Friday Squid Blogging: The Story of Inventing the SQUID

The interesting story of how engineers at Ford Motor Co. invented the superconducting quantum interference device, or SQUID.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on November 14, 2014 at 4:37 PM • 184 Comments

Comments

GrauhutNovember 14, 2014 5:01 PM

Bad news: "81% of Tor users can be de-anonymised by analysing router information, research indicates"

thestack.com/chakravarty-tor-traffic-analysis-141114

BenniNovember 14, 2014 5:08 PM


1) The "russian" tor exit node which distributed malware probably comes from NSA

http://www.f-secure.com/weblog/archives/00002764.html

Why? Because it distributed a miniduke variant and there is a link between miniduke and NSA:

A mathematics professor was attacked with a Miniduke variant that was
sent to him with a faked linkedln message. This miniduke variant
communicated with a hacked Belgacom server over encrypted channels.
And thanks to Snowden, we know that this Belgacom server was hacked
by NSA.

http://www.pcworld.com/article/2093700/prominent-cryptographer-victim
-of-malware-attack-related-to-belgacom-breach.html

Belgacom could only be hacked with a quantum insert attack, that only
an agency is capable to do if it has access to the backbones of the
american internet.

The russians and chinese do not have this access and thereby they can
not do a quantum insert attack on Belgacom. Hence it is unlikely that
both NSA and Russians hacked Belgacom. So the Communication relay for
the Miniduke variant on the professor's laptop was likely set up at
Belgacom by NSA.

As a result, we have a link between Miniduke and NSA.

2)Now we know how NSA cracks SSL.

They attack certificate authorities with the stuxnet variant duqu. Thereby they can create their own certificates for all sorts of companies. https://firstlook.org/theintercept/2014/11/12/stuxnet/

The certificate lists are then downloaded by microsoft automatically, without the user's consent or notification: http://www.heise.de/ct/artikel/Microsofts-Hintertuer-1921730.html that way, NSA can fake every ssl encrypted website it wants without anybody noticing it. in Project "Flying pig" even google or yahoo sites are faked https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html

Interesting is that some of duqu's command servers are in Germany..... (where else, does NSA have so many stations abroad....)


3)
Are you in the US and there is a small airplane over you? Well that is probably an IMSI catcher which is intercepting your phone calls: http://online.wsj.com/articles/americans-cellphones-targeted-in-secret-u-s-spy-program-1415917533


4) Google begins collecting genetic data from humans:
http://www.heise.de/newsticker/meldung/Gen-in-der-Cloud-2454914.html


5)
New interrogation of a spook at the german parliament. https://netzpolitik.org/2014/live-blog-aus-dem-geheimdienst-untersuchungsausschuss-bnd-mitarbeiter-k-l-und-p-auf-der-zeugebank/

The spook says that Snowden's revelations "changed nothing" for their disgustung work. He also notes that BND often changes codenames. That way, BND can say that operation Eikonal, where BND automatically gave mass data to NSA has stopped. A new operation, codenamed "Karat" was created, and the spook says that they now have a third codename. But things like giving 500 millions of metadata to NSA per month would not be mass surveillance, he says... So it is simply disgusting, like in the movie "Bourne Identity", where operation "threadstone" was stopped, and then they worked under the name "blackbriar"....

This makes clear that it will be very difficult to make these idiots stop what they are doing.
And the BND spook sayid that metadata would not be personal data, and therefore BND could intercept, save, analyze and send them to a foreign service. Even though the german government says that this would be clearly illegal. Suddenly, the interrogation had stopped, since the spook inadvertently told too much of the illegal things that BND is doing....


6) Regarding de-cix: Some time ago, russia gave a small strip of land to the chinese, and settled an old border conflict. Nowadays russia makes excersises with missile troops at the chinese border http://thediplomat.com/2014/09/russia-to-conduct-more-nuclear-drills/ and it falls into place of course that exactly at this place are oil fields:
http://carnegieendowment.org/images/article_images//China_Oil_104-700.jpg


When the chinese prime minister last time visited germany, they signed a document http://www.bundesregierung.de/Content/DE/_Anlagen/2014/10/2014-10-10-aktionsrahmen-dt-chin.pdf?__blob=publicationFile&v=1 that says they want to "remain in close contact" regarding Ukraine and that they want to cooperate in the defense sector regarding terrorism".

What does that mean?

Well if you now sit in russia, and you want to visit a webserver in, say Jaroslawl, then the following happens: The data goes first to china, then they sent this to de-cix, where BND makes its full take and gives the data to NSA, and then it is sent back to russia.....

JestInCaseNovember 14, 2014 5:30 PM

Another reason to beware of TOR:

http://www.techienews.co.uk/9720308/rogue-russian-binary-patching-tor-exit-node-spreading-onionduke-malware/

“This strongly suggests that although OnionDuke and MiniDuke are two separate families of malware, the actors behind them are connected through the use of shared infrastructure,”

Benni told us about MiniDuke, now this suggests that NSA is linked to spreading the malware when and where it wants with OnionDuke. Or, am I reading this wrong?

Crafty Devils. Allowing us to think it was Russians and it was NSA all the time.

Clive RobinsonNovember 14, 2014 5:39 PM

@ Grauhut,

Bad news: "81% of Tor users can be de-anonymised by analysing router information, research indicates"

Well "paint me unsurprised"...

And of the other ~20% of users they can be found by other means, so perhaps a warning of "The onion will make you cry in pain, which ever way you slice or dice it" should be mandatory, especialy those daft enough to alow any PII on the machines they use for ToR.

Yes there are ways to use ToR to give you a modicum of anonymity against non 5Eye level states, or those where they cannot see both ends of the channel. But as has been seen a number of times BGP and other border routing protocols can be manipulated such that network data gets "accidentally" routed through China etc... so are you going to chance, not just your life and liberty but also of those close to you?...

And people still ask me why I don't use it...

JestInCaseNovember 14, 2014 5:51 PM

@Clive Robinson

You're pretty up to date on the state of TOR, what's your take on the VPN's that advertise 'full encryption from source to destination?

AdjuvantNovember 14, 2014 6:16 PM

The peerless Prof. Peter Dale Scott has a new book out this week, published by Rowman & Littlefield:

The American Deep State: Wall Street, Big Oil, and the Attack on U.S. Democracy (War and Peace Library)

The good folks at WhoWhatWhy.com have been printing exclusive excerpts leading up to the release, the latest of which is here:
How the Doomsday Project Led to Warrantless Surveillance and Detention after 9/11

The editorial blurb:

This provocative book makes a compelling case for a hidden “deep state” that influences and often opposes official U.S. policies. Prominent political analyst Peter Dale Scott begins by tracing America’s increasing militarization, restrictions on constitional rights, and income disparity since the Vietnam War. He argues that a significant role in this historic reversal was the intervention of a series of structural deep events, ranging from the assassination of President Kennedy to 9/11. He does not attempt to resolve the controversies surrounding these events, but he shows their significant points in common, ranging from overlapping personnel and modes of operation to shared sources of funding. Behind all of these commonalities is what Scott calls the deep state: a second order of government, behind the public or constitutional state, that has grown considerably stronger since World War II. He marshals convincing evidence that the deep state is partly institutionalized in non-accountable intelligence agencies like the CIA and NSA, but it also includes private corporations like Booz Allen Hamilton and SAIC, to which 70 percent of intelligence budgets are outsourced. Behind these public and private institutions is the traditional influence of Wall Street bankers and lawyers, allied with international oil companies beyond the reach of domestic law. With the importance of Gulf states like Saudi Arabia to oil markets, American defense companies, and Wall Street itself, this essential book shows that there is now a supranational deep state, sometimes demonstrably opposed to both White House policies and the American public interest.

Although it may be a few weeks, given my current projects, before I personally get down to reading it in print, any new work from Scott is always an event!

MrCNovember 14, 2014 6:24 PM

@ Grauhut and Clive:

The article is the usually drivel written by a journalist who doesn't know what they're talking about. Looking at the paper itself, the prerequisites for the attack or kinda farfetched -- the attacker must control the server of the website being visited, and must trick the TOR user into downloading a large file. I'm sure that happens sometimes, but it's pretty far from a general-purpose attack. (In fact, the best use would probably be for a honeypot to catch kiddie porn downloaders.)

tzNovember 14, 2014 9:10 PM

Any way Castalia House might open a Clothing section. They are sold out there, but I'd order one now.

I'm attempting to determine if the cleanser scene in "Mommie Dearest" used Comet or Old Dutch.

zaphodNovember 14, 2014 9:26 PM

@jestincas

Clive is up to date on most things that bring us here and much, much, more.

A unbelievable asset to this blog (there are others too, whom I won't embarrass).

Fan boy, me? Yeah probably. Strike that - definitely.

Z

Nick PNovember 14, 2014 10:00 PM

@ Benni

You beat me to my counter in your own post by the end. When you first said the Belgacom situation was evidence the Russian attack was NSA I intended to counter: "with BND's similar interception capabilities, partnership with NSA, and general amorality, how do you know it's not them doing it? And would they cooperate with Russia or China?" But, you already answered that and confirmed my suspicions that they're potentially scarier than NSA.

ThothNovember 14, 2014 10:11 PM

@Nick P & Clive Robinson
I would like to ask if NXP's crypto-processor are under HSA controls ? I am wondering which company's processors can be trusted after all the leaks revealing the extend of 5 eyes big boys operations. Nick P mentioned Freescale but how much can we trust them ?

Nick PNovember 14, 2014 10:15 PM

@ JestInCase

"what's your take on the VPN's that advertise 'full encryption from source to destination?"

They all are built with insecure development processes and tools, running on insecure OS's, running on potentially insecure firmware, running on hardware that makes security hard. With few exceptions, that statement applies to every VPN advertised and you typically can't buy the exceptions outside of defense sector of certain countries. So, they're all full of crap if they're offering it to you personally.

The better of them might protect you from run of the mill blackhats eavesdropping on the network or doing limited endpoint attacks. However, vast majority of black hat attacks (esp nation state) hit software flaws to take over your computer. They then bypass your crypto. So, you need very strong endpoint protection combined with strong crypto. Not exactly a lot of that on the market right now so... good luck.

Tip: the best kinds of VPN's are end-to-end link encryptors that do security-critical stuff in hardware or custom high security processors (eg Rockwell-Collin's JANUS). The next are microkernel-based systems like INTEGRITY RTOS, Micro-SINA, or Turaya. Aesec's GEMSOS crypto seals are similar and achieved high assurance in the past. The next best thing is custom appliances based on high quality monolithic kernels like OpenBSD (eg GeNUA).

Nick PNovember 14, 2014 10:26 PM

@ Thoth

I posted a message somewhere above asking you to put a disposable email address on your blog. Then I could send you the files you wanted. Interesting enough, the answer to your question is in them already. :)

ThothNovember 14, 2014 10:58 PM

@Nick P
I think I did not catch that message. Too many posts :) . Nick P, you need to be quick otherwise it goes poof within a day. You know where to find the pubkey I believe :) .

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

vgrsnt@vomoto.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUZt1AAAoJEIiF+ZVvv8Gd3xsH/RGf5iafj+gAAjcdNbwX29Ut
vnEYSy/NJc97lKP4+CCvziWX3/DcIrcW+6Afu9Dhixgrzzu9O0BhWY3vVV96VfJX
4e2RmWPqykLV8MLKnPdOhFhT9yjLjWQp+VreJjIbRFSau03Ow7lIliQ5D8KCt9Id
8DCPckbag3Yoxvwmnx8pWJ8ANj8zdMVbxZBK/1jk2l2Wh96++Rch+mLTEToBPHZg
Pbkxb5gtPtW99XhFsPZU36o2tdwZtzitfoB8W839SEKZ7Te4YMlKVt4g6fCWN+5n
cuNE/2KrCwI+onJzGmbiDZY+6EahSkgTI9gMG22BNx5Xo2t63H/z0RNVVDhQvyo=
=1kIM
-----END PGP SIGNATURE-----

ThothNovember 14, 2014 11:04 PM

@Nick P

Pass me a temp. pub key and I will encrypt a challenge to you. Destroy the temp. keypair after use.

Nick PNovember 14, 2014 11:18 PM

@ Thoth

"I think I did not catch that message. Too many posts :)"

Yeah, there's been a ton of them recently. That's why I said "somewhere above" as I didn't care to wade through them to find my message lol.

"Pass me a temp. pub key and I will encrypt a challenge to you. Destroy the temp. keypair after use."

A clever secure comms attempt on a... Windows machine (MingW32)? I'm sure even Singapore can probably rootkit one of those by now or purchase them from various vendors. I'll still set up a GPG keypair tomorrow and send it to you. ;)

ThothNovember 14, 2014 11:36 PM

@Nick P
Yes it's Windows unless I have more equipment around me to setup an even better sec comms attempt. I could run those stuff in a VM but it's pretty pointless and most of my external device equipments are dead anyways.

Courier me a few of your latest secure comms device inventions and I do happily use them :D .

ThothNovember 14, 2014 11:47 PM

@Nick P
Here's my temp pub key. Just a heads up, please do assume I am not safe as you noticed :) . We will find a better sec comms channel after all these are done. Markus Otella's device would be an interesting use later on.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (MingW32)

mQENBFRm52kBCACiSA2ndloqdGoalqa/retxMTM5T7oxRcrIFiByP4iv01N0yYXw
i+0jb0Cr0TIaSDqsWTOBDPH4RGHr3nMcPBER84QUh280P+bC49PjzpMKinadWfbP
2zaUpvKFVGD4KBrSzosTjxcOPKG2Fr/RXuU0MmsaGb/rEixNPc6Ws61OlQdWfslt
PElMmUqMNv1VtmmVQUW3d3rdPLJeYS5oXc8ax6Y1EofLP5l/7brKrY+Lsx0D+AW3
RvnfvIpQzFP1AjVvpPwY6GmcCjr6One3OjPcXhrXxDq2j7py0Tai3NTAFbMcwBBM
DCUDZj2913H2QZItf1N02O1XMMaPRt3Qe92DABEBAAG0IXRob3RoLnRtcGtleTEg
PHZncnNudEB2b21vdG8uY29tPokBOQQTAQIAIwUCVGbnaQIbAwcLCQgHAwIBBhUI
AgkKCwQWAgMBAh4BAheAAAoJEH/FjIV1N+CFdcoH/jJ6gW7H5ab1Zf9pTK1S4MAk
Dnqn0IrAIZ+rn7geoahyzyqyuiwWYN8QH5Tqd8R/8fFz+k6bKBK0XyLFlZgP8/UG
7dRsdVi3dUhNAmHGscvJT24Nl77SFwPPad5YEceAuuERlw63IrrEzz1goqOcN/Hb
HT5W0G8W55JA1myJXW8mIGYDZ0knRya3s8rWEg0PXV8Myi5sV2iAQyC3PODAqTfD
6Hbr7IRbH1J7O8WmN2uuiinW+i0vpJR63Qg5jBM2yQaiT14xKKcCqGkcChX1L5f+
4sdAFmHsMaen/LN1ujAj8kDivXh41yDZK6bEkt7iHHQzHQiTYLhmasxP+lRdlCq5
AQ0EVGbnaQEIALTJypa535PDjZKpy0qBlM2CeJJXSVKTBfWnPjn8I/SwYAGVvOcx
zNon4GwqRL82gMxoEJyr3X2fjpeI0mqqEWlzKdMQY9CoPDwIZTsg/MV+V9TgvGro
Q+dhymqNYL7nrKaGRNmpthb+XF/JumIAIlWLMJ8DV7meMWwn0DoTeJyOp5upwRkW
5q1l6p2YSDWqrWfestM5aqDnUQ9vGmTK+rorLXVd4IdCQlcDqfYoq2lwp8rR4W8y
1KD92tQtOL2wktnN9jMZCM4qy+CUFI04+YDvcr/nxJv4Vu5ZX9In/a5g4yVUCYWe
5mbETlM3/Rrl68NTnpFILi2aagFpvmYJrTEAEQEAAYkBHwQYAQIACQUCVGbnaQIb
DAAKCRB/xYyFdTfghWbcB/9f5EpzED/YW4OAQsh9atdyU9kJmy7vL0AeUTqeqi97
hq80SG3vdX+W+o07Fdb0R2Z2fq0w6uOSgEOVinaFhBdQNb7zcmOfH2ULSTixfWbq
qyXpZMrnPyEbFdCQLKmBj9LHKGkupXAVEuRcQ05i9WC219zfkY0QClqtocWdNVZt
YGFO8kFSq8w/+7yOAWqOFgKFxu3Mw81CqsdBVOcKYzrohofBaLRGBSx7YCih2WgG
d/mHjJkowEA2qHoxv7cbMnGh0OLNQHDEnE39eonbZ0vzhA5WJQBuUwVV7kOKEfo8
mPRBzaQeAKaocbbJisUUGaY7rpCxoxegqdEenM/a8Wtb
=ZGS+
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUZuhPAAoJEIiF+ZVvv8Gd6bcIAJC3JkRWNTRgVeF7g2Nzy0Vf
7FNkKsYYKGvUDBlRWQQBu5MVTN3lHIjfHV8cCAG5C5IHMYITavYfNzo5yDD4HpYm
fLH0ptIu+D5ltTGYA2MNCh17j4Vzekp0fugTCE5CRlAljzZozlfP9Dz+IDSrbnla
IobX09iCkjoWvqXkIeJhFPBuBDnAKAeYLTdWcxTjoM3fWw21d5GzOewIVwFr5tw9
6s3nJ6KT5ztbETLn2BkheFl/HPQqiILeYp06Wwo7hkvSfnlEo18moGey/CYTq2DO
1rLzMV+eHT9XsIgE75YGY6aYvrpQTli5ZoF3IqlKJwBrsP3r13cARBDUSfqKCEE=
=G3pj
-----END PGP SIGNATURE-----

TonyNovember 15, 2014 5:45 AM

"Applied Cryptography" is insecure ;-)

The report on Adi Shamir's Black Hat talk on "using all-in-one printers to control computers on the other side of air gaps" includes:

"In the experiment, Bruce Schneier’s Applied Cryptography was used as it was not possible to close the lid whilst it was on the glass. Asked if this could be a way to implement malware, Shamir said it could be if the transmission was short enough and if it could be placed in the correct location, but he was not sure how to interpret if there was no malware inside the system."

Sorry Bruce "Applied Cryptography" is potentially a vulnerability.
Even worse (HORROR!), the countermeasure is never to open it, (at least not on a scanner).

BenniNovember 15, 2014 6:41 AM

There was a recent remark from Snowden, that he supports encrypting smartphones, because this would prevent bulk surveillance but would not stop any targeted surveillance "because the key must be somewhere, we did this at NSA even on sundays"...

Now it seems to become clear what Snowden meant by this: BND wants to spent 6 millions for a project "CHIANA". http://www.zeit.de/digital/datenschutz/2014-11/bnd-chipanalyse-triphemos-verschluesselung-knacken/komplettansicht

It wants to buy a time resolved imaging photon emission microscope http://www.hamamatsu.com/us/en/product/category/5002/5012/TriPHEMOS/index.html that thing detects the infrared radiation that transistors on chips emit when they work.

Thereby, BND wants to observe how the encryption chips work and it wants to steal the key right from the chip's internals

CzernoNovember 15, 2014 6:49 AM

@Grauhut, @Clive et al :
About that new study into Tor users deanonymisation,

Arma (Roger Dingledine) has writtn a new entry in the Tor blog, downplaying claims made by press reports about Chakravarty's thesis:


Interesting, Sambuddho Chakravarty himself is confirming in comments to Arma's post that reporters have been blowing it "a bit out of propirtion"

ThothNovember 15, 2014 6:59 AM

@Benni
I guess the best defense is an offense. One way is to produce garbage emission. White noise.

@Czerno, Grahut, Clive Robinson, Nick P, Tor user deanonymisation et. al.
Some methods that might be possible to deal with Tor users if you have a substantial foothold in Tor network is to:
- User traffic triangulation
- Injection, dropping and compromising packets
- Corrupted exit nodes and guard nodes and attempting to reveal guard nodes. If you run a bunch of corrupted guard nodes at a critical mass, you pretty much own the world.


GrauhutNovember 15, 2014 7:32 AM

@TOR would imho work if it would use a more p2p like self organization scheme, maybe kademlia style, with some dynamic geoip optimization, onion levels with dynamic multipath fragmented routing, white noise traffic generation and stripping. Every node would have to be an exit node for its geo region and only at least SSL encrypted traffic should be allowed.

Then it could have a chance to protect user identities against an agency in god mode, that is able to profile traffic based on packet sizes and packet transport patterns.

Our real world tor systems structure is way too simple and it is imho over optimized on speed.

VatosNovember 15, 2014 8:34 AM

I have recently read about an attack using fake ICMP packets to force a disconnect.

Are these kinds of attack still possible? Can someone point me to a reputable source discussing this issue and perhaps giving examples of when such things have been done?

BoppingAroundNovember 15, 2014 9:43 AM

[re: VPN] JestInCase, Nick P,

Do consider the possibility of bribing the VPN provider too.

Benni,

Thanks for the information.

> because this would prevent bulk surveillance but would not stop any targeted surveillance "

But they target everyone already.

RickNovember 15, 2014 12:22 PM

AP Headline: AT&T stops adding Web tracking codes on cellphones

http://hosted2.ap.org/APDEFAULT/386c25518f464186bf7a2ac026580ce7/Article_2014-11-14-US-Cellphone-Tracking/id-b1b1aa00435a489090e56faec5d1ca6e

Interesting to note from the article:

"Verizon Wireless, the country's largest mobile firm, said Friday it still uses this type of tracking, known as "super cookies." Verizon spokeswoman Debra Lewis said business and government customers don't have the code inserted. There has been no evidence that Sprint and T-Mobile have used such codes."

That's an expected response, but quite irritating nonetheless.

-------------------------------------

@Grauhut - thank you for the link re: TOR TA and the 80% statistic. This is disappointing and unfortunate. Based on previous comments on this blog, I assume that the developers of TOR will not develop methods to defend against this attack because they do not consider it to be in their threat model. That is even more unfortunate if true. So, the average "Joe" has little else at his disposal to ensure some semblance of privacy/anonymity. Furthermore, it will take a Herculean effort to reverse indelible patterns embedded in the "deep state". Argh.

-------------------------------------

@Benni - interesting post about the "Dukes". Thank you.


Nick PNovember 15, 2014 12:34 PM

@ BoppingAround

Good catch! Although risky, it's potentially one of the best methods as VPN providers are typically not rolling in cash. Giving them a five to six digit consulting fee in exchange for looking the other way when a device is attached to their network might work fine. It's basically what the NSA does, but for tens of millions less.

@ Benni

I predicted they'd be using Russian and Chinese proxies here years ago. My reason for that was that most online criminals use those. This means they blend in. Such boxes are also cheap. Finally, they also get to point out on TV that most cyberattacks are coming from China and Russia while neglecting to mention they were running a number of them. ;)

Nick PNovember 15, 2014 1:51 PM

@ Thoth

"Just a heads up, please do assume I am not safe as you noticed :)"

I assumed you were one of two things:

1. You work in the interests of Singapore and have the goal of getting them the intellectual property they need. I believe you linked to that program once. Embedding yourself on blogs with U.S. and U.K. experts would be a great strategy.

2. You're a person that values privacy, liberty, and security that lives in a surveillance state. You're trying very hard to understand and develop what isn't available. You're doing this for yourself and the greater good.

I decided to believe option 2. Given what I know of Singapore, I've actually been a little worried for you. I'm not sure what constitutes crossing the line to their government or how they would react to high assurance without backdoors. My unconventional approach here has been to use stuff they can hack so they can see I'm not a threat & secure the box against everyone else. Not advising you to do the same: the situation is just extreme for some of us here & their philosophy is your a threat until proven otherwise. However, having an ordinary Windows box and privacy tools might reduce your risk by making you look like ordinary privacy seekers in Singapore. It's a similar principle: don't look like a threat.

So, I'd keep that as your default setup with anything more private on an air gapped machine and the data itself stored on something easily hidden. Have at least two storage devices: one to turn in after interrogation that's only a little bad and what you're actually protecting that you don't mention. Make sure the air gapped machine doesn't log or remember anything. Example: recently used files list can totally defeat this scheme. A LiveCD or write-protected LiveUSB are best options. A custom Ubuntu mix with the apps you need also looks non-threatening.

re public key

I couldn't get that key to work no matter what command or file label I tried. Let's do it the other way. I posted a temporary key here in an Adrive account. You should be able to import it with gpg --import (directory)temppublickey.key. Then, you can make a text file with the message you want to send me and encrypt it with a command like gpg -e -u "Your username" -r "my username" filenamehere. You can send a disposable email, a public key, or something else instead of a text file. If you send the key, use the --export command to turn it into a file to prevent this strange error from repeating. Share your encrypted file via your blog or a free online storage account.

In whatever message, include your favorite religious philosophy, the name of the unsafe exercise program you were forced to do, and whether your parents side with you or your brother. I already know the answers to these, but others will have to Google. So, this should work for authentication if you answer quickly.

DudNovember 15, 2014 2:16 PM

To Mr. Schneier & commenters:
----------------------------------------------
It is difficult to trust anything about the internet whilst peaceful anti-nuclear people whom condemn violence &/or illegal activity & are placed under viral malvertising attacks, phishing, planted warts that disrupt threads with chatterBots/pornLinks/falseInfo/FUD/"cures"forCancer/paypalComplaints-accountClosure/HateSpeech/sexualHarassment/DOS/etc.

This world "ain't all sunshine and rainbows", and that is understood.

The last straw has been the as of yet unconfirmed allegations of "BIOS" attacks. (odds must be infinitesimal, yet i cannot ignore & have little idea how to anon. confirm whilst respecting others anonymity - repeatability? I do have some HW am willing to risk, though not recklessly)

Here is where the damage started piling up, well after malicious links were posted by "ManBearPig" Beware his links. At minimum one is indeed viral. Am hoping that is the extent of it, though hope alone is not enough, imho.
http://enenews.com/nytimes-doctors-call-banning-thyroid-cancer-screening-tsunami-thyroid-cancer-stop-diagnosis-decrease-screening-need-actively-discourage-early-detection/comment-page-2#comment-600117


Pro, anti, or anywhere in between, i appreciate any assistance (even for self-help) to confirm or disprove. It was refreshing to see a commenter here whom disagreed with me actually not attack or ad hominem, though did disagree. That was refreshing. I respect that.

Follow the stock link, if you agree. This is out of my league, and this is the best place i can think to ask, though don't know if am even qualified to lick boots here. Have posted the best advice i can think of for them, yet am certain such advice given by me is likely inadequate.

If there is anything i can do to volunteer my time towards the betterment of society as a whole, i am all ears. (NT6 DriverPacks, for instance?)


I thank you for your time and consideration.
----------------------------------------------
"Strange days indeed." - Julian Lennon

ln -sNovember 15, 2014 2:16 PM

@ Nick P & Thoth
"A custom Ubuntu mix with the apps you need"
Using a pre-Unity 8 version of Ubuntu for a secure box (or anything else, for that matter) is a very bad idea.

Nick PNovember 15, 2014 2:45 PM

Good point on Unity being untrustworthy. However, this is a physically air gapped machine: it won't be talking to anyone. So spyware is irrelevant, esp if it's a LiveCD and he encrypts files on storage. Compatibility with hardware, app availability, usability, and reliability are more important.

He can always do a custom distro off Debian or Hardened Gentoo if he's concerned about such things. Just not as deniable as a common LiveCD.

JestInCaseNovember 15, 2014 5:06 PM

@ Nick P

Thanks for the heads up re VPN. Sigh. I suppose it was too good to hope for. Not a govt contractor so, back to thinking of something else. Perhaps the advice to 'look like one of the crowd' is best for now.

BoppingAroundNovember 15, 2014 5:14 PM

[re: AT&T] Rick,

I'm curious as to what they will do from on now. It's more like ‘all right, we'll find another way to do it’ to me than ‘we won't do this again’.

Clive RobinsonNovember 15, 2014 6:37 PM

@ Grauhut,

Clive That tor weakness was of cause predictable. :)

Sadly yes, before ToR even got going... which is why I keep banging on about it...

The researcher of this work is running very late on this, as others have done the preliminary research/work a long long time ago, I was mucking about with it back in the early 1990's.

Specificaly for published works, have a look at the work of Steven J. Murdoch at the Cambridge labs in the UK,

https://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/

https://www.lightbluetouchpaper.org/2008/06/26/

You will see that he was investigating using exactly the same sort of trick. So this current research is at best a tiny modification eight years later (and he should have found the two papers on a simple literature search or by reading either this or the Cambridge labs blogs).

You will also find on that page a comment from me clearly indicating I was very much aware of how it worked and had infact posted a comment to this blog detailing the underlying concept back on the 10th March 2005 @ 05:10 AM,

https://www.schneier.com/blog/archives/2005/03/remote_physical.html#c2313

Which was about an even earlier paper...

You will also see from my comment to Steve Murdoch that I had known about this issue considerably before that and had presented and discussed it with students back in 2000 on an EU funded course into computer and communications security.

So yeah getting on for a fifth of a century old, if not earlier. As I've said before the military know quite a lot about both signals and traffic analysis and how to limit it's effects since it was first "discovered" back in WWII in Bletchly Park.

Which raises an obvious question --for conspiracy theorists-- about Tor, it originates from the US Navy who very much know about signals and traffic analysis, so why did they chose not to put counter measures in Tor, and also why today those responsible for Tor are still "heads down in the sand" making "nagh nagh can't hear you" noises... after all they have been told over and over again by many people including much respected researchers...

Clive RobinsonNovember 15, 2014 6:59 PM

@ MrC,

The article is the usually drivel written by a journalist who doesn't know what they're talking about. Looking at the paper itself, the prerequisites for the attack or kinda far fetched

As I've said in the past most journos either don't understand or chose to misunderstand for the sake of a story that gets their name about, it's to br expected.

Whilst the specific way the researcher goes about it might be far fetched there are quite a few otherways to achive the same effect.

What you are basicaly trying to do is modulate the data being sent with the equivalent of a "JPL Ranging or Gold Code" and you then cross correlate the induced jitter with the various streams you are observing, the best correlation is in all likelyhood your target of interest.

A thought for you to consider... It is unlikely that the actuall hardware the server is on is dedicated to that one service. That is it might have several different services including a number of web servers running on it. All you as an attacker have to do is give the hardware other work to do and that will modulate the CPU usage and thus other network services on the hardware. Just hitting the hardware with TLS setups as a limited form of DoS attack will do the job, even if the hardware has multiple CPUs...

I can think of quite a few other ways to modulate the data signal and I'm sure quite a few others reading this blog can as well, rather than me reel them off I'll let others have a go, after all I think I can safely say I've not thought of them all, so I stand to learn something new as well :-)

Clive RobinsonNovember 15, 2014 7:44 PM

@ JestInCase,

@ Nick P has covered some of the things you might want to think about.

However even if by some act of god they do get the VPN right with regards tool chains etc, there are quite a few other issues.

If you look back on this blog you will see I've a bit of a downer on AES, in that whilst the algorithm may be secure, practical implementations have side channel issues. I've even suggested that the NSA "rigged the AES contest", a view that prior to the Ed Snowden Revelations put me at odds with other peoples beliefs, however since quite a few are now considering it as a distinct possibility.

Thus any VPN has to be somehow "decoupled" from the external network such that the timing channel either does not exist or is made immeasurable to an external observer. The down side of such decoupling is things like latency go up, which is often undesirable.

Hence I've indicated in the past that for non-interactive traffic you encrypt files on a machine that is airgaped from the rest of the world and you then "sneeker net" the encrypted file to the machinr that is connected to the outside world.

Oh and as for interactive traffic don't have any... If however you do need interactive traffic, again encrypt on one issolated machine, then feed the traffic through a rate limiting data diode etc to the second machine.

In essence this is how systems for high level Dip/Mil traffic where security is paramount work.

As Nick P noted such systems are not generaly available for "mear mortals" even if the brochure says otherwise.

Which brings me onto,

@ Thoth,

With regards CPU's from NXP etc and have they been got at by state level entities. I would assume all processors have from a security viewpoint thus investigate topologies that mitigate that.

That said, if you are talking about 8 or 16 bit CPUs without any kind of crypto engine in them the chances are they've not been got at. But the problem is you won't know which do and which don't have a crypto engine in... The reason for this is that these days it's cheaper for the chip manufacturer to put "everyhing on a chip" than to make a range of chip wafers. Thus the different packaged chips you can buy are probably just "bonded out" differently or have been programed on test. So if just one member of the range has a crypto engine in it the chances are they all do but it's disabled, however that does not mean any backdoor gets disabled as well.

Which is why I would look at mitigating topologies from the "get go".

DanielNovember 15, 2014 10:32 PM

@Nick P, Jestincase, Clive, etc.

Re: security of VPNs

Nick writes, "They all are built with insecure development processes and tools, running on insecure OS's, running on potentially insecure firmware, running on hardware that makes security hard." Sure, sure, but that is true of 99.9% of the servers connected to the internet. The fundamental theory behind the structure of the internet is that one /can/ trust strangers. And if one thinks about the roots of the internet that makes sense--it was a small, isolated, culturally cohesive community. I look back on the days of dial up and even the early 90s and I shudder--I had no notion of technological security in the personal sense and frankly unless one was in the military community either did anyone else. We were just a bunch of nerds who couldn't get dates goofing off at night. The older I get the more I wonder whether Tim Berners-Lee is a hero or a goat. Because without HTTP and WWW the internet as a communications medium would still be a backwater. On one hand his little invention created billions of dollars of wealth and changed the way people viewed the world they live in drastically--that's no small feat. On the other hand he took something that in its own way was innocent and beautiful and opened it up and it's been totally raped. The metaphor I keep thinking of is of The Shire from LotR. Looking back I think it was deeply naive of many geeks to think we could let the outside world in and that the hordes would respect our ethos.

The internet is not safe. It's not safe because it was never designed with a vision to become what it has in fact become. No amount of Tor or VPNs or any of such similar solutions is going to make it safe. Tor and other security solutions might make it safer at some times against some adversaries under certain conditions--but it will never be safe in a total sense. Because the reality is that only a fool would trust a total stranger who has no similar interests, no similar goals, no similar culture, and no similar language. The US President Lyndon Johnson once said that he never trusted a man "until I have his pecker in my pocket" (pecker being American slang for the male genitalia) and yet people willingly trust their most personal data to people who they have never met, know nothing about, have nothing in common with, and who they wouldn't recognize on the street. Bribery? Hell, some VPN operators would turn your data over to the NSA for a laugh. When one looks at the situation like that one shouldn't be amazed that every so often Tor gets blown up--one should be amazed it's not happening every single day.

Nick PNovember 15, 2014 11:00 PM

@ Daniel

Very well said. Yeah, I am amazed we don't see worse. I think the reason is that attackers focus on what's popular, the good ones want control rather than destruction, there's a higher security baseline, and the number of shallow bugs has decreased a bit in the main apps. That attackers shifted post-SDL from Windows apps to Flash and Adobe supports my last two points. So, it's still garbage and we're coasting along, but only at the grace of black hats that are too lazy or greedy to do more.

This is why I support the clean slate designs and others that make everything outside the host untrusted. That brings me to my one critique:

"The internet is not safe. It's not safe because it was never designed with a vision to become what it has in fact become. No amount of Tor or VPNs or any of such similar solutions is going to make it safe. "

There's been solutions that can defeat the attacks on the Internet and other untrusted networks. NSA themselves depend on them. They're certainly not mainstream and only rely on a tiny subset of Internet protocol. The Web, on the other hand, is even worse with so many complex and wasteful protocols. I've seen web offerings that were possibly secure but they aren't anything like what most web developers would go with. They're also *very* wasteful and expensive if securely implemented. The Web was always garbage with an updated client-server or p2p model with type-safe, native apps being much better.

So, the situation can be a lot better even with current standards. Requires lots of proxies, guards, abandonment of compatibility, custom hardware, etc. Not practical for many and all due to the problem you illustrate: people applying technology designed for a small, benign, personal environment to a large, extremely hostile, and impersonal environment. And then trusting their privacy, money, content, I.P, and business critical operations to it.

I vote that this is the new definition of insanity.

65535November 16, 2014 1:58 AM

@ Benni

“…Because it distributed a miniduke variant and there is a link between miniduke and NSA. “ - Benni

Thank you the information on miniduk@. It looks very dangerous.

“2)Now we know how NSA cracks SSL… They attack certificate authorities with the stuxnet variant duqu. Thereby they can create their own certificates for all sorts of companies.”- Benni

I agree. Flying Pig is very disturbing as is the entire Forged Certificate game.

The problem with compromising Certificate Authorities is immense and dangerous to not only the victims but a very wide slice of digital industry. The are the stamp of authenticiy for a large portion of the internet.

Stolen/Forged/Tampered Certificates that sign code could potentially multiply damage vital industry sectors including: The security sectors, vital financial sectors, and other vital sectors including the Intelligence industry [In and of itself].

Once the Forged Certificate Genie is out of the bottle it will be almost impossible to contain [other major players will copy the actions of the NSA].

This would be similar to selling forged tickets for the last ride on the Titanic – only to find your own family members are on the ship. Forged certificates could potentially affect this site – who knows.

Nick P now has problems trying to use the PGP signature from Thoth. That problem could just be a slight syntax error or other mismatch of sorts – or it could mean this post was altered in transit by our friends at Fort M@ade.

The constant forging of certificates on a wide scale could wreak havoc lawyers, doctors, bankers, insurance companies, CIO’s, and the whole IT industry on a national or international scale! I fear this will end badly. It must stop.

@ Nick and Clive

I find your posts to be very interesting and I will continue to follow them a best as possible.

ThothNovember 16, 2014 2:11 AM

@65535


Nick P now has problems trying to use the PGP signature from Thoth. That problem could just be a slight syntax error or other mismatch of sorts – or it could mean this post was altered in transit by our friends at Fort M@ade.

I wonder if Fort Meade was behind all these :D .

If you ever trust CAs, you are as good as trusting the whole world. CA architectures are bad, very bad. High assurance computing is simply just a HSM and strong crypto and probably manual moving of keys and nothing more. All the different key moving permutation over low-medium assurance hardware and network is as good as game over.

The Safecurves which are a subset of known ECC curves are usually not honored (or the CAs never even know they exists). High assurance work first starts with high assurance computing platforms and methodologies which so far only the military and a few here and there ever gets it (but may not get it right).

GrauhutNovember 16, 2014 5:01 AM

@Clive "... today those responsible for Tor are still "heads down in the sand" making "nagh nagh can't hear you" noises..."

The biggest problem with idealists is that they tend to live in their own world and they dont want to be disturbed in their pride of their babies. Cognitive dissonance.

I think the tor developers are proud of their work, it works fine in protecting nice people from stoneage totalitarian regimes. But it does not protect them from their peers.


In the end its all about economy, we (the people, not big.gov and big.com) in the west live in an economic downward spiral, now the risk is high that our own former "liberal" governments turn their agency focus on us, because they fear us more than alien regimes somewhere.

The erosion of the rule of law we actually see is nothing new. See Fraenkels "The dual state" from 1941.

foreignaffairs.com/articles/103271/ernst-fraenkel/the-dual-state

Hitler feared a talented minority, today they fear another talented minority, angry white former middle class men.

Clive RobinsonNovember 16, 2014 5:04 AM

@ Daniel,

The internet is not safe. It's not safe because it was never designed with a vision to become what it has in fact become. No amount of Tor or VPNs or any of such similar solutions is going to make it safe.

Err sorry I have to disagree with you on two counts.

Firstly as Claud Shannon showed all communications channels have fundemental limits and others using his model as a base have shown other things to be true. One of which is all communications channels have "loss", which as we know from basic physics, 'energy does not get destroyed' means this loss is in fact "leakage" of energy out of the communications channel. Which in turn means that in principle the leakage can be picked up by others and with it some or all of the information content. This is the basic idea behind TEMPEST which is a subset of EmSec, and an area the --repressive-- US Government has tried to make protecting yourself against such attacks illegal for many years, though EMC problems forced the issue to a certain degree from the 1980s onwards (though I'm sure at some point a US prosecutor will try and equate the use of a home made secure facility with being a terrorist or worse if they have not already done so in some closed/secret court).

The only secure way to deal with energy leakage and the information it may carry is to ensure it is compleatly absorbed by some kind of load and converted to heat.

Simple as that sounds it is frought with difficulties, as not only has the load have to have sufficient mass and matching to ensure that the conversion process from high bandwidth leakage ends up entirely as very low bandwidth thermal channels. It also requires that outside of this mass has to have very very effective thermal insulation to the environment as well [1].

Further whilst such communications channels can be made they are impractical for any kind of sensible usage. And if you did use them they would additionaly still require physical protection from attackers to ensure the integrity of the system [2].

So at the lowest levels all communications channels not just the internet are insecure, it's a basic charecteristic.

Which is why the modern solution is to accept the fact you cannot stop the energy loss / leakage, only reduce it and then mitigate any leakage that might occure in some manner. Often this mitigation is by the likes of link encryption and signals / traffic analysis counter measures as well as the channel power limiting and physical segregation.

Secondly, all of these solutions were either prohibitivly expensive or practicaly impossible when the DoD through DARPA requested "practical resiliant" protocols that gave us IP and other protocols that form the core of the modern Internet.

It is only now that "content security" is becoming practical at modest cost due to the rapid advances in technology, but that is and has been since WWII the lesser part of what is required for privacy.

The problem is that whilst a properly designed and installed secure communications system via encryption is possible, it does not stop traffic analysis, or subverted third party systems. Whilst there are solutions to this and the military amongst others have used them for decades, they are still expensive to implement and there is not the commercial interest in making such systems commonly available, irrespective of NSLs, rubber stamping Secret Courts and other more recent legislative measures and argument vested interests are responsible for.

Despite all it's many faults Tor usage does show that people will if they have sufficient reason take steps to make themselves anonymous and secure the content of their communications. Skype showed this rather better as it had an easily seen benifit to most people who had distant relatives in that there were large savings to be made by investing a little time in getting it up and running.

However as with most new technology, the initial driver for use will be for what many regard as nefarious activities, unlike Skype Tor gets politicaly demonised for this as do other systems like BitCoin etc. However as the technology gets stability, reliability and ease of use other non nefarious activities will become dominant as it did with Skype and is starting to happen with BitCoin. Which is why the various entities with vested interests will try to kill or break new technology before it gets sufficient "honest use" and breaks the entities existing profitable models.

The question we should perhaps be asking ourselves is how we turn anonymity and all other forms of privacy into something that has a clear benifit that many will want, such as saving/making them money now. It is when you think about it the primary driver for the use of the Internet for by far the majority of users currently. So how to buck the trend and make money, not out of marketing people but by making them suitably anonymous, but also offering the people savings on their current way of doing things... It's a tough one seeing as to most users the Internet is effectivly free after marginal costs...

[1] You should note I do not mention EM "screening" materials such as the woven braid or metal foils you often see around EM communications cables. Well there is a good reason for this, basically they either reflect or conduct EM energy not absorbe it, thus their main purpose is to get as much energy from one end of a cable down to the other at full bandwidth. However the down side of this is that the EM signal will radiate out at the first fault or mismatch at what is likely to be full bandwidth, unless the EM energy is absorbed into a matched load across the full bandwidth.

[2] Back in the 1960's etc when the "Cold War" made spending on high security "no object" carefully designed cables were put into specialy designed conduits that were not just air tight but could withstand a considerable pressure differential with the environment. These conduits were then purged and refilled with various types of "tracer gases" and preasure sensors. If a change in preasure was detected comms was immediatly stopped and somebody would go out with a "sniffer", soapy water etc and physicaly "walk the line" usually with an armed guard looking for the leak. Thus these conduit pipes all had to be in secure corridors and accessable but physicaly secured ducts. Such prcautions are as you can imagine eye wateringly expensive, not just to implement and maintain, but also because they need to be highly redundantly implemented to ensure high availability at all times. So cheaper yet as effective mitigation methods such as OTP encryption were used (US-CCCP "hot line") and still are for sufficiently high level links where physical security of the communications channel cannot be guaranteed. As the cost of a couple of "Sensitive Compartmented Information Facilities (SCIF)" and the secure shipping of KeyMat is way way less expensive. For comms that are not at the highest levels other types of link encryption are used, but the KeyMat distribution / handeling may still use OTP systems under certain circumstances, which is why people still get paid quite well to carry out the rather boring task of making the pads, distributing them, auditing the process etc.

Gerard van VoorenNovember 16, 2014 5:15 AM

@ Clive - About TOR

Which raises an obvious question --for conspiracy theorists-- about Tor, it originates from the US Navy who very much know about signals and traffic analysis, so why did they chose not to put counter measures in Tor, and also why today those responsible for Tor are still "heads down in the sand" making "nagh nagh can't hear you" noises... after all they have been told over and over again by many people including much respected researchers...

Reading this kind of long lasting and structural, let's be honest, incompetence, makes you think indeed. The reply from the TOR project team about recent events also doesn't make you feel any better, because the short answer is sort of "we don't know".[1]

Now how is it possible that individual cryptographers CAN make super fast crypto that withstand timing attacks (djb Salsa20) and that this is being ignored.

In all this time they *could* have made something that *would* work for the primary goal: anonymity.

That they didn't do it, even though the problems were known a long time ago, and also that these guys are no novel cryptographers, combined with US policy about crypto, is evidence for me that it is deliberate. So call me a conspiracy theorist for this matter ;-)

[1] https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous

Clive RobinsonNovember 16, 2014 6:13 AM

@ Gerard van Vooren,

ToRs big problem is their fixation on "low latency" at all costs and a secondary desire to minimize bandwidth used. Which has the consiquence of putting the client outside the network and thus making their traffic easily identifiable to attackers...

As long as they stick with that there is no hope of making the service secure, in any practical meaning of the word.

You only need to look at what is publicly known about Mil communications to see what needs to be done.

Firstly all links are fully encrypted, and more importantly a link is either up at full capacity or it is down, and when up they are kept up for very long periods of time or brought up in non changing patterns.

From this it is easy to work out that "dumy traffic" is being fed into the link to keep it at full capacity. Further the encryption is used in such a way that it's not possible to determin any kind of message length or number of messages on a link as there are no differentiators on the physical channel.

The problem with the internet is it is not switched network but a packetized network, which means that care has to be used to prevent messages becoming apparent due to bad/poor message padding etc.

The packetisation also causes other issues over and above the fact it is inefficient for a point to point link as each packet has a header, it usually requires an ack or other back channel signaling which can be easily abused by an attacker.

Another issue is 'in order packetisation', which comes from relaying rather than "store and forward" behaviour. Out of order and mixed with other messages and padding makes signals / traffic analysis difficult.

So things ToR could do are firstly bring the client machines into the network propper so they become "hidden clients" which also route traffic through them. All links to become "fixed capacity" that is used continuously and padded out and all nodes clients / relays / services have multiple links to other nodes.

I could go on but you get the idea.

However there are differences in the way the various parts of the Mils communicat. Whilst ground forces tend to use direct point to point links, sea bourn forces tend to use "Fleet Broadcast" systems where messages are sent to multiple out stations that may or may not reply at some point in the future.

Such broadcast systems are quite usefull to hide the structure of communications networks. Thus as I've indicated before sending identical data to multiple nodes that store and forward rather than relay is quite benificial.

Gerard van VoorenNovember 16, 2014 6:51 AM

@ Clive

The problems that you are diagnosing and the suggestions you make to solve these are not really my point.

My point is that despite the decade long issues T[oO]R is still the same essentially. The claim that TOR anonimizes is only partially correct.

Either they should stop the project entirely or prove that you can be anonymous on TOR. That includes the browser as well.

ThothNovember 16, 2014 9:20 AM

Breaking TOR by community members is the only way to put the emergency brakes on this rotting project. The HSAs know where to find the holes but they do not want to talk (National Security, Top Secret ...etc...).

Another way is to wait for a critical mass of lost of faith in TOR before people start moving away.

The trend where people hop to another "anonymous" network and think that it has some strange capability to magically make them "anonymous" kickstarts another round of chicken and egg cycle and everyone's back to square one again.

The basic reason is human issues and attitudes.

Clive Robinson have pointed out so much details on making communications safer and more "plausibly deniable" which should be core features in a "plausibly deniable" communication setup. I deliberately move away from the word "anonymous" because it is very hard to be anonymous but it is easier to be plausibly deniable as being the message author.

Gerard van VoorenNovember 16, 2014 9:42 AM

@ Thoth

I deliberately move away from the word "anonymous" because it is very hard to be anonymous but it is easier to be plausibly deniable as being the message author.

I prefer true anonymity because that keeps the SWAT Team[1] away. Plausible deniability doesn't really help at gun point. (it wasn't me)

Even if the problem of being truly anonymous is very hard to solve, that is still the problem to solve. Otherwise don't do it.


[1] Or each nation version of it. In the Netherlands it is called Arrestatie Team.

Nick PNovember 16, 2014 10:50 AM

A Fair Look at Tor

To be fair, it was funded by the U.S. military to be *used* by the U.S. military. They do in fact use it for their own anonymity. The leaked Snowden document on Tor shows even mighty NSA, a global eavesdropper the project doesn't claim to stop, was in fact hampered over and over. I'd say that's quite good work for a small project with the requirement of web compatibility, low latency (as Clive pointed out), and user-determined bandwidth.

Further, the team is quite competent. The main brains behind it is a very smart guy who knows everything going on in the field. The research into secure, low latency anonymity schemes largely started with the Tor project. Unlike us, they have to invent the concept and deploy it well. Then smart people find a problem with the concept itself. They modify the concept again and deploy again. And they keep repeating this taking hits constantly because the field is inherently hard, in its infancy, and operating on the most untrustworthy communication medium ever designed. Their opponents also collectively have more resources to throw at breaking it than they do at making it (20 people w/ $1-4mil budget).

So all in all, I don't trust the security of Tor but I won't cut the people down. Aside from insecure endpoints & language choice, they seem to be doing what they can to provide as much practical anonymity as possible and get it to as many people as possible. The Snowden leak debunked the NSA conspiracy theory showing Tor doesn't work for them: they work to break Tor like everyone else. They are de-anonymizing a significant amount of it, though, and so are a bunch of other people per recent research. So, it's not safe unless used in combination with other anonymity techniques.

Nick PNovember 16, 2014 11:18 AM

@ 65535

I'll try to keep posting the good shit. Meanwhile, I was reminded of why people often don't use GPG. It's a pain in the ass (too manual) that still glitches. That's all the problem likely was as it worked the second try on the same PC & Internet pipe. Over a decade in and the most mature OSS secure communication tool still doesn't work easily. And people wonder why encryption by default doesn't take off for the masses. (sighs)

@ Thoth

With your HSM obsession, you should look up the IBM 4758 for some inspiration on the hardware side. It was the first general purpose HSM to hit FIPS Level 4. There's a lot of information on it. Design is here and here. Teardown of one. Its tamper methods are probably beatable by now in a lab.

However, my real proposal is building an EMSEC safe with 4758-style tamper detection so a bunch of machines can be put in there. I especially like it because it's patents age as it ages. Far as the rest of the board goes, either of us can do much better than they did in terms of processor, algorithm, and OS. The only clever thing that might be worth imitating was how they used hardware to enforce software security, esp Guardian processor.

Nick PNovember 16, 2014 11:22 AM

@ Thoth

Btw, here is their current one. They switched to PowerPC processors (good choice) and run them in lock-step to check for errors. Sweet. Switched to Linux for the ecosystem. If they still protect secrets from software with hardware, then that might be safe. Might not.

FigureitoutNovember 16, 2014 12:48 PM

Clive Robinson et al RE: TOR weaknesses
--Yes we hear you banging on about TOR weaknesses, perhaps one to mention also is people being prosecuted for running a relay, getting charged for traffic they have nothing to do w/, going thru the relay. This makes people think twice considering adding to the network (which is still too small, and can get bigger); it also suggests there may be a problem (too costly) attacking the network w/o the legal system. Also you state here: https://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/#comment-3174 that:

As the attack requires the target machine to be very heavily loaded for a couple of hours (or more) then lightly loaded for an equivalent time with this cycle repeated several times, this behaviour is very likley to give a clear signiture in the system logs (along with several other related indicators if the atack is not skillfuly put together).

As you pointed out in your artical the attacker might have several hundred or more potential targets to attack before localising the network address of the machine. This makes it a clasical time/resource trade off. It is therefore quite likley the attacker will give away their precence to network operators and the TOR ops long before they have succeded.

So fairly likely someone will eventually see so long as they have setup their logs *before* attackers get them. Defense wins so long as they beat attackers.

So I'm w/ Nick P here, in that it's easy to peck holes from the outside and not be the guy actually hosting. Otherwise no one hosts, no internet. No one currently offers a much easier and open and tested anonymous network; w/ a stripped laptop and long range wifi antenna in a urban hotel you can make it pretty hard to track you down starting from TOR traffic (cue standard OPSEC considerations). You've said yourself you don't even have a blog b/c there were too many security problems and you won't even post a throwaway email address online; now imagine trying to set up an anonymous network for the public to use on a fraction of the budget you're up against.

And just attacking low latency for timing purposes as being a massive hole; conversely if someone actually has a need to carry out an operation where they'd get killed if they were caught, they don't want to be sitting vulnerable, they want to quickly get the job done and shutdown.

I'd be fine w/ latency so long as I have something else to do while I'm just staring at screen; so music or something.

Nick P RE: GPG glitches
--Here's where I start to wonder about such "glitches", was it a "glitch" or an attack? Troubleshooting a bug gets messy when there's key servers involved...won't that be THE #1 place for attack?

Johnny B. GoodNovember 16, 2014 1:35 PM

@Grauhut

"Hitler feared a talented minority, today they fear another talented minority, angry white former middle class men."

You really hit the nail on the head with this statement.

Nick PNovember 16, 2014 2:56 PM

Interesting study on bugs and vulnerabilities in projects with varying programming languages
http://www.infoworld.com/article/2844268/application-development/functional-languages-rack-up-best-scores-software-quality.html

That Java still has plenty of memory errors and Go concurrency errors isn't speaking well for them. And what's on top? LISP (Clojure) and Haskell. We "LISP weenies" score again. :) Haskell is doing extra well thanks to its allegedly bulletproof concurrency. And the third on top is Scala, a cross between Java and functional programming. I judge things by the results they bring. These languages were all clearly well designed and props to those that contributed to that.

Another article is interesting for its section on Rust:
https://medium.com/@adamhjk/rust-and-go-e18d511fbd95

That the person's software virtually always worked AND the compilers warnings were clear is a rare combination for a toolset. So, Rust also seems well designed if this person isn't just a zealot or lucky. If so, then I agree with the author that it's better to build an ecosystem around such a tool for the long-term benefits. I'd also recommend language security researchers start assessing what vulnerabilities can and can't happen in Rust. Then start to mitigate them with coding practices, safer libraries, static/dynamic analysis tools, DSL's, and code generators. That's my normal recipe for boosting a language's security.

Nick PNovember 16, 2014 2:58 PM

@ Figureitout

It wasn't an attack because my opponents can hit mainstream OS's with 0-days. They probably have a keylogger in this box already. Who needs to break crypto if you have the plaintext before it gets to GPG? ;)

Sancho_PNovember 16, 2014 6:07 PM

Regarding Tor:

Besides all the logistical and technical problems of anonymity,
this project has a very common issue: Funding.
People expect things to be free.
Tor is free - how could we blame them for not being 100%?

How to improve / change / run a service without money?
And if money is involved,
how to keep the bad guys out?

Technics is probably neither the problem nor the solution - money is.

Hugh JassNovember 16, 2014 10:09 PM

@Nick P

"...So, it's not safe unless used in combination with other anonymity techniques."

Such as...?

Clive RobinsonNovember 17, 2014 2:18 AM

I guess some people think I'm being a bit hard on the ToR project, especialy with the assumption that only the likes of US TLA's can decloak individuals and hidden services.

My return on this would be that "a false sense of security" is more dangerous than "no security" due to the human condition of "over trusting" not just others but systems as well.

However we have to consider that money buys a lot of things, and a lot of money can buy almost anything. Some of the more repressive nations have disproportionately more money than other nations of their size due to the chance of geology making them natural resource wealthy. Such people are known to buy in technology to strengthen their hold on their citizens and have no qualms against who they use it on. Further as we know from the sale of zero days and other news worthy items, that there are people that have no qualms about selling technology to such rulers providing the price is sufficient.

Which raises the question of just how long it will be before such rulers get their hands on decloaking tech, assuming --possibly falsely-- that they have not got it already...

But there is another issue to consider, on atleast two occasions --supposadly-- accidental updates to network border protocols have caused traffic to be routed "the long/wrong way" through China...

It takes no real stretch of the imagination to see how rerouting data could give people an advantage in decloaking ToR users. It's realy only the "all roads lead to Rome" design of the Internet infrastructure that gives the US and other 5Eyes the current advantage of sitting astride the Internet choke points, so they don't have to reroute traffic to decloak ToR users and services.

As others have pointed out low latency and anonymity are a very hard problem area, which is why decloaking is possible, and will probably continue to be so for the foreseeable future.

For the sort of use originaly envisaged for ToR low latency did not need to be the "make or break" issue that it has become today. Thus I have repeatedly suggested that there should be a security network for non interactive communication where longer latency from "store and forward" and "multi path splitting" can be used to advantage.

Further individuals should consider what latency is acceptable, we quite happily communicate via SMS texts and latency of half an hour or more is usually no barrier to common usage. Likewise blog posts with twelve or more hours appears quite workable, and just a few decades ago postal or Snail Mail messaging with three or more days of latency was more than sufficiently workable.

For some reason we seem to thing that near zero latency is required, it's realy not. Afterall how many people can read more than 250 words a minute with reasonable comprehension, and maintain that rate for a half hour or so?

The answer as most eBook designers know is very very few, which is why they can use very low power electronics that give you eight or more days of use of tiny batteries, whilst your internet smart phone can give you a couple of hours of browsing at best...

Thus for the security concious "low latency" can be viewed as "marketing specmanship" at best which carries a very high and unwarranted risk when it comes to personal security, with worse than death being the price of being decloaked.

65535November 17, 2014 3:27 AM

@ Clive

“My return on this would be that "a false sense of security" is more dangerous than "no security" due to the human condition of "over trusting" not just others but systems as well.” -Clive

Interesting, your point is well taken.

How would you implement your high latency, multi-splitting, store-and-forward system?

“…another issue to consider, on at least two occasions --supposadly-- accidental updates to network border protocols have caused traffic to be routed "the long/wrong way" through China...” –Clive

It's a snake routing trick [which creates some latency in and of itself].

Given the sad state of the Asian RIPE Database snake routing will probably continue.

See:
https://labs.ripe.net/Members/denis/using-the-ripe-database-as-an-internet-routing-registry

RIPE clearly states they can be pwned. Do you have any suggestions to stop the NSA/GCHQ/PLA/other_TLA’s snake routing tactics?

Andrew_KNovember 17, 2014 3:59 AM

@ Daniel, Regarding your thoughts on what happened to the web
A VPN operator might not only turn over data for a laugh -- he will do it with pleasure since NSA can provide him with a feeling of being not just some random sysop at a large company but something special. Oh he will keep his mouth shut without any threat. Just the inner pleasure and excitement of him having this second life where he can feel like a man serving his country suffices. Just pick the person carefully. Idealists are not a wise choice. However, greedy people with low self esteam are. It always were the secretaries, assistents, janitors, and cleaning ladies, weren't it? Those that are often underappreciated in everyday office life. OPSEC starts with respecting your employees and not treating them as anonymous resources.

@ Nick P
I totally agree with your words on GPG. Quoting a colleague: "Of course you can send me that mail encrypted, but you should consider that I will need three more days to read it in that case."
And the keylogger, of course.

@ Clive Robinson

(though I'm sure at some point a US prosecutor will try and equate the use of a home made secure facility with being a terrorist or worse if they have not already done so in some closed/secret court).
-- Clive Robinson

I think it is already happening and it is much more subtle.
You will not be prosecuted for doing that. You will be prosecuted for using these means to do something else.
You will be taken to court for some crime -- parallel constructed or for real -- which (and this is the best part) involves you using your secure facilities. Everything you did to secure your privacy can now be seen as a part of your great evil plan (whichever crime you allegedly did, murder, child porn, selling drugs to kids, tampering with stock exchange, pick one). This plot once more allows to show the public that only really bad people use privacy enhancment techniques. They will not be criminalized as such, they will just be publicly associated to criminality (tough both might happen).

I am fuzzy on the details but I think there was a case in Germany in which the suspect not having his cell phone with him was used against him, pledging it prooves him planning whatever he was accused of. Whilst it might have been true in that specific case (yes, criminals may have OPSEC knowledge), this way of argumentation sounds very very scaring in general.

65535November 17, 2014 4:18 AM

@ Andrew_K

“I'm sure at some point a US prosecutor will try and equate the use of a home made secure facility with being a terrorist or worse if they have not already done so in some closed/secret court…” –Clive

“I think it is already happening and it is much more subtle.” – Andrew_K

I agree.

I have seen cases where some school kid sets-up his own encryption rig – only to be interrogated by the FBI. If they cannot arrest the individual they purposely cause considerable cost and discomfort.


65535November 17, 2014 4:20 AM

@ Nick P

I hear you regarding the difficulty of using GPG or even PGP [including being hit with a key logger]. It is hard and time consuming [and not widely deployed].

ThothNovember 17, 2014 5:02 AM

@Nick P
Thanks for the IBM HSM links. Will read them. Thales rack server HSM using PowerPc as well but the USB ones are ARM.

FigureitoutNovember 17, 2014 5:13 AM

Who needs to break crypto if you have the plaintext before it gets to GPG? ;)
Nick P
--Not something I'd winky-smiley at, but uhh I guess those that don't think plaintext is truly plaintext lol :p

Hugh Jass
--I suppose we could start by hiding in your name? You won't get various people's "secret sauce" due to...OPSEC concerns. But here's a mini-start (the longer you do it the better you get, and like stepping stones get to a hard to reach place eventually). It's easier if you have a tight group of like-minded friends you trust and a decent size of cash and time. For starters, pick up a laptop from a swap meet or as others know a "hamfest" or "computer expo" straight cash, I love those things...Make sure to get info for as many as possible to expand possibilities and have a chunk of cash tucked away in advance so no bank statements; getting directions to the place will probably also give you away. If you're expecting it you'll probably see the people there scanning the crowd; generally they don't know how to look normal and set-off triggers. So it's best to go to a really big one or bring a bag to at least try to minimize exposure time of ID'ing the brand of laptop you just got or going back and interogating the seller.

Take laptop home and again try to not look up brand as you need to remove at a minimum any cameras, microphones, and wifi cards that can be found. Optionally you can now place extra shielding around the entire inside (just aluminum foil will do, make sure to not place on bare motherboard! Insulate w/ some other material). Cover up any exposed LED's. LiveCD's should already be made (again potentially giving you away). Laptop will have Windows most likely on HDD, unplug HDD and get into BIOS and see if you can boot w/o it. If no, we're gonna need to wipe the HDD w/ another program (or purchase a fresh HDD) and get needed drivers (another pitfall here). Wipe HDD after each online session and keep multiple backups of drivers you need, maybe have to keep reinstalling Windows.

Make any plans for whatever use you have for OPSEC and anonymity offline as much as possible; which is hard, choice is yours how hard you want to make it. Once booted up (after purchasing tiny USB-wifi dongle w/ an antenna connector, and using a "cantenna" (not as good) or a "yagi", or even an omnidirectional antenna w/ high gain and easier conceiled; this part is tricky). Once live no linkable formatting to your past like I'm doing now; you're not you for now. No browser signatures like any customizations you like, if you frequent only certain sites, and go to them while in anon-mode, that's dumb.

There's a quick reference; others here can expand that way way more than you'll ever want to do. Be safe and do your research (in security, pros get owned by lucky noobs etc..).

Clive Robinson
--I'm (speaking for myself) looking at it more operationally. My return on your return is I don't have a "false sense of security" using TOR; I know all too well and continue seeing more bad. W/o TOR, most people have no anonymity, and being able to route traffic straight out of your home or the little router in your cable box; everything can get stored fresh and stripping HTTPS (which I'm getting more weird pages that are pure HTTP and screw up all the javascript, which is good but I didn't do it lol...). TOR traffic already sticks out anyway. Anonymity is a heavy OPSEC area. Setting up another "store-n-forward" service needs a server somewhere and be accessible to internet protocols. Who's paying for that and who's protecting it 24/7 from physical raids? Being in the military and GCHQ, you didn't have to worry about these things as well as funding ("shove it on the taxpayers, for their own good..."). I suppose now a greater threat is beginning to be their own employees...

Won't the problem just continue w/ low latency tagging a "cookie" of some type to every message? Don't even need to ask, it will. Or using something like a modern computer or smartphone to push out the comms due to compatibility issues, side channels like clock skew will be the least of your worries. Digging into clock skew...every f*cking electronic is vulnerable if it has a clock, which is does.

System FailureNovember 17, 2014 5:19 AM

Arguably Tor's biggest weakness (its uncomfortable bed partners high up, ensuring that the "design flaws" are maintained) is also its biggest strength (providing a reasonable assurance that security agencies will not come down on the Tor infrastructure like a ton of bricks, obliterating the system). In other words: western TLAs need Tor for anonymity in low level operations and to promote instability within enemy states, like Iran and China. However, these TLAs also want to make sure that the system is designed in a way that allows them to break this anonymity when necessary (in NOBUS mode). (It goes without saying that NOBUS mode means that everyone else will eventually crack it a bit further down the line.)

The main priority of a stable and reliable alternative to Tor (one that fixes the TA problem) is creating a truly decentralized, autonomous and trustless structure. If the NSA, GCHQ et al. suspect that there is any risk of a viable and efficient Tor alternative catching on with the general public, the first thing they'll do is try to nip it in the bud by throwing all the legal fire power they've got at the infrastructure and its users (coercion, subpoenas, raids, destruction of hardware, jail sentences...). Any viable system must plan for this.

Nick PNovember 17, 2014 6:57 AM

@ System Failure

"the first thing they'll do is try to nip it in the bud by throwing all the legal fire power they've got at the infrastructure and its users (coercion, subpoenas, raids, destruction of hardware, jail sentences...). Any viable system must plan for this."

Exactly. And it's why I've been pushing for INFOSEC to add lawful intercept to various security and anonymity schemes. After all, it's the law in most countries and the domestic police can usually just seize stuff or imprison uncooperative people. Just need to remind users of this in the marketing material.

ThothNovember 17, 2014 7:21 AM

@Nick P
To solve lawful intercept you need to solve data classification, AI, wha if user encrypted the data and so forth reliably to segregate them to groups.

konfiNovember 17, 2014 7:44 AM

I can't believe some people still think that an anonymizing system with an inbuilt de-anonymize switch is a good idea. The concept was dubious a few years ago but in a post-Snowden era the idea of "lawful" intercept is just laughable. For god's sake, these guys are pwning comoputers around the world to launch attacks on their own citizens... These are the guys who write reports referring to innocent American citizens as "adversaries." These guys make the Russian mafia seem friendly.

Nick PNovember 17, 2014 10:26 AM

@ Thoth

Actually the solution requires integrity at hardware, mediation at system call layer, a read everything but write nothing permission, a wrapper that allows data exfiltration over various channels, and an authentication method that enables it for key holder (service or product provider).

All of these features but one are in existing high assurance products. That one is the exfiltration wrapper that ensures their transport operates safely. There's lots of prototypes for that sort of thing but not highly assured yet. Still a cat and mouse game. Exception is for capability secure systems.

GrauhutNovember 17, 2014 10:29 AM

@System failure "Decentralized, autonomous and trustless structure"

... creativly using standard techniques in a secretive manner.

This is the only thinkable survivable structure. Maybe we have to learn from malware coders.

DonaldNovember 17, 2014 1:08 PM

So, no discussion of the amazon echo? Watching the video advertisement for this, I kept expecting to get to the punchline, the place where they admitted this was a parody, or an add for a new horror movie.

People are really going to buy this? Voluntarily? And put it in their house, listening to everything they say and sending it all back home to Amazon?

The NSA's mistake is obviously being secretive about their projects. They should have just charged people $99 for a listening device that they would install themselves.

pythonNovember 17, 2014 1:19 PM

@Donald
"sending it all back home to Amazon"
The scenic route (via Arlington), naturally.

Clive RobinsonNovember 17, 2014 2:30 PM

@ Donald,

Hmm a tweeter, a woofer and a reflex horn all in a 23.5 x 8.3 cm can with a mood lighting ring and seven microphones, sounds just the thing for kinky parties and a litle blackmail...

I wonder how long it will take to,

1, appear in some murder thriller as a major plot itme.
2, be seized for evidence in a real crime.

Just think how important your music request will be to indicate you state of mind...

You request the aria "Nessun Dorma" from the final act of Giacomo Puccini's opera Turandot, with it's rather nasty plot line, shortly before going out and getting pulled for speeding. And the prosecutor has also seen the Jack Ryan film where "Mr Clark" slits the throat of a neo nazi with a machetti. It won't take him five minutes to convince a jury that whilst a policeman pulled you over for speeding you were realy plotting on chopping the head of someone, and instead of endorsing your licence and fineing you a hundred dollars, they should instead be sending you to fry in the chair for "thought crime first degree murder"...

Perhaps Amazon should market it with the Police singing "every breath you take, every move you make, every bond you break, I'll be watching you" playing on it...

OldFishNovember 17, 2014 2:49 PM

@2^16-1

"I have seen cases where some school kid sets-up his own encryption rig – only to be interrogated by the FBI."

Links?

Nick PNovember 17, 2014 3:48 PM

@ konfi

I can't believe some people think they're going to operate anonymously in a country with a global adversary with 0-days for every major platform and app. And partnered with an adversary that can seize assets & imprison people who resist. There's effectively backdoors in most online services already. And they're unrestrictive with ability to damage or plant evidence on hardware.

I think a greatly restricted, hardened backdoor is preferrable. And how it's used can be done differently in each country. Lets you move to a country that isn't a surveillance state if you want less odds of eavesdropping. Security situation will be similar to current one but more accountable.

BoppingAroundNovember 17, 2014 4:50 PM

Donald,

1960: “I have a great idea! Let's have every person in the country carry a radio track ing beacon!” “That'll never fly!”

2012: “I can has TWO iphones???”

Clive,

> Perhaps Amazon should market it with the Police singing "every breath you take, every move you make, every bond you break, I'll be watching you" playing on it...

Very subtle :D

JustinNovember 17, 2014 5:09 PM

@ Nick P

I can't believe some people think they're going to operate anonymously in a country with a global adversary with 0-days for every major platform and app. ...

Yet as soon as they shut down Silk Road 2, a Silk Road 3 popped up.

And they're unrestrictive with ability to damage or plant evidence on hardware.

That's just like in real life: cops have the ability to damage or plant evidence. It all depends on their honesty and competence not to do so. There's no ready-made solution that will magically increase accountability of evidence and truthfulness of testimony in court. Lie detector tests for hiring cops don't guarantee personal character, either.

I think a greatly restricted, hardened backdoor is preferrable. ... Security situation will be similar to current one but more accountable.

You'd need to greatly restrict and harden the entire system, not just the back door, as in an open source high-security, high-assurance operating system and web browser. And I still don't see where the "more accountable" part comes in---that still depends on the personal character of those in law enforcement and on politics.

WaelNovember 17, 2014 5:26 PM

@Clive Robinson,

Perhaps Amazon should market it with the Police singing "every breath you take, every move you make, every bond you break, I'll be watching you" playing on it...
+1... What a coincidence! The Police (the band) singing that song! Ingenious not to capitalize the "t" in the "the Police" :)

AnuraNovember 17, 2014 5:44 PM

@Nate

Am I being paranoid by noticing that the cipher suites that cause a problem all seem to be NSA Suite B reccomendations (well, except for not using ECDH)?

Nick PNovember 17, 2014 6:29 PM

@ Justin

"Yet as soon as they shut down Silk Road 2, a Silk Road 3 popped up."

Business's that last mere years and whose owners face prosecution. Most investors and business owners would think that's not such a great tradeoff. Gotta have less risk in the equation. I'm also personally not going to prison just so someone can make a purchase or a comment without their name on it for a short time.

"That's just like in real life: cops have the ability to damage or plant evidence. It all depends on their honesty and competence not to do so. "

Cops in real life might be recorded and there can be witnesses. The backdoors the NSA uses are deniable enough that even the existence of a search can be concealed, along with its specific activities. There's considerable difference here. If each device must be specifically targeted via warrant, then a third party knows the search exists & accountability measures can be built on this. Not on covert, widespread search though.

"You'd need to greatly restrict and harden the entire system, not just the back door, as in an open source high-security, high-assurance operating system and web browser. "

Not the case. A chip, kernel, backdoor and interface are all that's necessary. Maybe not even the chip & kernel if hardware is designed a certain way. You just need it to be able to pull data from memory or storage yet not write it. There's been both processors and security kernels built that can do this very robustly. (And simply.) The rest of the system runs on top of it or along side it.

"that still depends on the personal character of those in law enforcement and on politics."

And the service provider. Remember that part. A service provider might make an argument to a federal court that the alternative backdoor can give police information while maintaining integrity of the process. The judge in the Lavabit case specifically asked for an alternative to the FBI's black box that wouldn't compromise users. Lavabit didn't have anything ready and convincing, so judge ordered FBI's device used and Lavabit shutdown. That's where I originally got the idea to develop a high integrity & less risky to us backdoor in the event another judge might OK it. It can also be evaluated by a government certification lab and use tech similar to what's in defense marketing materials. "If it's good enough for DOD & FBI, it's good enough for a court room."

Right now there is no alternative. There's the FBI's black boxes, the NSA's implants, and 0-days.

Nick PNovember 17, 2014 7:50 PM

@ Anura

I pointed out previously that NSA's COMSEC for important stuff goes through a Type 1 certification process that has produced quite different algorithm and implementation choices. I know enough about the process to say it would've have allowed a number of the flaws we've seen. It also requires a strong, underlying TCB that I can tell. Yet, what they push on the public are different algorithms & cryptosystems without much focus on implementation during certification and definitely no focus on endpoint. So, it's not really paranoid to think they're following the Wolf of Wall St strategy: "lure them in with the good stuff then unload the dog shit on them." ;)

ChrisNovember 17, 2014 8:08 PM

Hi, there is a PDF on Cryptome called "Tor Traffic Analysis Attacks and Defenses"
and they have shown that using Dummy Traffic with low TTL Values can be effective
against Cisco Netflow, any ideas on how this can be implemented without the
involvment of the TOR Develeopers

Its Chapter-5 in that document for those not intersted reading the whole document

JustinNovember 17, 2014 8:18 PM

@ Nick P

I think a greatly restricted, hardened backdoor is preferrable. And how it's used can be done differently in each country. ...
... That's where I originally got the idea to develop a high integrity & less risky to us backdoor in the event another judge might OK it.

I'm not sold on your idea of a backdoor. I think there would be a lot of unintended consequences. First, I assume the backdoor would have to have some kind of public keys built into the hardware. Could these keys be updated or revoked? What if a foreign nation state (such as China, Russia, Iran, or even Israel) were able to obtain the corresponding private key? What about industrial espionage? And what if hackers were able to obtain a private key and then able not only to entirely disable the backdoor for their own devices but spy on others as well? Who has custody of the private keys for the backdoor? How are they backed up? Are they only handled on high-assurance systems? How is other nations' government access controlled? Are the devices region-coded? Will other countries even want to buy explicitly USA-backdoored hardware?

I'm afraid the keys to any backdoor will eventually leak out or be cracked by advances in mathematics or computer science, and in any event they will be HUGE target for all manner of espionage and counter-espionage, just like 0-days are today.

For purposes of evidence, it might be possible to have the system digitally sign and timestamp the evidence collected, to make sure it was not tampered with on its way to court, but that's assuming the key is kept secure, and we can trust this whole system.

AngelNovember 17, 2014 8:20 PM

Okay, so, the Verizon building in Richardson has buffalo meat burgers available. You go right past those front doors and down the stairs. To the right of the main front doors and down some stairs is their support where you can get your laptop fixed or replaced.

How is software configured so that it might have zero day in it? Simple. Just find the security vulnerabilities and then not disclose them. Especially the more esoteric, hard to find issues.

Or you can hire someone.

I watched the ancient, original batman last night, and found it amusing how the bad guys were concerned about the cops *whom they paid off... might find some of their "front companies". Yet, do Americans or even foreign nations ever really consider what might be "front companies" for intelligence? Especially considering that Al Gore did not "invent" the internet, but the DoD did?

...

Here is the reality: the US Government owns the major US technical companies, as well as the wires beneath the entire internet. Which they have made great pains to compromise.

Why.


There was this old movie, "Dark Man", that showed what a single individual could do if they looked like anyone.

What could a full US agency do if they had such disguise capabilities?

And legend creating capabilities....


What if there was an army who could appear as anyone?


Really, I see here people discussing details, and they do not understand: the real, bigger picture is and already long was implemented.


You can either trust us, or....

Well, there is no "or". You do not actually have any choice about the matter.


That is what authority and power means.


Nick PNovember 17, 2014 8:41 PM

@ Justin

Oh I agree there's plenty of risks. The difference is we can know and attempt to mitigate them. There's effectively two models: service provider control and centralized control. Either allow it to be one system/site or a decentralized architecture. The best way to operate is SAP-style OPSEC with a variation of what Clive and I have promoted to deal with hardware subversions: a diverse number of systems that all perform the same function with voting protocols. Each piece is as strong as one can possibly make it, with the keys in specific fixed locations & encrypted if in storage. The physical room is protected against EMSEC and physical attacks. The keys can be killed locally or remotely at a given site upon a command. Local and remote surveillance monitoring.

The overall system is designed to securely produce, store, and use keys. The process is transactional. The nodes communicate over a variety of simple mechanisms. The specifics of the system, especially interconnection, change constantly in a way meant to throw off the attacker. The software itself is vetted by mutually suspicious users, can only perform the intended function, and is very easy to port. The components are supplied similarly. Pre-existing images exist for a number of platforms. The administrator just loads the stuff onto the machine another person prepared for them, loads the pre-existing image, and installs it. This happens under surveillance and reveals no private key material onscreen. The warranted accesses of the keys or signing of black boxes happens via prebuilt software interface of the software and generate audit records. Optionally under surveillance as well.

Further, the method would be optimized to fail-safe where the keys or systems are destroyed in worst case scenario. There's potentially effective backup strategies that combine a physical device one needs, an encrypted backup, and a threshhold scheme. Yet, a backup increases risk quite a bit. So, fail safe is my default strategy to loose access to the devices is my default strategy. This is my main point of legal and technical risk.

Certain government and private organizations take strong measures to protect their OPSEC and INFOSEC. My methods exceed theirs. So, there's good odds that it prevents an infiltration and otherwise detects it. The way it does it is simple: reduce trust in... everything. And only trust what many paranoids have vetted: the process and software.

eNovember 17, 2014 10:01 PM

Nick P., we know you're personally invested in this back-door idea, but it's fucking insane. It's like saying, look, FBI can just kill anybody they want and they never get prosecuted, so let's just implant a tamper-evident Baron Harkonnen Certified heart plug in everybody, so a judge can make sure they only kill you fair and square. You're using this government-issue Resistance-Is-Futile line to advocate that we all shitcan our rights.

If there is no technical solution to the problem of arbitrary government interference with privacy, all that means is the solution will have to be political.

Coyne TibbetsNovember 17, 2014 10:23 PM

@Angel How is software configured so that it might have zero day in it? Simple. Just find the security vulnerabilities and then not disclose them. Especially the more esoteric, hard to find issues.

I think the completely overlooked and most straightforward method is to design in the zero day exploits. That allows you to control the ease of discovery.

In fact, probably the biggest zero day of all is these automated update processes. Even assuming they "normally" don't install any back doors and that they only make changes when authorized by the user, certainly they could change anything with or without permission of the user; on demand of a warrant or NSL.

Nick PNovember 17, 2014 10:42 PM

@ e

Your missing it although understandably. I'm trying to make a nice compromise between the needs of government and individuals. I'm narrowly defining it as much as possible. I'm focusing on a strong as possible implementation. And then, past that, I'd fight as much as I could. The trick is to fight over the right stuff.

"If there is no technical solution to the problem of arbitrary government interference with privacy, all that means is the solution will have to be political."

I was the guy that convinced Bruce of that far as I know when he was asking for as many technical solutions as possible. It was important to get an influential person aware of the reality of the situation and then start influencing people to that effect. Politics and media are a weak area of mine so I knew I couldn't accomplish what he could in that area. This is a technical discussion so I have to work within the current political framework that allows a pseudo police state. There's only so much to do in that framework. So, if it's U.S., I have to work on lawful intercept as those that don't disappear from the market and the competition is fierce.

If Americans ever change the politics, I have much better stuff waiting for them that won't have such risks. Meanwhile, people and their businesses can be ended quite easily for such things. Not wise or probably successful to take that path in the environment Americans keep allowing, paying for, and periodically reinforcing.

Gerard van VoorenNovember 18, 2014 1:13 AM

@ Nick P

I absolutely agree with @e.

There is no reason at all to give these Lying Unaccountable Assholes [1] "God Mode" on each computer in "their" country or anywhere else.

It makes no sense in criminal, economical, legal and political matter unless you redefine the word ethical. And if you redefine the word ethical, you better think again next time you wave your flag.

Sorry, sometimes I think in black or white terms but these guys will stretch every inch they get, exponentially. Don't give them that inch.

The same with TOR. There is no such thing as being anonymous-ish.

[1] TLA abbr = LUA

ThothNovember 18, 2014 1:25 AM

@Nick P
A high assurance device with LEO access would bot just rely on high assurance electronics and system. Logical data needs to be addressed and best with a provable formula.

We assume D as a set of data with data elemnts d as depicted:

D:{d1..dn}*

We need to diff the privacy data and LEO data and each data layers encrypted by an officer key K. Assuming LEO has access to a key as one of the offucer, then how are you going to group d1..dn into different officers of K:{k1..kn}* where LEO is kleo which is an element of K ?

There needs to be a reatriction on the accessible data instead of wholesale retrieval.

FigureitoutNovember 18, 2014 1:36 AM

The Doctor That Wasn't
Story from NYT on undercover operations increasing in US.

It has also resulted in hidden problems, with money gone missing, investigations compromised and agents sometimes left largely on their own for months.
Across the federal government, undercover work has become common enough that undercover agents sometimes find themselves investigating a supposed criminal who turns out to be someone from a different agency, law enforcement officials said. In a few situations, agents have even drawn their weapons on each other before realizing that both worked for the federal government....It is impossible to tell how effective the government’s operations are or evaluate whether the benefits outweigh the costs, since little information about them is publicly disclosed.

http://www.nytimes.com/2014/11/16/us/more-federal-agencies-are-using-undercover-operations.html?_r=0

Back to Tech News...

FINALLY...
IAB/IETF calling for encryption of all internet traffic

My only worry is, keep control of the encryption; as encrypted malware either on your machine or squishing thru your network is a nightmare. This will inherently complicate things too.

http://www.theregister.co.uk/2014/11/16/net_gurus_face_off_against_spooks_encrypt_everything/

USB Hell...
"As long as USB controllers are reprogrammable, USB peripherals should[n't] be shared with others," the team said. "Once infected through USB or otherwise malware can use peripherals as a hiding place, hindering system clean up."

Whitelisting USBs was hindered due to lack of serial numbers and mechanisms to apply the measure, while malicious firmware could easily spoof its legitimacy to foil malware scans. Firmware code signing could still permit unauthorised firmware upgrades and was problematic on small devices.

Bad news for Android too... :

Android phones they said were the simplest BadUSB attack platforms due to its pre-configured ether net over USB setup.

http://www.theregister.co.uk/2014/11/18/usb_coding_anarchy_consider_all_sticks_licked/

...However Good News on RTL-SDR Front W/ Android!
New SDR app released on Google Play store. $.99 compared to $10 for SDR Touch which I was originally going to use. Also this code is on Github, hell yeah! Thank you!

Only problem (for me personally)...coded in Java..... Oh well, I can get in and modify my own instead of from scratch! And it's got a feature I really wanted...logging to files. These will be most useful finding static sources of RFI and *maybe* some attacks if you get lucky.

Things like this will bring SDR to the masses once they realize how cool it is and maybe even cooler twists no one's done yet. Instead of doing a real build w/ a DDS module explaining my build ideas to my dad gets me that look of "No, damnit son, what a pussy build" lol... :(

http://www.rtl-sdr.com/android-app-rfanalyzer-now-google-play-support-rtl-sdr/

Nick P RE: political solution
--And hopefully I'm the one (or someone else I don't care) gets Bruce back to his senses if it truly was his original gut feeling. He's really mellowed out though and drifted away from the crypto math labs and into the C-Suite boardrooms and Social Science books; he should make one more comeback if he has it in him.

But if anyone has ideas on a political solution, please don't be shy; let's hear it. Also, don't do the usual wait for someone else to step up, try to implement what you say for yourself and see how far you get. Then go grab a development board and some software for an airgapped PC and try helping solve the actual problem.

What would the world be like w/ no technical solutions to security problems? I don't even know, no stability whatsoever so calm research not even possible. I imagine probably not being able to get any technology off the ground b/c it gets hacked immemdiately...Laws of Physics trump Laws of People; physics is of course ingrained in the Law code books, the law book won't open w/o physics.

ThothNovember 18, 2014 1:53 AM

@Figureitout
Those who call for encrypt everything can be ignorant or imprecise. Blind encryption is worthless. The current trend is that bad path of blindness.

Maybe Bruce have moved beyond crypto to species psychology. A very good choice on the bigger pictures while allowing newbies cryptographers their time.

Hard skills must be paired with soft skills. Crypto and high assurance is just tools without a mind. Crypto wet dream is the trend at its rotting stage...bad.

FigureitoutNovember 18, 2014 2:13 AM

Thoth
--So what do you recommend not encrypting on the internet? I agree it'll make it harder to more impossible for tiny TCP/IP implementations. Don't think anyone's arguing for "blind encryption". Lose control of the crypto and problem gets really bad (why I'm wary, very wary of encrypting memory on PC's, attacker gets control of that and you got encrypted memory scattered on your PC, and it probably needs to be got at w/ new bootloader, JTAG, I don't know maybe just recycled) ie: not differentiating attacks from normal traffic.

Haven't bought any of Bruce's latest books and won't do so until he puts out another edition (w/ real updates) to AC or CE. My dad did more managerial type work (and made some $$ no doubt) but he's really happy being back in design. Seeing big picture can is just kind of common sense, no? You can do that any time all the time; not very hard.

FigureitoutNovember 18, 2014 2:23 AM

Thoth
--My view is merely obfuscated memory (how I want it), like a virtual memory on top, no internet access but side channels of course always possible. Thus then if I see encrypted memory then boom I've been attacked and time to shutdown/wipe and possibly destroy. I'm talking tiny PC's too, modern PC's...too out of control...just highly uncomfortable to use...

Doesn't apply to external memory of course. Encrypt the whole damn filesystem, everything and keep on or very near your person at all times.

Gerard van VoorenNovember 18, 2014 3:10 AM

@ Figureitout

Have a look at MinimaLT [1] and while you are at it, also look at the Ethos project [2] itself. The Etypes [3] paper is also very interesting.

In short, MinimaLT is a replacement of TCP and TLS. It has only a fraction of the complexity and LOC of the protocols that it replaces. It is faster than unencrypted TCP and the crypto is mandatory. AFAIK the code isn't released yet.

[1] http://www.ethos-os.org/~solworth/minimalt-20131031.pdf
[2] http://www.ethos-os.org/
[3] http://www.ethos-os.org/~solworth/petullo14ethosTypes-20140518.pdf

Andrew_KNovember 18, 2014 3:40 AM


The trick is to fight over the right stuff.
-- Nick P

True. For the very same reason, I stopped getting personally invested in discussions that I will not win anyway -- unless it is interesting.

More globally, I can understand Nick P's sentiment (tough by far not sharing every of his positions).

When I got him right, he claims that there are technologies which to use is currently dangerous as long as there is a government with, well, with its current attitude. He seemingly found a way to deal with it without going in depression or resigning.

If he works in one of the more shady corners of life, well, honestly, I think there could be worse people than him as he at least reflects what he does and which role he has.

That being said, I have no evidence him not taking the next plane to GTMO and pouring water in some guys mouth, horrassing activists by constructing a case against themn, or his appearance here being a clever (compared to other) PSYOP.
Personally I like to believe he is just a decent person, perhaps working for government, perhaps not. Until proven otherwise. Call me naive... but that is the same idea our law system was funded upon.

ThothNovember 18, 2014 3:59 AM

@Figureitout, Gerard van Vooren
Gerard pointed at the right direction. MinimaLT is a good design to study.

The horrible state of crypto gets worse with tje encrypt everything concept. You should look around and see how many badly done crypto and TLS has so much to improve. What I truely meant is to fix the badly implemented crypto before attempting to encrypt stuff. Timing attacks, side channels, traffic analysis... so much to look into and many libraries are ignorant of these problems. Updating the crypto suite to standardise non-NIST algos luke Salsa or eSTREAM ciphers and other AEAD ciphers for mobile devices and the Safecurves might help too. Crypto has a long way to go before it is mature to encrypt all.

konfiNovember 18, 2014 5:50 AM

Re. lawful intercept and backdoors

The assumption that there are good guys who should have access to our computers through backdoors and bad guys who can be kept out of these same backdoored systems is naive and untenable based on what we know today.

-The so-called "good guys" have been caught elbow-deep in activities that are not just unlawful but unconstitutional. These are not a couple of bad apples, these are systematic violations of our constitutional rights. Their highest representatives have lied under oath and made a mockery of the legal system in western democracies. We as tax payers are paying for the big guns and it turns out the guns have been turned on us.

-The idea that one can introduce a backdoor in a system and expect no-one else to figure it out has been proven to be a bad idea over and over again. Yes, they will find out about it. Yes, they will crack it sooner or later.

-In most cases, you don't even have to wait for the so-called "bad guys" to crack it. Most of the western INFOSEC developers working for our "good ol' American heroes" have no problems in selling their tech to the likes of Bahrain, Uzbekistan, Libya, etc. Were does this leave the "good-guy: in" "bad guy: out" model?

Finally, the argument "it's hard to get privacy right, so we might as well not try at all" is so obviously flawed I won't even get into the details.

albertNovember 18, 2014 6:07 AM

Our computers, cellphones and tabs are more private than our homes today. They contain our messages, our work, our family relations, our secrets, our financial information. We would go completely mad if someone even suggested that we must leave a copy of our keys at our local police station so any of their guys can walk into our bedroom and have a look into our closets and drawers whenever they feel like it. Why is it that some people think it is their God-given right to be given a "key" to every one of our IT devices so they can help themselves if and when they feel like it? Just think of it. It's completely nuts.

e'November 18, 2014 8:36 AM

Nick P
Yes, thanks in part to you, many people lately woke up and said, Oh shit, we live in a totalitarian state. Cognitive and emotional responses varied. Some were helpful, some less so. Arguably the most helpful was Snowden's response, Well then, I'll expose the treachery and lies of this our Stasi. Then there is your response: Yikes, a totalitarian state! Let's institutionalize it by building it into everybody's computer! That, sad to say, does not attain the upper quartiles of helpfulness.

You cannot buff the backdoor turd. Not by balancing government "needs." Governments do not have needs, they have duties, and one of their duties is to stay the fuck out of my correspondence. You could look it up.

Not with an arbitrarily-circumscribed "technical discussion" that adopts illegal government aims. That way lies IBM punch cards for Buchenwald. It is contrary to the ethics of whatever discipline you profess.

As for wisdom and success, the gun nuts go far with μολὼν λαβέ, a reckless vaunt. Fuck you NSA, fuck you FBI, you're going to have to pry my digitized plans for treasonous forcible overthrow out of my cold dead hands. Use up all your best 0-days on me, you TAO pervs, let's see if you can sneak in and out without getting caught. Cyber warriors. You're not even jack-booted government thugs, you're BMD Commanders, crooked fucking cowards. We're going to rock your world. We're going to put your heads on sticks.

ThothNovember 18, 2014 8:48 AM

Under assumption that lawful intercept can be quantified in a provable and repeatable way that can allow secure selective access in an auditable and controlled environment. It must be provable though.

You need to also resist the monster appetite of Govt requests. They will never be satisfied.

Regarding Bittorrent Sync, someone found leaks and the devs deny and claims it's just a crash. Can we trust them ? Unlikely.

http://www.theregister.co.uk/2014/11/18/cries_of_spies_as_audit_group_finds_possible_backdoor_in_bittorrent_sync/

albertNovember 18, 2014 10:12 AM

@Thoth
Great! A victory for open source accountability. Better still, if they don't fix it to the community's satisfaction, someone can start a fork.

DonNovember 18, 2014 11:49 AM

Wow, someone who also likes "Dark Man" ... but the modern state of affairs is probably more like "Agent Smith" though.

If I had to hypothesize, about which appears to be interesting discussion, layered accountability sounds more like military intelligence, which strikes curiosity because I know nothing about it.

The best part of anonymity is you never know who these people really are, yet you can learn from. It makes discussions more interesting.

elationNovember 18, 2014 11:56 AM

"Let's Encrypt will be overseen by the Internet Security Research Group (ISRG), a California public benefit corporation. ISRG will work with Mozilla, Cisco Systems Inc., Akamai, EFF, and others"

Nice idea in principle, but I wouldn't touch it with a barge pole (a California-based corporation with ties to Cisco managing my security certificates? No thanks!)

Hugh JassNovember 18, 2014 2:20 PM

@Figureout

Thank you for your discourse. Now I am only a scofflaw, committing only minor infractions, such as misdemeanor squid blog and aggravated cryptome. My usual weapon of choice is public wifi > Qubes > Whonix with Anti Evil Maid. However, I find in @e' a kindred spirit and realize that my protective coloration may not be sufficient for harsher climates.

I've been lurking on this blog for quite a while. I very deeply appreciate all of its contributors and Mr. Bruce Schneier for making it possible.

BoppingAroundNovember 18, 2014 4:56 PM

> Across the federal government, undercover work has become common enough that undercover agents sometimes find themselves investigating a supposed criminal who turns out to be someone from a different agency, law enforcement officials said. In a few situations, agents have even drawn their weapons on each other before realizing that both worked for the federal government.

[Off-topic] I have been reading about this recently. A fiction work though. The Man Who Was Thursday by G.K.Chesterton. Mind you, it's at least a hundred years old. Still very interesting.

Clive RobinsonNovember 18, 2014 7:14 PM

@ Nick P,

I have a problem with front/back doors even with a properly sourced warrant.

And it is this, people talk of "keys" such as a "Golden Key" etc etc, but this puts the wrong metaphor in peoples minds. They assume it's like their front door key, that is an LEO could open the door but then it could be closed and locked behind them.

Al the proposals I've seen for such front/back doors work on the "virginity model" once an LEO has had there wish granted they get given a key that will work from then onwards...

Unless the target is made aware that they have been taken via the backdoor the LEO can keep coming back for more irrespective of the time limit placed by the judge.

Which is not how any warrant is supposed to work, thus a front/back door needs to not work on the "virgin model" but be re-lockable with a new key. But LEOs won't alow this facility to be put in place based on the argument that the target could relock the door at any time shutting them out at a vital point in time.

As far as I can see there is no solution to this problem as long as the LEOs are not required to inform the target at the end of the warrent and then have the equipment replaced at the LEOs expense.

So befor providing a covert opening for the "untrustables" you need to come up with a solution to 100% seal it shut again at the end of the warrent, not a moment before and not a moment after.

Unless you can do this then I'm sorry, but entertaining the idea of a front/back door is a non starter, and very probably un constitutional as well.

Nick PNovember 18, 2014 9:20 PM

@ Andrew_K,

(e, konfi too)

"When I got him right, he claims that there are technologies which to use is currently dangerous as long as there is a government with, well, with its current attitude. He seemingly found a way to deal with it without going in depression or resigning."

You're reading me wrong. I lived the crypto-libertarian lifestyle for years, was an operator, & worked private sector only cuz I wouldn't take money from government. (Cept for college funding as it didn't seem so immoral) I campaigned, informed, and pushed ordinary Americans to take action on every civil liberties & privacy violation that occured. I pushed solutions to both legal and technical problems on various blogs. I gave them to businessmen, local legislators, & people that talked to national ones. I never did anything to attract much fame or leave many records cuz then you're in attackers' sights.

During this time, the power and immunity of those aiming to subvert security only increased. I met so few Americans that gave a shit enough to take action that I remember all of their names despite a terrible memory. Ten years of this & you could fit them all in one small room. The situation is worse than ever and had I continued to operate they had half a dozen trumped felonies they could've charged me for with total deniability of real purpose. Matter of fact, most of those people continue to use services they know spy on them for private & public sectors.

So, the situation is I'm maybe imprisoned or dead with business optionally ruined if I do what you people propose in a high assurance way. This is true for most others. Number of people capable of high assurance security design are so few in number and often little in renown that they could use their more police state powers against us all with barely any news coverage. Even fewer because most aren't a threat: they're defense contractors or govt funded academics. The voters in this country don't care, continue to empower them, buy almost nothing in medium assurance sector (much less high), and facilitate mass surveillance by supporting companies/agencies that do it. Would my efforts have much reception on them or change anything given I'm working in that environment with professional saboteurs & killers targeting me? No. Would I rot away or die for what amounts to apathetic voters and non-customers? No...

So, they've created a situation where I have no viable option that doesn't allow search at some point. This point was actually reached back 2007-2008 when I knew both that mass surveillance was happening and Americans didn't care enough to change that. I did no more anti-TLA commercial INFOSEC work and lost my references due to the choices I made to ensure I didn't become part of this crap. Instead, I started publishing (the power I had) as many designs, former trade secrets, and anti-TLA strategies as I could. Mainly here. I watched the majority not give a shit more and more. Unfortunately, their actions combined with NSA/CIA's actions have resulted in a market full of crap that puts all of us at risk to both domestic spying and criminal attack. So, until the people remove the near omnipotent adversary & laws/courts backing them, I can only boost the security of the market in a way where they (and U.S. law) allow me to operate.

After Lavabit judge's decision, I started exploring the possibility of building in a restrictive key escrow mechanism or read-only authorization system. If people want to act like we're a democracy with rights and stuff they can force change of law and policy. And then I'll gladly take the backdoor out, swith to a fully open development process, etc. Or I won't backdoor stuff and just see what they do, but have a solid one ready in case I need it. (Current concept.) Meanwhile, everything I rely on is already weak or backdoored so I'm asking myself "what's the difference...?"

A tangent to this issue nobody mentioned is that there's a huge chunk of the public that wants privacy and security but doesn't worry about the NSA. I know because I spent years trying to convince them otherwise. Foolish as they might be, they're still a market and they still benefit from my solution by being protected from others. They're currently an easy target for blackhats and many are good folks that I'd rather not see harmed. So, there's both a business case and ideological supporters of highly robust systems with an equally robust L.I. system. There's also other countries where people actually give a shit about privacy or use warranted search. I could always build, deploy, and support it over there until Americans care enough that I can operate here.

Meanwhile, as great as the ideological claims sound here, none of you could pull it off in practice without major public and financial support. Wikileaks was the closest thing to that and fell when their payment processing was cut. That easy to drop an organization with great OPSEC, millions of dollars, and dirt on goverments & companies. Imagine how long a startup [they couldn't hack] would last telling judges & spooks to go fuck themselves. Even mighty Switzerland caved a bit to these people. My proposal can actually exist and long term. That's a pre-requisite for any successful secure product or service. One that other side's proposals are missing.

So, someone give me something decentralized & without escrow that replaces a core service while being torture proof, low odds of takedown/seizures, potential to apply high assurance processes to TCB, convenient, has comparable to commercial providers, and doesn't rely on the wisdom of the masses. Then, we'll talk on it.

Nick PNovember 18, 2014 10:09 PM

@ konfi

"Their highest representatives have lied under oath and made a mockery of the legal system in western democracies. We as tax payers are paying for the big guns and it turns out the guns have been turned on us."

Yep, but people keep empowering them even knowing this. That's almost psychotic. And supports my proposal more than others, ironically. They'll get the access one way or another. So, you want it limited & somewhat accounted for? Or unlimited & in secret? That's the decision businesses have.

"The idea that one can introduce a backdoor in a system and expect no-one else to figure it out has been proven to be a bad idea over and over again."

That's why the computer your typing on keeps deleting text, sending spam, and so on. Because your backdoor (the update program) keeps getting broken by bad guys over and over again. And so do all your service providers' VPN's, SSH, etc. Alternatively, you can build backdoors that are secure most of the time, occasionally result in a breakin, are improved, and systems are recovered. And life goes on. Which model corresponds to reality the most?

"Finally, the argument "it's hard to get privacy right, so we might as well not try at all" is so obviously flawed I won't even get into the details."

Who said that? The premise is people using low assurance systems and services by people with no regard to their privacy have no privacy. The second premise is the majority of those same people ensure laws that make this the default and punish anyone who does it differently. So, what legal options are available for increasing privacy in a country where people destroy it directly and indirectly? Much more difficult question to answer and very different from the one you posed. I agree *that* one is so flawed "I won't even go into the details."

@ e'

I've met many gun nuts being in the South and some from the West. Many of them push politicians that help create a police state and listen to media outlets that back them. Further, despite many knowing purpose of 2nd amendment, they *still* aren't using it to deal with even the proven dirty politicians and corporate types that are effectively immune to prosecution. Many have gone to prison or had their assets seized over various offenses without a single gunshot fired. In short, they aren't shit to the FBI or NSA. If anything, they'd probably shoot the people trying to help them because their friends, the radio, or TV tells them he's the enemy.

But, yeah, go ahead and build an impenetrable service here. Let the subversives know you have bullets waiting for them like those Waco folks did. I'll at least visit you in jail or your grave out of respect for your personal commitment to your beliefs. I surely won't use your service.

@ Thoth

"You need to also resist the monster appetite of Govt requests. They will never be satisfied."

That's the political problem. If the law says so & you refuse, you have to close up shop, go to jail, or die. Depends on their level of escalation. That the public allows that situation is on them. I've decided that I won't judge a business owner negatively if they do everything they legally can for us and no more. Why should we expect them to do more rather than the voters and Congress that enable these things? The situation is ridiculous here.

The key difference (for me) is that I can fight them in a court somewhere. I'm in control of how I build it, how I comply, etc. I can do everything I can do to provide some assurance against them and hopefully much more against others. That doesn't exist with current proprietary and FOSS offerings for a variety of reasons. And the domestic agencies won't stop hammering away. So, I like a situation where they might chill a bit, a judge might side with me, and everyone is safer. At least, until Americans decide to give us a chance to return to having civil liberties and I can further improve the offering.

@ Clive Robinson

I thought of that one too. Remember that the process runs on a highly robust TCB with trusted boot, POLA, etc. The warrant becomes another piece of software running on the machine in accordance with a security policy. If it's read-only, then all you need after that is an expiration date. The system would periodically check it to see if that date was reached. If so, the backdoor is disabled and deleted. The expiration date would be a public (to the escrow holder) part of the request. I particularly like the POLA enforcing hardware architectures because they make it easier to ensure a program doesn't act maliciously.

Further, the backdoor might even run on a dedicated chip or I.P. core that has high assurance methods applied to it even if system it accesses isn't highly assured. For instance, the system being accessed might put user data in certain locations of memory or parts of the file system without users being able to alter that. Necessitates memory or file encryption, of course. Then, the high assurance L.I. component is given access to just that part of memory/disk, can only use certain interface features, can't harm the rest of the system, and can be disabled at will.

Honestly, I think we all hate the concept of backdoors so much that the industry is overestimating how hard they are to make securely. Here's the function in a nutshell of a basic one: issue a read command to something, perform processing, and write to something for communication. Others, you, and I have all designed strong stuff more complicated. Most compromised examples that have been given weren't made in a high assurance way. Many they didn't really even care or have expertise to secure. So, it's no surprise they don't work right. Fortunately, security engineers continue to improve on the concept with research into "remote administration," "port knocking," "VPN's," etc. Secure backdoors basically... ;)

JustinNovember 18, 2014 11:17 PM

@ Nick P

Of course the men in black are not going to be happy if you build some high-assurance cryptographic privacy-enhancing system with no backdoor. Meanwhile the rest of us aren't going to buy it if it has a backdoor in it, and we don't want some trusted computing base with a backdoor mandated in our PCs, either.

If high assurance is your skill, why don't you build, oh, say a high-assurance pacemaker or insulin pump or anti-lock brake system, or even a traffic light controller without a backdoor in it? Just ordinary stuff where lives might be at stake if it doesn't work right. There is plenty of stuff you can build and sell high assurance with no backdoor that won't get the men in black after you.

Nick PNovember 18, 2014 11:54 PM

@ Justin

" Meanwhile the rest of us aren't going to buy it if it has a backdoor in it, and we don't want some trusted computing base with a backdoor mandated in our PCs, either."

You're probably typing that message on one. So you're full of it even if well-intentioned in that message.

"Just ordinary stuff where lives might be at stake if it doesn't work right. "

Other people build that stuff already with varying assurance. Anyway, that's not my thing. I'm very concerned about the ability of people to be themselves and do things without that being a weapon against them. The problems you push are smaller, although some are difficult. The basic liberties are a foundation that even they are built on so I have to keep trying to solve those problems even in a surveillance/police state.

JustinNovember 19, 2014 1:05 AM

" Meanwhile the rest of us aren't going to buy it if it has a backdoor in it, and we don't want some trusted computing base with a backdoor mandated in our PCs, either."

You're probably typing that message on one. So you're full of it even if well-intentioned in that message.

I'm not denying my PC may well be riddled with 0-days and backdoors in both hardware and software. That doesn't mean I want even more crap mandated on my PC.

I'm very concerned about the ability of people to be themselves and do things without that being a weapon against them.
If you're so concerned about this, then you wouldn't be so adamant about mandating an official backdoor for the FBI into everybody's PC. Haven't you heard or read about COINTELPRO under J. Edgar Hoover? Your backdoor would just further enable similar abuses, and there isn't a good technological solution against those abuses, once they are made easy by your backdoor.

And I don't know where your morals lie, either, especially with respect to the law. You don't seem to have much respect for our 4th Amendment rights, even though the Constitution is the supreme law of the land, simply because you judge it unlikely that you will be jailed for violating the 4th Amendment. For you is the law simply about not getting caught and staying out of jail? You seem to have no qualms about shipping others off to jail (or worse) arbitrarily with your backdoor, yet you sure want to stay out of jail yourself. (From your post above, you're squealing on anybody and everybody to avoid felony charges yourself.) Or is it for the money? Do you just want to build some product and have it mandated into all PCs sold in the U.S. and various other countries, so you can sell it to a captive audience? Guess what: everybody else wants to stay out of jail and make money, too.

And you know, whatever you're selling, it sounds really, really cheap, and I don't see anything "high-assurance" about it at all. For all our sakes, go find some morals and stick with them before you do anything else. I'm so disgusted I want to puke.

name requiredNovember 19, 2014 1:21 AM

"On the Effectiveness of Traffic Analysis Against Anonymity Networks"
www.cs.columbia.edu/~mikepo/papers/tor-netflow.pam14.pdf

1 0.) You are a poker player with unkown expert adversaries
2 who are strangers. If you cannot identify the 'sucker
3 in the game', then YOU ARE THE SUCKER.

4 1.) Tor is a violation of the principles of security
5 through obscurity and 'random reconfigurations.'

6 2.) like many of the key cryptographic standards, there
7 is no credible tests. Likely, the closest thing to a
8 real world test are the Russian botnets.

9 3.) poker game security can be hacked by colluding players.
10 See movie "The Sting." If a sizeable majority of bitcoin or
11 Tor are secret colluding adversaries, you are the 'sucker.'

12 4.) the attack class is categorized as WEAK adversary.
13 Likely real world attacks are medium or strong adversary.

14 5.)correlation technology advances, especially against
15 old technologies like Tor. A strong non-secret method is:
16 Maximum Mutual Information – MMI. Are there strong
17 secret methods?

18 6.) hardware Cisco routers using Netflow could have
19 'backdoors.' The information leakage could be
20 difficult to detect and both intentional
21 and un-intensional.

22 7.)anti-monitoring could be used to prevent surveys
23 by inquisitive prof24 8.)stealth scans using weaknesses of the protocol
25 stacks like "DNS Rebind attack" are known.
26 Zero day exploits against servers are sometimes
27 non-secret.
28 Zero day exploits against protocols and even
29 weak design standards tend to be secret.

30 9.) correlations can be on multi-factorial and
31 multi-level. Can include traffic analysis
32 (passive by college professor), traffic analysis
33 (active), meta-data, data, side-channel.

34 10.) simple case of removing the hay to get to
35 the needle. Turn off the 'smart meter.' No
36 electric means no communication at that time.

37 11.)supercomputing plus Big Data means
38 cryptography and even Tor protocols fail.
39 The future has parallel GPU clouds and
40 even quantum computing.

41 12.) with no meta-data and only signal analysis
42 could your cell-phone be recognized?
43 "Source Cell-Phone Recognition from Recorded
44 Speech Using Non-Speech Segments"

FigureitoutNovember 19, 2014 1:37 AM

Gerard van Vooren
--Don't need that at the moment (my home base is still in tatters and vulnerable), but it's probably (as in 98%) better than what I could come up w/ when I want to start connecting a small dedicated PC to the 'net. The way they describe I'm left wondering..."WTF why isn't this standard instead already?!" It'd be cool if DJB could come on here and chat. I suppose I could email him so long as he doesn't mind a mail from a nasty address lol.

Ethos is cool too, still not ready for it yet; looks like they need some help... Made another purchase the other day for another backup PC which I need to start imaging my assembling PC's HDD, and probably the other 2 as well, incase they fail (old IDE-based ones) and some of the older PC's have proprietary drivers on the HDD so I don't want to lose the computer completely if the HDD dies which I'm betting it will before I'm done. Also trying to apply this to my work too, it'd be a bit of a blow to lose some of this software and stuff, and no one's taking it as seriously as me; makes me nervous...

Thoth
--Forcing side channel attacks and stripping crypto is practically better; even if the implementation sucks. Security is never set in stone; in fact it's been changing for the worse for a while now...

e'
--Calling for a revolution on facebook (back when I had one) is exactly what started some weirdness for me that wouldn't go away. My advice for those w/ similar feelings (of which I can totally relate) is to prepare yourself fully before making them, otherwise they're going to catch you w/ you pants down and all your backups will be compromised and forced to make compromised backups for the sake of having a backup! It sucks...They simply wait until you go to work/date/grocery/anything; unless you got a set up of similar minded people that keep physical guard 24/7. If that's the case, noice...

Hugh Jass
--No probs ya big ass, quit being a lurker :p ; take it, leave it, modify it; it's still a highly incomplete "manual" but hits the big parts. Dedicated device w/ little to tracing back to owner, LiveBoot only device, physically gut the device of most sensors and just use USB wifi devices. OPSEC is mostly common sense but takes a lot of discipline to follow thru obsessively and there's pitfalls/chokepoints which are very hard to near impossible avoid, and getting started is like the hardest thing ever...I like your set up, it's pretty strong; I really need to try out Qubes and get a better VM set up going. The importance of long range wifi is to physically remove you from an area; tracking down your PC to that router, it's assumed you're w/in 50-100ft or whatever, when you're in fact 1,2,3+ miles away. Now it could be a lot more people...

BoppingAround
--Huh, never heard of book nor author; noice. Haven't read a good novel/fiction/sci-fi in so long...been purely either coding/radio/hardware reading. Been meaning to read Animal Farm which looks like a quick read but then it never happens lol...

Nick P
--Won't address the many points I want to chime in on, but just this. Stop blaming "the public" for where we are and acting like you can just remove yourself from "the public"; you keep saying it. You failed to effect change and stop trying to make excuses for that or blame someone else. EVERYONE has a piece of this failure we can take home and put on the mantle. I failed when I had an opportunity to try out some things in state legislature during an election year and I froze b/c there was just too much entrenched old systems. I couldn't come up w/ a solution and not come across as a dictator of sorts...Frickin' annoying trying to organize people, making cliques and not agreeing w/ you just b/c they don't like you as a person (or you didn't 'court' them enough).

Also in your reply to Justin, You're probably typing that message on one. So you're full of it even if well-intentioned in that message.
--Stop. Friendly fire. We all f*cking are.

AdjuvantNovember 19, 2014 2:41 AM

@Figureitout:
Been meaning to read Animal Farm which looks like a quick read but then it never happens lol...

I'll just take a quick break from subtitling to solve that problem for you.
https://archive.org/details/GeorgeOrwellsanimalFarmRadioAudio

There: fixed. Sometimes audio is just the thing :-)

Very much in the vein of my suggestion last week to investigate the fortnightly podcasts at unwelcomeguests.com.

And, intriguingly enough in light of the discussion in that same thread regarding Web/Internet decentralizaion projects, I found out that the guy who puts it together, Robin Upton, is a Stats/AI Ph.D who also runs altruists.org, and is working on decentralized P2P XML project called Friend2Friend. Small world!

Clive RobinsonNovember 19, 2014 4:52 AM

@ Nick P,

I thought of that one too. Remember that the process runs on a highly robust TCB with trusted boot, POLA, etc. The warrant becomes another piece of software running on the machine in accordance with a security policy.

Sorry no the LEO's won't go for it.

The primary reason for getting an eavesdropping / wiretap / comms warrant is secrecy.

That is you don't want to alert the target or even risk alerting the target because they will change what they do, and the warrent will be wasted, as will all the --supposed-- ground work that led up to the application of the comms warrant.

Secondly having it on the targets machine means they will be able to detect the change in some way, further what's to stop them putting in a firewall to block the warrant coming in?

Basicaly somebody will hang an invisable recording device via a cut wire data diode, off of the in bound network connection, then engineer a situation where they capture the inbound warrant and make it available to whom so ever will pay their price.

No LEOs will want a backdoor in the actual comms, so they can hang their own invisable recording device off of the network one or two steps up stream of the target. That way the target cannot get tipped off. And that sort of backdoor is smashed beyond repair once the method is known or a key divulged, and the only way to repair it / board it up would notify the user which would cause the problem of tipping them off that they have been and will continue to be a suspect at some level.

As I've said it's a problem without a real solution that would be acceptable to either the LEOs or any users so the idea has always been and will continue to be a dead duck.

Just to make the point about why the backdoor cannot be on any devices under my control, I being a person deaply suspicious of the LEOs or just plain paranoid decide I need extra assurance of "hooky behaviour" what might I do?

Well step one is set up two independent comms channels between me and the person I wish to communicate with without observation. I put one of your systms at either end of the primary channel, immediately outside these systems I put my cut wire data diodes, one on the TX wire and one on the RX wire at each end. I record all data and also encrypt it in blocks and run the encrypted blocks through a hash process. I then send the hash down the secondary channel to the other end, where it is compared to the hash generated at that end. So if my TX hash does not match the other ends RX hash or vice versa then someone has injected traffic via a MITM impersonation. Immediately this is detected I switch to "under observation" mode and the warrant is wasted as is all the lead up work the LEO has --supposedly-- done.

As long as the end points are on the other side of the demark I control any backdoor on the private side of the demark will be pointless as far as the primary requirment for secrecy from me is concerned... Even if the LEO has a side channel, we are now very publicaly aware of the viable posabilities and how we can block them...

ThothNovember 19, 2014 6:45 AM

How to catch malicious hardware circuits.

Link: http://eprint.iacr.org/2014/943.pdf

Looks promising.

I was trying to explain what happen if someone encrypts data before hand before using a possibly tapped device to transmit and for the receiving end to heck thr MAC of the receiving message and bring it to his own separate decryption device to work. That is exactly how TFC works. Bundling all the eggs in one basket is really dangerous and anyone wouldnt do that if they suspect a tapping.

Andrew_KNovember 19, 2014 7:18 AM

@ Nick P

Thank you for your elaboration.

In terms of statistic, you want to follow pareto's principle and decide not to be an outlier. Since securing a system to a grade of more than 80 percent makes not only really hard work but also you an outlier. And outliers are notoriously suspicious.

Personally, I share Clive's arguments on why LEOs will stay reluctant.

BoppingAroundNovember 19, 2014 9:49 AM

Nick P,

> There's also other countries where people actually give a shit about privacy

Can you provide a list please? I am genuinely interested.
One is probably Switzerland — you mentioned it before.

Nick PNovember 19, 2014 10:35 AM

@ Justin

"I'm not denying my PC may well be riddled with 0-days and backdoors in both hardware and software. That doesn't mean I want even more crap mandated on my PC."

It already is. They're just lying to you about whether they put it in, the level of access, how many local/foreign organizations have access, and its quality. My proposal is better on all accounts. I understand that you would oppose it, though, and did myself for over a decade. Yet, here we are writing on probably backdoored machines connected to a surveillance platform. You're already trading off security/privacy for convenience & cost rather than leveraging what strong privacy/encryption tools are available. You'd do it again if I risked my freedom to build a better one.

"Haven't you heard or read about COINTELPRO under J. Edgar Hoover? Your backdoor would just further enable similar abuses, and there isn't a good technological solution against those abuses, once they are made easy by your backdoor. "

It could. That's a risk. Know what else can? An agency with backdoors in most things that works with police agencies doing parallel construction. What you say is already happening and that's because the process is totally secret with nobody in the loop (past a few leakers) that gives a shit. My method allows people like us to be in the loop and ensure the integrity of the process. That's at least a chance at restricting them on some levels until legal reforms show up.

"You don't seem to have much respect for our 4th Amendment rights, even though the Constitution is the supreme law of the land, "

Had you read the Fourth Amendment, you wouldn't think it grants you absolute privacy. Notice that the Framers included that the government has the right to search or seize your property, so long as it's reasonable and a warrant was issued. Applied to PC's, this means they either have to have a backdoor or a good assurance they'll get the user's key when they ask. They haven't had the latter assurance. So, being compliant with the Constitution requires that problem to be solved (somehow) or an escrow process that holds them accountable. I've worked the other end for almost ten years so I don't mind investing a few months into escrow.

"You seem to have no qualms about shipping others off to jail (or worse) arbitrarily with your backdoor, yet you sure want to stay out of jail yourself. (From your post above, you're squealing on anybody and everybody to avoid felony charges yourself.) "

Straight to a baseless personal attack. Had I been a squeeler, I'd still have money and a business. I stayed out of jail by ceasing operations in a police state. Allowing warranted search in a country with a justice system and the 4th amendment is not "shipping others off to jail." That would be the voters, Congress, police, and courts deciding that stuff as usual. I don't even have the legal right to tell them otherwise per the Constitution. I don't see any trend to change that either. Blame the people creating those problems and building a box around privacy tool builders, not the builders.

"Guess what: everybody else wants to stay out of jail and make money, too."

Then, they should do something to change the status quo than watching football, partying, online flaming, bullshiting, etc. I've made and continue to make sacrifices to help make it happen. Where is "everybody" in this fight? I haven't seen them. We're losing it because they're not present. So, I call bullshit again: you're projecting yourself onto America as a whole. A group of people that just gripe about problems and wouldn't risk a finger to change them in a serious effort. Minus a small few.

I won't give up on liberty or security. But I've almost given up on it happening in America or if its people are worth protecting. I'm thinking my efforts would be better served in an active democracy. Can't relocate my whole extended family so I stay over here for their sake. That's all that's keeping me here this long into a one-sided war.

@ Figureitout

Oh, I take a share of the blame. I gave up everything for them and they're not even trying. That's what I blame them for. I keep reminding them that the only thing necessary for the triumph of evil is that good men and women do nothing.

re message to Justin

I'm just reminding him that he's probably willingly using a backdoor to say he will resist backdoors at all costs. He probably didn't try to foreign source his equipment, use an security driven OS that's less user-friendly, authenticate his message with crypto, etc. Yet, he'd fight a highly secure solution of mine because a local agency might get his data. And he's using stuff that enable that. I'm just... pointing out the irony and contradiction of his words to his actions.

I'm using it for a different reason. I already told you what that was. It's not something I'd recommend to others but it's what I have to do until some variables in the situation change.

@ Andrew_K

I'm still an outlier. I'm just not getting jailed or shot for nothing. I'll continue fighting them every legal way I can while trying to increase the security of our systems against foreign and criminal organizations. My scheme also secures the systems against sabotage by the domestic groups. Don't forget that what I'm proposing will still put me at risk of prison if the secret courts decide it's not good enough. I'd have to shutdown if I lost the legal battle.

@ BoppingAround

I strongly considered Switzerland and Iceland. I'm still evaluating the others. I'd start with the Democracy Index or whatever its called that rates democracies. Start with the Top 10 looking at how their laws, courts, press, and democratic processes work in general. I got a recent setback when a leak showed most countries in Europe were SIGINT partners of NSA. Even the ones I thought wouldn't go for that. The subversion level is incredible and Andrew_K was about one thing: their continued, unchallenged success is depressing to me. Several thousand checkmates in a row with many opponents skipping all their turns to play.

@ Clive Robinson

I'm out of time (work calls) and want to think on your post more deeply before I respond. So, I'll get back to you later today or the next day.

AdjuvantNovember 19, 2014 12:54 PM

@NickP:
Depressing to see you come to these conclusions, but I do follow your logic.
I began a similar "evaluation process" myself a while back, though I too have put it on the back burner for the time being for personal reasons and would, at this point, characterize it as contingency planning. For a number of reasons (including political, geopolitical, climatic/environmental, and ease/accessibility of immigration) the Mercosur/Mercosul bloc was high on my initial list, Uruguay in particular (which used to be thought of as "the Switzerland of South America"). I've got to say, Don Pepe Mujica is a class act. Worth a thought.

Clive RobinsonNovember 19, 2014 1:17 PM

@ Nick P,

Notice that the Framers included that the government has the right to search or seize your property, so long as it's reasonable and a warrant was issued. Applied to PC's, this means they either have to have a backdoor or a good assurance they'll get the user's key when they ask They haven't had the latter assurance.

OK I see what might be a cause of difference of opinion. You are looking at the PC in terms of "papers" that is as a document repository. Not as I'm looking at it as one end of a secure "comms" link.

In the case of "papers" the PC is either a "filing cabinet with a key" or a "safe with a combination". The cabinet is subject to search because the key is in effect a physical object, the safe not so because the combination is ephemeral knowledge and is protected by the 5th if it cannot be opened without it. In either case secrecy from the target is not required as "physical access" to "physical documents" on presentation of the warrant is what that type of warrant is about. The LEO's argue a PC is a file cabinet and thus they should be given access whatever the form of the key under the 4th, the defence argues it's ephemeral and thus protected under the 5th, the judiciary tend to lean towards the prosecution, by ensuring that the defendant has not in some way made an admission directly, indirectly, or what the judge concerned interprets the defendent --supposadly-- said or implied according to the LEOs...

However "comms" in the electronic form are not physical objects, and their value is only realised by recording them secretly from the target. They are not "papers" to be produced on presentation of a warrant, and aside from secret courts much of the law surounding evesdropping, wire tapping, etc appears to be case law in the US as prosecutors, defending counsel and judges try to relate the ephemeral "comms" with the physical "papers".

My solution to "papers" for stored data is to split it across foreign jurisdictions such that they can only be considered "comms" within the home jurisdiction and thus the 4th is negated leaving only the 5th.

SkepticalNovember 19, 2014 2:04 PM


@Justin If you're so concerned about this, then you wouldn't be so adamant about mandating an official backdoor for the FBI into everybody's PC. Haven't you heard or read about COINTELPRO under J. Edgar Hoover? Your backdoor would just further enable similar abuses, and there isn't a good technological solution against those abuses, once they are made easy by your backdoor.

What stopped those abuses? It wasn't stronger encryption, or technology - it was a set of reforms instituted by law.

True limits on government abuse have never been won by technology. This is the rationale of those who also believe that gun rights protect against government abuse, and it is just as mistaken here.

Instead true limits on government abuse are won by instituting laws and policies that are accepted by the public as legitimate and shaped intelligently to enable their successful implementation.

Ultimately any technology that will be acceptable politically - and this is the key point, it must be acceptable politically - must be one that works in a framework of competing values. Individual privacy is not the sole value in any existing democracy that I am aware of, nor has it ever been.

And I don't know where your morals lie, either, especially with respect to the law. You don't seem to have much respect for our 4th Amendment rights, even though the Constitution is the supreme law of the land, simply because you judge it unlikely that you will be jailed for violating the 4th Amendment.

Nick and I disagree frequently, but your attack here is completely misguided. The 4th Amendment does not enshrine any absolute right to privacy. It never has, and it never will. Nor will the public countenance any such law, because the public does not believe that such a right exists either.

I can understand the motivation to improve privacy protections. But realistic means of doing so must take values other than privacy into account. This makes the problem harder, more complex, less susceptible to easy definitions and easy solutions. But that's the world.

David OftedalNovember 19, 2014 2:12 PM

Well, someone announced a PRNG which "owes its existence to Reddit" yesterday:

http://www.reddit.com/r/programming/comments/2momvr/pcg_a_family_of_better_random_number_generators/

Not only that, but the homepage compares the algorithms to among others Fortuna:

Most RNGs use a very simple output function. (...)

"A few RNGs adopt the opposite approach. For example, the Fortuna RNG has a trivial state transition function (it just increments a counter), but uses a cryptographic block cypher as the output function.

(...) The PCG family takes a more balanced approach."

The PCG algorithms do not seem to be meant for cryptography, but are claimed to have "better-than-typical cryptographic security" all the same; the idea being that the typical level of cryptographic security is "absolutely none". Which is a novel way of putting it, but probably true.

AnuraNovember 19, 2014 4:07 PM

It's an interesting algorithm, but it seems like it's designed so it can produce non-random streams to guarantee an output will occur. There are situations where that's useful, but I wouldn't consider it for cryptographic purposes.

Tangent:
---
I personally don't like block-cipher based PRNGs like Fortuna for systems where you don't need deterministic output and you are worried about state recovery. With Fortuna, recovering the state will allow you to compute all outputs since the previous re-seed.

I like the idea of using SHA-512 and using half of the hash as the output and half the hash to the input to the next call. Recovering the state only allows you to predict future, not past outputs. It also allows a state of arbitrary length - I think if you have 896-bits, it only needs to process one block, although I might be forgetting something, so you can include a 64-bit counter to guarantee it won't get stuck in a loop (which is highly unlikely anyway), then with the 256-bit chain value, you can have 576-bits of static state while maximizing perfremance.

Remember Whisper?November 19, 2014 4:10 PM

How is this for privacy, or lack thereof...

In Uber’s “Rides of Glory” blog post from 2012, the company published maps highlighting the neighborhoods where residents most often participated in “brief overnight weekend stays.” And while the identities of individual users were “blind” — meaning not personally identifiable — the Uber official studied the gender breakdown to conclude that when a higher ratio of men use the car service, there are more such brief visits in a neighborhood.

Source:

Uber executive stirs up privacy controversy
http://www.washingtonpost.com/business/technology/uber-executive-stirs-up-privacy-controversy/2014/11/18/d0607836-6f61-11e4-ad12-3734c461eab6_story.html?tid=pm_business_pop

Gerard van VoorenNovember 19, 2014 5:30 PM

@ Figureitout

The way they describe I'm left wondering..."WTF why isn't this [MinimaLT] standard instead already?!"

Good question. I thought about that question too but haven't got the answer. (altough after seeing the presentation I do...)

It'd be cool if DJB could come on here and chat. I suppose I could email him so long as he doesn't mind a mail from a nasty address lol.

I think that like all worlds the world of academic cryptographers is rather small. Who knows he actually might...?

Ethos is cool too, still not ready for it yet; looks like they need some help...

Yes. All I am saying is it will take some time. I like their ideas though.

Slightly off topic, I just saw this presentation. It's about a year old but for the ones that didn't see it, it has got a couple of great moments! https://www.youtube.com/watch?v=HJB1mYEZPPA

JustinNovember 19, 2014 6:18 PM

@ Skeptical & Nick P

Let's see how these rights are enshrined, then:

... We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. ...
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Computers can be seized and searched by an old-fashioned search warrant, with "probable cause, supported by Oath or affirmation," but other that there is no exception to this right, particularly not to force me to submit to some government mandated device in my own computer that can be arbitrarily used to spy on me.

I don't mean to be so rude, but I strongly object to all the moral relativism and wishy-washiness when it comes to the Bill of Rights, when some new law authorizing more surveillance is interpreted to mean absolutely and exactly what it says.

Nick PNovember 19, 2014 9:08 PM

@ Justin

"I strongly object to all the moral relativism and wishy-washiness when it comes to the Bill of Rights"

I agree. I'm merely implementing the 4th Amendment on a computer. It allows warranted search and per case law quite a bit more. Remember that Supreme Court rulings are enshrined in the Constitution as well. Full anonymity and crypto schemes on highly assured SOC's don't allow warranted search. So, they'll be interpreted as unconstitutional by most branches of government and they'll push something worse than I am discussing.

The technical point here: how can they execute a search on a secure container when the keys are protected in the SOC, memory/devices don't see plaintext, and the owner doesn't provide the key?

@ Clive

re legal case

You hit the nail on the head of the legal aspects of the discussion. It is a Fourth vs First + Fifth Amendment issue. You're way off on a safe: they can search a safe with a warrant and we legally must open it for them. That can also search it with probable cause with higher risk of what they find being tossed out if the judge thinks the search was unjustified. That communications are papers (letters, specifically) as mainly case law I agree. We should probably fight that in the courts more often. Meanwhile, that's what the courts are enforcing.

I think the trick might be to split it up a bit. The main target of the search warrant per Fourth Amendment is stored data. The documents, pictures, videos, conversation logs, etc all seem to fit in the Fourth Amendment perspective. If you don't delete them or put them off device, they're fair game. The communications are only searched if a warranted wiretap is in place. Note that this gives a restriction already: a search for a specific type of files or data stored on the system; intercepting communications. The time limit also. So, if we fight for different case law via jury trials, then the wiretapping or types of electronic search might be limited more although not likely eliminated.

So far, I think this is consistent with people's expectations, case law, and the Constitution's intent.

"My solution to "papers" for stored data is to split it across foreign jurisdictions such that they can only be considered "comms" within the home jurisdiction and thus the 4th is negated leaving only the 5th."

Sounds similar to my moving communications through multiple foreign jurisdictions scheme. Although, these days, I think that might be treated as a sign of guilt if it doesn't look incidental (eg. multinational company). Perhaps do that by making it (on paper) a collaboration between a variety of nationalities which keep their own part of keys/data to maintain mutual trust. Allows a setup like yours in a way that makes sense to a judge or jury. Hoped result: "I could see a bunch of people from different nations wanting to split the trust of their platform in a way where all of their countries' courts would have to authorize a search."

Something like that. Sounds like it might be too expensive for an individual to pull off without it looking fishy. One that isn't rich.

AlanSNovember 19, 2014 9:10 PM

@Skeptical

"What stopped those abuses? It wasn't stronger encryption, or technology - it was a set of reforms instituted by law. Instead true limits on government abuse are won by instituting laws and policies that are accepted by the public as legitimate and shaped intelligently to enable their successful implementation."

I don't disagree but that was then. The reforms that followed in the wake of the Church Committee have been steadily eroded. And now we have a dysfunctional government that's more interested in spreading misinformation and CYA than meaningful reform. There was plenty of evidence of that this week when they balked at even watered-down reforms. In the absence of any meaningful reform, crypto will continue to spread. Plenty of evidence of that this week as well.

Nick PNovember 19, 2014 9:43 PM

@ AlanS

You're actually both right on this. He was right and worded it well when he pointed out it needed to be legal reforms with public acceptance/support. You're right that the old reforms have been eroded and no such reforms are happening. There's also nowhere near the strong public and Congressional support for reforms that there were before. So, he's right but a key component is missing in this situation: the people and/or Congress pushing hard for the reforms. Neither are really doing it and so the reforms aren't showing up.

I said once that we needed to see something that would get the public as angry and active as they once were to change this situation. If there's a coup, the most brilliant aspect of it is that they've also realized this and made sure they don't cross into that territory. Seeing how expertly they do this even with the Snowden revelations makes me doubt The People's Fight or Flight Response will kick in. They'll just be alerted, annoyed, grumble, and continue coasting.

Clive RobinsonNovember 19, 2014 11:47 PM

@ Nick P,

You're way off on a safe: they can search a safe with a warrant and we legally must open it for them.

As I said they can search it if they can open it, the problem is "who owns the lock and or combination" you only have to open it if they can reasonably assume you have control of the lock.

For instance a safe bolted to the floor/walk under my desk in my office in my home where I am the sole occupant would probably be assumed to be not only my property but under my control unless I could show convincingly otherwise.

However a safe in a security office may be there simply because the office is guarded/maned 24x7 thus the safe may well not be either the property of, or under the control of the person / persons who use the office.

The question falls to "who knows the combination" of the safe, if ownership or control of the safe can be shown to be you then it's reasonable for a judge to compell you to open it. If however you can show you don't control it then it would be unreasonable to try and compell you to open it (justice would not be served by you suffering through no fault of your own). If however the control of the safe is not established compelling you to use the "knowledge inside your head" to open it is self incrimination if you do open it. Again if you don't open it --because you don't know-- and you are imprisoned "untill you do" is not justice. Hence my comment about what the prosecution claim you said about the safe / combination.

Translated to a PC, I could quite reasonably have files on my computer that are encrypted and I don't know the key for them, if I am for instance an investigator / researcher of computer security. In the case of an investigator there would be a legal chain of evidence that could be traced back. For a researcher there might not be a legal chain of evidence, but there might well be emails etc showing how it came into your possession and why.

Likewise an employee traveling to another office, might well be acting in effect as a courier for their employer, and thus have no knowledge of what a file is, or even if it's encrypted.

Further it is often more convenient to use a laptop to move "backups" from one system to another, than install expensive copies of "backup software" on all the systems and further install expensive tape drives or other removable media systems. Administrators and technicians do it all the time, and quite often won't delete the backup on the "just in case" principle untill they need the space for another backup etc. They may not have a clue what the data is, if for instance it was a dd of a hard drive partition. Also such a laptop may be like a company "pool car" shared by many people within an organisation. Thus the person holding it "when the music stops" may actually have no knowledge that there is a backup of files on the laptop at all. Such issues also arise with people traveling on business who are asigned a laptop for that particular trip etc and "user support" have not cleaned it up properly.

Then there is the question of "malware" it is not unknown or even unusual for files to appear on a persons computer without their knowledge due to malware etc. Sometimes it's been put on for "blackmail", sometimes because it's "temporary/relay/cutout storage" used for data theft, or even by spamers and other low lifes hiding their activities. There is atleast one case of a wifi connected computer being used as a "porn store" by a neighbour to keep the illegal pictures off their own PC. Further in atleast one well publisised case a prototype macro virus for Word was sent out as a Microsoft update... then there was the "supply chain" contamination of one of Apples products to distribute malware. And should I need to mention USB devices ;-) that are either counterfeit or have been reprogramed to report they are bigger than they realy are, that also come with autorun malware etc that have been injected into the supply chain...

The fact that something is on a PC under somebodies control does not mean that they are aware of it, nor that they might know the key if it's encrypted. Prosecuters will claim what the judge will let them get away with, likewise the defence assuming it's one of those 3% of cases where it's not been plee bargained and actually made it to court.

The problem these days is the measure of "beyond reasonable doubt" nolonger applies in criminal cases it's argued away to even less than "balance of probability" and judges do not pick up on what is just hearsay, or direct juries correctly, because they have a near compleate lack of understanding of ITSec as do more than 99.9% of those who use computers. It's why the likes of "parallel construction" can be so easily used and neither the judge or jury are any the wiser.

As has been noted "Justice is expensive, the more money you have the better justice you can buy"...

ThothNovember 20, 2014 12:43 AM

@Nick P
Build fully open designs and reveal it which includes documenting LEO circuits. Users can choose to DIY with or without LEO parts or come to you to buy the open design version, remove the tamper seal, remove the parts and you can just say they broke the seal.

JustinNovember 20, 2014 1:32 AM

@Nick P

I'm merely implementing the 4th Amendment on a computer. It allows warranted search and per case law quite a bit more. Remember that Supreme Court rulings are enshrined in the Constitution as well. Full anonymity and crypto schemes on highly assured SOC's don't allow warranted search. So, they'll be interpreted as unconstitutional by most branches of government and they'll push something worse than I am discussing.

Nowhere does the 4th Amendment guarantee for law enforcement the ability or the means to conduct a warranted search. It merely prohibits unreasonable searches and seizures. Highly assured anonymity and crypto schemes might be interpreted as too dangerous to allow by some branches of government, but there is no way they can be interpreted as unconstitutional.

FigureitoutNovember 20, 2014 2:45 AM

Adjuvant
--Ah nice, funny you have an open source organization like archive.org that is doing similar things to google and other sig-int groups; but I trust Kahle and the small group there. Weird. But thank you!

Nick P
I gave up everything for them and they're not even trying.
--Except you haven't, I take it you aren't posting from jail? Ladar Levison sacrificed his business for standing up and being truthful to his customers, that's badass. In the process since he could afford a lawyer (unlike me) he backed up what I was saying (I also didn't establish perimeter security before being breached as I didn't think it was necessary being a civilian and merely speaking...), he got a taste of things I've mainly just talked about and further reinforced his mission and resolve. Nothing interesting ever happens if people don't make sacrifices. All you have is weak people crying helplessly and they won't do anything ever. I've learned and continue to learn; if you want to see something done sometimes you need to be an ass and push for it. Problem is people who get things done don't focus on every minute detail that is needed for security or a "reasonably secure implementation" such that people like me can take a deep breath for a second.

Also major aspects you keep missing is the weak economy not just this country but the world is experiencing. And then as we see time and time again the excessive force brought to those merely speaking, not even speaking merely typing. I started publicizing many things I shouldn't have here to put out evidence I'm not doing anything that's an actual threat in case I do get false evidence planted in my room or in one of the many memory devices scattered around (think they've found them all?--Nope) Encrypted volumes on HDD's I find, they could place porno I can't even access, then further making it appear I'm stonewalling an investigation by not decrypting what I can't! Then since encrypted volumes that are almost certainly malware, if I do eventually break it and delete it; now I'm destroying evidence in their ignorant minds...

Many people can't handle this mentally. When you really have a physical person that is showing up everywhere you go; when it "gets real", you won't sleep right. If you're like me sometimes you randomly move around for fear of a sniper, looking for laser pointers occasionally, etc. Totally irrational fears, but there of course has been the DC snipers randomly sniping people getting gas or driving on the highway just get frickin' sniped...Also I don't like people or especially cars behind me. That's the mindset these things cause. How many people do you think want to do something, but will be living in the street if they do? This, is what makes me sad...

Gerard van Vooren
--It was a good presentation, listened to it while doing math hw lol. DJB didn't talk enough; but I liked how he called out crypto community, guys we haven't had major upgrades to ciphers in like 20-30 years! Was good they reported some decent progress all a sudden, but still...And like we just witnessed recently w/ Nick P & Thoth (establishing a temp. crypto comms channel w/ Windows...c'mon...just like using Internet Explorer to download Firefox or Chrome, there's many CD-burning tools and OS's for free, frickin' point-n-click, there's no real work involved...only problem is one wonders how clean the files remain or are hooks burned to disk as well. It's why one of major areas I'm interested in is a good disassembler that shows the file who's boss and really tells me what it is.) the tools are a pain in the ass and "glitchy", that's the description of whatever bug Nick P experienced. And why investigative journalists will have problems encrypting correspondence w/ sources, stories they're working on, and establishing initial contact and further comms semi-securely w/ totally doable OPSEC.

ThothNovember 20, 2014 7:24 AM

@Figureitout
As i have always said, the crypto/security/high assurance industry is drugged and badly sick. It needs a really hard boot by really brave people willing to have a big and open heart with the right intentions and motivations.

The PGP KEX episode is how hilarous doing something like a KEX is. A better KEX technique is needed for people here to communicate. I am not sure if @Bruce Schneier might want to facilitate somehow or we might need to find our own ways.

Risk Splitting OTP Keymat Transport Mechanism.

1. Select a N amount of smartcards or SD cards.

2. Receiving party to create N amount of asymmetric keypairs and hand over N amount of public keys.

3. Sending party uses each public key to encrypt a unique symmwtric key which encrypts its OTP keymat payload.

This way if one of the cards or a few are lost or captured, beither the sender nor the courier proves any knwoledge as it requires multuple private keys of the receiver considering you might want to send out multiple trusted couriers to deliver a bunch of OTP keymats over a selection of transport modes and jurisdiction.

Andrew_KNovember 20, 2014 7:54 AM

@ Clive Robinson

If however you can show you don't control it then it would be unreasonable to try and compell you to open it (justice would not be served by you suffering through no fault of your own).
-- Clive Robinson

Yes but no. Today, it's not necessarily about serving justice. Or things being reasonable. It's also about the chilling effect. You build a device that can be used to plan a terrorist act without state authorities able to subvert it? Jail! GTMO!
At least until you can sucessfully demonstrate how to break it. Depending on how public things have become up to this moment, your life plans may change. "Ever tought about working for the government...?"

[Judges] have a near compleate lack of understanding of ITSec as do more than 99.9% of those who use computers.
-- Clive Robinson

And that makes a difficult problem. Trial about IT related crimes are degraded to a race of external specialists. Both parties, prosecutor and defender seek to impress the judge with "better", "more integer", or simply greater experts. This is where social engineering kicks in. Not the expert with the deeper knowledge, not the expert with the most plausible explaination for the case will be the one that does the trick. It will be the one who wraps in (coerces?) the Judge.

As has been noted "Justice is expensive, the more money you have the better justice you can buy"...
-- Clive Robinson

Ok, it feels like I am not telling you anything new. Perhaps this comment was redundant -- in that case, excuse any boredom :)

@ Figureitout
Everyone has to decide which battles to fight and which not. Personally, I have seen enough to accept both -- those putting their way of life at stake for an ideal and those not wanting to lose it over an ideal. No question, I admire those sticking to their ideal, but in the end both is fine.

My point: We all have just one life and once it is ruined, there is no magic reset or undo button to push. Life is strictly monotonic increasing... When your enemy plays dirty (and we are talking about entities with the power to play very dirty tricks), you lose wife, children, income, and friends. In one week. Then what?
Again, we have just one life. I refuse to blame anyone for not ruining it without absoulte necessity.

Without wanting to freak you out, good snipers do not need lasers nor do they want them since it spots their position and may alarm the target.
You'd just drop down dead.
Compared to many other plots, I find that (from life to death in less than a minute) rather comforting -- I'd be more suspicious of groups of different yet somehow similar (male, age 20-35, no belly nor excessive body building) persons changing tube or bus with me multiple times.

BJPNovember 20, 2014 8:07 AM

Ugh, too many people taking Nick P's decisions way too personally.

I disagree vehemently with Nick P's conclusions.

But now I see too many (apparent) regulars questioning his honor and motives.

Because purity tests amongst ourselves... lead to better security, right?

Nick P's proposal(s) would be a gain, on net, compared to the status quo ante Snowden. I consider them insufficient. Not so insufficient that I would cast aspersions on him nor oppose their implementation. Sufficient enough that the possibility of discussion here, focusing on him, having all the hallmarks of a worked psy-op, does not seem out of the question.

Clive RobinsonNovember 20, 2014 8:31 AM

@ Nick P,

There is a way in the UK to get the warrant presentation to work in "papers only" mode.

Assume that crypto is done via an HSM in the system and it has a "local only" fillport which can retrieve information only by use of a signed message that has been encrypted via a chaining mode of AES or other suitable block cipher, which requires the use of an unknown key and time sensitive IV. In the UK "signing keys" under RIPA are treated differently to encryption keys, where you can be forced to give up encryption keys but not signing keys.

If the HSM randomly generates it's own keys and IV and only gives them up to the local port in answer to correctly signed messages in a time sensitive way, would mean that the device would have to be in effect brought back to the factory to be crypto opened, thus the warrant would have to be checked by the factory for validity befor being acted upon.

Thus the legal process would have to be carried out where the factory that fills the HSM is based.

I won't outline all the steps because it would be long winded and your previous posts suggest you are quite capable of working them out for yourself as are one or two others here.

Thus you can design it not just to alow LEO access but "only" lawfully obtained LEO access, optionaly via another jurisdictions "open" court system.

Unless the LEO has the facilities to open the HSM and retrieve it's secrets, which we know can be done but is sufficiently expensive and difficult that using the open legal process would be their prefered option. Either way the LEO has to put "real skin in the game" which returns some balance to the system, and puts it on a more even keel.

CFNovember 20, 2014 11:45 AM

Would really appreciate some discussion on Detekt here.

"Free tool detects ‘government surveillance spyware’"

"The tool was developed by German security researcher Claudio Guarnier, who was part of the team that first identified that the commercially available FinFisher spyware sold to law enforcement and governments had been found running on computers all over the world."

hxxp://betanews.com/2014/11/19/free-tool-detects-government-surveillance-spyware/

"Detekt is a Python tool that relies on Yara, Volatility and Winpmem to scan the memory of a running Windows system (currently supporting Windows XP to Windows 8 both 32 and 64 bit and Windows 8.1 32bit).

Detekt tries to detect the presence of pre-defined patterns that have been identified through the course of our research to be unique identifiers that indicate the presence of a given malware running on the computer. Currently it is provided with patterns for:

DarkComet RAT
XtremeRAT
BlackShades RAT
njRAT
FinFisher FinSpy
HackingTeam RCS
ShadowTech RAT
Gh0st RAT

Beware that it is possible that Detekt may not successfully detect the most recent versions of those malware families. Indeed, some of them will likely be updated in response to this release in order to remove or change the patterns that we identified. In addition, there may be existing versions of malware, from these families or from other providers, which are not detected by this tool. If Detekt does not find anything, this unfortunately cannot be considered a clean bill of health."

Resist Surveillance
hxxps://resistsurveillance.org/

botherder_detekt · GitHub
hxxps://github.com/botherder/detekt

Some discussion at CoU:

Calendar Of Updates > Security, Products Information and Technology News > News Forum
hxxp://www.calendarofupdates.com/updates/index.php?showtopic=38713

--Celtic Ferret

BenniNovember 20, 2014 1:47 PM

The provider Vodafone gives GCHQ access to 7000Gb/s from european internet fibers for 20 million pounds per month. Additionally, with help of Vodafone,GCHQ hacked itself into a fiber that connects Europe with Asia. They collected information about the websites visited by users and about used routers. The german government recently asked all providers whether they give data to foreign intelligence agencies. All answers were negative with one exception: The reply from Vodafone was such that the german government can not exclude Vodafone transfering data to other agencies

http://www.tagesschau.de/ausland/snowden-vodafone-101.html

SkepticalNovember 20, 2014 2:00 PM


@AlanS: There was plenty of evidence of that this week when they balked at even watered-down reforms. In the absence of any meaningful reform, crypto will continue to spread. Plenty of evidence of that this week as well.

@Nick: but a key component is missing in this situation: the people and/or Congress pushing hard for the reforms. Neither are really doing it and so the reforms aren't showing up.

Remember that the abuses here are nowhere close to the magnitude of those committed around the middle +/- 20 years of the 20th century. So it's natural that public reaction would be of less magnitude as well.

The problems here are also more complicated. Prior abuses involved illegitimate targeted surveillance, and worse.

Here, as far as the public is concerned, there are problems in getting the boundaries of particular types of mass communications collection correct - but there's no sign of malicious actors within the government. There is the potential for abuse, and the potential for the system to become more enabling of abuse without more effective oversight. But it's still just the potential.

So it's a more subtle case, and I wouldn't expect (nor would I think it wise) the kind of dramatic reforms introduced over earlier periods.

In fact, the lack of the explosive public reaction that some here may have expected is indicative of the framework of multiple values that I spoke of earlier. The public does value individual privacy, but only of a conditional sort, and they value other things - such as national security - as well.

But, there is sufficient support for certain types of reform which would improve institutional oversight. If technical solutions could be crafted that work with, and enhance, the privacy protections that such oversight provides, all the better.

To the extent a technical solution is at odds with public preferences for policy, though - and that includes, I think, the implementation of communications systems that do not enable lawful access to sufficient degree - it is probably doomed, and may well have unintended, negative consequences.

Obviously, that's not to knock the development of high assurance secure systems. There's a real demand for them, and that demand will probably grow, for specific problems. And their development may be helpful in many areas that seem only tangentially related.

But a broader solution to the problems posed by mass surveillance must take concerns other than, and in addition to, privacy, seriously.

JustinNovember 20, 2014 5:08 PM

@Nick P

"I'm not denying my PC may well be riddled with 0-days and backdoors in both hardware and software. That doesn't mean I want even more crap mandated on my PC."
It already is. They're just lying to you about whether they put it in, the level of access, how many local/foreign organizations have access, and its quality. My proposal is better on all accounts. I understand that you would oppose it, though, and did myself for over a decade. Yet, here we are writing on probably backdoored machines connected to a surveillance platform.

Your argument is that I'm pwned already, and I should just submit to yet another backdoor. You could take Clive Robinson's suggestions for really locking down the permissions granted by the warrant, but if cops find it too restrictive, then we're back to the 0-days and undocumented backdoors and parallel construction, which realistically aren't going away in any event.

You're already trading off security/privacy for convenience & cost rather than leveraging what strong privacy/encryption tools are available. You'd do it again if I risked my freedom to build a better one.

Well it doesn't do any good to leverage strong privacy/encryption tools off hardware and software that is riddled with zero-days and backdoors. I like to read about cryptography, study it, and even experiment with it, but as far as protecting anything that would be security- or privacy-critical for me, no, it's not at that point yet.

As far as a better system, one could start with something like that "seL4" kernel, but then one would need highly assured drivers for highly assured devices that don't exist yet---keyboard, video, mouse, ethernet, hard drive etc. Then all kinds of system libraries would have to be developed to that high level of assurance, and a privacy-minded high-assurance web browser. Maybe that's just too scary a specter without a backdoor.

I've used TOR before, I've used IPsec, I've used GPG encryption on my e-mail---just because I wanted to learn about these technologies, but in the setting of mainstream PC hardware and software with 0-days and backdoors, and unprecedented surveillance by the NSA, such things are almost useless, and in my experience all they do is make one a target for surveillance and harassment by the government.

@ Skeptical

But a broader solution to the problems posed by mass surveillance must take concerns other than, and in addition to, privacy, seriously.

You know, I actually have little desire or reason to communicate secretly with other people. What I want to do, but I cannot, is to do my own research and experimentation on my own computer without interference. Without probable cause of a crime, the government has absolutely no legitimate concern what I'm doing on my own computer---and I have a right to mind my own business without surveillance, harassment, or "backdoors" under the 4th Amendment.

AdjuvantNovember 20, 2014 6:29 PM

Distributed Web meets Ted H. Nelson?

Just as a quick addendum to last week's discussion on decentralized Web projects, here's a unique little hidden gem from 2002 that proposed crossing
Freenet-like Globally Unique IDs with Ted Nelson's Xanadu Hypertext Model and its Gzz implementation (see implementation history to that date and subsequently here, here, and here,

I couldn't resist, since this prototype is a mashup of two of my personal favorite ideas in computing: distributed publishing and Ted Nelson's concepts, specifically his conception of zzStructure as prototypically envisioned in his ZigZag project (see also on Wikipedia).

Here's a quick video of Ted Nelson explaining the ZigZag concept:

a demo of the latest (2011) prototype implementation of which I'm aware

And finally, the paper itself, from Tuomas J. Lukka and Benja Fallenstein, 2002: Freenet-like GUIDs for Implementing Xanalogical Hypertext

Like most of Nelson's work (and Englebart's, for that matter), for various reasons it's quite neglected and needs a lot of love, yet it has the potential to be positively profound. As long as we're contemplating going clean-slate, why not implement something amazing for once? ;-)

Nick PNovember 20, 2014 8:00 PM

@ BJP

Thanks. :) Yeah, I'm exploring an option I hate out of necessity. I knew they'd attack me personally for it. I don't let it get to me although I'm concerned readers on other side of debate might be hesitant to join reforms if they see how people on this side act with even a little anonymity. They might be scared back to more law and order. It's why I try to remain civil and focus on the ideas more than I did in the flame wars years ago. I stand by my claim that security review should focus on the claims and proposals more than the person. As Clive and Thoth were doing. If you're doing it right, you don't even have to trust the person past some minimal amount.

The funny part is I've already posted several solutions here in the past that nullify the risk of my proposal while claiming some or all of its benefits. It's easy to come up with. Had they not been getting so personal and on the attack, they might have come up with it themselves while introspecting on my proposal. Instead, they made it into a false dilemma between their extreme privacy tech and my fully backdoored design. I included it in the following comment (at the end) to Justin if you want to comment on it.

Clive liked the variations of that concept I had. It's designed to be simpler than a full voter scheme and have probabilistic protection from mutually suspicious parties.

@ Justin

You're getting the technical side of the argument. You're also seeing how every layer there gives problems. I assure you it's nowhere near as hard as you describe: there's old school techniques of vastly reducing the work. I've described plenty here on the blog. The resulting problem will be cost and labor heavy without being impossibly huge. The more important part of my counterpoint is the legal side.

Currently, they are using the FBI to "compel" domestic companies in a black program... somehow... per the leaked slide. They use the Army's clandestine units and CIA's covert units on presumably the foreign targets. They also have indefinite detention and rendition for them, maybe us if they crossed their fingers when saying we're exempt. The FBI & IRS can already seieze your stuff (incl lawyer money) as part of a search. They've been doing it for years. Clive's technique seems clever until you remember they've seized entire colo's worth of computers, putting businesses out of business who weren't even the target. That was before any charges were pressed.

So, a company selling something truly secure here is facing opponents that have subverted some of their stuff, will eventually hack many other things, can interdict their supply chain, can block imports/exports (there goes a Clive plan), can deport foreign staff, can seize their assets, can arrest them at least 24 hours, hit them with patent suits (eg NSA ECC patent), and have tons of bullshit technicalities to charge them for. They can do much of this to everyone and the rest to some people. It's just hard for me to see a service or product developer operating in that environment. Our old hardware guru that posted here said just the legal risk alone is why his company refused to sell chips, secure or otherwise, in the United States.

So, if someone builds something that totally stops them at the technical level that's great. I just can't trust they haven't backdoored it if they're still in business with the above amount of leverage employed on them. They'd have to be rich, have dirt on politicians, maybe have their own team of assassins aiming at heads of intelligence firms, and so on to hold them off. Just hard to imagine. A highly secure system with a limited backdoor would avoid that while exposing you to those with access. Funny thing is you people think that's game over for privacy.

Don't limit your imagination: just use good homebrew shit to counter them and run it through that device to counter everyone else. Worked in the past for me far as I could tell. Also lets people choose their personal level of risk and investment into privacy. Best to make sure that stuff uses hardware made by NSA's opponents (esp Russia or China). Forces them to cooperate with their enemies and reduces likelihood of success. Pick up the parts in Shenzhen on the cheap and extra obscure, for instance. Escrowed transport, storage, or partial processing ain't the end of the world dude. Not even the end of privacy except the metadata.

Nick PNovember 20, 2014 9:06 PM

@ Figureitout

Not in jail. Don't give Levison too much credit. His sacrifice was sticking to his principles. What happened to him, though, is partly or totally related to his own foolishness: protecting all his users with one key; trying to screw with the Feds and court in obvious ways; offering no credible alternative when he got the rare opportunity to provide one. He unsurprisingly lost and might do time. So, I rarely give him as an example of anything given the extra risk he added to his users and case. He may or may not be how the next group will be treated.

The rest of your points re the chilling effect and mindsets I largely agree with. It's why I'm pushing for organizations or people with money to fund people who can do the job. They need a guaranteed, steady funding source that can cover at least a highly qualified core team. Volunteers might contribute too and their submissions only included if vetted by the core team. The development process, from procedures to coding guidelines, is designed to make everything low risk and easy to review. Simple tools (eg Wirth's stuff) are used so they can easily be vetted from their source all the way down to the hardware and on independent implementations by mutually suspicious parties. Total cost at snail pace development might be a few hundred K with considerable development pace possible at several million a year.

Can't recall if I posted it but I unfortunately missed the multimillion dollar NSF grants I was working on. Couldn't get a reply from any of the nearby schools I contacted with an INFOSEC problem despite a recommendation by the guy running it. So, I'm looking at businesses again and trying to build a value proposition for them along the lines the open source & hardware movements are doing. Except, it's not going to be free: just continual financial support of an expanding ROI platform with security, usability, open interfaces/data-storage, future proofing, and low training/maintenance cost.

Will be extra busy at work for next few months so that's slowed me down on that and posting here far as discussions that require a lot of thought.

@ Clive Robinson

That's an interesting scheme and legal observation. It's recommendations are in my high security email advice I posted here in the past, although it was more comprehensive. So, yeah I might be able to work out some details. :P

The problem on the U.S. side of your scheme is that they would likely subvert the company like they did Crypto AG. If it's an exemplar subversion (in chip), then it might go undetectable. Blocking the import or seizing it as a denial of service is the next step. Interdiction with an EMSEC attack on internal secrets is another. They've been getting innovative recently in that category. Getting the signing key with a black bag job or EMSEC attack on the factory is another. Then there's the design database attack at the handoff to the fabs that RobertT mentioned. The benefit is that some of these are targeted attacks and low hanging fruit is removed for many high strength attackers.

The bad thing is that what's left is well within Five Eyes, Russian, Chinese, or Israeli reach. I have some potential solutions far as getting rid of the likely solutions at hardware subversion. That leaves a few attacks: ban of importation unless backdoor; seizure for DOS or sabotage; cancelling of defense contracts of business or academic funding of those using them (important for some); legal attacks on the individual's freedom. These would have to be addressed. My framework only addressed some of them, as well.

re original post at 11/19/14 4:52am

The mechanism I described can work in secret. Here's my trick. The device supports covert channels over software (packet headers) or hardware (eg RF). The main chip always sends the keys. The backdoor chip always does an operation equivalent to leaking them: you can't tell at black box level if it's running or not because it's always running on something. The activation doesn't signal the owner, switches it to "Send it for real" mode, it works for a time, and then it's deactivated manually or via time limit. Only group's like Ross Anderson's people and such equipment can perform any countermeasures you mention.

re your comms scheme

See my above comment to Justin for mine. Yours integrates with it nicely. So, the backdoor gives them nothing on you but plenty on other potential targets. Assuming I leak over straight data rather than side channels. The real challenge for my scheme is is with mobile devices. Like my last subversion-resistant design, I think the newer trick on a mobile device will stretch the word "mobile." It's not going to be a slim Galaxy or have great battery life. Manufacturing security would be interesting. Again, I have proposals for this sort of thing but I don't want to publish them yet.

Either way, I'm basically playing Devil's advocate and exploring a potential desparation move at improving market security in general against foreign attacks. Whatever I build, if there's a backdoor, will have it off by default with activation (or permanent deactivation) at the factory over authenticated channel. If I'm forced to enable it, I can imagine many privacy lovers will have a profitable run in the resulting black market on the early models.

In this country, though, I'd probably have to enable it by default and just tell people it's there. There's personal risk for me there. I'd also tell them what's in their other devices with slides to prove it and show a visual comparison of resulting security level against various adversaries. Whether they buy or not, I doubt they'll feel like they've avoided a backdoored product. ;)

Wesley ParishNovember 20, 2014 9:55 PM

@Skeptical

Remember that the abuses here are nowhere close to the magnitude of those committed around the middle +/- 20 years of the 20th century. So it's natural that public reaction would be of less magnitude as well.

But there are a number of other social factors as well. What was the average voter turnout in the sixties and seventies in the US? Compared with today's? What was the average income? Then? Now? Compared with the top percentage? What was social mobility like, expressed as percentages of people who could find work in a higher "socio-economic strata" than their parents? Then? Now?

There are a lot of other such questions one needs to ask. People convinced that there's nothing they can do about things, aren't likely to waste their time upsetting the boat; people certain they can make a difference are likely to go right ahead and make that difference. In a way it's very well illustrated by comparing JimCrow in the 1930s to the Civil Rights movement in the 60s. In between you had the Second World War where US propaganda had been stressed to the limit to argue that equality was a primary value of the US political system, and a major enemy, the Third Reich, had been built on vicious JimCrow-like laws. It empowered African-Americans to be their own difference.

So we have a passive populace. The disease - political narcolepsy - seems to date from the Gypper's era. "Mr President, tear down this wall!"

Andrew_KNovember 21, 2014 1:28 AM


A better KEX technique is needed for people here to communicate. I am not sure if @Bruce Schneier might want to facilitate somehow or we might need to find our own ways.
-- Thoth

+1

Correlated: Cryptocat. Topic "schneier_commentary"?

BJPNovember 21, 2014 12:53 PM

@Nick P

"just use good homebrew shit" - reducing it to a previously solved problem like a proper mathematician!

Unfortunately the false choice is real for the non-techies, particularly those who might most have a need for unbreakable crypto (journalists, whistleblowers). With your proposals, those folks won't have the ability like we do to cobble together some good (enough) homebrew shit, so I can sympathize with the visceral reactions against it.

After having seen TrueCrypt maintained (allegedly) by a shadowy anonymous consortium, and drinking TC's Kool-Aid wrt the (IMO laughable) security of using a precompiled binary downloaded from an insecure network to drive one's "unbreakable" and "deniable" encryption, a lot of people out there feel like they've lost something near and dear, even if they never really had it in the first place. Now you're the bad bad man telling them they can't have it back because it never existed and that their best bet is something designed explicitly to contain the LE backdoors they thought they had successfully evaded.

I don't see true high-assurance hardware, even with a provably-NOBUS backdoor, making it into the public's hands at a mass market consumer price point anytime soon, if ever. The acquisition cost is too high given the minimal-to-nil premium that the consuming public places on security over convenience, functionality, trendiness and form factor. At worst, I can see a future where your proposed lawful intercept mechanism exists and is mandated into everything, including the shoddy, low-assurance, planned obsolescence trinkets, at which point those will be what the majority of the public will use, they will be as easily bulk-hackable by every smart 14 year old as things are now but the box will have a Verisign-seal style endorsement from Backdoor Underwriters Labs that foreign TLAs cannot access it through the built-in backdoor, leaving people thinking "it has to be secure, it says so on the tin!"

I'm not sure how that meaningfully differs from today, substituting the BUL approval with "uses the latest in military-grade encryption!" marketing speak. What's impossible today is merely expensive tomorrow, and doable on a wristwatch the next day.

So the bigger implementation issue I see with your plan, setting aside the emotional response, is in bringing the cost of high-assurance chip, software, supply chain and delivery systems down such that they can all be ubiquitous, the way that the cost of general purpose computing hardware has fallen over the last 30 years.

Please don't let me dissuade you from making it happen, though. I would love to be wrong.

AnuraNovember 21, 2014 1:18 PM

Speaking of homebrew crypto, I figure the trick is to have a simple cipher, but do a lot of rounds and have a long key that is modified every round. After a million rounds, anything is secure:

uint8_t key[2048] = {/*random key*/};
const uint8_t pi[2048] = {/*hex digits of pi*/};

for (int i=0; i<1000000; i++)
{
for (int j=0; j<2048; j++)
{
key[j] ^= pi[j];
ciphertext[j] = key[j] ^ plaintext[j];
}
}

Nick PNovember 21, 2014 2:50 PM

@ BJP

re homebrew + highly assured escrow

The homebrew option isn't about them building strong security: it's about diversity. The idea is to combine simplified, more secure endpoints with guards. The endpoints might be any number of OS's with hardening and a controlled way of communicating with the guards. The guards are where the real effort is put in: booting standards, kernels, protocols, firewalls, etc. These could be maintained collectively by communities with reference implementations. They can be ported to any number of embedded hardware by following a set of coding guidelines and applying presupplied tests. Each project or product targeting this application might offer the source and instructions.

The people wanting extra security can use hardening guides for endpoint of their choosing, whatever hardware they manage to grab for that, and the guard hardware/software of their choosing. Ideally, everything is step by step stuff they can do once and largely be done with it. This makes the job much harder for their opponents who took quite a bit of time to dominate a monoculture Internet. Imagine how much harder the job would be if everything was implemented a bit differently, but all looked the same on the outside. And on top of that, my escrow box knocks out plenty of attackers with high confidence while essentially being an untrusted (*very untrusted*) transport.

This concept is what I called security by diversity and have written plenty about it here. I once wrote that we had two options to deal with the hostile Internet: use diverse goods or artificial diversification techniques to eliminate one size fits all attacks; build high assurance systems to stop the attacks. One works with legacy, has convenience, has low cost, and stops many attacks. One stops most to all attacks, might sacrifice legacy, might sacrifice convenience, and might have significantly to exorbitantly higher cost. I proposed combining them for best results. But, if you can only afford one, the diversity approach is cheaper and has better results for anti-TLA/HSA use.

AlanSNovember 21, 2014 2:58 PM

@Skeptical: "There is the potential for abuse, and the potential for the system to become more enabling of abuse without more effective oversight. But it's still just the potential."


I think the situation you describe is more worrisome than the one in the 1970s. Back then there was a lack of appropriate controls and there were obvious and worrying abuses so there was public pressure to do something. Now we have weak controls again and mostly the the potential for abuse. (There are abuses now but not sort of the abuses, apparently, that are capable of getting a large section of the public worked up.)  But this is a problem. The public and elected representatives are mostly concerned about obvious and immediate costs to themselves. And not only are the costs not apparent but the benefits are all up front: people love their mobile tracking devices and the personal functionality they make possible.  When the benefits are obvious and the real costs won't be apparent for another ten or so years then nothing happens but it isn't that there aren't costs at some point. And ten years down the line we'll all be living in a very different world and there will be no going back. It's a devil's bargain.

The Devil's Bargain is nicely illustrated in Al Jazeera's Terms">http://projects.aljazeera.com/2014/terms-of-service/">Terms of Service. Spring 2004, San Francisco in The Ritz-Carlton and here we are ten years later...

Nick PNovember 21, 2014 3:39 PM

Techniques for creating pervasive assurance at manageable cost

This is a combination and summary of many of my prior essays. There's several concepts in my method: TCB reduction; chip reuse; physical isolation; safer languages; diversity. Let me describe several different strategies I used in past designs for stopping High Strength Attackers. Then, I can show how they can be combined.

System of Systems

Based on my PCI backplane scheme. The system is actually a bunch of different card computers connected to each other, with at least one master node. Each card computer performs a logical function such as kernel, interface, graphics, sound, network, or disk. The card computer runs a hardened OS with everything non-essential to its function stripped. Custom drivers are developed so the main node can offload work or receive results from the card computers with input validation optional. The main node has a I/O MMU to restrict what the other DMA engines can access. Main node might have trusted boot, built-in software mitigation, a secure OS, a hardened vanilla OS, etc. The physical isolation & MMU's contain attacks on various devices while letting you use diversify on the card computers. This allows many performance, cost, and security tradeoffs.

Incremental assurance

This was invented in MLS days. The idea is that you start with a secure design, leverage at least one highly assured component, start selling/using this system, and use that funding to increase assurance of whole system over time. A simple example is a database. You might start with a high assurance guard sitting between an insecure application server and an insecure database that runs a fixed set of commands on restricted data. Then, you might design a tool that takes a query language input, performs security checks, and then converts it to executable code that runs against the database. The system is now more flexible with apps still having restricted access to the database. The next step might be to build secure parallelism or replication into it for higher performance. Alternatively, one might improve the assurance of the guard's hardware/firmware/software. And so on.

Each step provides a meaningful increase in security over what came before it. Each step might give the user more functionality or performance. Each step is small enough to fund with minimal sales if medium assurance development and reasonable if high assurance. It also reinforces the notion that security is a moving target due to constantly changing requirements.

Reuse of hardware and software

We can't be developing chips for everything. It will be too expensive. However, most of the components we need have already been developed. A base I.P. core with trusted boot, a processor, hardware-based enforcement of software security, I/O support with security, and optionally onboard crypto are all we need. That can be turned into a number of chips by combining chip specific hardware with the base we've already verified the hell out of. The reuse of I.P. in chips or individual chips in boards keeps cost way down. There's one company that's gone through several product iterations of cutting edge chips with essentially only a few million in expenses.

At the system level, we've seen you can stretch one thing pretty far (eg Linux kernel). Microsoft's approach in Verve, which they borrowed from old mainframe vendor, is probably the best approach. You create a minimal kernel that implements functionality from memory management to concurrency to exception handling that the rest of the system needs. Like with separation kernels, it has the security critical functionality. It's built with strong techniques. The rest is built on top of it leveraging its type-safe interfaces and type/capability secure access. Unlike the kernel, these components can be written in high level languages with extensive verification available. Many FOSS and limited funding academics have done all these things in prototypes so it seems cost effective.

Artificial diversity

Diversity forces targeted attacks if done right. There's a new field of study called software or system diversity that aims to use automated techniques to transform systems into a moving target for the attacker. Old versions are things like changing port numbers or address space randomization. Newer techniques include randomizing the instruction sets, internal data layout, primitive operations used for equivalent functionality, and so on. These techniques can have strong, open implementations built to be used on whatever systems are designed. Users could validate and generate their systems from source with these techniques automatically applied to make their system unique.

Subversion resistant development

Development & review will be done by mutually suspicious parties. These parties will keep their own development machines, repository, and guards to protect them. A build system such as Aegis or OpenCM will be used to ensure only signed submissions are allowed, their integrity is preserved, automated checks are run, and so on. Nothing is final until it's been reviewed and signed by members of at least 3 other parties. The parties collaborate and chat to keep on the same page to prevent issues that can stall the project.

Design and coding standards are employed to help. An EAL6-style development process occurs where the software is kept structurally simple, there's little looping around in the code, the ins/outputs of each function are easy to understand, risky or hard to analyze constructs are avoided, everything must pass basic static/dynamic checking, a basic covert channel analysis is used, and so on. Modern tools actually make this easier to do than one might expect except for maybe covert channel analysis. There's methods like Kemmerer's Shared Resource Matrix to make that easier and automated tools in development. The resulting components are easy to vet, have been vetted, and should have few defects.

Combining it all

It ideally starts with hardware development. Academics will build the hardware and come from nations unlikely to cooperate on a backdoor. If possible, the hardware starts with an existing clean slate design (eg SAFE or CHERI), adds features needed for practical use, adds secure boot, and implements on FPGA's and an ASIC prototype. The design work is partitioned among them, although all end up reviewing the results. The reviews are done quite regularly so each review can cover a small number of changes or claims at a time. Makes it easy, consistent, and embedded into the process. The resulting source, synthesized results, and so on are published by all parties with signatures. This is either freely available or licensed at just low enough cost to fund further development, with reviewers or academics being able to study it freely.

The core software development runs in parallel. The nucleus of the system with the most serious features are developed using tools that allow strong analysis. The multinational team codes the stuff up, validates each others work, and so on. The team keeps a software and FPGA model of the hardware that is regularly updated for easy prototyping and verification. Much of the team's early activities will be acquiring tools and learning to leverage them in a design flow suitable to cost-effective, higher assurance development. Empirical evidence shows this will have a high upfront cost that goes way down in future iterations that reuse tools, techniques, and/or code.

Diversification tool development runs in parallel. This is already happening in academia. The techniques can be prototyped for the system language in use by academics using purpose-built tools like Racket. They could throw together a dozen or more diversity techniques in a year. The best one's can be implemented in standalone, assured code. That will be done incrementally either by them or others. The aim will be that the Racket-style versions will be reference implementations showing anybody how to incorporate it in their systems or use it on their own code. The assured implementations have lower TCB, leverage the strong analysis tools, and are mainly for efforts integrating into the assured platform.

Software and tool development above firmware begins once the kernel is a bit stable or runs in parallel. This will be drivers, OS functions, middleware, application services, certifying compilers, etc. Any hobbyist, company, or university might contribute to the repository. The contributions have strict guidelines for what must be submitted and how for verification purposes much as in other development. The verification status of submissions is listed publicly with what verifications were done for each submission and by who. The system might automatically include new componts into a build after their testing and verification meets a certain minimal standard. There might be different builds with different feature and trust levels.

Integration is where this gets turned into useful stuff. The integrators architect a whole system with a specific set of required functionality. They specify various pieces from the verified repository. They add their new functionality with various safety/security tests or claims. They create build instructions ideal for their project that a third party can run to generate the final system for evaluation or use. They then distribute that who collection of stuff with their signature to end users. End users (Linux-style) get the pieces from the repository, many tests are run automatically on everything involved, the build process turns it all into an executable, and it optionally can be installed permanently onto the system.

So, let's do a web server for someone's blog. They might pull in a certifying compiler, the kernel, networking components, HTTP parser, network/application firewall component, a concurrent garbage collector, and a hardened Python engine ported to these. They wrote the web server in Python and with various tests for reliability/security. Regardless of their web server code, the result should run correctly at everything below their code with no code injection mechanisms so long as such things are disabled in the Python interpreter. The work for the user was getting repository access set up, maybe buying/configuring some dedicated hardware, doing Linux-style repo download, learning a subset of Python, and following some secure configuration/coding guidelines. I've seen lay people do equivalent IT work with good instructions and naturally techies can do way more. Lots of security ROI without much impact on development, maintenance, or usability.

The whole process is design to continuously, incrementally, and sometimes massively improve the assurance of usable systems. The work, both development and review, can be done in parallel. The scheme, esp distributed repositories, are designed so progress on a component stalls unless work is put into reviewing it. Biggest risk here is bullshit reviews so that's why it should be something many involved actually use for themselves, esp for national or corporate secrets. A subscription and licensing model is used to keep entry barrier very low while providing continuous funding for multinational organization maintaining the repository & doing baseline work. Donations of money/code, academic grants, and corporate coders can be used to get more functionality in.

Over time, such methods can build highly secure and useful systems at manageable cost. Previous projects using each mini strategy achieved the objectives I described. Empirical evidence indicates the combination of them should achieve the overall goals I describe. And this can all be done with a lightweight organization with minimal funding for the basic deliverables. More funding and sponsorship delivers more results.

JustinNovember 21, 2014 4:21 PM

"It ideally starts with hardware development. Academics will build the hardware and come from nations unlikely to cooperate on a backdoor."
Well, no shit.

Nick PNovember 21, 2014 9:11 PM

@ Justin

"Well, no shit. "

It's so obvious that about nobody in industry, academia, or FOSS is doing it. :P

Ironically, the best two at the moment are from U.S. and U.K., respectively. They're also funded by DARPA. So, I'd have France, Japan, China, or Russia do the reviews on them. We could simultaneously have the Chinese and Japanese engineers developing the hardware additions and French and Russians doing kernel software. The U.S. and U.K. people would review that. Independents could review any of it as well.

Single biggest attack on this is if the main countries all agree in secret to kill the project because it would hurt all their SIGINT efforts. Honestly, though, I think China and Russia particularly won't do that because they can count on Western companies using insecure stuff. If ground up secure stuff were available, Russia and China would be more likely to benefit in SIGINT defense without loosing offense. So, they might support a project even if others would want it gone.

And then they would demand backdoors in any domestic implementation. ;)

endpoint security evaluationNovember 22, 2014 1:15 PM

Hi guys

I know that the schneier is perhaps more towards encryption however here is my thing.

Security is layered ontop of eather sand or a rock
even the bible says dont build any important stuff ontop of sand.

So. when it comes to Snowden he very clearly states 2 things:
- Encryption works
- However your operating systems are build on sand and the endpoints are vulnerable
meaning that it doesnt matter if you encrypt or not.

What the hell is he trying to tell that in my opionion very few people try to address ?
- I do respect the deep thing going on in this forum regardin the hardware
so that is trying to make a rock. That is pretty much appreciated!

I am not satisfied with this by the way but we need to get the endpoint secure.
So denying the bluepill that we are talking about i would say
would somehow have to if not the hardware can be trusted to lay bubbles if you will
where the bubbles are not in contact with eacht other no matter what the underlaying
hardware is about.

This is allready done:
The person that did it was one or maybe the first person that figured out
that infact you can infect a computer in such a way that the computing environment
where the user is in a bubble and that you can control it, thats the bluepill

That girl switched side from blach hacker to a hmmm... very intersting hacker
and developed a xen based os that is totally configurable called Qubes OS
Now if you dont know what it is I thing you should not call your selfe a
security intrested person because it does exactly what we lack, ENDPOINT security

There are also other approaches and in my humble opinion I would at least want
EVERY one to install at least the free version of Sandboxie.
Now saying that is controversial since that companie was bought buy.... Hmmmm
So personally the last version i WILL ever use of that product is the verision
previous to that very date when it was sold. PERIOD !

Then what more, yes endpoint security, some very intresting security measurments
can be made just by totally denying "temp" execution in windows.
this is a very secret fact but something i know since i have done alot of virus and trojan
researches and tried to get infected.

Anyways here is a question to all of you in this forum that i would SERIOUSLY want to know
The question is as follows:
How can i in a windows environment disable the function of CLIPBOARD meening
I want to totally and completely disable cut and paste functionality within the physical
computer that I operate, not meening ICA or RDP connections.

Have a nice day
Chris

FigureitoutNovember 22, 2014 1:45 PM

Thoth
--Bringing in Bruce for a KEX is pointless no? It's supposed to be the responsibility of the communicators. I don't believe it either, it's the initial contact that is just way too uncomfortable and where the hooks will be placed. This is why when communicating w/ Aspie I opted for no KEX and simply a throwaway email (which eventually involved file transfer). Highly insecure...and then Aspie reported some sort a big attack on his HDD and having to go offline for awhile, of which I've had a few, and probably suspects me when it's a f*cking set-up...So I don't email him anymore, but what he was working on was getting development off of current basically x86 WINTEL for developing. I was going to give physical coordinates for a real KEX and my phone # so we'd stopped doing comms on the blog but he declined...He can release his enhanced designs if he wants; it'd be a very minimal PIC w/ FORTH PC w/ ~2 serial ports, need one more for screen/mouse/keyboard.

My KEX would involve first a post to either an IRC chat channel or blog, whereever you met...Specifying an RF band, mode of modulation, and time-ranges (days and time periods) of communicating, I can supply an amateur radio callsign for "legal operation" which is good 'til 2022 and will further make eavesdroppers go "Wut...". There are tons of free software for robust comms (read many error corrections going back-n-forth), only need to get a radio and erect an antenna and connect it to a computer, and from there exchange either an anonymized postage address for mailing microSD cards loaded w/ keys, an email address & pub. key, a blog/site w/ comments, or yet another RF band and mode.

The point is to jump "in-n-out of band" and back; w/ RF it's possible that an attacker located in another area of the world won't receive the comms or it'll be scratchy. Also the attackers capable of attacking just internet comms w/ cry like bitches when they can't set up an antenna/radio. And to top it off, maybe the first thing you say is, "Hi, how are you?!", "Good, you?", "Good, mmmkay, bye."; just to make sure the eavesdroppers going thru all that work and time get boring comms lol.

Andrew_K
--I used to think wife,kids,money, and friends was everything. Then I changed, likely won't ever get married, have kids, or have a lot of friends like I used to. I'll just do "one-n-done" dates when I need it. There's this book called, "Bowling Alone", kind of sums of what the future will be and more or less already is. Doesn't matter to me, what I contribute in secure builds and potentially some science is main thing I care about.

Anura
--Huh, that looks vaguely like some rather sexy & tight pure C-code. I thought it was "hopelessly insecure"? :p But that's my plan for my minimal PC's, filtered power, highly shielded and actively distorted RF, and absolutely no direct internet, means someone needs to get their grubby hands on the PC and then find the key which won't be on it.

Nick P
RE: Levison
--If no one "sticks to their principles", people just cave and there's no strength in society; you're otherwise just a nomad scavaging to survive, unsure if you'll make it next week. As I've said before, everyone taking their turn to take up time of the FED's gives others a more peaceful existence in an expanding police state. He forced the FED's to have to ask for the key, instead of attacking the service; that's a win in my book.

RE: INFOSEC grants
What schools did you contact? Did you contact mine? Mine happens to be notoriously cheap and administrators taking highly undeserved payment amounts.

Also, we need volunteers TESTING. Testing takes time, takes lots of randomness, different minds, situations. Automated testing is great, but won't catch the weirdest of the weird of bugs. This is why I say use a prototype and go around underwebz flaming people (that can be my job :p) trying to get real attacks on it. I'll just address the rest idea for secure dev. below.

RE: Pervasive Assurance at Manageable Cost
--Very elegant, reality is dirtier than a [insert youtube dubstep video comment], and it's hard to fully describe what's swirling your head. I re-read my post trying to show my ideas and it was...off. I'll be 'that guy' bringing up weak points and potential countermeasures for attacks on the project.

systems of systems
--What kind of isolation is on the backplane? Will it be multiple shielded racks w/in a box? Is each card enclosed in a basic EMSEC shield? Those simple measures get such a return and peace of mind, they should be mandatory.

Where does initial dev. take place? Everyone BYOD? What if you get Windows devs and BSD-heads start flaming for incompatible tool chains? Just make it all open source? How many different chip manufacturers will be used (they all have similar but different tool chains and flashing procedures). I suggest making it all open source just to avoid those arguments, and purely Windows devs (who can be very skilled) will have their work converted to open source tool chains; or if that's detracting too much from main project, they can just be the guys porting the work(code) to Windows. So, only use free compilers from chip manufacturers? Best to plan in advance as products go EOL and compilers stop getting support?--This is so annoying in embedded dev, the next updated tool chain will break your code...

How will the hierarchy go? How will authority be established on the project?--Whoever can hack everyone? If we keep it "strictly civil" you may let really dumb ideas not be challenged and shut down if need be; conversely neverending flame wars will drain people and waste time. What happens if people start really bitching and threatening to ruin the project? What kinds of backups will be in place to prevent lone devs from ruining the project? How do we defend against devs from intel agencies purely intent on sabotage? I recommend all devs have to identify themselves on a site like Linkedin, trying to keep the atmosphere as professional as possible. I'm not into anonymous dev except for certain applications, but this is a full on computer, not some cipherpunk operation; we need to be able to verify people and keep it professional as possible.

reuse of hardware and software
--Not much here to add, besides using also tiny existing micros (maybe "engineering samples" which are stripped down MCU's) for things like maybe basic graphics or as part of IOMMU, conserving the main chip for other resource intensive computing (running the OS fast, so it'd be secure and fast). Digging into these areas have more caveats than one might think...

artificial diversity
--I like the concept for full on systems that are meant to f*ck w/ attackers and catch their hacks; but I'm so wary about having randomized instructions on the core PC. I mean, lose control of that...f*ck. Or being able to quickly and easily check proper operation of encrypted instructions, that'll be a nightmare for the wrong people. This area would need some stellar people backing it up and HEAVY testing for some bugs which it's just intuitive it will, right? Certain areas of isolated PC, like net-connected side, yes I'd want this though. In the core?--Not really...

subversion resistant development
--Probably one of the most important areas, so many attacks can be embedded here...Are we assuming basically dev happening all over world and having online repository? Makes me nervous, but that's basically most practical/cheapest way for worldwide development. Ok, so how secure is this site; it'll be attacked...What about just using Github? How about every dev keeps AT BARE MINIMUM 2 full backups of all code, and contact each other over separate channels (just phone, or...radio if they're up for it) confirming crucial code changes and catching files being altered. If an altered file is found, focus on where attack came from b/c that'll just continue ruining the project. Also, DEV PC's aren't internet PC's, period! Bare minimum just USB transfers, then wipe, flash different filesystem, wipe, then reuse, but that's getting real risky...

small subscription/licensing fee
--I say do it, like what, $100-$200, more? People who want it most can cough that up. And funding for the project needs will be critical (server, parts, software, payments for audits/testing, etc.) At the same time, what to do if someone like Google or Facebook either puts in a massive donation or trys to buy out the project? Then what? That cash will help so much but no one will trust it afterwards...

Conclusion
--Didn't comment on everything, but if someone or a group can get this up and running...so awesome. Realistically, we need to plan for some of the major pitfalls and realities of working w/ machines (ie: failure 0verfl0w). Such a huge project though, and so needed...

endpoint security evaluation
--More and more people are working on this, I've been screaming that crypto is useless w/ keylogger on machine, as have so many people before me. Nick P has the experience to try and organize another real project to get a real PC addressing endpoint security. Other projects he's mentioned are too. I'm just working on tiny microcontroller PC's w/ RF shield and power filters and no TCP/IP possible to root out more or less all real remote threats; that will only be fun/useful or used at all by people who like microcontrollers...

ChrisNovember 22, 2014 2:11 PM

Hi guys, here is a small question it migh be very easy to answer by people who knows how the big internet works today but this is somewhat concerning to me and its not something I like
to understand since the SSL problems we have.

To do the test I did the following
I put www.startpage.com in my hosts file with fixed ip as follows
at that time for what ever reason since its load balanced I got the ip address
212.121.101.8 which later was translated to a hostname called s3-eu4.startpage.com
both was put in a host file as follows
212.121.101.8 www.startpage.com
212.1210.101.8 s3-eu4-startpage.com

Now I disabled crt checls and ocsp and installed only a firefox plugin that saves
the ssl locally so if anything changes i dont have any leaks towards a thirdparty
trallalala:

Now the problem is that that hostname seems to not consist of just one computer
or that the whole nsa thing is much more widespread than thought, since its very common
to see that the ssl checksum is changed.

I know its nothing new but I just wanted to say it sucks, personally I would at least have a legislation saying that if you loadbalance an ssl site the certificate hash needs to be the same.

Yeah what ever ssl sucks
Very late night here, greetings from Thailand
//Chris

ChrisNovember 22, 2014 2:45 PM

Hi probably useless effort, however regarding keyboard loggers, there is a tool called keyboard scramber, it works and it works well for all rats and keyboard loggers i have tried that runs on software, but its useless in my opinion because two things

1.) The key can not be changed, i emailed them and guess how many answers i got back for chaning the encryption key: ZERO
2.) Its software based

Also why isnt there tripwire solutions for windows that alarms when an exe file or any files checksum is changed ? very strange in my opinion

//C.L//

Nick PNovember 23, 2014 9:05 PM

@ Figureitout

re grants

I contacted schools within a few hours drive with talented INFOSEC or hardware people. It needed to be an organization with a research track record, prior grant approvals, and the minimal amount of staff needed to do the work. None were interested. (shrugs)

re assurance scheme

There is either no isolation on the backplane or great isolation. Depends on the backplane or how you connect to it. A system wide policy enforced by IO/MMU's each card connects to and input validation are a simple combo to limit damage by compromised nodes. The main benefit is the hardware, firmware, and software can be picked for the logical function. You can reduce TCB, trade security for compatibility/cost, etc. The biggest advantage for me was the "unsolved" problem of driver security: I just got them the hell off my main node and problem solved.

Initial dev takes place in a shared repository everyone uses with their own local copy. I'm talking air gaps, guards, whatever. The funding organization would provide the guards or vettable instructions on how to build them. Signatures are used for verification purposes, submissions are sent in batches in zip files so individual files don't need sig checks, and plenty of communication (eg hardened chat or IM) to keep things in sync. The language used for tools will be cross-platform C/C++, Oberon, or a ML-like language. These all have implementations on Windows and Linux. Oberon has the advantage of being extremely easy to port to... anything.

I'd probably run it jointly with another whose more diplomatic and could manage day-to-day operations. I'd hire, part-time or full-time, a number of experts in various areas of high assurance system design. They'd vet submissions to the site, wiki, etc for safety, quality, and relevance. This is just to ensure people going into a section will see what might benefit them most. Diverse ideas will be allowed. At least one person will be dedicated to the moderated discussion forum which has general chat, sections for common categories, and threads to manage different discussions. Moderation is, similar to here, focused on limiting abusive behavior, limiting the unintentional flamewar effect of debates, and keeping people on topic if it's a narrow one. There would also be a place for the source and binaries probably done about the same as the articles.

It's funny you mentioned microcontrollers because I recently posted something like that. (See last part of comment.) The modern microcontrollers are quite capable, have device support, and so on. A custom motherboard with a main CPU, a microcontroller for each device (running its driver), a way to secure the physical I/O, and then a regular microkernel approach on top might be a very easy start. I think one custom chip for a secure I/O processor would be useful. It works side-by-side with either a COTS or custom processor that use its standardized interface for chip-to-chip or chip-to-memory connection. In a nutshell, early mainframes worked like this except the word "micro" didn't apply to their physical footprint in any way.

In instruction set randomization, you still have control of it. You just make sure you backup (onto paper) the key that drives the process, reinter it into the tool, and validate whatever it created before you trust your system to it. And, of course, strongly assure the implementation of the scheme if its failure would be catastrophic to your data. Things above the CPU/firmware would likely just crash the OS or an app in a way that allows recovery. This kind of stuff has been done for years now without any huge problems cropping up outside the security claims for a specific scheme not panning out.

Subversion resistant development starts with centralized storage controlled by my organization, but verified in a distributed way. The best resource on this sort of thing is Wheeler's page. It's a simple enough problem that's been pretty well hashed out. There's been exemplarly designs that could be converted into strong implementations on fairly secure TCB's. Shapiro, the guy behind EROS OS, helped develop the OpenCM system that implemented most of what you would want and in a quite modular way. Corrupt hardware dealt with by many independent implementations of an unambiguous standard for it by different people on different hardware, guards, air gaps, recoverable OS's, etc. Simple shit: just a lot of work to get set up, vet, etc. Good news is you do it once for the basic tools and repo, then can leverage them for the rest of the process with the change list going back to very first files. Similar to Bitcoin.

Licensing will start in the $250,000-$1mil range for this access to use whatever organization creates: free copies of any software with source with improvements required to be sent back to organization; secure hardware at just above cost; free access to all papers, code, training material, tools, and so on in repo's; support for all the above. Enterprises might get VPN's, databases, web servers, and so on for the price of one high end proprietary software. This can be discounted on basis of the organization's income to the point a small business might get it for a few grand. Pricing for non-commercial use, esp individuals, will be lower: maybe $100-200 a year. Contributors might get discounts of a free week to year for contributions to the repo. Services offered to individuals would be based on the resources they use plus a basic fee for each service. Unless I built a platform of all kinds of services. In that case, individuals or business subscribe to the platform at probably a fixed rate where we just keep developing more stuff with what comes in and charge extra for extra resource use. Businesses would pay the most with it being cheap enough for individuals to encourage mass adoption.

FigureitoutNovember 24, 2014 12:55 AM

Nick P
--Well if you're from where you say you are, there's as you know *a lot* of high quality research people; but they're probably busy on gov't projects...BTW university labs can be broken into w/ simplistic methods...

Operationally, is the big thing for me; this is how the project will get corrupted...I can do that, I (or other "trusted" people), so critical devs & engineers don't have to; this sh*t has corrupted my mind, others need to be shielded from it. Everywhere you deploy this, it needs to have basic yet hardened OPSEC baked in. First thing first, if you're assuming "head" of the project, taking on "cold" as in you barely know 'experts', is of course highly risky as they could be from any intel agency floating around (I know you know, and everyone else knows, but they need to be trying to make them feel uncomfortable). People you've worked w/ on other projects or can vouch w/ other evidence is where I'd be heading. Also basic OPSEC meaning the boards stay w/ devs at all times in a shielded briefcase (no I'm not trying to be f*cking funny acting like James Bond, this isn't a joke). Flashing PC's absolutely stay w/ devs. It takes like 20-30min TOPS to come in to workplace, set up, and get going and shutting down for this. Coming in early (8ish or earlier) and leaving around 6-6:30pm gives plenty of work time.

Next order of business, supply chain...You *could* get same parts from different providers, and if there's differences we got a problem... But also, contract manufacturers is probably where you'll be fabbing (I take it there won't be someone capable of some of the surface mount soldering on today's boards lol, it's getting f*cking impossible...). Since it'll initially be very low volume most won't take you seriously; if the product takes off they'll be begging...In a little while I'll simply go around asking some of the existing ones what kind of security assurances they have for customers and if the customer can be physically on the premises during fab and get boards immediately and no shipping. I've never seen any mention of "state of the art" or "leading" contract manufacturers here. Except, the chips and components themselves could be corrupted as usual before the board manufacturers. So again, I can repeat and try to get past the bullsh*t and work out some sort of deal (and special contract likely involving some $$) to get on site during fabrication and get chips/components immediately. Tell them I don't want their f*cking proprietary fabbing methods, just observe any cars in parking lot and people coming in and out of lab. It's the best that can realistically be done for now.

On the site, there's plenty of "secure" sites that can be done. No fancy crap, just text and basic buttons, etc. So I'm thinking either a small financial fee for access to this site (on a segregated paypal account, which I feel like there should be better payment options, but that's a different matter), which will be lots of dev discussion, etc. You're not running a charity, quality demands payment. Of course, head of finances needs to be 100% transparent; I've seen shady finance people a few times, it's so disgusting...

On how devs upload code, yes instructions for secure net connection (the best we can do). The whole 9 yards, from initial connection from service provider to touching their 'net PC. Checks on them using that need to happen too, I assume anyone working on project won't be stupid enough to seriously be coding on at bare minimum a non-air-gapped PC.

On initial dev, welp I'll take non-specific response as you're basically saying x86 WINTEL w/ Visual Studio 2012...Microsoft can also export the code back to them too, it's great backups...

On Jack Eisenmann's builds, yes, very nice. He's got quite a few very sexy builds, looks like mostly ATMEGA328's, which are main Arduino chips, which have so much support now; but the computers are nice and he's got compilers for them too even...

A part of my work now, well big part is having two chips from different manufactures in a single product. Nothing extraordinary, superior engineers do this all the time; but makes it harder in that you have whole different tool chains, but just need that one pin spitting out signal, and next chip getting that signal via an interfacing transistor. Next challenge for me (after I get this working first lol) is something I've never done before, which is ADC coding. You can do it on the Arduino, but it's not real ADC coding lol...Just have to keep getting my skills up so eventually I can either be an important team member or spin off my own attempt at a full on secure build...I also have a freshly broken motherboard which I'll be using for firstly trying to locate real problem, fault injection attacks, and decapping chips.

Nick PNovember 24, 2014 12:22 PM

@ Figureitout

Using a subversion resistant development process helps solve a lot of what you describe. The people all operate on a trust-but-verify principle. Diverse hardware, diverse minds, and multinational. I'll help any bootstrap their activities with something trustworthy if they need and preferrably parts are couriered.

The experts are potentially subversive. So far, many academics, businessmen, and FOSS players are consistently producing stuff that I approve of. If your theory was right, they shouldn't be doing that. So, picking some of them to review the work and having others test a sample of their reviews should suffice. Plus, we must remember that their reputation is tied to this: their choices are immortalized in history. The last thing a good academic or senior scientist wants to be immortalized for is someone holding back the good shit. Odds are in our favor on this, especially if in a good geographical location.

re specifics on securing the computers

I already have quite a few options for this part. I'm just not posting them. The reason is, at this stage, obfuscation is a huge part of security and sharing details of one's site security plan just helps HSA's out.

re site security

That's easier than you think. I'm just not doing a web site. :O Well, there will be a web site but it's just mirroring the real data store. I'm going back to client server model where the client and server are written in safe code. The protocols, interfaces, and data structures will be simple. A guard handles transport security sitting in between the Internet and intranet. The intranet *might* use TCP/IP with TCPcrypt or IPsec. However, I might also throw TCP/IP out for another protocol stack or obfuscate it. Robust systems will handle network monitoring, authentication, repository, backups, updates to untrusted systems, and various security critical functions. These will likely be cheap embedded boards running microkernels, etc.

re devs' security

We don't trust them: we verify them. How many times I gotta say this? :P The simplest route for them is to use my old MLS setup: two or more computers, a KVM switch, and a guard. They might substitute laptops/netbooks to avoid the KVM switch. They can use whatever they want so long as one computer is airgapped, data going into it can be vetted, data going out of it can be vetted, and it can be recovered in event of problems. Network connection is handled by an untrusted machine.

And good luck on your hardware work. Yeah, ADC coding might be a bitch to learn. I'm still thinking you're better off just getting something running first (even a Forth or BASIC system) and incrementally improving your setup's security/functionality. Then, you can actually use it for development and as a root of trust. But hey I'm just goofy like that.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.