enters germany within lightning speed.

The fact that BND only needs 300 millions to make something like this work suggests that BND has already in place most of the hard and sorftware that is necessary for this.

So one has to assume, that if a user contacts a foreign server, there is someone at BND seeing this traffic, or that there is someone at NSA seeing this traffic and shares all this with germany.

In the former case, it would mean that we have some kind of mini nsa at germany, and in the latter case, the planned "active protection" system would be useless against malware from nsa, since they certainly would not warn german services when they deploy their bugs on german targets.


But what is more dangerous here is the line of argumentation.

With this, the BND will certainly intercept some malwares directed at german companies. He then can go to press and ralley much industrial support, with the following argument:

Bulk surveillance is needed, because only if we sniff and analyze each datapacket sent from and to germany, we are able to delete malwares directed at german companies.

So if we would end our bulk collection, our important companies would be unprotected and helpless regarding these dangerous foreign agents from china and russia....


Any real intrusive surveillance state, like the former DDR, would plant enough moles at the nsa that it gets an idea what they are up to.

This Stasi officer claims at heise.de http://goo.gl/8CHO8J that in the year 1982, a low ranked german signals intelligence officer gave him a "wishlist" of the NSA. That list contained 30.000 "items", listing 50 pages with names of surveillance targets in France, and 30 pages of names from targets in Germany.

The fact that Stasi got the NSA wishlist from a low ranking german signals intelligence officer means that the german secret service knew what the nsa was up to from early on. The Stasi officer claims that the surprise of the german government is just simulated and he undermines this claim by stating that the inner ministry of germany ordered all NSA related content of the Stasi archives to be removed and shipped to the United States

According to William Binney, not only the five eyes countries US, UK, Australia, Canada, and New Zealand take part in tapping undersea fibers and sharing that data, but at least 8 unnamed countries, too:

http://goo.gl/iqqPTG

According to the Book "The NSA Complex" http://goo.gl/80OJMG from Spiegel journalists, the german secret service BND has tapped Russian undersea cables since the 70's. When GCHQ was at 10GBit/s, the BND tapping was at 100GBit/s, and today the BND would help the nsa to get access by tapping fibers in crysis regions.

If the BND has full access to the NSA's upstream collection on the fibers, it could explain why the german government so reluctantly refuses to let Edward Snowden into their country http://goo.gl/DZMT0Z, and why the investigation of the prosecutor general on the nsa suddenly seems to have been shelved, http://goo.gl/xDijEq

Someone at BND could fear that if Snowden touches german ground, the NSA will cut BND access to the upstream collection. That BND has access to tapped undersea fibers is also suggested by the fact that the BND uses xkeyscore, which was built by nsa to enable the analysis of data coming from tapped fibers http://goo.gl/AXyeZy

Interestingly, NSA spies praised the BND applications Veras and Mira4 http://goo.gl/HTJ6gt and wanted a copy of them, because these applications would outperform US sigint capabilities in several aspects.

Nick PMay 16, 2014 7:18 PM

@ TKS

Yes and I thought it was a good idea. The best way to handle such a project is to merge proven (or new) crypto IP with existing cores. I'd see about starting with one of the new clean slate processors to leverage their security benefits, as well. So long as there's a CPU, local memory, TRNG, reliable clock, and crypto primitives one can do about any crypto application using those primitives. Others are still available via CPU. I'd add it also should be able to do things like SSL, disk encryption, and password authentication FAST. Alternatively, it should be clusterable and cheap so a cluster of them can be constructed with right performance/cost tradeoff.

The project sounds like most coprocessors. The smartest thing I saw at first glace was the .is domain name. A nice place to host the project site. :)

EDIT TO ADD:

The funniest thing just happened. I was looking at my own recommendation and thinking that Gutmann's cryptlib might make an ideal port as it uses a security kernel design. Then, while I'm refreshing my memory on crypto coprocessor work I find an open-source cryptoprocessor design (2000) using COTS components from none other than Peter Gutmann... with cryptlib and plenty more goodies. So, he gets credit for doing it first and the next group might want to read that paper for ideas in their project.

Bonus find:

ChipWhisperer - An open-source platform for hardware embedded security research (2014)
http://eprint.iacr.org/2014/204.pdf

"Abstract: This paper introduces a complete side channel analysis tool-box, inclusive of the analog capture hardware, target device, capture software, and analysis software. The highly modular design allows use of the hardware and software with a variety of existing systems. The hardware uses a synchronous capture method which greatly reduces the required sample rate, while also reducing the data storage requirements and improving synchronization of traces. The synchronous nature of the hardware lends itself to fault injection, and a module to generate glitches of programmable width is also provided. The entire design (hardware and software) is open-source, and maintained in a publicly available repository. Several long example capture traces are provided for researchers looking to evaluate standard cryptographic implementations."

AnuraMay 16, 2014 7:42 PM

@TKS

It is a good idea. The only question is who makes the hardware, and do you trust them? The question we need to ask is how to verify that it is correct.

For their RNG they use a cipher in CTR mode. I know this is popular and secure if the input is not known, but there is a problem with it, and that is that if the state is recovered then past outputs can be recovered as well. Reseeding prevents this, but only up to a point. Maybe because it's on hardware, it's not possible, but since it is possible to design an algorithm that eliminates that problem, I would say it should be done. Future outputs will always be recoverable if you know the state, unless you add sufficient entropy for every output (which is unlikely).

Personally, I would use a chained one-way hash function. Say I chose SHA-512 for the PRNG; the state contains three variables C, S, and i. i is a counter that increments every call, mod 2^64. S is a 512-bit seed, and C is the chaining value, which is 256 bits. Every call to the PRNG you call SHA-512(i || C || S). You take 256 bits of the hash value and that is the output, and you take the remaining 256 bits as your new value for C. Because C is changed every time, and it cannot be inferred from the output, and because SHA-512 is one-way (both properties would be false only if SHA-512 is flawed), you cannot recover past outputs from the state. You don't technically have to split the hash in half and could output the same value that you chain, but if you do that then if the seed is recovered and you know a past output, then you can determine all subsequent outputs up to the next time it is reseeded.

When you want to add entropy, you hash the input, and XOR it to S so that predictable entropy cannot put the hash into a predictable state, provided it was at one point in a good state. i is simply to provide a guarantee that the hash input won't repeat (which is extremely unlikely to begin with) and is large enough so that you can't reasonably expect repetition (input repeats no more than once for every 512 exabytes of output, which by then you should have added more entropy). Another thing I like about this is that it relies on only a single cryptographic function, instead of a hash and a cipher. You could also use a sponge function, but SHA-512 has been around a lot longer than, say, Keccak.

anonymouMay 16, 2014 7:56 PM

Jonathan Wilson, that's just the final publication. A preprint was released in June.

Directly affect algorithms are deployed, but rarely.

Shachar ShemeshMay 16, 2014 11:25 PM

Any comments on this?

In particular, should we stop relying on Diffie Hellman for forward reference security? And if so, what alternatives do we have?

We can, I suppose, rely on temporary RSA keys generated on the spot, but I'm not sure what to think of such a protocol.

Shachar

Jon ChiMay 16, 2014 11:46 PM

Could someone explain what this new discrete log break means, how can they only solve one aspect of the problem? Can they get like one third of a key or something??

"Researchers ... have solved one aspect of the discrete logarithm problem. This is considered to be one of the 'holy grails' of algorithmic number theory, on which the security of many cryptographic systems used today is based."

anonymouMay 17, 2014 12:27 AM

Shachar Shemesh, history teaches us that Diffie-Hellman for primes (what people actually use) is pretty much the same as RSA. So, no, we should not switch to RSA. But some people say we should switch to ECC.

Coyne TibbetsMay 17, 2014 2:07 AM

"Is Antivirus Dead?" was an interesting article.

Now, maybe someone should do an article titled, "Are Search Engines Dead?" Given all the various assaults on search engine content (e.g., "Please delete my pedophile conviction.") and the burial of useful nuggets information in a sea of commercial and garbage links, more and more search engines are becoming useless for finding information relevant to our desired subject.

Where do we go from here for searching?

ismarMay 17, 2014 2:48 AM

Using software diversity to fend off attacks

http://phys.org/news/2014-05-nature-cyber-techniques.html

"The magic of creating the different versions happens inside of the app store from which users download the software. When software is downloaded from our version of the app store, different users automatically get different, but functionally identical, versions."

Huge potential for making targeted attacks as well ?

hermanMay 17, 2014 4:13 AM

Coyne Tibbets: Search engines never die, they just fade away. Google will eventually fade as well and a new search engine will arise from the ashes.

Clive RobinsonMay 17, 2014 5:30 AM

@ tornip,

The article on RT you point to appears to suffer from the issue of the journalist not quite understanding what the person being interviewed is saying.

However, not that the MS person is not saying anything that was already known publicaly prior to the Ed Snowden revelations, which have been discussed on this blog before...

It is known that TOR is not fully secure or safe, and also known that it can not be currently due to some design issues. But what it does do is make life both very difficult and very costly for those who wish to attack it directly.

So the authorities look for other ways around which are less difficult or costly which is what the MS guy is talking about.

Take the silk road selling of prohibited items, whilst TOR might protect the electronic communications between the customer and supplier to a limited extent, it does not protect the movment of the payment or the goods, or the data stored on the computers of the supplier or customer, or protect the computers from being used against their owners by malware etc. Thus the authorities will attack these other options where they can to their advantage.

However when it comes to attacking TOR directly TOR users have issues that leave them particularly vulnerable. One such issue is that they want to use "interactive services without delay", because neither the users computer or the services computer are in the TOR network then the user traffic entering TOR can be corrolated with the traffic leaving TOR to enter the services computer, likwise with the traffic returned from the service through TOR to the user.

This is a standard "traffic analysis" problem and to be solved either the user has to give up interactive connectivity to services or both the service and users computers have to ba fully integrated into TOR.

The latter is not likely to be alowed by ISPs because of the channel bandwidth stuffing issues conflicting big time with the ISPs service model.

It's these edge issues that some other groups are trying to solve however the other channel issues involving tangible physical objects will remain regardless, thus some activities will always be dangerous to your security.

Clive RobinsonMay 17, 2014 6:13 AM

@ismar,

Unfortunatly there is nothing in the article to say much about what the team is doing.

That said back in the mid 1980's I had a software protection system that did what the article appears to describe that we used in electronic locks.

Basicaly what we did was write code in small memory position independent blocks which got blown into ROM in an order dependent on the locks serial number which also got stored in the ROM. The main loop of the program needed a lookup table in battery backed up RAM to access the code blocks. The lock hardware was designed in such a way that trying to get it out/off a door would disconnect the battery and the lookup table would be lost. When a lock was installed you had to plug in a device based on a small hand held computer into the Security Interface. This device would read the serial number from ROM and use it to build the lookup table that then got put into the RAM. A different device would be suppled with the lock that alowed user programing etc through the Security Interface. There were other similar code features in the lock to make the Security Interface work very differently from lock to lock so that trying to analyse the lock functioning or monitoring the security interface would only get you information on that one lock and not be transferable to other locks.

VemMay 17, 2014 7:16 AM

@ Benni

I fully agree. The german public is played for a sucker. Even believe BND is tapping wires inside germany already.

TornipMay 17, 2014 9:05 AM

@ Clive

Given the structural weaknesses of Tor where does that leave us with Tails?

Tornip

Clive RobinsonMay 17, 2014 10:27 AM

@Tornip,

Tails is basicaly a boot from CD linux OS with the TOR software running on it. Which means it inherits most of the issues I identified with TOR above.

The question thus should be does it give you any advantages over TOR on a convential PC system. The simple answer is yes but they are minimal.

For instance it uses a networking stack that only alows TOR traffic, this might be true but is the stack secure against external attack? even if it is, does it stop transitory spyware in the client software you are running sending your real IP address out in an encrypted form to a remote server run by a LEO or e-Crime organisation?

The simple answer is no because the issue of transitory spyware is more to do with the client software in use and the users behaviour.

Whilst TAILS ordanarily does not write to the hard drive etc, it can if the user tells it to... which means transitory spyware could in theory do it as the capability is in TAILS as standard.

Even if you run TAILS on a computer without a hard drive or other normal storage media, there is still the flash memory the BIOS is on and other mutable memory in IO devices such s network cards graphics cards and many other places you would not expect (remember Apple has battery packs with microcontrolers in them that have flash memory in them for logging information).

I'm not running TAILS down it's just that security is hard enough against "low hanging fruit" attacks by "fire and forget / drive by" malware from run of the mill cyber-crooks especialy if the user does not behave in a sensible way.

If you practice good OpSec and work in a way that makes traffic analysis and malware attack difficult then you have a chance against State Level Actors. Once however they have identified you as a person of interest and can get one step "upstream" of you --say in the router you use at the time-- then you had better hope they don't have zero days for the OS or Apps you use...

Thus I would consider TAILS and similar not as a security solution but just a nicety on top of good OpSec. And it's almost always poor OpSec that gets people nailed not the technology they use.

Nick PMay 17, 2014 10:46 AM

@ Tornip

If the goal is to slow them, then TAIL's is a decent option. The reason is that it's a good Tor solution & Tor really does cause NSA problems. One of their leaked slides dated in 2012 said as much. Yet, they seemed to be deanonymizing some percentage of users. And then there's a shitload of endpoint attacks as Clive pointed out.

So, given an adversary like NSA, my rule is to assume they can hack everything you connect to the Internet unless you have proof otherwise. From there, everything you do merely becomes an obstacle that slows them down or gives them less information to work with (eg metadata). One must remember that there's a ton of other attackers/snoops out there that many methods might slow down or stop. They should really be prime concern. TAIL's is quite helpful there. Just assume you have no privacy if you're in a Five Eye's country using a computing device of any kind with connectivity of any kind.

Only the Amish and other low-tech, rural folk are immune to NSA SIGINT. They produce no signals. You can copy that if being NSA-resistant means enough to you. ;)

AnuraMay 17, 2014 1:08 PM

@Nick P

Only the Amish and other low-tech, rural folk are immune to NSA SIGINT. They produce no signals. You can copy that if being NSA-resistant means enough to you. ;)

They might be immune to a lot of things that us internet fellows aren't, but they are still vulnerable to implants.

blahMay 17, 2014 1:45 PM

"How Snowden's Revelations Have Strengthened the NSA"
-----------------------------------------------------
http://www.garynorth.com/public/12446.cfm

When the IRS can [monitor every single financial transaction that we make, and operate outside the law], why should we worry about the NSA? When we have surrendered this much authority to the IRS, why should we care that the NSA monitors our e-mails? Compared to monitoring all of our financial transactions, the monitoring of our e-mails is nickel and dime stuff. Nobody cares.

Nick PMay 17, 2014 4:44 PM

@ Anura

"They might be immune to a lot of things that us internet fellows aren't, but they are still vulnerable to implants."

Yeah, tracking devices in horse carriages and such. ;)

@ Jacob

Haha probably. And people wearing certain things on this list.

Nick PMay 17, 2014 5:07 PM

re Protomail

Security page is here:
https://protonmail.ch/pages/security_details.php

Stuff looks good. Much of it matches my recommendations. I especially like that they picked a good country for data privacy and use its CA. The user experience, as described, is pretty simple. Some of it doesn't really add to security imho. That some people have different citizenships and they use full encryption in case of seizure come to mind. I saw PHP code in a picture, too. Yet, the good parts are especially good. If they aren't subverting anything, the next thing I'd worry about was endpoint attacks on client or server side. If they are subversive, they might backdoor the code they send among other options.

So, we need more time to know if they're trustworthy. Yet, the ways they're going about protection are better than most existing email services.

Burnt outMay 17, 2014 6:17 PM

With all the alarm of all the constant attacks on privacy, what is there to do? It seems like the only prescription we're given is "BE ALARMED! Now be even MORE ALARMED! DON'T STOP BEING ALARMED!"

It's exhausting. It's stressful. What is there to do about it?

JacobMay 17, 2014 6:21 PM

@ Nick P

Re Protomail:

I am sensitive to snake oil selling, and the minute I see some, I back off.

In their security detail page, they list, among other things, the "self destruct" property of the email while at the recipient inbox. There is no way to do that short of taking over the recipient's computer (and hoping that there is no backup).

Also, they really push the swiss infrastructure as a much more protected environment against state actors compared to the US, which is true, but they also list on some other pages that they operate also in MA, and as such they can get NSL just as any other US Corp.

wolfgangMay 17, 2014 6:22 PM

New algorithm shakes up cryptography ... any thoughts?
www.sciencedaily.com/releases/2014/05/140515163739.htm

Clive RobinsonMay 17, 2014 6:32 PM

OFF Topic :

There is a myth about how many documents Ed Snowden took, the estimates have been between 50 thousand and 1.7 million with mainly Anti-Snowden comentators reporting the higher figure as though it was fact (which it most definatly is not).

BoingBoing has a nice article on it and it's well worth taking a read even if you are not interested in Ed Snowden because it gives a good example of the press turning nonsense into fact,

http://boingboing.net/2014/05/16/the-lie-about-edward-snowden-t.html


Clive RobinsonMay 17, 2014 6:57 PM

OFF Topic :

NIST has anounced that it's independent Visiting Committee on Advanced Technology (VCAT), has begun it's review of NIST’s cryptographic material and development Process

http://www.nist.gov/director/vcat/vcat-051414.cfm

It lists the members only one of whom I've met and have a favourable view of.

WaelMay 17, 2014 7:09 PM

@Clive Robinson,

members only one of whom I've met and have a favourable view of
I have respect for two of them. One I met at a conference.

Nick PMay 17, 2014 7:42 PM

@ Clive Robinson

re 2FA attack

"As the victim is engaged in the call by the attacker, the 2FA phone calling service will send the 2FA code to the victims voicemail, immediately."

They send the 2FA code to voicemail!? What the f***! I'm glad I don't use any of those kinds of services. I thought there would be issues, but these companies continue to surprise me.

"NOTE: All vulnerable endpoints for Optus Voicemail have been fixed. Including the endpoint I used to bypass their initial fix."

The second sentence: lol.

@ Jacob

"In their security detail page, they list, among other things, the "self destruct" property of the email while at the recipient inbox. There is no way to do that short of taking over the recipient's computer (and hoping that there is no backup)."

It's becoming a common feature in many private communications services. First one I saw it in was Cryptophone. The consensus in the "Ephemeral Messing" thread Bruce did was that it's not really possible if recipient is malicious, including for reasons you stated. I mainly see this feature as useful to prevent inadvertent disclosures: policy or expectation dictates deleting the email, yet someone forgets or is too lazy. The SnapChat reference means they're probably doing it for marketing reasons. (shrugs and sighs)

"but they also list on some other pages that they operate also in MA, and as such they can get NSL just as any other US Corp"

Yes, the fact that MA, heck MIT, is involved does add risk in the usual areas. Matter of fact, MIT gets a lot of funding from US govt & companies tight with them. MIT itself might be pushed in some scenario to push their entrepreneurs in an unsafe direction. The Swiss firm might also cooperate with Swiss authorities under legal compulsion, who also sometimes cooperate with American authorities. Nonetheless, their offering and location seems a lot better than, say, mainstream US vendors.

It would be nice if a person could specify that only Swiss servers are used, register as a corporation in a country with strong privacy, and connect only via proxies from that country. The latter two are used to reduce odds that the Swiss government will comply with American requests regarding the email account. This kind of trick used to be common (maybe still is) with offshore schemes.

@ All

DEC Firefly Workstation
ftp://ftp.hpl.external.hp.com/pub/dec/SRC/research-reports/SRC-023.pdf

I just found this interesting machine. It was a multiprocessor workstation that they threw together pretty quickly. The real interesting point is that the OS was written in Modula-2+, a high-level, garbage-collected language. Take that naysayers of automated memory management. So, it might be practical and doable esp with an extra processor dedicated to it. I've also found plenty of nice concurrent & hybrid collector designs for such use-cases, including some that will be patent immune (mostly) in near future. And one works on binaries of C/C++ apps without source code or significant performance degradation. That might be useful in and of itself, esp combined with control flow integrity research.

StudentMay 17, 2014 7:54 PM

What is a good , comprehensive, OpSec guide for all of us who don't have the time to poor through all of the squid archives?

Coyne TibbetsMay 17, 2014 8:36 PM

@herman:

That's not what I meant. Yes, particular search engines have come and gone; Webcrawler, 37, Google, Bing.

But all have been based on a centralized searching model, where they sweep the web and create a database of links, with more or less clever software to prioritize links displayed for a search.

I think that model is tapped out, because there are too many attacks on the centralized database; too many controls being placed on what it can contain.

I think that model is dying: that no one can really make it work anymore, no matter how clever their software. Too many legal attacks.

ThothMay 17, 2014 8:39 PM

Only two respected crypto-people on: http://www.nist.gov/director/vcat/vcat-051414.cfm

- Bart Preneel for Trivivum and Ripemd
- Ron Rivest ... we know why he's famous :)

Some people who raise eyebrows:
- Vint Cerf, he is not a crypto-person so why is he vetting crypto standards ?
- Edward Felten, interesting background of computer forensics and defeating the SDMI challenge.
- Edward Felten, Unknown and from Microsoft ?
- Ellen Richey, Unknown ?
- Fran Schrotter, Unknown ?

Who they should have chosen as well:
- Whitfield Diffie
- Adi Shamir
- Niels Ferguson
- Eli Biham
- Ross Anderson
- Lars Knusden
- Vincent Rijmen
- Bruce Schneier (But he's always busy giving talks and workshops)

My list consists of famous and well-known cryptographers who have proven themselves consistently in their works to be able to filter out and review algorithms.

I wonder why NIST chose so many people who have no known background in cryptography to review cryptographic materials (other than those unknown people are from well-known institutions and probably the decision is based on POLITITCS) with the exception of 2 known cryptographers on the panel.

Are we still going to trust NIST standards for cryptography ?

Nick PMay 17, 2014 8:46 PM

@ Student

The grugq's OPSEC presentation is good fundamentals:
http://www.slideshare.net/grugq/opsec-for-hackers

The important thing to remember about OPSEC is that the principles are more important than the technologies. If the tech or fieldcraft can lead to principle violations, prevent that or don't use such options. Thinking in terms of OPSEC principles just helps plenty. For instance, this mindset immediately helps you see fallacy in the claim that "it's OSS so it's inherently more secure." Letting enemy know what you use is instant OPSEC violation and led to hacks via 0-days for many apps. So whether it's closed or OSS, certain OPSEC principles dictate that you deny them the info if possible. Misdirection is nice, too, if it's sustainable.

A former CIA director also made many nice points:
http://www.oss.net/dynamaster/file_archive/100102/0a947a77d762061cc87ec541c2d2dcc7/2010-01-02%20Dulles%20on%20Tradecraft%20via%20Srodes.pdf

Far as specific tech, there's plenty of guides on physical security, policies, network security, app security, using crypto, etc. Copying methods that are used successfully, esp by long-time (unconvicted) hackers, is always a decent approach. Many of them do stuff like Grugq recommends.

DOD's Industrial Security Manual with SAP provisions
http://www.ncms-isp.org/NISPOM_200602_with_ISLs.pdf

It's a DOD manual so it's very formal and not as fun to read as a book. Yet, they talk about a breadth of topics with info on how they deal with protecting classified information and projects.

The old cypherpunks books and mailing list archives have plenty of interesting stuff, too. I'd throw in fiction like Robert Ludlum if you want creative ideas for covert messaging, human proxies, etc.

Hope some of this helps.

Nick PMay 17, 2014 9:10 PM

@ Thoth

These seem reasonable choices to me when I look at how NIST would choose people. It would be a mix of skills and viewpoints. Here's specifics on each.

Vint Cert is referenced here and here. He claimed to work for NSA and build secure Internet protocols a long time ago. Didn't release stuff because it was classified. Seems to be an insider to me.

Edward Felten. If this is the same guy, then he has plenty of background in circumvention methods and dealing with legal matters.

Ellen Richey is from VISA. They're a major stakeholder in cryptostandards so it makes sense that one of theirs would be there.

Frances E. Schrotter is from ANSI and she's done... all sorts of stuff. I'll leave it to you to read.

Bart Preneel is a Belgian cryptographer at the institution that created AES. He's run many crypto standards projects.

Steve Lipner I've referenced here before. He worked with security legend Paul Karger on A1-class VAX Security Kernel. He went to Microsoft and invented their SDL, which greatly improved their security. He's also has plenty industry & management experience which helps on a standards committee.

My problem with this group, minus Preneel, is that they are all in a position to either be complicit in NSA activities or compelled to go along with a subtle backdoor. I agree that there are other choices that would've made for a much better team. If NIST is subverted by NSA, then the best criteria isn't the cryptographic skill as much as honesty, dedication, and resistance to covert influences. With these traits, a smart person can leverage other experts and their own research abilities to get to the bottom of the truth. However, even the smartest cryptographer in America can't be trusted if there's a conflict of interest or NSA has leverage on them.

Clive RobinsonMay 17, 2014 9:16 PM

Wael,

Uh oh, on re reading my comment did not come out the I ment it to...

Yes I've met one of them and I found them open to talking technicaly to someone they had little or no knowledge of. I've also read and used their research papers as well as those with whom thet have colaborated with.

Others on the commitee I've read their papers and other published work and have a favourable view of.

Others I've no real knowledge on so can not make comment.

It will be interesting to see the result of the commitee work atleast two of the members are proffessionaly quite capable of analysing the cryptoanalysis aspects of NISTs previous work.

However I don't know the remit/scope of their enquiry so it's difficult to guess what they will and won't look into.

As you know I have my critisisms of NIST both specificaly and generaly.

I personal still think the AES contest was rigged. It only looked at theoretical attacks on the algorithms, their speed and ease of implementation in software and hardware. It did not look at the security issues to do with implementation such as time based attacks even though NISTs prime advisor the NSA would have been well aware of them. Further atleast on respected researcher raised this at the time to no effect. Further both the NSA and NIST would know that the insecure "speed code" would be downloaded and used by just about everybody thus weakening AES befor the race had been run.

NIST also suffers from an "American view" to standards that is problematical. Due to past problems and difficulties the European view to standards is markadly different. The American view gives us a single algorithm which is AES which in effect is a tiny fraction of what is required and in effect hobbles industry with it. The European view would be for a framework of standards that describe a generalused system in which many protocols and algorithms would fit and they could be quickly and easily changed if required with alternatives in place.

The purpose of standards is to act as proactive enabalers to industry and promote confidence in consumers which is in general what European Standards do, the NIST standards fall a long way short of this taking a component rather than a system view and thus they tend to hobble rather than enable.

ThothMay 17, 2014 9:25 PM

Maybe I should refine my statements abit. Split the team into a policy review team and a technical review team. Staff the technical review team with actual cryptographers and staff the policy reviewers with stakeholders and policy makers. The technical review team does an honest review on all algorithms (I am doubtful just 2 cryptographers - Ron and Preneel - can handle the load. I feel they might be pushed by the rest of the team to quickly do their reviews or sway their decisions). For the policy maker team, they decide on the policies of the use of cryptography if there are any.

It is always best to split the tech team and the policy team so their views will not interfere with each other from performing their fullest.

WaelMay 17, 2014 10:30 PM

@Clive Robinson,

Uh oh, on re reading my comment did not come out the I ment it to...
I understood what you meant. I think all of them are well respected in their areas. I just happen to be familiar with some more than others, thanks for the clarifications, though. Don't want to come across as belittling any of them...

FigureitoutMay 18, 2014 12:33 AM

Aspie RE: disk crash
--I really hope it wasn't *a* or the same type of attack leveraged against one of my computers; nearly killed it completely and it's now highly suspect as I go digging around. Extremely killer attack; likely won't ever pin down the specific aspect that was attacked and how, don't want to plug the disk in anywhere and spread this cancer. My problem right now is vindictive agents (when I became aware, for a large chunk of their investigation I've been leading them around and observing how they operate, doesn't make them happy when I'm assuming a lot of their prior targets were oblivious to them) that live all around me and have broken in my home countless times (don't state them all b/c there's too many and to keep them off balance of "what I know"). Then getting software from the internet, my old router (guaranteed infected) I'm turning into a RF project, this new one wasn't set up by me, so it's been infected and my cable modem got owned after a day I was getting "null" channels on tv. I believe all the cable traffic straight out my home is routed to another house (control the cable boxes around the neighborhood). This makes my life difficult trying to set up some things, nonstop MITM potential is not a fun prospect to deal w/ from home.

RE: setting up a new contact
--I'll probably scrap that old email address, I'm going to be working soon (trying to leave this f*cking basement) so I can't afford the time to really come up w/ a better way of contact (I'm working on some radio ones). I need a physical exchange of a paper secret for secure authentication, not very easy to do stretching across the Atlantic, eh? Assuming you are who you say you are. :p So I'll come up w/ a new email eventually and post it. I *could* make an OTR account and exchange fingerprints, etc....but I'm telling you the encryption gets bypassed on my end so it's really not worth it. So basically I have to live w/ possibly MITM or deleting/altering messages received. I could also go buy a burner cell phone, post the number, and refresh some of the phone OPSEC I used to employ; but I don't trust the cells. Any of those sound fun to you or just post an email?

RE: the good stuff, computer update
--Wow, nice. You've really added a lot, I really can't wait to recreate your work; just want to build my computer first lol. I've made some good progress (I want it to be good so I'm developing very slowly and meticulously, and well...I've never built a computer before...), but I'm still in reading stage and *STILL* getting accustomed to ASM (I really don't enjoy programming it but I'm going to do it). Can't wait to show the world my work, it'll be an extension of another design, focused on TEMPEST and resistance to emanation attacks. Will have a double shielded briefcase w/ computer built-in; *MAYBE* an integrated radio for simple encrypted comms.

As always, I'm always doing something if it isn't school. I've just been practicing coding, working on setting up a dedicated digital radio station and coding computer, and then I dug out a bunch of electronics in storage (whoops, couldn't resist) and messed around w/ those. Old CD-ROMs still work, old Casio UHF/VHF tiny LED tv still received a local weather station, a few old harddrives I want to wipe and store some stuff, and a bunch of cables. I got an old Casio PDA to boot up which could be a secure message exchange/storage device; just need to build a charge circuit, get a new battery, maybe a CF card, and hack up or get a serial cable as I lost the holder (grr..). Doesn't help when my dad brings home old products from work for me to hack on (got some prototypes of 2.4GHz-capable capacitive touch switches). If I could develop in my home in peace and order components in peace, I'd be much further along in my computer; but nope I have to develop "on the fly" and add some obfuscation and other crap...this just adds an unnecessary cost.

Clive RobinsonMay 18, 2014 6:51 AM

OFF Topic :

This story titled "Algorithm Apointed Board Director" sounds a little "SkyNet" in tone,

http://www.bbc.com/news/technology-27426942?HN2

However as pointed out by one of the commentators its realy just a gimic as director decision processes ars quite commanly guided by computer algorithms.

What the commentator forgot to mention is that the slavish use of such algorithms has caused major stockmarket stars to crash and burn and not to long ago put the world into recession, people out of work and their homes and an increase in early deaths etc.

So maybe the Terminator films did get a bit of it right, just not the Hollywood Block Buster movie plot way...

Clive RobinsonMay 18, 2014 7:10 AM

@Nick P,

Some background reading for you,

http://www.jofreeman.com/joreen/tyranny.htm

Whilst it was written fourty years ago about womens groups it is still relevent to any grass roots independance movment, and it also can be used as a blue print as to how such movments can be manipulated internaly or externaly to make them stronger/weaker or politicaly relevant/irelevant.

Knowing this it can be used by any liberation group to limit the effects of external influance of the forms thought up as part of Cointelpro.

Nick PMay 18, 2014 1:31 PM

@ Clive Robinson

Thanks for the link as that was an incredibly good essay on the topic. Unless there's a better one you know, I'm probably going to make a trimmed version of that one my default. The treatment of elites and stars seems very accurate. The part on elite structures is also compatable with Assange's treatment of how conspiracies form within organizations. Like in Joreen's essay, the informal and secret forms of communication are a pre-requisite. And lack of accountability allows such groups it to thrive.

I can also imagine, like in my reply to Wael, how such elitism can be used to maintain a group's integrity. This is a much rarer thing. Yet, there's definitely examples out there. The fact that the inner group is so tight & dependent on one another aids in ensuring committment to secrecy & integrity of group's activities. The trick is figuring out how to create positive elitism within groups while also having a formal structure to keeps it in check well enough. I think that's the recipe for the ideal structured organization. We know the elites will happen, so the founders are better off giving the organization a good start by recognizing this & trying to push elite formation in a good direction.

Sancho_PMay 18, 2014 1:31 PM

@Jacob, Nick P: Re ProtonMail

In their security detail page, they list, among other things, the "self destruct" property of the email while at the recipient inbox. There is no way to do that short of taking over the recipient's computer (and hoping that there is no backup).

They are talking about self destructing emails at the recipient’s INBOX, that’s residing on their server (webmail).
With local (client) backups and in case the recipient’s account is not at ProtonMail it can’t work.

So the content may be secured, that’s good.

But, if I understand correctly, the real sensitive and more valuable information, the “header” (often called metadata), is still open to (legaly compelled) government inspection, even between ProtonMail user accounts.

Again, the only path to destruct that information is something similar to mailinator.com.

Nick PMay 18, 2014 2:24 PM

@ Sancho_P

Any discussion of ephemeral messaging must recognize its fatal problem: any plaintext content that goes through a device can be compromised by that device or its user. A self-destructing email sent to a person has to be viewed by that person. If it so much as appears on their monitor, it can be captured and saved by that person in a huge variety of ways. So, ephemeral messaging to hostile recipients should always be considered impossible. Even face-to-face requires technical countermeasures to prevent bugging.

As I thought on it though, I remembered that most security measures US govt uses for classified information were certified to low or medium robustness. It's definition is preventing "casual or inadvertant attempts to breach security." They decided they'd be fine if most people were at least cleared for information on a system, knew consequences of a breach, and had technical measures (eg security) mainly there to make it clear the security breach was intentional. And prevent many accidental breaches or leaks.

So, like in the old days, we have a bunch of people emailing each other through a security focused service. Most trust each other in the sense that all want the service to work effectively so each is protected. They send each other emails. From there, one might want an email to disappear after a time (or reading) without burdening the recipient. Self-destructing emails meet that requirement. Side benefit for Protonmail might be mailboxes using less storage. ;) However, if recipient might be hostile, then the feature can't be relied on and the message probably should be delivered face to face if at all.

"But, if I understand correctly, the real sensitive and more valuable information, the “header” (often called metadata), is still open to (legaly compelled) government inspection, even between ProtonMail user accounts."

That's probably true. It's a centralized email service. They have this inherent weakness for protocol compatibility and efficiency. The safeguard they picked for this issue is to locate in a country with strong privacy laws and a host with incentives to follow them. Not a guarantee, as I said, but a nice start that probably knocks a huge swath of attackers out of that part of the game. There's also technical solutions that could work here but I doubt they're going through that much trouble to protect metadata. They're probably able to access it and turn it over if forced to. So the question is "Who can force them, under what circumstances, and how likely are they to exercise it?"

Insider opinions would be needed to determine this, with insiders understanding how Swiss TLA's operate in practice vs in theory. And these insider's reliability would need to be vetted so we didn't think they were just saying what Swiss want us to hear. ;)

tornipMay 18, 2014 3:04 PM

@ Clive & Nick P

Re Tails. So I get the picture. But why were they going on about how Tails was the only way they got the story out? Hype? How does PGP articulate with Tails?

Tornip

koita nehalotiMay 18, 2014 4:13 PM

re: hand-computed crypto

It would be efficient to make pseudorandom generator for a keystream, or at least one phase of it, by making the key of 2 translucent papers with vertical and horizontal lines representing bits arranged in a 2d grid with rows of lines and columns of lines. Putting them partially overlapping with a computed vertical and horizontal offset enables XORing to give a new string of bits. If the lines cross, answer is 1, if same angle, answer is 0.

If further processing needs +, -,/ or * it would be fastest with bits even by hand, not converting to base ten.

Other version could use rectangular boxes cut out to plastic. If boxes cross, mark it on the paper under it.

Also: Maybe there is a way to implement this in some nanoscale, weird physical process that might have some actual use in electronics... For computing that is not necessarily related to crypto.

@Anura

I wonder if one could use Linux program named dieharder to test hashing, encrypting and pseudorandom algorithms by using weakened versions of them (possibly to a counter) and then giving the output to dieharder. Haven't read the documentation much yet.

Make special sha40, sha45 and sha50 hashers and then test if their difficulty is on a right kind of curve when used with that kind of (or other) tricks.

There could be a powerful server cluster where one could send random numbers and with some payment that server tests them, over weeks if needed. Easier to use than renting and setting VPSs to do that.

@Coyne Tibbets

Use wikipedia category surfing: go to article of something in the category (ie google), look the category links on page bottom, look the relevant category page (of search engines). That is how I found yacy.

Clive RobinsonMay 18, 2014 4:41 PM

@Tornip,

TAILS was most certainly not the only way to get the story out.

Howevef it was probably the only way Ed Snowden had within the capabilities of those he wished to communicate with in a very very short time frame, and time was the critical thing then not high security.

As I said OpSec is hard... even when you have the technical tools available. However seting up the technical tools even for security pros is very difficult because nearly all computer hardware, Operating Systems and Applications are designed to "share", be "efficient" and "easy to use", non of which is good for security.

Ed Snowden had to get the two journos up to a minimum level of security fast, whilst one was atleast aware of the issues from practical experiance, the other was still living in blisfull ignorance, and had not done what was asked of them.

What Ed Snowden needed of the two journalists was to get them to a face to face meeting fast befor the NSA et al got wind he was on the move, it was a very short time window, maybe a week at the most.

So all Ed needed was for them to have good encryption on messages and for a short time no easy way for the likes of the NSA to see where the messages were comming from.

Ed Snowden assumed quite correctly that many if not all journalists electronic communications were being intercepted and recorded. And would with reasonable probability be listened to by "analysits" within a fairly short time of him going missing. He also assumed that the US Gov would go after him not the journalists due to various legal niceties journalists have in the US.

Thus his issue was to get the two journalists sufficiently interested in a very short time window to get to a face to face meeting in an open or unmonitored area in a country where the normal US spooks would stand out from the crowd.

As @Nick P has pointed out TAILS would slow the NSA et al down and buy him time for the face to face meeting by making his location much harder to find.

At the face to face Ed would have explained how to do various types of OpSec which I suspect neither journalist has actually shared with the rest of the world (for good reason). What they did do was check to see if a courier "go between" was going to work... The British Politico's and Cabinate Office did something entirely stupid, which only served to anounce to the rest of the world just how important Ed Snowden's revelations are. The Cabinate Office then compounded their mistakes by sending "Pinky and Perky" down to destroy the computers at the Guardian's offices. The photographs that the Guardian released of the computer parts after their "sanitation" tells a story of "hidden memory" which few conciously knew of prior to this (but if you'ld been reading this blog you'ld have read about "semi-mutable memory in IO devices" some years ago ;-)

Little of what has subsiquently come out is actually either surprising or unknown, secrets of the sort Ed revealed were imposible to keep due to the infrastructure etc involved. The hard part was not seeing enough of the pieces of the jigsaw puzzel to work out what the picture was, but actually getting your pre-conceptions out of the way so that you would beleive what your eyes were telling you...

Clive RobinsonMay 18, 2014 9:37 PM

@Nick P,

As you are aware there are one or two questions hanging over NISTs eliptic curves (which the NSA are believed to have got at).

Well you might have heard of the BAD A55 curves, any way over on their site they have some sailient points on various ECs that have been suggested as standards. The tables show that many of these standard curves suffer from security issues,

http://safecurves.cr.yp.to/index.html

Towards the bottom of the page you will see a familiar name is involved in these SaferCurves.

koita nehalotiMay 19, 2014 2:41 AM

Could we have some statistics on how many visitors to this site come from tor exit nodes?

And also, stats about operating systems and how fast computers and connections they seem to have.


dot tilde dotMay 19, 2014 3:16 AM

whenever you read something about germany, consider the following.

germans love english sounding words that they make up themselves, ignorant of what they could actually mean.

for example, a cell phone is called a "handy" because you hold it in your hand, cordless, you know. dont think "useful opportunity", ze germans think "hand holds the precious".

now back on topic, when it comes to discuss ubiquitous surveillance, the mot de temps is "no spy". there are treaties being discussed under the label, suggesting mitigation of the stasi threat, while the actual goal is to become a sixth party to the five eyes.

now a "no spy hardware certification" is being discussed. so please be aware that the stupid label actually means "mit dabei". translates to "me too", "yes please", "pour me some more".

german government is fed up with sitting at the kid's table.

no spy heisst mit dabei.

.~.

ChrisMay 19, 2014 6:16 AM

Hi something that I have been thinking about lately is why people dont use "Split Encryption"
tactics more.

By that I meen that the encrypted output for ANY Cipher is split in two or more halfs and then send through different channels. One through email perhaps and another one using a webpage guestbook or similar, obviously there are many possibilities.

The x-halfs cant be decoded without each other since they are not complete.
What do you have to say about this kindof idea
//Chris

Clive RobinsonMay 19, 2014 7:58 AM

@Chris,

The spliting of encrypted messages and giving them to two or more couriers is quite old.

However you are incorrect when you say you can not decode one half with out the other, it very much depends on the type of encryption and the mode it is used in.

However if the system is designed and used so that you need all parts to decode the message then you are placing yourself at a disadvantage with respect to your enemy. Because by doing so you are actually increasing the risk of one or more parts of the message being intercepted. Which gives a coresponding increased risk that the message will not be decode at all.

In military systems it is usualy prefered that the message gets through in a timely fashion even if the enemy can read it after just a few days effort, as in most cases by then the information will be effectivly moot. Which is why in the past military field ciphers have been designed for robustness of use not high security.

tornipMay 19, 2014 9:18 AM

@ Clive & Nick P

Since Tails is an anonymity tool, how does it articulate with PGP?

ChrisMay 19, 2014 12:12 PM

@Clive
Thanks for the answer!

Well I can understand that part that it will give you alot of problems as such.
And that it might not be robust, it depends i guess in which way it is used.
And giving it a second thought it depends on what cipher you are using
however ... many ciphers would be impossible to even try to crack without all the parts.

I think I read about this idea the first time in some book that just slightly
touched on this topic if it was used in russian or israeli numberstation messages
but i really dont remember. I cant find the references anyhow, but most likely Mossad
numberstations it was, if it was just a theory or actual fact I cant tell though.

Thanks for the input, I will sleep on it and have a rethinking procedure.
And yeah I knew that it has been used previously but didnt see why it wasnt used broadly.

//Chris

Nick PMay 19, 2014 12:21 PM

@ Clive

Yes, a very familiar name on the safer curves. Did you notice what names were on the unsafe ones? The names varied, but almost all were US govt groups who draw on expertise of a particular agency. ;)

ChrisMay 19, 2014 12:41 PM

Hi again, hopefully not making a fool of myselfe but I do have another idea.
Hopefully i can explain the idea without it getting to complex.
But I have run it through some models and it works.

So its based on an OTP model where 2 sides has the same keys allready distributed.

However since the keyexchange procedure is a pain in the ass with OTP, so my idea was to use a secondary stack of OTP keys to produce the next key that will be used for the next message only.So actually both sides from start have two OTP stacks.
One in this example is called OTP and the second is called MTP.

Goes something like this:
=========================
UserA
OTP Key: 0123456789
MTP Washer: 9876543210
At this point UserA and UserB has somehow got their keys allready.
But from this point on there will be no further keyexhanges necessary.

Message from UserA to UserB
Clear: message
This is "XORED" with 01234567890 which is the OTP Key

The actual message that consist of the letters "message" will now be xored with
the MOTP key 9876543210 and will be fed last to the OTP stack, and the allready used
keys from the OTP stack will be fed through a pseudorandomizer known to both to refeed
the MTP stack.

This is the simplest way I can explain this idea.
It will most likely depend in along term how good the pseudorandomizer algorithm is
and eventually you will need a keyexchange to happen but I am not a matematician.

But I have played quite alot with this idea, however i dont know very well how to
make a good pseudorandomizer, which seems to be a key issue.

//Chris

ScaredMay 19, 2014 12:46 PM

U.S. Charges Five Chinese Military Hackers With Online Spying
http://www.businessweek.com/articles/2014-05-19/u-dot-s-dot-charges-five-chinese-military-hackers-with-online-spying#r=lr-sr

“For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries,” said FBI Director James B. Comey in a press release. “The indictment announced today is an important step. But there are many more victims, and there is much more to be done.”

Or: "I'm shocked, shocked, to hear that there's spying going on" said FBI Director James B. Comey?

ChrisMay 19, 2014 1:20 PM

Anyways, the main point with the OTP/MTP thing is that given the fact that OTP is safe
meens also that the message within the OTP is safe.
So given that meens that that particular message within the OTP encryption can then
be used to create the next OTP table.

Yes it probably can only be used with pont to point traffic
and it needs to be in synch.
But that was the idea shortly
//Chris

AnuraMay 19, 2014 1:23 PM

Do they actually think that charging them will accomplish anything? Seriously, we hack China, China hacks us; everyone knows this. So why do we have to play these silly games? You want to fight China in cyberspace? Work on making the computers and the internet more secure for private enterprises, home users, and government.

Sancho_PMay 19, 2014 4:08 PM

@ Chris: “Split Encryption”

Clive pointed at the traditional issues with splitting, especially during warfare in “the good old days”.
Modern technics and our beloved governmental players may shift the focus back to splitting of messages. Some problems remain, though.

Obviously the parts must be sent and received altogether so that the message could be combined on both sides.
If any of the involved devices is a computer and / or a single network provider is involved chances are … the adversary is already there.

However, to split is kinda encryption / obfuscation and the knowledge of how to combine which parts is part of the (hopefully) secret key.

Also the content of the message is just one part of “intelligence” (probably the minor one), the real information is what’s often called “metadata”.

Yes, I think nowadays splitting would be valuable again.

Re: using OTP
As always, key distribution is crucial.
Recycling keys may be a bad idea, as is home-brewed security.

FigureitoutMay 19, 2014 9:43 PM

Recycling keys may be a bad idea, as is home-brewed security.
Sancho_P
--Can't argue w/ the first part, but the second I can. First, look at the state of computer security today. I can end my argument there as there isn't a single product out there that anyone anywhere can tout is ultimately secure, but I won't. Internet security?--Lol you're joking right? What kind of assurance does one have that data isn't split and copied and the return path is cut off?--None. Next is DIVERSITY. Now, can you imagine, on top of new languages and algorithms, new computers that force data to move how it wants and need extraordinary effort to reprogram maliciously; how all that would be hell for an intel agency and attackers? They'll probably reveal their methods or themselves in the process if you're doing it right. Lastly, it reinforces weakness and laziness and scares others from taking the reins and fighting the fight themselves head on.

All we need is more stepping stones off existing architectures to shake off the malware hooks, and there are pioneers out there making that happen; for those that follow the freshly broken path and carve out a peaceful secure existence, until the next societal rot and new paths need to be made.

Nick PMay 19, 2014 11:57 PM

@ tornip

Anonymity protects your identity. PGP provides confidentiality, integrity and authentication. The first two attributes essentially protect the message. The last one lets you know which keypair it came from. In the old days (eg Cypherpunks), the idea was to anonymize everything by default and let people send messages with things like PGP. The public key is the identity, which establishes reputation. And you can have as many as you want. And you can always get rid of one for another. And anyone wanting to ID themselves can always say who they are.

So, you need one to protect & authenticate the message. You need another to ensure sending it doesn't give away your identity. And, of course, you can never use that public/private keypair outside the anonymity scheme or they'll know who it is. That's how you combine them for secure, anonymous communication [at least to observing third party].

Far as key pairs, we always recommended people trade them in person. There were even crypto parties of sorts where people exchanged them, although I didn't attend any. I was more along the lines of "Btw, do you have PGP or another private service? What's your contact information?" If they requested, I might put their nickname or alias in instead of their name so if it's compromised nobody knew who they really were. Of course, today smartphones and cameras try to track you everywhere you go so there's probably going to be evidence that you met. Long as you have a cover story & meet lots of people, this doesn't give the adversaries anything to work with unless they've bugged your computer & bypassed all your protections. Then you're... shall we say... totally f***ed. :)

Nick PMay 20, 2014 12:01 AM

re recycling keys

It's a very bad idea. You wrote the stuff on paper to remember it and because you could burn the paper to rid yourself of the key. Then, your environmental conscience kicks in, you tear the paper up a bit, and throw it in the recycling bin. Once your opponent knows, they can pay off people in the recycling company to deliver your trash to them. They might be doing it anyway (ie dumpster diving). They'll spot that some things look random. They put the pieces back together, get your key, and decrypt your data. All because you wanted to recycle to save the environment it's Game Over.

Oh wait, you guys were talking about a different kind of key recycling. My bad. Yeah, that kind sucks too. ;)

SkepticalMay 20, 2014 7:01 AM

@Anura: Do they actually think that charging them will accomplish anything? Seriously, we hack China, China hacks us; everyone knows this. So why do we have to play these silly games? You want to fight China in cyberspace? Work on making the computers and the internet more secure for private enterprises, home users, and government.

The US does not view national security espionage and commercial espionage as equivalent.

I've stated the reasons for the distinction several times on this blog, but here's Eric Holder quoted in the Department of Justice - Press Release:

Success in the global market place should be based solely on a company’s ability to innovate and compete, not on a sponsor government’s ability to spy and steal business secrets.

US policy is heavily, if imperfectly, in favor of free trade and open markets among nations. In the US view, free trade and commerce between nations (1) reduces the probability of war between those nations, (2) supports political liberalization and democratization, and (3) enhances global productivity and wealth.

Intense state-sponsored commercial espionage by one of the largest states in the world undermines and threatens that policy. It undermines economic benefits by allowing Chinese SOEs to benefit from risks that they didn't take and by depriving risk-taking creators and companies of their deserved rewards. It undermines political liberalization and democratization by fostering and fortifying corruption and by reducing opportunities for entrepreneurial companies to challenge government-sponsored behemoths.

I agree that the US should continue to strengthen the ability of commercial enterprises to resist state-sponsored espionage, but given the resources that a state can bring to bear, the US Government will need to do more than encourage technical development.

The indictment is a signal that the rules of the game are changing. Just as the US became much more legally aggressive in pursuing anti-bribery cases, the US is becoming more legally aggressive in pursuing state-sponsored commercial espionage cases.

These quotes tell the tale:

“For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries,” said FBI Director James B. Comey. “The indictment announced today is an important step. But there are many more victims, and there is much more to be done. With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber espionage from all sources.”

“State actors engaged in cyber espionage for economic advantage are not immune from the law just because they hack under the shadow of their country’s flag,” said John Carlin, Assistant Attorney General for National Security. “Cyber theft is real theft and we will hold state sponsored cyber thieves accountable as we would any other transnational criminal organization that steals our goods and breaks our laws.”

Make no mistake: those are policy statements. The US has been far too tolerant of state-sponsored commercial espionage, and pressure to take a more active role, to render such conduct unacceptable legally by prosecuting those officials responsible, has been building for a long time. Perhaps delayed by the events of last summer, it seems that the right policy is at last arriving.

From a US crackdown on facilities for money-laundering and illegal trade, like Liberty Reserve one year ago, to wide-ranging anti-bribery investigations, to at last, perhaps, state-sponsored commercial espionage, we're seeing the law catch up with the changes posed by a more global economy.

None of this is to detract from the importance of the technical side of securing information; it is vital. But technology alone is insufficient, and the imposition of law upon rogue groups is surely something to be cheered.

And the US, freed from the strain of two counterinsurgency conflicts, a financial crisis, and a recession, empowered by a recovering economy and cheap domestic energy, will in all likelihood continue to bring new strength to the fight.

I would only add that there is no better place to make the case for, and investments in, truly secure technology than in a nation that forbids anyone, government or private, from profiting by the theft of information, and that is willing and able to stand against any entity that does so.

Clive RobinsonMay 20, 2014 10:13 AM

OFF Topic :

Some news from last week that has just filtered out is that China has banned the use of Win 8 on any government computer.

http://www.reuters.com/article/2014/05/20/us-microsoft-china-idUSBREA4J07Q20140520

Even if the recent USGov sillyness over charging Chinese officials over hacking is not retalitory, the timing is going to make it look like the old Cold War "tit for tat" expulsion deplomacy.

This is actually going to hit MS quite a bit, even though China is worth only about the same as a small European Country the number of licences purchased was on the increase. The net effect is likely to be a significant down turn in MS revenue from China, not just in the immediate future but for upto ten years.

Clive RobinsonMay 20, 2014 10:27 AM

OFF Topic :

It looks lke commercial Quantum Key Delivery via Satellite is going to happen a lot sooner than expected. By using low cost current consumer technology packaged into a microsat, the costs will be vastly reduced to the point it is a "throw away" price for doing the experiments which will show the problems that will be encountered with single photon detection and polarisation checking.

http://spectrum.ieee.org/aerospace/satellites/commercial-quantum-cryptography-satellites-coming

WaelMay 20, 2014 11:46 AM

@ Clive Robinson,

It looks lke commercial Quantum Key Delivery via Satellite...
Nice! Seems Quantum Cryptography works for "data in transit", where data is separated by "distance". I didn't think how to use QC for encrypting "data at rest", where data is separated by "time". Hmmm... Sattelites, Space, time, and distance... Next stop: Relativistic Quantum Crytpography :)

BenniMay 20, 2014 6:37 PM

By the way, the program where the NSA is storing all phone calls made in Bahamas in voice for 30 days:

https://firstlook.org/theintercept/article/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/

was previously reported in DER SPIEGEL book, The Nsa Complex.

http://www.randomhouse.de/book/The-NSA-Complex-Edward-Snowden-and-the-road-to-total-surveillance/Marcel-Rosenbach/e460131.rhd?pub=36000&frm=true

The fact that the Bahamas are now asking the US why the nsa is doing this:

https://firstlook.org/theintercept/2014/05/20/bahamas-wants-know-nsa-recording-phone-calls/

Just shows that they are deliberatly ignoring the publications of DER SPIEGEL which presented all this much earlier.

@Clive Robinson:

There is not much doubt that the Dwave system utilizes some quantum processes. Thereby it is a quantum computer.

http://en.wikipedia.org/wiki/Adiabatic_quantum_computation

The problem is that it is just built for a very narrow problem which quantum mechanics is not able to solve much faster than classical computing. the time of finding a groundstate is highly system dependent. There are quantum systems on which this is as almost fast as the speed of light, but for some superconducting solid with electrons therein, it is as fast as on a conventional computer.

Sancho_PMay 20, 2014 7:10 PM

@ Skeptical:

Hilarious!
Got my printer down from the attic only to print your posting.

Yes, “aggressive” is the right term.
I could supply large quantities of boots and brown shirts ("Made in China"), just let me know!

Nick PMay 20, 2014 8:06 PM

@ Clive, Wael

re quantum key distribution

I wonder if they know about the NSA backdoor in the quantum networking products. I doubt BULLRUN would leave them off seeing how much trust people put in them.

I never got the idea of quantum networking. I mean, an assured smartcard chip added to a regular board running key mgmt primitives seems more trustworthy to me. And faster, cheaper, and better cost-per-watt, too. ;)

Not to mention one of the first Orange Book A1-class products (GNTP) was a secure networking product that NSA couldn't (at the time) beat. We've learned bad stuff and good stuff since then with even more products they couldn't hack. So... why do we need an extremely expensive, low bandwidth, little understood, limited use, key exchange scheme again...? Other than such companies' profits?

@ Wael

Speaking of smartcards, one chip recently got EAL6+ certified. I was thinking "about time." Combine with MULTOS or IBM's Caernarvon, it seems that smartcards are first to achieve highly secure from hardware to OS to running software.

Anyway, I was thinking of Ross Anderson et al's attacks on them and wondering if a shortcut to reducing invasive attacks is just to shrink it to most cutting edge process. RobertT convinced me that subversion at physical layer is hard as it's hard enough to get a *regular* design working, much less doing odd modifications to black boxes. Most smart cards I've seen used older process node technology that's easier to probe. I wonder if a 22-40nm makes it harder to reverse engineer or tamper with.

I can't find a page saying what process node tech is the current limit in reverse engineering. I did stumble on a ChipWorks paper from 2009 showing they did IC extraction on 2006-era process node tech. I'm sure they've gotten better since. I wonder if anyone can reverse 22nm or how long it will take. Maybe next project should target 14nm immediately to give them at least a few years of safety. ;)

@ Clive

re D-Wave

Interesting reading. The claimed speedup of around 3,600 is lame given what we know quantum computers should be capable of. And one guy says it was way faster than a desktop PC. A desktop PC is about the worst way one could execute SIMD or MIMD number crunching. It's horribly inefficient and lacking in parallel processing. That's why MPP's, vector processors and GPU's were created in the first place.

Anyway, it got me thinking. ("Can't be good..." I know...) Anyway, I used to be in MPP's and application-specific processing. It was fun. So, I immediately thought "why don't we quit worrying about maybe fake quantum computers and just built ultra-efficient SOC for same thing?" Looking into it, I found even academics had produced quite efficient SIMD & MIMD machines. Would go well with one of the budget NUMA machines I posted before. So, I think it's a big fuss over nothing as people wanting a bad ass datamining machine could design their own chip cheaper than one D-Wave. It does look cool, though.

Path led me to an update on Epiphany processor. They're doing great. They also have a nice write-up on how to get in chip business without spending $100+ mil on nothing. Excellent advice imho that can benefit readers considering secure SOC development.

"Adapteva brought a new Instruction Set Architecture,Network On Chip infrastructure, four generations of processor chips, and a complete high quality tool chain that includes C/C++/OpenCL support for less than $2.5M." (Adapteva)

Sweet, eh? Anyway, if I was Google or Lockheed, I'd license or buy-out Adapteva. I'd invest the big money into putting it on a good process technology, getting it to 256-1,024 cores, maybe adding a RISC processor for non-parallel (esp system code), putting four of those motha's on a board with mgmt processor, and hooking them up to a SGI NUMA machine with its interconnect. I'd also offer a switch & cables to do it cheap & cluster-style. Let's say each chip is $1k and we're doing a SGI UV 256-socket machine. The result is $256,000 hardware cost on top of a several million dollar NUMA system for a 256,000+ core machine with up to 64TB RAM whose bandwidth is close to terabit a second at nanosecond latencies. It also does stuff other than annealing and can support other boards b/c it's SGI chassis.

Way better deal than D-Wave. So, there I've posted it and we can expect to see someone copy it into a product in... is it usually 2-3 years that happens after one of us mentions invents something and posts it here? ;)

Mr. PragmaMay 20, 2014 10:28 PM

Nick P

First, thanks for the hint at the new NXP processor.

Some remarks:

Nope, smaller structure size doesn't help a lot (actually, virtually not at all) against attacks/analysis on chips. On the other hand those attacks work only against secrets/secret mechanisms hidden in the chips (as opposed to against crypto algorithms).

Related, (also to Adapteva) operating fabless obviously introduces new attack vectors.

Looking at smartcard chips but also at password algorithms, it seems that one of the uglier problems in general is the question of how to properly store secrets (passwords, private keys, etc.). I'm afraid "conventional" HSMs can offer only so far.

WaelMay 20, 2014 10:57 PM

@ Nick P,

I mean, an assured smartcard chip added to a regular board running key mgmt primitives seems more trustworthy to me. And faster, cheaper, and better cost-per-watt, too.
Typically you'd use an HSM for key management. Some related links (quantum properties of lasers)
http://quintessencelabs.com
http://www.commercialisationaustralia.gov.au/valueproposition/valuepropositionjuly2013/Pages/Random-Numbers.aspx
http://arxiv.org/abs/1401.5658

Regarding smart cards: Good they achieved EAL 6. I am actually surprised they surpassed some TPMs that were at EAL 4+ when I last looked at them!

Check the FIB attacks... Focused Ion Beam -- they are destructive, I believe a schematic of the chop can be reconstructed with the right equipment -- hardware reverse engineering.

Attacks: http://www.geocities.com/mike.tunstall/presentation/AttacksonSmartCards.pdf
http://www.cs.ru.nl/~erikpoll/hw/slides/4_attacks.pdf

@ Mr. pragma, as the above doc shows, using smaller circuitry is a recommended mitigation technique. Two of the companies mentioned there do those kinds of testing. I suspect NXP uses at least one of them for finding weaknesses.

RobertT convinced me that subversion at physical layer is hard as it's hard enough to get a *regular* design working, much less doing odd modifications to black boxes.
Yes, he did! But subversion can happen with very low tech methods as well. I remember a discussion with him regarding Firmware level subversion...

AspieMay 20, 2014 11:09 PM

@Figureitout - cool, thanks for the update. seems there will be new secure mail alternatives popping up soon. we'll talk.

@Clive - re: # of Snowden docs; Terry Gross (NPR - Fresh Air) interviewed Greenwald (the podcast is still available) who stated "several tens of thousands" [of documents]. In his book No Place To Hide he describes, in some detail, that Ed Snowden organised these into an "elegant" tree earmarking the important ones. I suspect Snowden chunked a lot of docs and then checked them for phrases/key-names and flagged those up for Greenwald et al. I'd be surprised if he threw any out so I'd put money on ~50k docs - still a good trove.

Mr. PragmaMay 20, 2014 11:41 PM

Wael (May 20, 2014 10:57 PM)

Oh, I don't doubt that smaller circuitry is a recommended mitigation technique. I just doubt that it really works.

While one would assume that the cost of equipment for hardcore hardware analysis or rev-engineering is prohibitively high that's not the whole truth. I know of cases where "last years" equipment was bought relatively cheap (5-10k range rather than up to x*100k range) and, more importantly, used successfully.
One part of the problem is that that kind of equipment (even somewhat older stuff) can easily achieve

I assume that the above mentioned advise is based on the limits of (relatively commonly applied) mechanical micro-probing; and there it makes sense. But then, that is just 1 tool in an increasingly rich toolbox of techniques.

To cut it short: probing, analysing, and rev-engineering (the relevant tasty parts) of "security chips" is within easy reach of states (and there I'm not talking about nsa but about just about any state desiring that capability) and, in fact, even in reach of well-funded, determinded criminal organisations (Thanks god that they usually rather rely on rather crude and/or social techniques).

Ad "HSM":
I might be dead wrong but my assumption is that HSMs can't be trusted any more than, say cisco routers, simply because the same attack vectors (by states, particularly us & uk) can be applied.

And in the end HSM typically are just very elaborate "hide it away and lock it diligently and using complex locks" kind of devices.

Quite probably (this also concerns the sometimes poor banking security standards, EAL-x, and the like) I think we actually face another variant of the committee problem (discussed in another thread, I think). There is, I'm afraid, quite often way more "the insurance wants x", "the (banking bla) standards says x", and "the state regulations demand x (e.g. fips)" in that soup than solid technical criteria.
Even if we assume that company A creates a new, very secure chip or device Y, and that the banking industry, the state, the bodies, etc. *do* actually strive for *real* and *high* security, it will take years -- and be almost certainly be watered down and tainted -- until all state regulations, insurance rules, standards bodies, aso aso have been passed and that new (5 years ago) very secure chip, device, or algorithm will actually be used, let alone being wide usage.

Short, my trust in HSM has its upper bounds defined by my trust in nato countries being honest and their companies being honest and being allowed to be honest in the first place.

(Note, FYI: the quote seemingly attributed to me is not from me.)

FigureitoutMay 21, 2014 12:34 AM

Nick P RE: Adapteva
--Neat articles on that company. I'd really rather not some company like google or lockheed gobble them up; they got enough, greedy bastards. Those specs you mentioned have my mind spinning though, that'll be a juicy target for attackers rather than my 8-bit, no more than 1 MB RAM ever, isolated, physically-guarded, primarily fully-shielded machine; be nice for a shielded building though w/ filtered power (the brute-forcing or encryption one could do...). And, I know you planned that stupid Parallella board ad for $99, you bastard. :p Oh and hey, C/C++ support, just what you want, eh? No one's turning that ship around w/o some serious brain-power and money, C's too dominant now...

Mr. Pragma
--Agreed, I'd bet the attacks will be similar, as mentioned, for that cheap (relatively) there won't be fundamental changes and maybe they use same machines they take home to the neighborhood wifi network. Or...here's the part that really irritates me...using existing attacks to observe dev process, thus seeing potential weaknesses or access to code in near real time. And carving a little chunk of the chip off w/ the infected machines you're developing w/, to persist the infection. Stop developing, go out of business. It's just a nonstop hell; and I'm witnessing it right now, and it'd cost the company *a lot* of money to properly fix.

Aspie
--Definitely. I'd say this time we exchange a backup plan, basically limited to radio and internet. I'll just tell you later; stay frosty.

WaelMay 21, 2014 12:44 AM

@ MrPragma,

I assume that the above mentioned advise is based on the limits of (relatively commonly applied) mechanical micro-probing; and there it makes sense.
Plus FIB, which is what I was referring to. These advises come from companies that specialize in state of the art Hardware pen testing -- ok, state of the art commercial equipment...

RE: HSM,
One of the reasons, and by no means the most important, nor the only one, but relevant to the context, for using HSMs is to protect the keys from insiders. Like you said, HSMs sit in controlled environments with strict access controls and audit logs, surveillance equipment, etc...

And in the end HSM typically are just very elaborate "hide it away and lock it diligently and using complex locks" kind of devices.
Essentially, yes! Hide it cryptographically and protect it physically. What else can one do?

attack vectors (by states, particularly us & uk) can be applied.
These attack vectors are hard to mitigate. Your "adversary" is a formidable one -- perhaps too formidable. An individual cannot defend against an adversary with comparatively infinite financial, legal, technological,... resources. I think I said before when facing such a formidable adversary, these are the rules of the game. I know @Nick P, @RobertT, and @ Clive Robinson disagreed to some extent at the time, but I still believe that to be true.
the quote seemingly attributed to me is not from me.)
Oh, no! And this quote attributed to him, is not from him... If @Moderator facilitated authentication, this would not happen, see.

Nick PMay 21, 2014 1:11 AM

@ Figureitout

Parellela is already shipping. It's mentioned on Adapteva's site as they're the main tech behind it. The point of my mentioning that isn't security: I do have fun here and there on the side. ;) Point was I already threw together an abstract design for a 500,000+ core machine while big companies were wasting tens of millions on "maybe quantum, equiv or barely better than classical" machines. Just saying they could be getting *real* results with more sensible spending.

And hobbyists and budget operations can definitely benefit from tech like this if they have more desire for computing power than they do cash.

"stay frosty"

A Modern Warfare guy. I was No 1 in almost every MW2 match I played while I played it despite being bottom 1% in hand-eye coordination & reflexes. Feels good to accomplish (plus good story tks to Tom Clancy). Yet, due to structure, so simple a game. Much more challenging was 64-player Battlefield 2 matches with people, vehicles, no killcam, etc. Especially on hard maps where it was almost rigged that enemy would win constantly. Defeat after defeat, torturing minute after minute in between, and I kept fighting to find tactics that might win. Did on many occasions & in even fewer single-handedly turned situation on enemies to deliver a win to team. Also read titles like Robert Ludlum, Richard Marcinko, etc. Games and titles like that will expand your mind and tactics to deal with real adversaries that dominate most opponents with few happy endings.

re you and Aspie

The two of yous' methods will fail if you're both targeted. It's just how it is. Assume you will be watched, use the advice I gave you to formulate a strategy, have international friends (non Five Eyes) back up your work + any evidence of sneaky shit, and leave US if you can't accomplish anything after that. A last resort some people must use. And the Forth the two of you are using will be hacked unless you use clever layers of obfuscation. All things that are new, esp untyped stack languages, are hacked. That's why I use old, proven stuff in new, obfuscated combinations. You two are better off assuming nothing is safe, learning digital design, implementing secure architectures many have described, using that, and repeat ad infintium. That might accomplish something.

What your doing is obscurity/obfuscation with no end effect as it all rest on building simple software on insecure hardware architectures against (in Figureitout's case) people that even attack physically. A fool's game even I wasted time on a similar one. Best if you guys use dedicated devices that take in the data via PIO I/O & crypto. And assume they might hack it anyway. And build what they can't as I recommended. Next generation, whoever they are, will have to do this as older one's aren't trying. (Despite fact that most chip builders are way over 40.) So, more people need to realize that trust must be built ground up and *do it*.

Otherwise, those in power will consistently show their opponents the myriad ways they failed. Or string them along to let them think they succeeded.

WaelMay 21, 2014 1:37 AM

@ Nick P,

Point was I already threw together an abstract design for a 500,000+ core machine
Your abstract design can become concrete for around $200K using ~300 video cards with 1500 cores each. You'll need to use OpenCL. Or if you prefer , Java, but you'll be using a "C" library through JNI, since OpenCL was based on C99. There are also Ada wrappers...

Mr. PragmaMay 21, 2014 2:43 AM

Wael

Your "adversary" is a formidable one -- perhaps too formidable. An individual cannot defend against an adversary with comparatively infinite financial, legal, technological,... resources.

Well, I'm afraid I have to disagree to some extent, too.

One reason being that we are often somewhat sloppy when talking about threats, mitigation, security, aso.

Let me put it this way. There is an on-dit "security is a process". Yes, and that process sensibly starts by defining what constitutes a threat, what constitutes reasonable defense, etc. This also includes questions like "what is the type of threat?"
Looking at it this way one quickly finds out that many attack vectors are not of a technical (or mathematical) nature but rather of the massive or legal or even deal kind.
Let me show my point with two examples:

An individual can take many (kinds of) secrets with him to the grave. Which leads us to the "deal" type of threats. Basically suicide (in that context) is a deal and hardly is secret worth so much. But also many state attacks are of the deal type; looking at british "tell us your password or go to jail" laws are quite evidently deal attacks based on the assumption that your secret is less valuable to you than your freedom.

Snowden is my second example. Not only did usa attack vectors fail (so far) but, in fact, there you have an individual who actually fu**ed the mighty state opponent.
While Snowden is the big example, (parts of) his mitigation techniques are actually quite often employed, namely to simply go to another jurisdiction (or to put your secret there).

Many quickly say the nice security-is-a-process on-dit but fail to analyse their interests, the value of their interests, the target of their protection attempts, and many other important factors.

One very important factor they forget (and shame themselves) is to ask "What exactly is it that I want to protect?". Is it a usually stationary secret (e.g. CA root cert), is it travelling data (e.g. www), is it my identity, or yet something else? And *why* do I want to protect it? And from whom? And from what kind of damage/loss?

Looking at it that way, one will find that the most powerful (or supposed to be) potential foes have a rather limited and focussed interest (which then poses a threat to their targets). A typical narrow focus of state attacks is to deny some target confidentiality - quite often under the assumption that the target would "abuse" it against some state interest.

Accordingly, "protection" or "(technical) attack mitigation" often isn't the smartest way anyway.

Simple yet striking example: The state is not interested in credit card data or transactions to steal money (unlike criminals who, however, target exactly the same data). The states interest is rather something like whether you purchased certain substances or items or supported certain political groups.
The solution? Not 14nm chip structures, not 512 rather than 256 bit symmetric encryption, but simply paying cash.

In other cases a good approach might be based in the very fact that the state spies *massively* (= computer based). Working for the Al Qaeda secret service you might want to *obviously* start an online love affair with the AQSS operative leaving lots of traces and hints - and then use certain innocent code words. In yet another scenario you might create plausible deniability or even a filter or logic bias (That guy *hates anything muslim. That hint potentially linking him to AQ must be wrong").

Similarly you may actually use the massivity of the state to your advantage. It is, so I think, a "normal" but plain wrong premise to assume the state to always be mightier.

Encryption, safe operating systems, and other technical means are just that, means. Their value is very much depending on the quality of your understanding of them, of your interests, your values, your potential damages and losses and, generally, your security concept.

512 bit keys isn't a concept, neither is 14nm chips.

---
Oh, no! And this quote attributed to him, is not from him... If @Moderator facilitated authentication, this would not happen, see.

Uhm, I'm referring to this quote made in 'Wael • May 20, 2014 10:57 PM': RobertT convinced me that subversion at physical layer is hard as it's hard enough to get a *regular* design working, much less doing odd modifications to black boxes.

Maybe you put that in a paragraph addressing me erroneously, whatever. I didn't mean to be picky but merely to (friendly) clear a potential misunderstanding.

WaelMay 21, 2014 3:07 AM

@Mr. Pragma,

Well, I'm afraid I have to disagree to some extent, too.
I don't think I disagree with what you said.
Maybe you put that in a paragraph addressing me erroneously, whatever. I didn't mean to be picky but merely to (friendly) clear a potential misunderstanding.
No, that was sloppy of me. I was talking to you and quoted @ Nick P, and I was aware of the quote. I should have moved it above your name. I am extremely picky, so it's ok to make me taste some of my medicine ;) it's all good, no worries.

BenniMay 21, 2014 10:14 AM

In germany, the car was invented. The large country US only exports a few more goods than the small country germany:
http://en.wikipedia.org/wiki/List_of_countries_by_exports

This is because in germany we have better engineers, and better technology.

Surveillance is a merely technical thing. And of course, compared to their stupid colleagues at NSA and GCHQ, we have the german technical superiority there.

In the Book The NSA Complex, by Spiegel journalists, you can read that GCHQ's tapping of fibers was at 10GBit/s when the german secret service BND was already at 100GBit/s. Using and developing such a technology certainly needs some practice. And it turns out the BND had enough time to learn. In its own country....

A Professor writes in a report to parliament how the german secret service BND interprets the law:

http://goo.gl/CwtTul

In germany, the BND is only allowed to strategically snoop at places where the network traffic is bundled, for example at large internet hubs, like de-cix in Frankfurt, which is the largest internet node in the world.

Yes, BND is only allowed to copy 20% of the "network capacity" from germany. What that means: For example, de-cix has a "capacity" of 10 TBit/s. However, its maximum load these days is lesser than 3 TBit/s.

So the BND is practically allowed to copy it all and analyze it all, if the data it wants are in germany. And the BND does this. Even for internetproviders which do not route their traffic to foreign ground, BND regularly tapps all communications:

http://www.spiegel.de/spiegel/vorab/bnd-laesst-sich-abhoeren-von-verbindungen-deutscher-provider-genehmigen-a-926221.html

And on foreign ground, the BND can make copies of everything without any juristical limitations, bounded only by personal capacity and money, according to the report of the law Professor.

Compared to this, the american NSA and the british GCHQ are indeed strongly regulated and have a very tight oversight.

For expanding this technology, I guess BND wants the additional 300 million euro http://goo.gl/fx9mtj .


BenniMay 21, 2014 10:38 AM

The comission of the german parliament has a nice witness list:

http://www.spiegel.de/politik/deutschland/spaehaffaere-nsa-ausschuss-will-internetmogule-laden-a-970861.html

among them: Mark Zuckerberg (Facebook), Eric Schmidt (Google), Tim Cook (Apple) oder Dick Costolo (Twitter), Keith Alexander und Michael Hayden....

@Vem;
"The german public is played for a sucker. Even believe BND is tapping wires inside germany already."

Well, in germany, the car was invented. And the small country germany exports only a bit less than the large county usa:
http://en.wikipedia.org/wiki/List_of_countries_by_exports

This is because in germany we have better engineers and better technology.

Surveillance is basically a technical thing. And of course the german secret service BND has the typical german technical superiority there.

In the Spiegel book the nsa complex you can learn that BND's tapping was at 100Gbit/s when GCHQ was at 10 GBit/s. Such a technology needs practice. And it now turns out the BND had enough time to learn in its own country.

A Professor writes here in a new report to germans parliament how the german secret service BND interprets the law: http://goo.gl/CwtTul

BND is only allowed to snoop at places where the network traffic is bundled, for example at large internet hubs, like de-cix in Frankfurt, which is the largest internet hub in the world.

Yes, BND is only allowed to copy 20% of the "network capacity" in germany. What that means: For example, de-cix has a "capacity" of 10 TBit/s. However, its maximum load these days is lesser than 3 TBit/s.

So the BND can practically copy it all. And it does this. Even for providers which route data traffic only exclusivly within germany, the BND gets to a court and sends nice security letters which allow it to tapp the fibers:

http://www.spiegel.de/spiegel/vorab/bnd-laesst-sich-abhoeren-von-verbindungen-deutscher-provider-genehmigen-a-926221.html

And on foreign ground, the BND can make copies of all and everything without any juristical limitations, bounded only by personal capacity and money.

Compared to this, the american NSA and the british GCHQ are indeed strongly regulated.

So thats why BND wants the additional 300 million http://goo.gl/fx9mtj euro I guess.

Nick PMay 21, 2014 2:06 PM

@ Wael

re hardware

Thanks for the links and info. The Gemplus was on 2003 or earlier era process node tech so unfortunately can't help us past survey of attack methods. Far as HSM, I'm aware of them and they're quite expensive. Smart-card chips were my idea for a poor man's HSM. FPGA's came to mind first, but have no protections against various attacks that smart card IC's counter. The RNG link is pretty nice, though, as it would be great for Monte Carlo simulations or OTP support.

"Yes, he did! But subversion can happen with very low tech methods as well. I remember a discussion with him regarding Firmware level subversion..."

I'm focusing on the hardware part, for now. If it's done right, those other issues are more easily solved with solutions that already exist. They just can't be implemented on mainstream architectures.

re rules of the game

Quite a few people have won or broken even. Odds are just very slim. Only one I'll agree with is you can't get out of the game. I live with this fact daily. One can't move on to other pursuits as that only weakens defensive position & opponents will hit you right then. TLA's can be quite patient. They're made up of thousands of people who can rotate jobs, go get a good night's sleep, etc. The targeted is one or few people who get nailed the second they make a mistake. It's really a game of numbers and details, with defender having a disadvantage in both.

re GPU's

There's supercomputers taking that approach. Yet, in each case, they use GPU's as accelerators for parallel problems in combination with real CPU's. The reason is GPU's processing units aren't real CPU's: too limited. Epiphany and similar architectures use real RISC CPU's with shared memory & high bandwidth I/O. Check their comparison to GPU's and such. Price*, power, and size look really good to me. Plus you don't have to learn OpenCL and CUDA: it uses basic C/C++.

* Price isn't listed as they do limited production runs right now to keep costs down. The first board they sold was $99 so chips are probably cheap.

@ Wael, Mr Pragma

One idea comes to mind from my work in automated software diversity. The idea was to create tools that produce many random, equivalent, and structurally different versions of the same software. So, an attack on one might not work on others. Many physical attacks on chip itself are to extract or insert a value into a specific circuit. I wonder if we could apply diversity idea by designing circuits where the location of critical functionality wasn't important. The tool would take a proven circuit description, synthesize a tremendous number of instances, apply validation tests to them, and then put that on a wafer. The result would be each batch wafer producing dozens to hundreds of functionally identical chips each requiring a new physical attack for data reading/writing. The result would force the attacker to beat 100 chips for every 1 product they want to target. And figure out how to ID which implementation a given chip in the field uses without setting off anti-tamper protections.

Just a thought.

@ Benni

"This is because in germany we have better engineers, and better technology."

That's funnier than last round of pro-European rhetoric. You have more exports and engineers because your country puts more capital into those. Quantity != quality, although both are certainly high in Germany. Our brightest engineers are apparently smarter in practice as they don't waste time working for regular companies (which do plenty exports). Aiming for profit & interesting work, the best go into one of four kinds of work: defense contracting; R&D public or private; Silicon Valley-style startupts; Wall St.

The main defence contractors get a steady stream of high profit work. They do some exports, but most of their work is for U.S. They pay very well, too. The R&D sector is a mix of non-profit work for public and private sector work focusing on producing I.P. Many of our brightest minds work there on practical (eg biotech) and arbitrary things (eg security architecture). I've posted many cutting edge security advances here. Almost every group with usable inventions was in U.S. or Britain. A few were in Europe and only one was in Germany (TU Dresden). Silicon Valley startups are self-explanatory: small, innovating companies trying to make the big time. There's a ton of them at any given point, many are ad-supported (no actual sales of goods), and almost all focus on domestic market. Finally, there's Wall St. & finance which vacuums up many of our brightest Comp Sci & engineering types to apply their brains to finance schemes. High-frequency trading gets most attention in press & it alone produces revenues equal to one tenth of all German exports.

The Wall St angle is especially important. You Germans probably value your engineers, what you make, and what volume you sell. Capitalism, the American model, values turning money into more money & doesn't care how that gets done. Engineers are seen as tools to do that among other tools. Good capitalists don't try to out-produce or out-sale the competition: they just try to own them while earning a ROE on investment. That's the focus here. Almost half of all wealth in the world is in hands of 35 asset mgmt firms. Of these, 20 are in U.S. and 2 are in Germany. That's 23.25 trillion in U.S. vs 3.44 trillion in Germany. So, American's aren't really worried about whether or not your engineers are superior. The odds are we own many of them, those that make the tools they use, and those that buy from them. ;)

Of course, both the U.S. and Germany have a new concern in engineering. Where it comes from should surprise you.

" you can read that GCHQ's tapping of fibers was at 10GBit/s when the german secret service BND was already at 100GBit/s"

Intrusion detection, routing, and zero-latency IPC for 160Gbps line
http://dl.acm.org/citation.cfm?id=2465811

So, a small business of 17 technical staff in New York solved that problem on their first try. And exceeded the German 100Gbps by 60%. Not to mention Intel, SGI, Cray, and Oracle currently dominate the world in processor, memory sizes, and interconnect speeds. They're U.S. companies. Top makers of tapping equipment for Tier 1 lines are U.S. and British companies. So Spiegel can talk all they want, but the hard evidence says American & British engineers aren't behind on tech like this: they're quite ahead in accomplishments & dominate market share. The only hardware company in Germany that I'd call the best is Infineon as they seem to make highest quality smartcard chips. Although, that market is dominated by a French and U.S. firm, respectively, in terms of both sales and sheer volume of offerings produced.

"For expanding this technology, I guess BND wants the additional 300 million euro"

The U.S. tool was developed on a budget, is 1U form-factor, and rackable. So, hitting Tb/s just means using a bunch of them with a load-balancing interconnect that supports that bandwidth. It's a common solution for this kind of problem. Each U.S. company I mentioned above already has interconnects that fast with ports third party solution providers just plug their equipment into. A dozen rack units + an interconnect switch + profits = probably less than $10 mil for the capability you describe. And that's assuming company with 160Gbps couldn't scale it's offering with extra funding, which I doubt as they currently use rather low-grade chips vs special purpose ASIC's. As for $300 million for a $10 mil capability... does that cost difference come from German efficiency or beauracracy?

Long story short, all of this national bias and prejudice does us no good. There's no hard data on whose engineers, developers, etc are more capable and I doubt it would be objective if it existed. It's just people throwing opinions back and forth stretching what facts exist. There IS hard data on which are more successful in market, but we know that doesn't imply quality or innovation. The best results actually come from diverse teams of good scientists and engineers building on each others' work. That's why companies like IBM that produce tons of I.P. have research groups in many, many countries working independently and collaboratively. All of us combined is greater than the sum of our parts.

That's why I'll praise the good work of German security researchers just as quickly as I will American researchers. Even Russian and Chinese researchers although they come from opposing countries. Engineering, software, and security are tough fields with tough problems that we need to solve. Solution will come from efforts from people all over the world. The less energy we spend fighting each other the more energy we can spend fighting Them*. So, it would be nice if the US vs Europe tangents would just end as both sides are composed of people & each has smart ones. Now, if they'd all just donate a certain percentage of their time on open hardware and software INFOSEC solutions I'd be a very happy man with more free time. :)

* NSA, GHCQ, BND, and other opponents of liberty/privacy.

WaelMay 21, 2014 2:52 PM

@ Nick P, @Mr. Pragma,

Quite a few people have won or broken even. Odds are just very slim. Only one I'll agree with is you can't get out of the game.

The reason I agree with @Mr. Pragma, and you, although that may give the impression I'm backtracking on the rules I posted is: Those people that "won" or "broke even", they had to pay a price either financially or in terms of convienience. But the point as you put it is: Chances are slim.

WaelMay 21, 2014 2:56 PM

@Nick P,

One idea comes to mind from my work in automated software diversity. The idea was to create tools that produce many random, equivalent, and structurally different versions of the same software
These tools exist. Search for "code obfuscation" and "White box cryptography" -- you'll find several vendors, and several academic and white papers available. Unfortunatley, I cannot point you directly to any of them ;)

BenniMay 21, 2014 3:05 PM

@Nick_P

In germany, you are practically forced to do a master after bachelor. And this was only since several years, after the change into a bachelor master system was decided by politicians. Before that, all german engineers had studied diploma, which is equivalent to a masters degree. Furthermore, you are only allowed to do a phd if you have a masters degree in germany. This creates better educated engineers compared to a system where you are allowed work as an engineer only with a bachelor. It is this education, which makes it possible that most technology in germany is produced in a very small area, namely the south of germany. And this is what germany exports, almost only tech.


And by the way, you will also find in the spiegel book that the BND was listening on russian fibers since 1970. It was one of the first intelligence services which ever did that.

It could read russian encryption, when NSA was blind
http://en.wikipedia.org/wiki/Bundesnachrichtendienst#1960s
A further laudable success involved the BND's activity during the Czech crisis in 1968. With Pullach cryptography fully functioning, the BND predicted an invasion of Soviet and other Warsaw Pact troops into Czechoslovakia. CIA analysts on the other hand did not support the notion of "fraternal assistance" by the satellite states of Moscow; and US ambassador to the Soviet Union, Llewellyn Thompson, quite irritated, called the secret BND report he was given "a German fabrication".[8] At 23:11 on 20 August 1968, BND radar operators first observed abnormal activity over Czech airspace. An agent on the ground in Prague called a BND out-station in Bavaria: "The Russians are coming." Warsaw Pact forces had moved as forecast.[11]


Today, according to the spiegel book, the nsa would rely on BND's fiber tapping in crysis regions where nsa spies would not have access.


The NSA spies themselves asked BND to copy the BND programs Mira4 and VeraS, because, as NSA itself says:

http://www.spiegel.de/netzwelt/netzpolitik/bnd-leitet-laut-spiegel-massenhaft-metadaten-an-die-nsa-weiter-a-914682.html

These german applications would outperform US sigint capabilities (in comparison to xkeyscore) in several aspects.

That is what the NSA says.

Apparently, with their billion dollar budget, nsa engineers were not capable to write applications that are as good as the BND tools, so they requested a copy.

Nick PMay 21, 2014 3:26 PM

@ Wael

re rules

I don't agree with his example of Snowden, though. Snowden was a brilliant technician, con man, AND a trusted insider. The last part is most important. It gives him an opportunity to grab stuff that makes for good insurance. He was also in a Chinese territory by the time they knew he was a problem, making him hard to touch without provoking a powerful nation. And then he was in another superpower's territory. His situation has a certain rare set of attributes that make his success unlikely to apply to even most skilled outsiders facing a TLA. One doesn't carry over to the other.

Winning does come at a cost, though. All defense and conflict does. As opponents resources for offense increase, resources for defense necessarily increase as well.

"These tools exist. Search for "code obfuscation" and "White box cryptography" -- you'll find several vendors, and several academic and white papers available. Unfortunatley, I cannot point you directly to any of them ;)"

I know they do as I've even built some lol. I also posted some here. What I was saying was 'are there tools like that for hardware?' Or any reasons they couldn't be built for limited purpose of hiding critical circuits' locations?

@ Benni

re engineering degrees

That explains increase in number of engineers and those holding degrees. Yet, more college != better engineers once again. One of first things companies do here is tell people to "unlearn that BS you learned in college." I mean, the principles are useful but the skills that really get things done aren't taught in college. That's where work experience is better. I'll take a guy with a Bachelor's and 2 years work experience over a guy with a Master's any day. This principle is also why most people in embedded systems and chip design (worldwide far as I can tell) are over 30. And most good firms spend years teaching young college grads how to do things right. So, more college and degrees = more talented engineers doesn't convince me. I guess I'd have to look into what skills the colleges teach and how many years the grads take to be highly productive engineers. That would be a good indicator.

Far as BND, it seems they're quite effective. Well, I knew that but you've shown me they're better than I thought. But...

"Apparently, with their billion dollar budget, nsa engineers were not capable to write applications that are as good as the BND tools, so they requested a copy."

...this has to be on mgmt rather than engineers. I've already thrown together a solution on paper using proven components that would probably work. That took just a few minutes with similar projects being done by small teams in six months to a year. (More if custom chips rather than custom boards.) So, why can't NSA do it with all their money and engineers? It might require access to something they don't have or they're not leveraging engineers well in this area. If you look at Trailblazer vs Thinthread, a simple solution was ignored in favor of a billion dollar plus waste of money. I could easily see NSA just being incompetent here, while BND listened to their engineers and got stuff done.

It might surprise you but much defense work here is about generating jobs, money and votes rather than accomplishing anything of value. Just goes back to the horrid capitalism philosophy of everyone being selfish as possible hoping good things come out of it. Yeah, that's as stupid as it sounds, but it's the status quo.

Btw, it's best not to equate what NSA engineers can do vs what American engineers can do. They're different and to a degree that's hard to measure as NSA work is classified. American engineers make miracles happen all the time, much like German engineers do. Funding, culture, management, goals of organization, profit margin, end user's expectation... these have a tremendous effect. So, I rarely compare engineer's work directly. I'm more likely to compare how well they solved a problem given resources and constraints. That's the measure of talent.

BenniMay 21, 2014 4:04 PM

Here is the funny witness list of the german NSA parliament comission:

https://netzpolitik.org/2014/liste-an-zeugen-im-nsa-untersuchungsausschuss/

I wonder whether Michael Hayden, Mark Zuckerberg, Tim Cook, or Eric Schmidt are really coming.

And if you are a terrorist: Well the german government now officially says that it shares with interpol, NSA and CIA:

https://netzpolitik.org/2014/bundesregierung-bestaetigt-datentauschring-von-bka-europol-interpol-und-us-militaer-zu-identifizierten-auslaendischen-terroristen/

"Name, Surname, pictures, finger prints, passport data, phone numbers, email adresses, and other things."

By the way the future that BND boss dreams of, and for which he wants 300 millions in cash from german government:

http://www.bnd.bund.de/DE/Themen/Reden%20der%20Leitung/Redetexte/Rede_BfV-Symposium2014.html

"Im Einzelnen kann das so aussehen: Wir erkennen über unsere Auslandserfassungen einen Cyber-Angriff auf französische Firmen oder Institutionen mittels einer neuen, bislang unbekannten Schadsoftware. Wir geben die Informationen über die neue Schadsoftware umgehend an das Bundesamt für Sicherheit in der Informationstechnik und das Bundesamt für Verfassungsschutz, damit die Firewalls in Deutschland darauf quasi „scharf gestellt“ werden können."

"Precisely, it could look like this: Our foreign signals intelligence notices a cyber attack on some french company by a new, unknown malware. We will give the information on the malwaree immediately to germany's office for security in information technology and the office for the protection of the constitution, which then can contact the german companies to justify the german firewalls appropriately"....

Well, the BND boss is just talking here about collecting the datastreams from frensh companies. Note that with this argument, jou have essentially a justification to spy on every company in the world.

Since every company could be attacked by some new foreign malware, whose information you would need to protect germany.

This is an idea which is so ridiculous that it can only come from a german agency which wants some justification to simply collect and sniff it all. It is allowed to do this anyway by current german law:

https://netzpolitik.org/2014/nsa-in-lederhosen/

http://www.spiegel.de/politik/deutschland/datensicherheit-bnd-abhoerpraxis-verfassungswidrig-a-970935.html

freely collecting, analyzing and storing...

At least someone has a granted freedom...

Mr. PragmaMay 21, 2014 7:14 PM

Nick P

Won't work. While for software it's easily feasible, the production (know-how, processes, etc) of hardware wouldn't allow for "individualized" structuring, block placement and the like, except in -- very, very expensive -- special cases. Just switching two blocks of a processor would introduce so many changes on other levels (signal runtime, noise, microtiming, aso aso) that one would end up either with insanely high design, masking, preparation costs or a lotto generator.

And it musn't. Hardware security is just 1 block of a complex structure (well, hopefully) and security is just about delays (with keeping an intruder out being somewhat analogous to the delay tending towards infinite (for that case)).

The real problem for smartcard circuits and the like is *not* (well, should not be) to deny analysis (although many believe that and, indeed,in the early beginnings smartcards ware largely based on secByObscurity) but rather to avoid -- or at least notice and mitigate -- tampering.

As for Germany being better (or not) in engineering/technology/whatever ...

Of course, one can't summarily talk about countries. But one can talk in terms of more or less significant and strong tendencies. That cleared I'd differentiate for situations. If it was about sales and merketing driven projects/goals I'd take us engineers (which for me is theory). If it was about a radically new situation (like martians having landed and attacking us) I'd prefer a high percentage of americans in my team because of their hands-on approach. For the very same reason I would -- and usually do -- avoid american engineers in security related projects where quality and substance (rather than marketing, profit, show) is of essence (which just happens to be my field). For those jobs I'd prefer a strong core of German/Austrian/Suisse engineers as well as Russians. The former because solidity and reliability seem to be hard-wired as desirable priorities in their minds, the latter for mainly two reasons. Russians are *way ahead* in terms of academic qualities (clear logic reasoning, strong math in education) and generally value intelligence highly and, also very desirable, they (possibly due to experience) tend to keep extreme cases and simplicity in their mind.

Not desiring to discuss politics, I innocently-minded see as significant that the current nightmare has been created by "the american way". x86, C, C++, java, Unix and, generally, the strong american tendency to believe in massive quantity.
In that regard I also find it very interesting (even striking) that Modula and Oberon came from the German/Austrian/Suisse corner (some of the strongest uptakers and longest supporters were in Linz/Austria and Karlsruhe/Germany) and that both languages enjoy very high acceptance in Russia.
Similarly, what little I see in terms of secure operating systems (or approaches) has a tendency to come from Europe, and again, is very intelligently analysed and appreciated in Russia, too.

A last and concrete example: All those smartcards in Europe tend to be considerably more secure than those in usa.

This is, btw. not meant as belittling usa. There are reasons for, for instance, virtually all major processor architectures coming from usa. And unlike many Europeans like to think, the reason is not merely capital. One reason quite certainly is Europeans maybe arrogantly and anyway yesterdayishly and with bureaucratic inertia simply failing to understand the technology and its major implications.

All in all I feel that americans are very fertile technology (and solutions, albeit often in the form of a quick fix) inventors and producers who, however, possibly due to being ultra-capitalistically driven, possibly due to lack of culture, or yet something else, fail to achieve high quality and (wide spread) intellectual and academic standards (except areas where quality and "more of whatever" happen to be roughly the same).

As my main impetus isn't judging (and even less belittling) nations but solutions my personal resumee is sth. like this: We should highly value american inventions - and then create a high quality European (incl. Russian) version of it. One example that comes to mind would be a unixish OS with Plan9 elements based on a microkernel and implemented in Modula or (an enhanced) Oberon. The core would be an american strike of genius (Unix, P9) -- and Europeans should smile friendly and say thanks for that. And then, based on that, create a real, solid, safe, reliable OS. But they don't. Instead they muck around with linucks microkernels and linucks on top of that (TU Dresden). In C++. With tiny budgets (which would hardly sustain an american university football team ...)
Shame on Europe. There is reason to bash on usa. But Europe certainly isn't in a position to do so.

(Being at international/nations ... The Chinese have done some remarkable work on both Mips and Spark. I feel they are on a good way to become an ICT heavyweight)

BuckMay 21, 2014 8:25 PM

@Nick P

@ Clive, Wael
re quantum key distribution
I wonder if they know about the NSA backdoor in the quantum networking products. I doubt BULLRUN would leave them off seeing how much trust people put in them.
I never got the idea of quantum networking. I mean, an assured smartcard chip added to a regular board running key mgmt primitives seems more trustworthy to me. And faster, cheaper, and better cost-per-watt, too. ;)
...

So... why do we need an extremely expensive, low bandwidth, little understood, limited use, key exchange scheme again...? Other than such companies' profits?
Haha, such a great question! Then again, one could pose the very same proposition for pretty much any possible postulation in the present day... :-(It's all about the Benjamins, by the way). Such a shame though; if perhaps not all of our classical/conventional networks of today were vulnerable by default & design, there could potentially be some very well considered commercial use cases for these incredibly complex & unintuitive quantum cryptographic algorithms/applications! Perhaps direct neuron-to-neuron quantum entanglement could prove quite useful for secure communications, and if you're right, I suppose we'll be seeing that in 2 to 3 years :-P Or maybe that's just part of how consciousness works... Gotta love multiple discoveries

RobertT convinced me that subversion at physical layer is hard as it's hard enough to get a *regular* design working, much less doing odd modifications to black boxes. Most smart cards I've seen used older process node technology that's easier to probe. I wonder if a 22-40nm makes it harder to reverse engineer or tamper with.
I'm inclined to agree, but I'll add an additional reccomendation to leave available least possible amount of resources required for any specific application... (Push it to the limit, and the effects of "extra code" on hardware will be far more obvious :-)

@Clive

The BBC has an update on D-Wave and their (alledged) Quantum Computer
Maybe I missed something, but I failed to realize any relevant recent revelation here (but for a few new academic-types claiming to be investigating). For the benefit of the search engines and anyone interested in quantum computing developments, here's a list of articles posted back in January: https://www.schneier.com/blog/archives/2014/01/friday_squid_bl_413.html#c3920142

FigureitoutMay 21, 2014 11:26 PM

Nick P RE: Parallella
--I know I'm just giving you sh*t, seems like a neat board...Just posting a paragraph of a feasible design is really a tiny part of the work involved in building the actual product, and you know that. And going off what you've said in the past "I just post secure ideas that people may build on", 'stealing' your design is exactly what you want.

RE: frosty
--Lol, I love how you remember that. Making a leap, but yeah I stole that quote from there. Don't really get that into video games though, just some classics (someone play Nox w/ me... :( )

RE: mine & Aspie's "failing" methods
--C'mon, how long have we "known" each other now? Do you really think I don't have some more cards up my sleeve? Only curious idiots would fall for some of the traps I lay; they're meant for those that attack the frail and the weak, I have little sympathy for those kinds of people or their computers. I've said enough about my situation so I won't delve even deeper.

RE: our "failing" computers before they're even fully built
--I said diversity is important, can you recommend a computer design for TEMPEST security that is free on the internet or I can buy somewhere? That is why I'm targeting that, and I like (sometimes hate) radio. When I bite the dust and release my design, I nervously await the "Here's how I hacked FIO's computer" blog post...If I don't notice or suspect it before hand then I'll get really nervous. Also, I like digital design, but I don't have a secure computer to design on; and I don't like the feeling of being watched or tested when I don't want to be.

Do you care to release your design notes if you wasted some time on such a computer? I don't have the luxury of gov't protection from TEMPEST attacks; so I'll keep playing a "fool" so long as fools keep attacking me. And I don't need to be shown how I failed; I've already seen it quite clearly I wasn't prepared enough.

Benni RE: German superiority
--Kind of a random sentiment, then again I have little room to talk. Statements like that just split the world apart, guess the BND wasn't good enough to protect your Merkel from a bugged cell phone. Anyone can attack, can you defend is the question. Germans sure do have good engineers though and quality manufacturing...but BTW, they're still capable of epic f*ckups. I won't delve too deeply, but a German company sold an American company a RADAR module that had a bug on the level of a "Heartbleed"-style bug; that catastrophic. Oh and that same module was/is used in cars (your German invention) in bumpers for collision detection; the bug would render a complete failure. Bug eventually got fixed, but it was so weird and random, surely more exist.

Mr. Pragma RE: Germans vs Americans
--Good,thoughtful, considerate post, won't quote it as people should read it. I have similar observations of Germans/Austrians/Swiss/Russians, Germans don't really chat much and just focus on whatever, and it's fun to watch a Russian do math. Extremely oversimplified so as not to post a wall of text but just my observations. And in America, when you have space to screw around and experiment, you can come up w/ actual new innovations, sometimes by sheer luck, but no one else did it thus far so...Anyway, can the 2 languages you speak of become more prevalent in engineering is the question? How do they improve internet security? And do they address issues w/ untrustworthy hardware and software-defined/digital radio, which is becoming so cheap and easy that it is a legitimate threat now, especially in urban environments...

FigureitoutMay 21, 2014 11:38 PM

Mr. Pragma
--Ah, forgot. So part of my heritage is German, and Irish, and Belgian. So, what do Europeans say about Americans when we were created by you guys/gals? Being American doesn't just mean a white European too, so much diversity here. 3 of my best friends ever were Asian and Indian.

Nick PMay 22, 2014 12:39 AM

@ Mr Pragma

"While for software it's easily feasible, the production (know-how, processes, etc) of hardware wouldn't allow for "individualized" structuring, block placement and the like, except in -- very, very expensive -- special cases. Just switching two blocks of a processor would introduce so many changes on other levels (signal runtime, noise, microtiming, aso aso) that one would end up either with insanely high design, masking, preparation costs or a lotto generator."

I was worried about that. Darn. I'll keep it in back of my mind as synthesis technologies improve just in case.

"The real problem for smartcard circuits and the like is *not* (well, should not be) to deny analysis (although many believe that and, indeed,in the early beginnings smartcards ware largely based on secByObscurity) but rather to avoid -- or at least notice and mitigate -- tampering."

I think that's probably true based on presentations I've looked at.

re Countries, Engineers, and Quality

On which engineers to choose for which. I could see why you'd make those choices. I'd agree on the Russians' skill, although they could pose a higher than average subversion risk. On secure software and schemes, I see the opposite trend with the majority of 100+ projects/products I've posted here being US, UK or Australian. US and UK companies also largely invented the field, the methodologies, etc while producing many exemplar systems (eg capability machines, A1-class systems). I'm talking from metal up to application they got it done as good as it could be in their time. I've seen little to nothing that compares in Europe. However, I know plenty of projects/products in Europe that fall into medium assurance category & tools that are high assurance (eg Verisoft, Coq).

Which brings me to a larger point I need to make which drives our disagreement. I agree with you (and Benni) that culture and societal structures of these other countries might increase their quality focus. However, we've seen Americans and Brits outright *solve* the problems you are proposing Europeans should *try* to solve. And that was originally decades ago. The markets, including in Europe, voted against the solutions. Yet, Americans & Brits did come up with them.

The point of this isn't pro-American rhetoric. The point is that most groups you wouldn't trust due to their focus and I understand the reasoning. Yet, these few groups I mention far exceeded the whole of American, European, Russian, and Chinese groups in results they delivered. The reason is *incentives.* Credit to Bruce Schneier for getting the importance of the concept across. Incentives drive most things here & they usually push away from quality/security in favor of other things. Sometimes, though, Americans are incentivized to focus on that. You get all that risk-taking, open-minded, hands-on inventiveness but with quality/security as a main objective. The results were excellent and more is coming (see DARPA clean slate programs).

This applies to the example horrors you mentioned: C/C++, x86, and UNIX. They were incentivized by those needing to use (or make) machines with minimal cost & maximum performance. It made sense at the time. Yet, before they existed, Americans created tagged architectures enforcing safety/security per instruction (eg Burroughs B5000), ALGOL68 HLL system development, and MULTICS. That predated & exceeded the Wirth work I loved. U.S. (and UK) made even better stuff after that. The market, for many reasons, decided against quality as semi-reliable fast machines got more done.

Yet, select American engineers kept trying to make secure or high quality stuff. From Cleanroom methodology to Intel i432 to Orange Book A1 kernels to recent SourceT OS, people incentivized to do security well keep designing (and producing) great stuff that are hard to beat to this day. And markets, including European, kept ignoring those solutions in favor of demanding bloatware, race cars, and backward compatibility with insecure software and standards. Is it really surprising that American companies & engineers now produce what the market pays for instead? (Hint: it's not quality/security.)

So, I'll take your international team of people from countries soft- or hard-wired for better quality. Might be true. I just think using that subset of Americans that are incentivized for security/quality will help plenty for making the real deliverable. Like I said, such Americans have already solved many of the critical problems and even tried to sell such solutions. I'm seeing it as put inventors/engineers like them, American or not, in the lead to get the core solutions right at each layer. Maybe give the rest to Europeans and Russians if they in fact can outperform. Although, Americans' culture dictates that they should be involved in its creation if anyone expects them to use it. (shakes head) Either way, I wouldn't care what the source was so long as the result was solid. And I think America's bright engineers that want security/quality are a necessity if the international effort is to achieve the best results.

"In that regard I also find it very interesting (even striking) that Modula and Oberon came from the German/Austrian/Suisse corner (some of the strongest uptakers and longest supporters were in Linz/Austria and Karlsruhe/Germany) and that both languages enjoy very high acceptance in Russia."

It was done mostly at ETH Zurich. That school should get the credit. That certain European countries had the greatest uptake on that rather than the garbage used in U.S. is definitely to their credit. It's why I've often posted here about getting Europeans involved. At least *some* of them do seem ahead of the curve in quality practices. The Russia part I noticed when I kept getting Russian pages looking for Component Pascal (Oberon variant). When Russian programmers start converging on a solution, one should take notice. I took notice and that fed into our conversations about Wirth languages.

" One reason quite certainly is Europeans maybe arrogantly and anyway yesterdayishly and with bureaucratic inertia simply failing to understand the technology and its major implications."

It could be. I think our strong individualism also plays a part in our success. There's plenty of crowd mentality in various institutions, yet ambitious people can truly make their own way as much as they want. Have a dream? Go try to make it happen. Vast innovation potential. In Europe, from my outsider viewpoint, they seem more value driven and also more concerned with the good of the whole country (vs individual). These might lead to increased commitment to quality on a project as a side effect. Americans only care about it if their company or project specializes in caring about it. ;)

"All in all I feel that americans are very fertile technology (and solutions, albeit often in the form of a quick fix) inventors and producers who, however, possibly due to being ultra-capitalistically driven, possibly due to lack of culture, or yet something else, fail to achieve high quality and (wide spread) intellectual and academic standards (except areas where quality and "more of whatever" happen to be roughly the same)."

This seems like it might be true. The academic standards is a complex subject. Let's just say there isn't one approach to education in America. It's more like many competing ideologies with different results. Our best engineers tend to come from a subset of total institutions. We also have plenty of for-profit educational institutions which probably doesn't help. (Incentives again...) Overall, I'd say America is weaker in academic institutions in general and their contribution to quality in particular. I wouldn't trust these in average case. System is optimized against it.

"Being at international/nations ... The Chinese have done some remarkable work on both Mips and Spark. I feel they are on a good way to become an ICT heavyweight"

I totally agree. They're also wiser than some. When I heard they were making their own OS, I criticized them and told them they should just start with a BSD/Linux. Then I heard they started with FreeBSD. Decent choice. Then, the Loongson etc work. There was also decent work on covert channel analysis and other esoteric topics out of their main technical school. They're definitely impressing me.

And the Russians. Like Chinese, they seem to steal as much I.P. as they invent. Yet, their brilliance is clear when one see's what they do with it. At one point, they started developing an Itanium style processor. The end result was similar enough to Itanium that they probably had the Itanium blueprints to start with. Yet, the end result also made Itanium look like a second- or third-class processor in capabilities. I think Intel ended up buying that. Point being, whether they started with Intel I.P. or not, they did better than Intel pretty quickly. And Intel obviously has some of the best engineers in the chip business. That says something about the Russian competition.

Quick thought. Some readers might think I'm being extra-critical on European claims, then extra-supportive on Chinese and Russian. The reason is that I (still) don't believe a US vs Europe comparison can be made as too much diversity of practice in each. Benni & I discussed a US vs German engineering comparison which seemed more doable as they're individual countries. Russia and China are also countries rather than continents. And they seem to have a consistent internal culture about how they approach certain problems (with some exceptions of course). So, those comparison points were practical as well.

My main solution is still that merit-based, international efforts are the best solution for these problems.

yesmeMay 22, 2014 12:53 AM

@Mr. Pragma

"As my main impetus isn't judging (and even less belittling) nations but solutions my personal resumee is sth. like this: We should highly value american inventions - and then create a high quality European (incl. Russian) version of it. One example that comes to mind would be a unixish OS with Plan9 elements based on a microkernel and implemented in Modula or (an enhanced) Oberon. The core would be an american strike of genius (Unix, P9) -- and Europeans should smile friendly and say thanks for that. And then, based on that, create a real, solid, safe, reliable OS. But they don't. Instead they muck around with linucks microkernels and linucks on top of that (TU Dresden). In C++. With tiny budgets (which would hardly sustain an american university football team ...)
Shame on Europe. There is reason to bash on usa. But Europe certainly isn't in a position to do so."

I am sorry to say it but I think that's a very simplistic view.

Mr. PragmaMay 22, 2014 1:03 AM

Figureitout

Re. your first question I'm afraid that there is quite probably no short term change to be expected.

Gladly Russia has reached a point where usa basically can't pose any threat to Russia; they are left with barking at the trees (and that's what they do).

Russia, almost like western Europe, however, still is at a major disadvantage concerning the digital technologies. Maybe others see it differently but in my minds eye any coming, and even more so lasting, superpower in the currently being established multipolar world *must* have independence in some basic ICT areas, in particular in processors.

The western Europeans, due to being "friends" and bound into nato (or, as I see it, being de facto vasalls and colonies with very limited real self determination) may be "forgiven" for blindly (and stupidly, one might say) relying on usa and developing virtually no processors at all (besides smart card thingies, arm licensed IP, etc). This does, however, not change the fact that western Europe is largely at usa's mercy in that field.

Russia again may be forgiven because they had been ransacked, terrorized, and all but destroyed by usa in the yeltsin era, and basically began to recover but in the early 2000's.
In fact there were shy attempts at establishing something like processor design and production capability, e.g. (and most importantly) based on OpenSparc designs. I do very much hope that the high importance of that field is understood by Russia political and industry leaders and sincerely wish Russia the best of luck.

Without at least non-us or, desirably their own, processor design and production capabilities Europe and Russia will always have a vulnerable blind spot.

My personal take is this:

Currently and for some (probably rather short) period of time until usa's hegemony and regime(forgive me if the word isn't perfectly well chosen) is finally and fully broken, Europe will be largely an obedient dog and Russia will need to prepare to comfortably defend against a desperate usa final attack (I'm afraid usa will rather have their own citizens starve and wage wars than let go control over major parts of the world).
So the real answer is in a later phase, probably in 2015 or 2016. Then Russia will be able to afford to invest more in other important technologies. I would assume that Russia will choose a two pronged strategy, i.e. join some Chinese technology and at the same time build up their own, possibly again based on open UltraSparc. I also assume that Russia will build their own operating system (for embedded systems and servers, not for desktop); I actually happen to have some idea about that but I shouldn't talk a lot about that.
For desktop use I feel it to be a rather open game; It almost certainly won't be windows (or apple's os), it might be a russianized linucks (which isn't too dangerous a decision if routers, etc. are properly designed and safe).
As for the preferred languages I won't say anything at all, pardon me.

Re. western Europe I didn't think (nor expect) that much. Looking at western european societies, however, I would strongly expect more linucks. Routers and generally network equipment probably whatever China happens to have on the menu. It's cheap and western Europeans are used to be dependant an a major power and at it's mercy (*cynical grin).
They will quite probably continue to have some excellent research and know-how but they will quite probably also continue to almost strangle that and keep it in niches (and quite probably Russia will continue to intelligently analyze that and pick up the best as they did with, for instance, Wirth languages and know-how).

As for your other question: I don't know. I don't know what "Europeans" (you mean western, I guess) think about anything.

I can only tell you what I think. Following my obervations made so far I think that it's largely meaningless where americans (well, their ancestors) came from. Simply because the american culture (forgive me using that word in the context of americans; I just happen to have no other word for what I mean) is rather dominant and basically expects immigrants to largely be "american" in the first place, no matter where they came from. I'm actually quite sure about that because I met diverse americans from diverse strata, soldiers, consuls, high level agents, moms, etc. and of diverse origin. They pretty all put an american flag on pretty everything that didn't run away fast enough, they pretty all had that terrible uncivilized american accent (actually I'm under the impression that they actually *want* to have that american accent, maybe as a seal of "I'm one of you, I'm a real american, I'm fully integrated"), etc.

Now, that might sound condescending and, frankly, I do not even want to hide that (after all I should be free to honestly say what I think, right? That's after all the american credo). But that doesn't mean that I wish them any bad. Actually I see many good sides with your average american and I honestly recognize that americans achieved a lot. I mean, creating complex processors *is* a major achievement, particularly when considering that around 85% of american soldiers going to Iraq and destroying that country were not even capable of even vaguely point to Iraq on a globe.
So, while I honestly do not wish any bad to any american, no matter were his ancestors came from, I wouldn't want or accept friendship with 99,9% of americans either.

I guess, however, that this is a rather European point of view and that americans would feel that there are major differences between, say, those with Italian, Russian, or Japanese roots.

I also guess that my views will get considerably friendlier once the usa stranglehold on the world and it's plundering and mass murdering has stopped thanks to immensely great and valuable men like Putin and Xi. I'm even glad that they are not out to destroy the usa but to merely break and cripple it so as to protect the civilized world from the usa.

Maybe we should limit our discussions here to technical issues. After all, we all (well, most of us) have proven and experienced that we *can* have divilized, fertile, professional, and even friendly discussion between colleagues, no matter the country ;)

Nick PMay 22, 2014 1:09 AM

@ Buck

"Perhaps direct neuron-to-neuron quantum entanglement could prove quite useful for secure communications, and if you're right, I suppose we'll be seeing that in 2 to 3 years :-P Or maybe that's just part of how consciousness works... "

Lol. I vote you Singularity Saleman of the Month.

"but I'll add an additional reccomendation to leave available least possible amount of resources required for any specific application... (Push it to the limit, and the effects of "extra code" on hardware will be far more obvious :-)"

I've posted the same thing here before so I agree. I'm still not sure if I'm right about that, though. There was something else he pointed out. Each new process technology gives circuits that conceivably can be embedded in older ones invisibly. We wouldn't know the difference. So, we might *seem* to make a provably safe design and put it on the whole chip surface. Yet, smaller wavelength structures could be put in that same chip by dishonest manufacturers without us being able to notice. His theme was that, once it's invented, you can't uninvent it.

He might be right. And this concern of his was one of reasons he pushed smallest process node technology. So, not just complexity of the node used: it's also fact that it's harder to squeeze in extra stuff if the ability to hasn't been invented yet.

@ Figureitout

"I know I'm just giving you sh*t, seems like a neat board.."

I should've known haha.

"And going off what you've said in the past "I just post secure ideas that people may build on", 'stealing' your design is exactly what you want."

Clever. Yes, people can use them. They could still give some credit, though, rather than pretending they invented it themselves. Then, I might get funding to put in better efforts that benefit them and I both.

"Making a leap, but yeah I stole that quote from there. "

I did enjoy the game. The EMP scene is still my favorite as it's one of the best visualizations of it. I also like how they tied in MKULTRA-style projects, number stations, and the underwater antenna. Recently, what little gaming time I have goes to Mass Effect 3. A friend told me the storyline (esp enemies grand plan) and character development were awesome. So, I bought all three games then played through them in order. He was right. The final game also has better mechanics and a huge variety in multiplayer. It's like several games in one. Most time is still work and R&D for me, though.

"-I said diversity is important, can you recommend a computer design for TEMPEST security that is free on the internet or I can buy somewhere?"

My recommended shortcut to this was a field (eg farm) with at least 100 yds visibility in every direction. The building (even a shack) can have a faraday cage, even COTS, with a generator to avoid power line leaks. A cheap spectrum analyzer to detect active attacks might be a bonus. A metal detector is an option for finding any antenna's that were buried into the ground while you were gone.

The easiest solution, however, is a portable computer that you use while on the move & something you never let leave you. If your OPSEC is decent, you never get hit with anything like emanation attacks. A side benefit is you get used to being mobile and explaining why you're using your computer in (insert unusual location here). ;)

And remember they'll hack you with all the other easier opportunities first. Which is why I mentioned them instead of EMSEC.

Nick PMay 22, 2014 1:18 AM

@ Mr Pragma

"I also guess that my views will get considerably friendlier once the usa stranglehold on the world and it's plundering and mass murdering has stopped thanks to immensely great and valuable men like Putin and Xi. I'm even glad that they are not out to destroy the usa but to merely break and cripple it so as to protect the civilized world from the usa."

I really hope that was some sort of joke.

Mr. PragmaMay 22, 2014 1:19 AM

Nick P

I don't see that much disagreement. Kindly note that I did not say "americans deliver but crap!" nor "americans are incapable of designing or producing something great, reliable, safe, good quality".

What I said was a *general tendency*. When you say "incentive" I (in the context of americans) immediately think "ultracapitalism" and maybe additionally some (actually rather vacant and brutally symbolical) patriotism. This is, you are right, a powerful incentive force. But it also has its bad sides. I think the two of us just happened to focus on different sides of the same thing.


@yesme

No problem. As long as you kindly keep in mind that my remarks were *meant to be* and de nature of a rather general nature.

Nick PMay 22, 2014 1:22 AM

@ Mr. Pragma

"What I said was a *general tendency*. When you say "incentive" I (in the context of americans) immediately think "ultracapitalism" and maybe additionally some (actually rather vacant and brutally symbolical) patriotism. This is, you are right, a powerful incentive force. But it also has its bad sides. I think the two of us just happened to focus on different sides of the same thing."

That makes sense. Thanks for clarification. :)

Mr. PragmaMay 22, 2014 1:44 AM

Nick P

Kindly forgive my often clumsy wording. I'm neither a native english speaker nor any talented in that field.
But: No, that was no joke.

I have three suggestions:

- let's stay away from political arguments as far as the technical matter at hand doesn't necessitate that.

- Think(!) about views that might seem absurd or hostile. I do, too. That helped me to see the difference between "the americans" and "usa"(government, agencies, etc). It even helped me to arrive at a point where I would actually *defend* americans (as in this very forum).

- Opposing views, even when very unpleasant, must not be necessarily be based in evil. They may have been built in valid ways and on solid grounds.
Calling oneself reasonable should at least warrant to honestly and open-mindedly *look* at the opposed view.

That's not just words. I actually live that. I have, for instance, always been friendly, fair, and open-minded about you (and other supposedly americans. That should at least be good enough as a very strong hint that I do not hate americans or wish them any bad.

If, however, liking usa's -- written down as a doctrine! -- base line of dominating the world is a precondition for open and fertile discussions with you, my answer would necessarily be "Thanks, but thanks no".

I trust, however, that your mind is wide and bright enough for better alternatives ;)

Clive RobinsonMay 22, 2014 6:47 AM

@Buck,

No you did miss anything other than it was the BBC having the update rather than the tech/researchers.

@Nick P, @Wael,

There is little or nothing new about making multiple executables nearly unique from a single source, it all depends on how far down the software stack you want to do it.

As I've indicated in the past I was doing it back in the 1980s with jump tables put into the call/return process (you basicaly play with the return stack). You can do the same with software interupts etc with a loss of a register for parameter passing. What you do at this level is write memory position independent code --with relative jumps/branches etc-- in nicely deliminated blocks. After assembling into machine code you make the equivalent of a randomizing linker that shuffels the order of the blocks and builds the jump table that it then builds into the final exe file.

But you can do it at a lower level compilers are smart enough to work out which sections of code are not interdependent and can thus do optomisation that will cause the code blockes to be executed out of order. It takes less effort than the optomisation to randomly shuffel the blocks around.

Further some CPUs have sufficient redundancy in their instructions that there are a number of ways the same required function can be achieved. Back in the days of watermarking there were people doing this to hide serial numbers etc to identify ownership not just of executables but in some cases of development tools to watermark the resulting exes produced by the tools so that licencing could be checked.

Then there is certain types of polymorphic code methods that were/are used to get around AV software.

So the level and complexity available to make exes near unique for various security functions is very extensive.

Clive RobinsonMay 22, 2014 7:26 AM

@Nick P,

With regards Mexico and their rapidly rising numbers of graduates etc.

From what I was told a few years ago the "Education Policy" that has given rise to this was actually an Anti-Drugs initiative. This then evolved over the years to be one of not just rebalancing trade differences with the US but with the desire to become an economic power house to improve living conditions and make other options in life such as boarder jumping and drug cartel crime less and less viable in comparison to the legal options.

The problem is this Mexican policy whilst working appears to be having a significant negative effect on the politicos in continental north america. The "war on drugs" is moving ever closer to the main market where the money is and away from Mexico, which means more illegal oportunities for disenfranchised US youth. Whilst this might initialy appear good for the private prisons they are representing an ever increasing tax burden the US cannot afford. And some economists have indicated that of the two countries the US is likely to be the more "holowed out" nation within 15years... unless US policy changes dramaticaly.

AspieMay 22, 2014 7:34 AM

Wow.

@Figureitout
First, you've seen my board, the design it's as simple as hell. It's not fast and it's not radical - it's mainly to teach me (and others who are as slow as I am but enjoy tinkering) about complex systems by focusing on the elements, making them solid and then growing it. I appreciate you batting for this and even as Nick says, it's important to "follow the dream". I truly believe that innovation does not solely inhabit the "standing on the shoulders of giants" of Newton's quote. It's not a waste of a person's time to build a better mousetrap even if they have to learn how to mine the steel first. (apologies to any mice reading this).

Sometimes going back to the (semiconductor) metal and having fun with what's there is a worthwhile exercise at the very least for the person doing it. It makes them a better engineer. As Richard Feynman noted many times; explaining what you're thinking about is an irreplaceable adjunct to improving it.

Look, this gadget I'm working on is a toy. I'm time-rich and cash-poor which, now I come to think of it suits me, so I do what I can with what little I can. I'll follow other people's thinking but I want to discover a lot of it for myself. Evolution does this; redundancy is key - and it works. We know this.

So I'll keep plodding along, doubtless outpaced by far brighter and better resourced people, but the design is something that is a *function* I'm working on rather than a solution. Meaning it is an *idea* that can be realised in many ways. That is where I get the pleasure.

Now I have to read this thread a bit more comprehensively to get some nuances I missed. Basically, think of me as Ugh chipping away at his stone wheel (I've made it trianglar because it eliminates one bump - back to BC) whilst you guys are enjoying your hover-jets. I'm a chimp but I'm enjoying the path to becoming a Jetson.

Clive RobinsonMay 22, 2014 8:25 AM

@Benni,

One of the reasons the "NSA engineers" as you call them have not produced for the NSA as you think they should, is they chose not to work for the NSA.

A number of years ago US politicos changed the game by insisting on using open market COST products. Which had the effect of outsourcing all the brighter engineers into private industry.

Unfortunatly this has both advantages and disadvantages, a major disadvantage is that it puts the market in control of the technical direction of inovation. Which has resulted in short term non dwfensive thinking, thus most consumer inovation has been as a result of US marketplace demands. Whilst this has given the likes of smart phone and fancy computer displays a significant boost in development it has left a large chunk of necessary defensive technology orphaned and lacking in investment and thus inovation.

@Nick P has indicated in the past how the US politicos killed the inovation needed by very short term and uninformed thinking. Whilst there were many waving red warning flags over ICTsec the politicos were siting there with there fingers in their ears muttering nah nah nah over and over. Thus the US effectivly "sleep walked" into the cyber-security defficit from political choice.

Mean while back in Europe the focus has been somewhat different for a number of reasons one of which is the vast gulf between the Technical North and Agrairian South. This has caused an interesting game to arise the North cannot feed it's self, and the South has bankrupted it's self, both have got to undergo life style changes or look outside of the small (compared to population density) European Common Market to trade.

For a number of years the EU had been expanding to the East, but this has some significant disadvantages. Russia has had significant influance over these countries one way or another for something like three centuries, and has no intention of giving this up. Thus Russia is seen as the "devil who pays the piper and calls the tune" by many and thus the Northan EU countries with self interest in mind have spied on Russia in all ways imaginable, the closer the boarder the more the spying. So the likes of Germany, Finland, Sweeden etc have a disproportionatly high number of people involved with the intel organisations who focus mainly to the East. Even more so since the --supposed-- end of the cold war, and the US taking less interest in the region under the preasure of theie politicos.

Thus the level of intergration between north european countries intel organisations and the related industries in their countries is much greater than it is in the US and thus their intel orgs with proportianatly greater spending power tend to set the direction of their related industry rather more than it does currently in the US.

SkepticalMay 22, 2014 9:01 AM

@Pragma: I also guess that my views will get considerably friendlier once the usa stranglehold on the world and it's plundering and mass murdering has stopped thanks to immensely great and valuable men like Putin and Xi. I'm even glad that they are not out to destroy the usa but to merely break and cripple it so as to protect the civilized world from the usa.

What nonsense.

The global framework created and sustained by the US and its allies has brought immense progress on every front. For example, in 1981 52% of the developing world lived in absolute poverty; by 1990 that number had dropped to 43%; by 2010, the number had fallen to 21%. See World Bank Poverty Overview.

In the same period of time the world has seen sharp growth in the number of liberal democracies, in trade between nations, and in research and technology.

Recently the US sent personnel and equipment to Nigeria and Chad to aid in the rescue of hundreds of kidnapped girls. It sends armadas of aid when natural disasters strike. And it attempts, where it can, to create, foster, and protect liberal democracies and liberal democratic norms. Indeed, even in Iraq, for all the horrible errors that accompanied the US invasion and occupation, there was a genuine effort to transition that nation to a democracy.

Meanwhile, Putin solidifies the hold of favored oligarchs while trampling free speech and warning about "gay propaganda." Foreign investors are extremely wary of Russia because they believe it lacks rule of law and is highly corrupt.

The PRC faces its own set of challenges, but it's hardly a champion of individual freedoms, whether we're talking about property rights, freedom of speech, freedom of religion, or nearly any other facet of autonomy.

And fortunately for everyone, US and Western influence won't be waning any time soon. Given developments over the last two years, in fact, I would expect it to grow.

Mr. PragmaMay 22, 2014 9:29 AM

Skeptical (May 22, 2014 9:01 AM)

That's a classical western (nato country) view.

The global framework created and sustained by the US and its allies has brought immense progress on every front. For example, in 1981 52% of the developing world lived in absolute poverty; by 1990 that number had dropped to 43%; by 2010, the number had fallen to 21%. See World Bank Poverty Overview.

Even assuming that those numbers are correct (which they are probably not as the world bank is a largely us controlled institution):

The first part of what you say is blank nonsense in being an arbitrary "conclusion". One might as well state that the changes from 1981 to 2010 have been due to Sweden or even due to Mickey Mouse.

I do not expect everyone to share my views. What I do expect here, however, is some level of logic and rational thinking.

As for your last sentence ... Yeah, right. And next week the usa will conquer Saturn and Neptun and I will be flying in the air as the king of Atlantis. Sure.

Pardon me, but you have lost any credibility here quite some time ago.

AspieMay 22, 2014 9:29 AM

@Clive
I'm probably in the stone age but your posts alternate between correct spelling and very poorly spelled. What wobbles?

K9May 22, 2014 9:56 AM

Does Gmail come with POP and IMAP enabled by default, and if not, is there an innocent way that they could have become enabled without the account owner's knowing?

Clive RobinsonMay 22, 2014 11:05 AM

@Aspie,

With regards what wobbles, well...

For various reasons I strongly compmentalise what I do. Part of this is using a smart phone for writing to this and other blogs. I don't use it for social, proffessional or other activities. It is thus an old phone and has it's problems, like a keyboard that works or not works depending on if the wind is blowing or not. Because of it's age although it could spell check trying to use the spell checker is more trouble than it is worth... which with the fact I try and type faster than the keyboard cares to be abused at, causes missing and adjacent key issues which my rhummy old eyes miss. Oh and the minor prob on top of that of actually thinking far more quickly than I can type on it adds to the fun.

Further during the day I'm usualy on the move when using this phone so may well be distracted by fellow travelers.

Then there are other issues in that my spelling is not what it could be for well known reasons that effect a percentage of the population, and I can look at a mis spelled word and not see it as such, does not help, then there is the occasional wrong word write spelling issues as well...

There are other wobbles such as being in hospital rather more often than I would like and nurses etc don't like those they inflict their mercies on using smart phones or computers or anything else that uses electricity when they should be resting... (ignoring the fact that other patients snore, make other strange noises --due in part to hospital food-- and go wandering around creating minor acts of mayhem, and then the nurses keep disturbing you to do tests and see if you are asleep...). So covert use to avoide their remonstrations does not help either...

Nick PMay 22, 2014 11:27 AM

@ Mr Pragma

I'm open to a lot of things. It's why I wasn't popular among anything mainstream in America. It's also why I backed our opponents on certain issues numerous times. Yet, the statement I highlighted was alarming to me as years of evidence makes it clear both Russian and Chinese governments are run by tyrants. America has been run by tyrants for a few decades to a century depending on who you ask. Opposing American imperialism & tyranny while supporting two other evil governments is strange considering the ideals you valued in other posts.

The only part of it that made sense to me was the idea of having another superpower or two to keep U.S. in check. I agree with that having seen where unchecked U.S. power goes: typically into countries carrying bombs and bullets. Not a good thing.

"If, however, liking usa's -- written down as a doctrine! -- base line of dominating the world "

It's not really USA's doctrine. It *is* the doctrine of certain politicians and those that wield our military. There are many politicians and huge numbers of Americans that fight this notion. For instance, most Americans were totally against any invasions of other countries unless they threatened us. Then, the Bush/Cheney regime used a ton of disinformation & complicit media to tie Iraq & Afghanastan to 9/11. The people, still shaken by being shown they aren't invincible, accepted in fear what their military & intelligence organizations said was the cause. Two horrible wars followed, many realized their error, and there's now constant attempts by many groups to get us out of Middle East. (Although, as I said, one powerful faction believes strongly in military domination and fights all exits.)

So, like many democracies with powerful institutions, it's a mix of things going on. Those that love imperialism and war tend to win most of the time as their people dominate military command positions. The media only glosses over it so American's often can't see the big picture on the issue without working hard to. The military institutions always make it an all-or-nothing game: you will be weak to attack or you keep big armies that can go on the attack. There's also speculation, esp post-Snowden, that certain institutions have leverage on those in Congress meant to restrict their activities. Many in Congress didn't even read the Patriot Act, for instance. They just passed it without question to many American's surprise. Well, there were two vocal opponents. They coincidentally died on anthrax attacks by unknown terrorists, then Congress passed the law. (Hmm...)

So, I can easily oppose the U.S. government's behavior and spot the tyranny in it. Yet, it's not really representative of what Americans as a whole want & its whole operation is supported by massive amounts of secrecy, deception, & financial corruption. If anything, it started out as something we knowingly built for protection during WW2 & Cold War, but took on a life of its own. Pandora's Box opened and nobody can close it. The people who have tried always ended up crushed (or killed) by their own government.

That's all I'm saying about that as I agree that the technical discussions are more productive. I'll add that our political tangent has no bearing on what I think of any technical discussion. The only reason I even stepped into a US & Europe type of discussion is Benni's post somewhat implied we had nothing to offer for engineering, quality, security, etc. I had to counter that quickly so any European readers might see that certain American groups are very much worth working with. I regularly enjoy the work done on the other continents. I'd rather them get a chance to do the same with ours. Matter of fact, quite a few are doing so as there's many international INFOSEC projects going on right now.

Nick PMay 22, 2014 11:45 AM

@ Clive Robinson

re software diversity

It's already being done, with one implemented similar to what you've described. Like I told Wael, I was mainly interested in how likely it can be done for chips. Specifically, taking a Verilog design with a critical circuit & producing a bunch of equivalent designs where location of critical circuit is different in each one. Mr Pragma thinks it's a no-go due to a number of issues. Your thoughts?

re Mexico

This might be the case. American policy, esp economic, shoots itself in the foot nonstop. It wouldn't suprise me at all if we get hollowed out first. I think the only thing that would stop that is that elites that own the wealth would want to preserve it. If any of this becomes a threat to their investments, they'll push politicians to deal with it. So far, drug trade and prison populations isn't an issue to them. They might even be large consumers of drugs for all we know. ;)

@ Aspie

"Look, this gadget I'm working on is a toy. I'm time-rich and cash-poor which, now I come to think of it suits me, so I do what I can with what little I can. I'll follow other people's thinking but I want to discover a lot of it for myself. Evolution does this; redundancy is key - and it works. We know this.

So I'll keep plodding along, doubtless outpaced by far brighter and better resourced people, but the design is something that is a *function* I'm working on rather than a solution. Meaning it is an *idea* that can be realised in many ways. That is where I get the pleasure."

I've been there and done that. Fun times. Learning and inventing are their own reward.

AspieMay 22, 2014 12:14 PM

@Nick @Figureiout

Waxing: When the Devil holds my feet to the ambition of the fire of failure it's important not to say Ow! but: "Who makes your shoes."


Nick PMay 22, 2014 12:30 PM

@ Aspie

Nice quip. Must be somewhat original as Google gave me nothing. ;)

SkepticalMay 22, 2014 12:30 PM

@Pragma: Even assuming that those numbers are correct (which they are probably not as the world bank is a largely us controlled institution):

Sure, the US is cooking World Bank numbers on poverty. Which institution would you prefer? How about the United Nations Development Program?

The first part of what you say is blank nonsense in being an arbitrary "conclusion". One might as well state that the changes from 1981 to 2010 have been due to Sweden or even due to Mickey Mouse.

Neither Sweden nor Mickey Mouse provided the global framework in which foreign direct investment could pour into developing countries, which has resulted in the dramatic (proportional) decrease in absolute poverty. This decrease is, in part, why economists across the political spectrum are largely supportive of free trade. Unfortunately for silly anti-American rhetoric like yours, there's nothing arbitrary about my conclusion.

As for your last sentence ... Yeah, right. And next week the usa will conquer Saturn and Neptun and I will be flying in the air as the king of Atlantis. Sure.

It's a very easy conclusion to reach Pragma, and it's supported by two facts:
(1) A recovering US economy.
(2) A shift in US focus from two counterinsurgencies (heavy manpower and high spend) to maintaining superiority in state-centric warfare (increased investment in advanced weapons platforms, such as rail guns, increased emphasis on countering A2/AD strategies, etc).

You're witnessing the return of the US to a path of military transformation laid out some years ago by visionaries such as Andrew Marshall (who is also admired by the Chinese, for good reason). There's nothing imaginary about this. Any analyst worth his or her salt could have predicted this some time ago.

That's simply cold reality. But US policy in a macro sense is actually quite predictable, and is heavily biased towards stability, so I don't view continued US strength as problematic.

The wild card is autocratic states, which are less predictable and more apt to slide into inter-state conflicts. Unfortunately, Russia is increasingly tilting in an autocratic direction, and this, combined with a very insular nationalism, may be cause for real concern at some point in the future.

AspieMay 22, 2014 12:39 PM

@Nick
Ha! Thanks. Look up "quelling torsional flex" that's another one of mine.

It's odd how idiosyncratic language can uniquely identify works. Worth adding to your own postings if you need to find them in a hurry.

:)

Clive RobinsonMay 22, 2014 1:17 PM

@Aspie,

No worries, my skin is a little thicker than most :-)

When I went to school they tried to correct my spelling by whacking my hand with a ruler or cane, to the point I could hardly hold a pencil or pen at which point I'd get whacked again... Then when I was older they finally realised it was not my hands that were at fault --or being left handed in league with the devil-- and sent me to another school with a slightly more enlightend aproach to education, that involved actual teaching by results not violence against the young... but I was better off than my father, they actually managed to break the bone joints in his left hand and he had arthritis by the time he was twenty. What is wrong with me with regards spelling did not get a name untill the 80s and oddly in the UK it's the only legally recognised disability with it's own legislation passed in 2009. It's sometimes funny how things change.

Clive RobinsonMay 22, 2014 1:29 PM

@Nick P,

With regards chips, yes my thoughts on the matter are at variance with others (it was ever thus ;-)

Think about FPGAs they are small optomised blocks of logic in a communications grid. You program the blocks and grid to get the required functionality. The downside is the loss in performance against SoC type solutions.

Now think about up scaling the logic blocks to the point they are in effect small CPUs still in the same comunications grid and I think you will agree there is a distinct posability to achieve what you are after.

And if you think back I mentioned similar during our C-v-P discussions and @Robert T mentioned the posibility of puting hundreds of 8052 equivalent CPUs onto a chip as a very real posability to solving certain security issues.

BenniMay 22, 2014 2:32 PM

These law professors have now spoken before the german parliamentarian comission:

http://www.spiegel.de/politik/deutschland/nsa-ausschuss-bnd-arbeitet-laut-gutachten-verfassungswidrig-a-971197.html

They say that it would not be credible for germany to critizise the NSA when the german secret service BND would have the same granted rights to do surveillance at equal scale as the NSA.

note that the nsa has a similar view on the privacy of foreign conversations:
http://www.theguardian.com/commentisfree/2014/may/17/government-lies-nsa-justice-department-supreme-court

"Here's what the government said in a recent legal brief:
The privacy rights of US persons in international communications are significantly diminished, if not completely eliminated, when those communications have been transmitted to or obtained from non-US persons located outside the United States."

In germany, exactly the same holds for the BND. The german law professors say that this is against the german constitution since the privacy of sended letters would hold even for foreighners according to the german constitution.

The law professors also say that germany should protect its citizens better from the nsa.

If the parliament takes these suggestions seriously and really changes the laws as suggested, then bnd will go through a really dark time....


BenniMay 22, 2014 3:40 PM

Here is a protocol of the discussion that happened in the german parliament:

https://netzpolitik.org/2014/live-blog-erste-oeffentliche-sitzung-des-nsa-untersuchungsausschusses/

At one point, the ex chairman of germany's highest court says a violation of the constitution by doing nothing is not allowed. The highest court only can open a case if someone files it. He asks that the court is not overflown by thousands of complaints.

Any data sharing between german offices and foreign secret services that do not fulfill germanys privacy laws is illegal. This can not be negotiated. Al three experts heared agree on this.

MDB Ströbele notes that this would end one of the major thongs that the BND is doing.....


Mr. PragmaMay 22, 2014 6:52 PM

Skeptical (May 22, 2014 12:30 PM)

It would be easy to counter what you wrote but a) it's not necessary as you're known to be a us PR gadget and b) I prefer to focus on the professional aspects and to touch politics only if relevant.

Whatever, we will soon see who got it right.


@Clive Robinson (May 22, 2014 1:29 PM)

I agree. Adaptevas chips seem to offer attractive computing power at low cost and needing little power.

Most importantly, however, that's technology we have right here and right now.

But again: I do not consider it attractive to break crypto in the first place because things being the was they are there are virtually almost considerably cheaper and faster attack vectors available.

What I find interesting, however, is to use that technology to enhance crypto, say to have sensitive servers very considerably more secure and/or to employ "insane" levels of crypto like 2048 bit sym. and 8192 bit asym. or 1024 bit password hashes for password storage.
I haven't looked closer at Adapteva yet but I'm under the impression that that could also be used for traffic analysis (e.g. firewalls) and similar.

Mr. PragmaMay 22, 2014 6:59 PM

Benni

In my minds eye the decisive aspect will be how the German government reacts.

After having been openly humiliated by their american "friends" the Germans (citizens) hardly can't but recognize that their country is (has become? always was?) anything but a us vasall.
Looking at the government politicians it seems that they are basically under us rule.

Having it official now that according to highly reputed legal experts and former supreme court judges Germans bnd/bka/similar are grossly ignoring and breaking the constitution the German government has to decide one way or the other. Either they continue to merely implement usa commands or they obey their constitution (and accordingly tell the usa good bye, f*ck yourself).

I wouldn't hold my breath for the latter.

Nick PMay 22, 2014 10:50 PM

@ Mr Pragma

"I haven't looked closer at Adapteva yet but I'm under the impression that that could also be used for traffic analysis (e.g. firewalls) and similar."

The 160Gbps IDS that I referenced to Benni uses four Tilera chips. Like Adapteva, they are internally very parallel chips composed of simple cores. Cavium's many core MIPS processors are also used in stuff like this. So, it stands to reason Adapteva's chips could be adapted to it although at what performance level who knows.

Far as many core chips, there's also a 1,000+ core chip from a MIT group that uses an exotic optical on-chip network to feed the cores. The network was so fast that commercially available memory can't keep up with it. Now, they're working on improving memory chips to be quick enough to work with it. Now, *that* is cutting edge.

Meanwhile, Adapteva and Tilera chips are in production so a bit more useful.

Clive RobinsonMay 23, 2014 4:31 AM

@Mr. Pragma, @Nick P,

The problem I see with these chips currently is a lack of MMU on each core device, controled not from the core but from a hypervisor. Thus giving a high degree of issolation between cores to get a high security margin.

The question perhaps can be resolved not as thinking of MMUs but as rules in the NoC switches which would be a necessary requirment for QoS that many think is going to be a NoC requirment for effective use.

If each core along with it's local memory also had a very minimal kernel using a simplified " letterbox" streams interface with one or more other cores running the other parts of the kernel/OS then you would be looking at quite an interesting beast.

@Mr. Pragma,

With regards State Level Actors such as the NSA and breaking crypto, I partialy agree/disagree with what you say. Whilst breaking AES may well be possible it will almost certainly have a significant time penalty and be limited to a single message thus of very limited value. The same is not true of other types of crypto used in keymat protocols. Breaking PubKey where the two primes were selected with minimal entropy would be a very worthwhile activity and inline with the NSA attacks on what are in effect "embedded" devices such as network routers. Other attacks such as breaking hashes used on code signing again would be highly profitable. It's these areas where time is not realy relevant I would be playing.

Think on it like password cracking, a Dictionary attack alows the attacker to use their own hidden resources and time out of sight of the victim. This is what attacking certs and signing hashes is. Where as attacking comms crypto is like doing MITM attacks requires fast response and can be fairly easy to see by the communicating parties if they know how to look.

Mr. PragmaMay 23, 2014 4:59 AM

Clive Robinson (May 23, 2014 4:31 AM)

Ad "chips":

I agree to a degree. "To a degree" because my (first) target wouldn't be to create perfect security but rather to considerably enhance minimum and average security. In that regard, I feel higher layer analysis more promising than enhanced thread separation.

It should also be noted that quite probably the biggest "if" with those chips is bandwidth. Adapteva, for instance, provides 4Gb/s iirc. Similarly, as someone happened to mention Cavium, the striking point there is not 4, 8, or more cores. It is the high bandwidth (and the capability to perform (e.g. encryption or matching) with high wire speeds.

As "nsa/AES":

I think there is a misunderstanding, Clive. As far as I remember I didn't write about nsa cracking this or that variant of AES. Maybe you mix me up with someone else?

Being at that matter I'd like to boringly *g* remember that, again, not the algorithm is the core problem but the PKI system and the lousy implementation (-> e.g. openssl) as well as idiotic usage due to weird and lousy interfaces (-> again openssl).

AspieMay 23, 2014 7:56 AM

@Nick
Mazdaspeed3 reference; bingo! And it's interesting how many other sites copied my Wikipedia text to use in their "own" reviews.
So there you go; want to track where your stuff goes? Easy peasy limpet squeezy. ;-)

SkepticalMay 23, 2014 10:07 AM

@Pragma: It would be easy to counter what you wrote but a) it's not necessary as you're known to be a us PR gadget and b) I prefer to focus on the professional aspects and to touch politics only if relevant.

Of course, Pragma. (a) Ad hominem is always an acceptable substitute for an argument, and (b) I understand.

The views I'm expressing on US foreign policy are actually quite moderate, though I realize that to an admirer of "great men" like Putin they may seem like propaganda.

I'd add, since I'm guessing at the source of so much anti-American feeling that is communicated in some of your comments, that I agree that what happened to Russia following the collapse of the Soviet Union was horrible, and there is no doubt that the "Washington Consensus" on how Russia should proceed with liberalizing its economy was mistaken.

However, while Washington was wrong, ultimately the Soviet Government, and its formal successor, are the responsible parties. At the time of its collapse, Soviet defense spending consumed 25% of the USSR's GDP (that's not a typo - 25%). The rest of the Soviet economy was riven with the inefficiencies borne of a command economy. Corruption was deeply ingrained. And so economic depression, and all that it entailed in a nation whose national institutions were so weakened (though, really, they weren't exactly models of good governance under the old flag either), was not something that the US could stop. Some in Russia, who are often villified today by ultra-nationalists, saw the coming storm much earlier, and attempted to begin the transition earlier, more gradually, with less disruption. They were too late.

Many Russians like Putin because they perceive him as restoring Russian strength and order. I can understand why. To a certain extent, he has. I alluded to the price of a roof in Russia in an earlier post; if you speak Russian, then you understand the reference. Putin has shifted power away from private black market actors (to an extent) and into government, where it has greater chance of being controlled. However, corruption remains rife, and a roof remains both indispensable and subject to sale.

Most disturbingly, Putin seems to genuinely believe not only in a state without limits, but also that he, and his personality, constitute in large part the state. So he has increasingly limited free speech; he has harassed political opponents with prison, with exile, and with far worse.

Putin's focus should be on replacing corruption, which has been Russia's true affliction for many decades (centuries?) now, with true rule of law. He should foster an independent judiciary, and defend that independence ruthlessly. He should foster freedom of expression, which is itself a check on corruption and essential to a functioning democracy. The only way to do those things is to contain power by rule of law. And while Putin has shifted power into the state, which has some benefits over its earlier location, he has not acted to constrain that power with rule of law.

If he chooses, Putin has the opportunity to enter Russia's history as a truly great man, along the lines of George Washington: someone who had the opportunity to aggregate more power to himself, but instead chose to shift it to institutions constrained by law. Sadly, without minimizing the enormous challenges that he faces, I am increasingly dubious that he has the desire to do so.

In short, I view Putin as increasingly representative of the Russia's oldest malady, and not as an exemplification or defender of Russian culture, which I have always greatly admired, and which has historically found a way to speak, to create, and to endure, even under the heaviest oppression, even when imprisoned by a system as hopeless and crushing as a winter without end.

@Benni: The privacy rights of US persons in international communications are significantly diminished, if not completely eliminated, when those communications have been transmitted to or obtained from non-US persons located outside the United States.

I actually don't know of any jurisdiction where the national government does not reserve for itself enormous power to intercept international communications (including the Swiss, incidentally, which to me makes some of the enthusiasm for their data-storage services a little puzzling).

Mind you, I think there's a good discussion to be had as to whether that should be the case. Should international communications be as protected as domestic communications are in the West? There are strong arguments on either side (by which I mean all six or seven sides) of the issue. I don't think there are any easy or obvious choices here.

Nick PMay 23, 2014 11:15 AM

@ Clive

I wasn't suggesting the chips for security purposes. It was a tangent started as a response to the D-Wave story. The D-Wave is used for plenty of number crunching and analysis. Yet, people don't even know if it's a fraud or not. So, I decided to put a little time into seeing if I could produce or find something better based on classical computing. So, I started mentioning various chips and products that could be scaled up, combined with NUMA interconnects, etc. The end result was massive parallelism for the jobs D-Wave is used for at a fraction of the price. Hence, D-Wave was a bad investment & something like scaling up Adapteva's Epiphany was a better choice.

The security tie in came when I mentioned a 160Gbps NIDS that used four Tilera chips for wire-speed tapping of 100Gbps networks. The point was (a) the U.S. could do that and (b) these relatively inexpensive chips might also be good performers for such applications.

So, all of that is the context of the conversation on chips like Epiphany. If anything, it was a mental break from security. ;)

@ Mr Pragma

Absolutely right about throughput being the main measurement. They can't do too much if they can't read/write data fast enough. The chips all have different bandwidths. The Adapteva's specs show they'll have no problem with that. Cavium's Octeon III capabilities show they won't have a problem, either. The Tilera chips used in the 160Gbps NIDS are the oddest of the bunch. I think they were a spinoff from MIT reconfigurable computing research (eg RAW Workstation project).

So, performance wise, it seems this area of networking is already slamdunked by plenty of chips.

FigureitoutMay 23, 2014 10:54 PM

Mr. Pragma
--At least you're honest about shortcomings, some people are incapable of that. I won't delve deeply into the politics b/c first off, individuals (like Putin or Xi) don't make a country a great place, groups of people like all the citizens and the advisors actually working. I left that field for engineering (greatest decision of my life), but your views are extremely common, at least in my experience, in even Western Europe. It's why I say a lot of Americans need to get out of this country and actually meet face-to-face w/ some of the world's citizens and see just how much they hate us. At the same time, I didn't do anything really globally to affect someone on the other side of the world, so if they hate me merely for being American and make all this pre-judgements and want to kill me or whatever, well...that makes you an enemy to me. And so the stupid cycle of monkey-brain wasting resources on war and guaranteeing the extinction of life on Earth to die here and be a dead planet in the future.

So, all that crap aside, I look forward to enlightening discussions about secure technology w/ you.

Nick P
--You can't just go around expecting funding; you have to sell it, and be confident in your designs. Sometimes you change them on a whim when one person questions it, like you just came up w/ it twiddling your thumbs or something; that's what I'm doing right now as I'm still a rookie and not an aged designer. I still have so many mistakes and lessons to live thru...So if you have worked out a lot of issues on your own and can almost certainly build what you're thinking about, then make the pitch. If I had a suitable lab that I owned I'd offer it up for free, but I don't...yet.

RE: games
--Did you ever play the original Starcraft? You can build a number station easy w/ an arduino lol, but people will get pissed at you. Ah, neat haven't really thought about underwater antennas. Makes sense that lower frequencies work better as you can test that screaming at each other in a pool lol. Just got shown a PCB "F-antenna" for 2.4GHz, and that really blows my mind; that could be hidden on a circuit board so easily if you don't at least visually inspect it...Anyway, I play BF4 now a little, but it's not my system, I'm not a big gamer lol, rather split open the console. Itching to open up this Nintendo Wii, but first this original Xbox...

RE: your TEMPEST advice
--As you probably can guess, I've seen attacks where those defenses are obliterated. The land I was planning on building a shielded bunker laboratory, well too developed now, there's a house next door now, went up for sale, and in will come the agents. And I've seen some of the remote detection devices for mobile devices, sketchball agents that don't know how to approach a target gave themselves away. There's some truth to that, but you must limit the machine, no GB of RAM, easy wiping that must work due to small memory, battery powered, no LED illuminated display. That's highly unsustainable OPSEC though...and I'll only be able to interact w/ the tiny amount of people that are willing to do it to carry on secure comms or exchange a file or whatever.

And I know they'll hack me w/ java or javascript, and store info in a file then empty it w/ internet access. I'm too poor to rid myself of this POS, and they literally won't stop following me and torturing me; so I can't just go somewhere, they'll just follow me until I'm dead. But on my machine that's coming, I envision, those attacks won't work and they will be forced to do TEMPEST attacks, embedded radios on hidden frequencies, some other hidden physics.

Aspie
--Yes I've seen your board (not the updated version, which of course I want to :p ), looks great. I couldn't agree more. I'll just say a few things. I guarantee that almost all engineers and programmers today can't describe off the cuff, fundamentally how a computer computes by electrically switching transistors, taking in data from the mouse and keyboard and w/ mathematical logic can then route data to a screen. They probably *could* if they got paid to do so, but I'm talking *really* understanding the entire process to when the electricity finally glares out on your eyes and disappears back into energy behind you.

Me, I need to have the entire computer flowing in my head before I begin building it. I'm going to be busy this summer doing fun things but not working on my computer as much as I wish I could (24/7). And sadly, literally I'm going to carry it around w/ me 24/7 and can't just leave it at my house, and have to come up w/ some more dreaded OPSEC that makes me so angry wasting my time.

Next time we get in contact, we need to exchange a backup plan of contact. Could go the "definitely surveilled" to a random digital radio mode where we can basically chat from the keyboard. Just saying, if Bruce dies tomorrow in a plane accident or something totally crazy, blog goes down, we lose contact (besides hackaday, you'll find me there :p ).

And yeah, sure there'll be people calling your computer a fail. Of course they won't release any of their work to be likewise criticized or even begin trying to build a computer; probably won't even be able to build a power supply. So they can suck on their infected hardware.

Mr. PragmaMay 24, 2014 12:29 AM

Figureitout (May 23, 2014 10:54 PM)

Well, chances are that we'll never meet anyway as I do not travel to or through the usa, I avoid us products and services (Yes, I *do* pay a higher price if needed to do so), I avoid any (physical, real world) contact with americans, and I do, in particular keep any interaction with us entities to the absolutely unavoidable. And I do, of course, strongly encourage and support my private and professional environment to follow my example.

At the same time I would not do any harm whatsoever to any us-american individual I happened to encounter. As I said before, I strictly differentiate between "the usa" (incl. organizations and companies) and "the americans" (the individual persons).

So, no, you and myself are not enemies and we can peacefully discuss professional matters ;)


@all

Of course, I find the bleeding edge interesting and of course any further research is interesting and, in fact, an absolute necessity.

I tend to think, however, that pretty nobody needs high-end security. nsa, ghcq, or bnd won't put any above-average effort into spying on you or me. I think, those higher levels are reserved to *real and credible and high-level* threats and targets.
Governments and gov. agencies? Sure. Some very few companies with highly valuable and/or sensitive reseach/know-how/technologies? Almost certainly. A mid to high volume drug dealer? Hmm, not sure. You, me, grandma and the neighbour? Nope. Not worth it.

Well noted, this relates to targets with any not insignificant security. *Of course* the agencies take away whatever they can get more or less for free. So, a windows/mac/linucks/ios/android box behind a d-link router will quite certainly be spied on and trojaned.

But even reasonably minimal OpSec (say, a smartly set up BSD box behind some reasonably configured not plastic router quite probably safes you from being spied on, at least to a large degree, unless you are a high value target.
Simple, the cost/benefit ratio is strongly in your favour and so is the numbers. By "numbers" I mean that there are only so many even (technically) mid-level guys in an agency like fbi or nsa.
My guess is that almost all data collected are actually data that could be collected and first level evaluated very cheaply and in an automated fashion. As soon as humans enter the equation (on their side) it gets very, probably prohibitively expensive very quickly. And bureaucracy enters the game.
Will they make the effort to crack even AES-128 encrypted traffic from you? Hardly.

If, on the other hand, you happen to be one of the very few high-value targets (say, an AQ operative) betting on ICT security only or mainly is a stupid thing to do anyway.
If you absolutely have to use a medium and means basically under enemy control, you shouldn't try to beat the enemy in a race on his own racetrack (because that's what encryption comes down to in those cases). It would be smarter to choose other directions. *Use* the complexity of the medium/means or fit in and flow as innocently looking as any possible. And, of course, use other layers and fields like social, human, etc ...

FigureitoutMay 24, 2014 1:05 AM

Mr. Pragma
--Well, we don't have to meet in person if you don't want to. I have some slight suspicions about you, but it's just pre-cautionary. :) I've seen my fellow Americans act like ignorant fools in foreign countries, not respecting the culture and people, so I can see that you may not like them; but you have a special kind of hate which is kind of peculiar...Regardless, I get the point.

I tend to think, however, that pretty nobody needs high-end security. nsa, ghcq, or bnd won't put any above-average effort into spying on you or me.
--I would think otherwise, but yeah it's kind of like a lottery, are you the lucky soul to get a totally unjustified investigation? As I said before, I mentioned starting another revolution in America and how we needed a fundamental politcal change here (and that *figuratively*, I wouldn't mind a nuclear bomb exploding in Washington D.C.). These idiots thought I meant for real a nuclear bomb, I'm scared of a battery blowing up in my hand or electrocuting myself w/ AC power. Once the agents get to know you, they can carry out their illegal intrusions on their own time; I can just watch them "w/ my methods" but not repel them forcefully b/c that would bring the "derp-army" like DHS and all these idiots that just take orders.

So, I would advise you, and others who wish to remain "off the list", to not post here, or you took some extreme precautions and hid your connection thru hacked pc's (which means you're setting up innocent people, another form of evil to fight evil...). Hopefully you're not a coward and will be scared by these evil *global* threats.

Mr. PragmaMay 24, 2014 3:44 AM

Figureitout (May 24, 2014 1:05 AM)

Hate? Nope. I do not hate americans. I simply think the usa has become a major problem for this world that needs to be taken care of, that's all. No bad emotions involved. And rest assured that we have our own share of assholes here. Unlike the usa though our assholes don't feel entitled to run the world, to start illegal wanton wars, to set countries to flames, to blackmail and to bully pretty everyone.

I don't like americans (in general; exceptions exist, of course), I consider most of them grossly lacking in culture, education, and, pardon me, in brains. But that's by far not enough for hate. So kindly stop implying that I hate them. I simply don't.

Enjoy your weekend ;)

Mr. PragmaMay 24, 2014 3:59 AM

Aspie

I don't know your design. But I've done hardware designs myself in an earlier life and I still profit from that experience.

There is a saying that Russian programmers are so damn good because they had to learn programming with little, sometimes even without, hardware, so they had to design and test their code very well on paper and in their minds and they had to be talented and learn and train very hard.

I'm convinced that our young engineers suffer from a "too much" phenomenon, largely due to bloat. I remember working with a 74xx series ALU and actually hardwiring Nor and Nand gates and a bus interface. That tought me a lesson I still remember. Many years later we needed a simple but time critical hashing routine. So I looked at the compiler output, finetuned the assembler code and achieved a 55x speedup. I smiled and though back at the 74xx ALU and at the "programming" then.

Let me put it this way: There are many who can afford to spend a lot - to learn little. And then there are some who, with curiosity, the right mindset, and determination can learn immensely much with very little money. It seems you're one of the latter.

Nick PMay 24, 2014 11:21 AM

@ Mr. Pragma

All well put. And I'm also convinced that what you describe contributes to Russian programmers' skill. A person who has little to work with (or may in future) learns to make the best of whatever they have. I experienced a small version of this as I started on low Mhz machines with almost no memory & DOS-based OS's. My first GUI system was on a Pentium 2 w/ 64MB of RAM & 2GB disk. Yet, I still did programming, music, movies, web, servers, etc using that system.

So, I shake my head at today's programmers (esp in U.S.) using many MB to perform a task that took low KB in my day. I'd be fine with it if there were inherent benefits (eg safety/security). Yet, both of us know tools that achieve that even on limited hardware. So, what's really going on is bloat that's caused by years of working with bloat. With few exceptions (eg embedded engineers), most have not being forced to be truly efficient at engineering a solution. So, they don't.

Clive RobinsonMay 24, 2014 1:24 PM

@Nick P,

With regards "limited resources" my first serious homebrew 6502 board had two very expensive 1Kbit (yup bit not byte) chips on it giving a quarter KByte of RAM and one eye wateringly expensive byte wide ROM chip and two serial ports. Although it's original design function was to convert 5bit Baudot to 7bit ASCII it did a quite a number of other things over the years including with a ROM upgrade being a prototype stream cipher unit for a Secure Telex wire device for international companies.

A conversation with some students about the power of microcontrolers and the amount of onboard RAM, ROM, and IO they have these days made me make the comment that quite a few early Unix boxes had a good deal less. Whilst the conversation did not quite drop to the Monty Python "When I was a lad" sketch level I did tell them I had an early PDP11 Unix source code on punch tape and 80 column print out as well as a full 80's set of Unix port sources and documents to 68KuP as well as the board if they were interested to look at it.

They were and it led to a couple of the students porting another early Unix-alike OS onto a four serial port microcontroler with 128KByte Flash ROM and 32K RAM and using a couple of Memory Cards to act as the Diskdrive and a PLIP network interface, as a project. I was quite impressed as was their tutor and from what I've been told they used it to get jobs with a prestigeous design house up in Cambridge UK.

Whilst doing such things does give rise to efficient use of resources and can save high volume producers millions, few want to go in that direction these days. I've been told on more than one occasion that such work is "engineering" in the way lawyers used to call others "trade" and others have confessed that it's the lack of comfortable "tool chains" and that students don't get taught ASM or low level C code as there is no requirment for it...

Thus I'm rather glad to see the likes of microcontroler projects on the rise in other areas. One that surprised me was "fashion students" in a college using standard kits to make hightech jewlery and cloths with embeded electronics.

Hopefully the Raspberry Pi will encorage CompSci students to migrate down to other microcontrolers and in the process drag their tutors in the same direction. Because although we need a lot of application code cutters, they are rather dependent on having working hardware to do there stuff on. And as we move steadily towards the Internet of Things working closer to the metal is going to be an increasing requirment, and to be honest there are not enough physics, chemistry, biology or fashion graduates to fill the increasing need for low level engineers to build the "Things".

Nick PMay 24, 2014 2:39 PM

@ Figureitout

Yeah, I change the designs often. It's easiest to do that before they go into production. Securing computers requires adaptability more than most pursuits. So, that accounts for much of it. The other reason is that I'm exploring so many options & working on so many designs it's hard to commit to any one too much. If an effort was made to build something, I'd focus on the best one, stick with it to production, and change other work to leverage it specifically.

re games

Yes, I played Startcraft plenty. It's one of my favorite RTS games of all time. :) I played Protoss for the challenge of it. And their tech was awesome. There were game AI mods back then to make it more interesting. I also thought it was a great platform for testing AI, esp planning & real-time response schemes. I tried to get Blizzard to make a version of it specifically for bots but to no avail.

Fortunately, at least one project created something like that. It gave rise to two types of use cases: true AI's that made all their own decisions on the battlefield; human augmentation where an AI supplemented a player by automating away anything they didn't want to focus on. The latter effectively created near superhuman commanders on the battlefield and I'd have loved to see Starcraft champions play that scenario out.

Trivia: Many top Starcraft players (eg Boxer) do over 300 actions per minute while playing the game. Quite amazing to watch. I doubt most managers make that many in a day. So, that puts Starcraft champs on quite an elite level, eh?

"There's some truth to that, but you must limit the machine, no GB of RAM, easy wiping that must work due to small memory, battery powered, no LED illuminated display. That's highly unsustainable OPSEC though..."

Hardly. Use memory encryption. Air Force's HAVEN project uses FPGA's and a modification to Xen to transparently encrypt VM memory & protect I/O. In such a scheme, only a tiny amount of memory must be wiped. Most of it disappears in a single command to protection chips to wipe their internal keys. Also supporting this model are architectures I posted like SecureMe, SecureCore, and CODESEAL. They run full OS's and software stacks with minimal performance degradation. A custom design of yours will necessarily have tougher tradeoffs, yet the principle of reducing critical plaintext will still apply.

Another thing that helps is putting the electronics in a box filled with thermite. Clive and I posted design concepts on this here. "Skunkworks" has a nice YouTube video with a design for thermiting something in a data center reliably & without harming data center. My addition to such things was a killswitch tied to the person. Jerk the cable out, the burn starts immediately. All that's needed from that point is basic perimiter security to give you the second you need to pull the cable. Works especially well if they're dumb enough to tackle you & throw you on floor.

"I'll only be able to interact w/ the tiny amount of people that are willing to do it to carry on secure comms or exchange a file or whatever."

This problem has been known since the PGP days. Any private conversation requires both parties to protect the privacy. If other side cares too little, then no real privacy. This problem isn't going away anytime soon. Fortunately, there is nothing preventing ease of use as solutions such as Hushmail and OTR show. My secure appliance design brought cost down to almost nothing, while being as easy to use as a Blackberry. It's more of a "willingness to put in effort" kind of thing for people wanting privacy. Not sure how to fix that...

"And I know they'll hack me w/ java or javascript, and store info in a file then empty it w/ internet access. "

That's why I recommend one device you can control and can keep secrets. Probably custom, simple, etc. Then another that basically does transportation or storage of sealed data. It can be hacked easily. This was the shortcut they used in Orange Book days for networking and filesystems. Much modern work does as well. Your TCB remains as small, simple, and secure (or not) as you want it regardless of what's in other system.

"But on my machine that's coming, I envision, those attacks won't work and they will be forced to do TEMPEST attacks, embedded radios on hidden frequencies, some other hidden physics."

Eliminate the low hanging fruit, as I always say. It's the most people can do on limited resources. It's enough to stop most attackers & force others to take more risks. Always a good start.

Nick PMay 24, 2014 3:52 PM

@ Clive

You know there's actually emulators and software images for a ton of old systems like that. Many are good enough to replace the physical one. Might help you get rid of some of that junk lying around in your "cave." ;)

Not to mention let you play with many old school systems or unusual architectures without buying the hardware.

FigureitoutMay 25, 2014 2:00 AM

Nick P
--Yeah that's a flaw in secure development. You need an isolated environment for secure backups. Keep switching for "something better" and eventually you have nothing but read a lot of papers.

Maybe I played Starcraft w/ you. :p Hopefully you didn't use any cheats or hacks, that would be unfortunate. I liked defensive-style custom maps best like turret def or tank def. Always need to be prepared to counter something when your weakness is exploited (like wraiths to zealots). Definitely not fun when it feels like I'm having a seizure at the keyboard, you might as well work on something real if you focus that hard on a game lol.

I'm wary of mem. encryption b/c I've had most of my computers hit w/ encrypted memory attacks. If everything is instead slightly obfuscated (just my custom style), then I know I'm hacked if I see any ciphersh*t. And those other architectures seemed like you need a team of people to actually implement.

And yeah, just what I need...the threat of thermite burning my hands off in case of a fault or hack. I don't think that will be necessary and I'm not given legal immunity like gov't agents so they will charge me w/ destruction of evidence. It would be retarded to raid me as agents have done that quite enough; unless some vindictive jealous bureaucrat wants to get back at me for making him/her look stupid. Someone had to do it. They'll keep destroying the country though.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.