Nick P • May 23, 2015 8:16 PM

@ Maria von Kretschamn

I appreciate it. Yes, the G-77 are one of the routes with the highest potential and possibly most difficulty. Our hardware guy and I bought thought of using a few in that group. I didn’t think of G-77 itself, so thanks for that. 🙂 My problem is that quite a few in this list are worse than the Five Eyes in terms of regime abuse. I’d have to pick a subset I could tolerate in conscience or have to work with out of necessity. Picking the right ones might be tricky.

” Renata Avila is following coordinated CELAC efforts along with NGOs Derechos Digitales and Oficina Antivigilancia.”

CELAC has potential, esp given U.S. targets many of them. A few, such as Brazil and Venezuela, have the revenue to back the projects. Renata is interesting: writer, activist, apparently ideological, and beautiful. The tech scene has an abundance of technical skills, but not people or speaking skills. She might make a nice face and voice for a trustworthy computing initiative in the area on top of whatever hands-on work she does. I’ve never heard of her, though. What made you mention her specifically?

“No really, frickin slow clap. Hope to see you taking the global south by storm with your dog-and-pony show. It would pop Rogers’ head like a zit.”

His squemish and worried faces would be priceless. Far as doing it, I’ve run many scenarios in my head. If the result is secure and has good production yield, then the scenarios all end about the same way: NSA director makes phone calls, State department puts political/economic pressure on source country, Wassennar countries may apply trade restrictions on that product, CIA’s National Clandistine Service begins taking a more direct role, and organized crime optionally does the same. There needs to be a strong committment at the highest levels of these countries’ governments and preferrably plenty for America to loose in trade. They’ll have to leverage this in negotiations to hold off anything NATO might do.

That’s my prediction, anyway. If strong pressure or attacks don’t happen, then the offering was likely subverted. It’s how I’ve always looked at it.

@ Thoth

“Good money with all the South American situations and the need for Western influence drives these Def Contractors there.”

Most likely. It also provides cover for spies.

“The open patent pool I mentioned would be a useful defense if the patent pool is really strong and deep and lots of good backings which again”

You’re missing it. It’s not “we have patents” on one side versus that on the other. To target a company, one needs patents that covert their products or services specifically. So, you’d need patents on FPGA fabric, I/O tech they use, process nodes they use, EDA techniques they use, and so on. You can have a 1,000 good patents that don’t cover this stuff and it’s no better than having 0. So, each potential patent threat in an industry sector must be met with a countermeasure that applies to them and with similar weight to their own. So, broad, deep, etc apply but the patents have to be specific to the target’s business.

“Malaysia is good place for the fabs to go as Singapore’s cost of living and pay per employee just became marked up yet again (not a bad thing or maybe a bad thing depending).”

I’m considering both. What’s your thoughts on odds of corruption in Singapore fabs? I know all skim money, might grab devices for resell (claiming bad yield), and so on. I’m instead talking about subversion. Singapore allegedly is better in this category than most and I couldn’t imagine Malaysia being better. Well, there is the possibility of “I value my great job compared to people making T-Shirts. Better not get caught doing bad things.”

“(actually I took S.A. countries into consideration on a general scale including Peru)”

I considered Peru, too. Didn’t realize how huge their GDP was until I checked just now. Definitely potential on financing side. Not sure what to make of them without a lot of research. I just haven’t really kept up to date on South American and African countries except for a few. One I really considered in the past was Panama, a popular offshore spot. The thing I liked about about them was how they got the better end of the Panama Canal deal. Things like that might mean they are less likely to roll over for U.S. intelligence, esp if they depend on the result.

Nick P • May 23, 2015 9:28 PM

@ Thoth

Appreciate the tips and analysis. I’ll save them for further thinking on the subject.

Nick P • May 24, 2015 10:13 AM

@ Maria von Kretschamn

Sounds good. I’ll think on it and see how they can be tied in.

Nick P • May 24, 2015 11:27 AM

Interesting article on GitHub giving basic advice for crypto. I got it from Hacker News, where I’ve been having plenty fun. 🙂 I left a critique of a few points on HN. Here it is so I don’t have to retype it:

“”Avoid cipher cascades.” I’ve pushed and successfully used cascades in highly assured work for years. Cryptographers talk down about it but “meet in the middle” is best attack they can cite. So, they’re full of it & anyone who cascaded might have avoided many algorithm/mode breaks. My polymorphic cipher works as follows: three strong algorithms applied out of almost 10 potentials; algorithms are randomly selected with exception that each pass is a new algorithm; separate keys; separate, initial, counter values; process driven by a large, shared secret. Breaking it without the secret requires breaking all three and no cryptographer has proven otherwise despite massive speculation.

I’ll briefly mention scrypt because it’s ironically great advice. I asked cryptographers for over a decade to deliver a slow-by-design hash function that couldn’t be sped up. They, for years on end, criticized me (see Schneier’s blog comments) saying it was foolish and we just need to iterate a fast one. I expected problems and hackers delivered them. I had to homebrew a cryptosystem that input a regular HMAC scheme into another scheme: (a) generated a large, random array in memory, (b) did impossible to speed up operations on random parts of it, (c) iterated that excessively, and (d) finished with a proper HMAC. Array size always higher than GPU or FPGA onboard memory in case opponents used them. Eventually in a discussion, a Schneier commenter told me about scrypt and I finally got to ditch the inefficient homebrew. A true outlier in the crypto field.

Avoid RSA: bad advice for commercial if NSA is opponent. All his risks are true. NaCl is great and my default recommendation. Yet, he doesn’t mention that NSA has another reason for pushing ECC: they own 26 patents on it that they license conditionally on the implementation details along with ability to restrict export. We know what NSA’s goal for crypto is and therefore I avoid ECC commercially like the plague. I just used RSA implementations and constructions pre-made by experts with review by experts. Esp GPG, as NSA haven’t even broken it. They use it internally, actually.

For asymmetric signatures, see above. All points apply. I’ll just add that, for post-quantum, there’s been tremendous process in Merkle signatures with things such as unlimited signatures. Their security just depends on a hash function, there’s no known quantum attacks on them, and they’re doing pretty good against classical attacks, too. So, I’m following and doing private R&D on standardizing Merkle signatures plus hardware to accelerate it on either end.

He says use OpenSSL and avoid MatrixSSL, PolarSSL, etc. He said some vague stuff about their quality. Problem: anyone following the git comments of OpenBSD team that tore through OpenSSL knows that IT WAS S***. It was about the worst quality code they’ve run into with so much complexity and potential to be exploited that the NSA would be proud of it. I’d be surprised if Matrix, Polar, etc are worse and less structured than that. If OpenSSL is really the best, then we’re in a bad situation and need to fund a clean-slate design by experts like Galois and Altran-Praxis.

Although I’m focused on problematic points, his last piece of advice deserves special mention: use TLS. These protocols have proven difficult to implement properly. TLS and their ilk have had many problems along with massive effort to smash them. Against that backdrop, it’s actually done pretty well and using it like he suggests is best option for COTS security. Medium to high assurance systems can always use variants custom-designed for that level. Most don’t need that, though. ”

EDIT: Should’ve said the Merkle signatures only depend on a hash function and the signature scheme itself. Naturally, the scheme introduces new risks over the hash function. Yet, I like constructions based on symmetric encryption and hashing because their security has been easier to reason about. They seem to get stronger over time while the asymmetric alternatives seem to get weaker. I’d rather avoid them where possible.

Nick P • May 25, 2015 11:54 AM

@ Gerard

Is there something about the who that bothers you? Looks like a collection of companies and universities that stand to gain from inventing good standards. They’ll gain anything from money to prestige (with grants). NXP will likely include it in their products. INRIA might at least publish theirs for us to implement.

To me, the project is all good news. There will be peer-review and hardware implementations of existing protocols that desperately need it. There will also be new work in an area that desperately needs it. There’s also others doing work in same areas. I look forward to seeing their results.

Nick P • May 25, 2015 7:35 PM

@ Justin

re Andrew Wallace specifically

Andrew Wallace and some others (eg “better angels”) are trolls. We have had plenty of devil’s advocate discussions here over many years. The discussions bring up points, counterpoints, and so on fleshing out the topic plenty. Then, post-Snowden, there’s new people showing up that drop tons of short or long comments of barely any substance. They often don’t address any counters aimed at them except one here or there. They often talk about tangents that have little to do with the points of discussion. Talking to them results in little added to overall discussion. They’ll occasionally make decent points as a hook or credibility building tool: a common tactic in intermediate-level trolling to preserve interest.

“The male” in question is a good example. I’ve already called him out here. His responses were consistent with trolling: ignoring the points, making false claims, making threats, backing down from threats when bluff called, making new threats, and so on. A person even begged him repeatedly to discuss a claim he made and to no avail. We eventually found a page in Internet Archive with his name, same claims, same threats and so on. I later uncovered evidence that’s he’s a liar and in business with another fraud. After repeated dodging, I gave him an opportunity to prove the slightest thing about his security background or credentials. Andrew Wallace went silent at that point to be replaced by sockpuppets. And so on until the thread was closed.

Concluding, he’s definitely not devil’s advocate, a person representing common counterpoints, or even trying to discuss most subjects. That his Twitter feed reads like a mailing list for British police and intelligence reminded us of similar provocateurs. I doubt he’s theirs, though, because he’s one of the most obvious trolls we’ve ever had. He’s a troll that aims for maximum attention and disruption of online resources dedicated to privacy and security technology with an extremely pro-police bent.

It’s best just not to ever reply to him so we focus on discussions the blog is known for. Maybe one link or note with a reference to his trolling, threats, and fraudulent activity so others know not to waste their time. That’s why I’m writing this: it’s what we can link to with all the other links in one place.

Nick P • May 25, 2015 8:02 PM

@ Snake Oil (from other thread)
re EncryptStick and TurboCrypt Doghouse crypto

What connection was there between Sandisk and EncryptStick? Or were they just a hit in search results or ads?

Good catch on EncryptStick’s 512-bit current and 1,024-bit future AES cryptography. Lol what fakes. And TurboCrypt? That company that knocked off my polymorphic cipher with their own version? They don’t just sell lemons: they turn them into Organic, Gluten-free Lemonade. 🙂

Nice finds. One is indeed legendary in the world of crypto fraud and the newcomer looks like a promising contender for the flyweight title.

Nick P • May 26, 2015 5:31 PM

@ Skeptical

Extremely well-written opinion piece on the evils of Russia, the evils of China, and the propaganda of the United States. You left off installing dictatorships, imperialistically dominating the smaller countries to get their support (including assassinations), mass murder in larger one’s over false pretenses, working with countries known to sponsor terrorism while proclaiming a war on terrorism, aid corrupt financiers who cost us $1+ trillion, prosecuting anyone revealing corruption, using cops/military on protesters rather than the evils they’re protesting, and explicitly/implicitly pardoning many of the most corrupt.

Reading your post, though, I’d think there’s whole marches from Central America to Europe to Africa where people proclaim the greatness of the U.S. and thank it for all its good deeds. Then, looking back at international media, I see that there’s been marches about America for sure. They weren’t saying what you thought they were saying, though. Your selective sense of justice despite being educated on the matter is what shows out your intentions here.

America is certainly better to its people than China or Russia in some ways but far behind other democracies in other ways. I mean, many others beat us on every conceivable metric except how much wealth the richest few get for themselves, how many are in prison, number of patents issued to protect monopolies/oligopolies/trolls, and how much shit we can get away with in speech/publishing. That last part is awesome. Still, I might sacrifice a little of it to get good education, healthcare, less chance of going to prison due to prosecutor’s immunity, no worries of black sites, less risk of kidnapping/death in certain countries due to government’s abuses, and so on. Gotta recognize the problems to fix them and intentionally not recognizing them comes off as pro-U.S. manipulation.

@ Zenzero

It’s a good move in the sense that it’s better than the U.S. As I said before, though, Switzerland does have export controls and intercept rules on online services. They’re hesitant to use them. Yet, they’re available. Iceland would appear to be a better location given no regulations on crypto. Both are good in terms of crime and connectivity. Both a expensive places to live for an American. And, finally, America regularly pulls strings to disrupt citizens operating abroad in ways they don’t like.

All together, it’s hard to say what value these moves to Switzerland have if each company is owned and operated by an American citizen. This is doubly true for a company that included in its advertising that many of its key people were former, Navy SEALs. Even if Zimmerman were anti-backdoor, are his ex-Navy buddies going to be the same if SOCOM asks them “to help protect America from X secret threat using encryption?” This has always concerned me. I’d avoid SilentCircle unless alternatives aren’t workable and it is. Then, I’d still assume Five Eyes are listening just because they’re good at flipping people.

Nick P • May 26, 2015 8:47 PM

@ Thoth

re Samsung

Oh… my… God… I had no idea it was EAL1. There was a conference paper a while back debating whether to euthanize EAL1. Presented in Korea haha. Then, one of my favorite smartphone vendors evaluates their Fort Knox solution at EAL1. Lmao. I bet it’s a marketing stunt: EAL1 lets them say “security certified by Common Criteria” with readers just guessing it was a good level. Might also be cost-savings where they need a CC cert to sell it but the EAL wasn’t specified.

re CC

“No single Government should be able to manipulate the criteria list (which the US Warhawks have the ability to control CC for now).”

That’s a good point. It’s why I specified private.

re phones

Decent criteria. Don’t get too lost in the specifics of CPU, I/O, and their security. Be flexible as there are many model. See my secure smartphone post here. Wael’s assessment above is good too. That you can physically remove the components with ease is a good idea and I’ll add it to my future postings on the subject. Projects such as Google Ara might be leveraged for this.

EDIT to ADD: I tried to see if the EAL1 cert was an early cert to be followed by a better one. It’s not. Further, it seems the Protection Profile itself decided on an EAL1 target. Samsung just went with it. So, that shows the blame is with the CC on allowing such a low assurance process to protect mobiles. Not Samsung using an EAL1 cert to claim to be certified secure under the… wait, what the hell is this? Samsung… claiming to be… with an EAL1… (sighs)

This industry stays f***ed up…

Nick P • May 27, 2015 12:46 PM

replies in order

@ Figureitout

A good idea but not happening: EAL1 doesn’t rigorous testing and hence there’s probably nothing to release. The Cygnacom description says EAL1 requires: a version number; how to install it; informal description of what it does; informal argument that it implements that; guides for admin and users; basic testing of the security features against the informal descriptions. Aka the… weakest… assurance claim… ever. Total “bullshit” like you said.

Although, as I pointed out, many companies that internally use good development processes get a lower certification to save money and get those government contracts. The buyers are more likely to look at their brochures, reviews of them, or demo’s than CC certs. At any level below EAL6, it’s all a show and even EAL6-7 only buys you whats in the stated requirements.

“Regardless, I thought we’ve pretty much thrown out regarding a smartphone as anything but secure; I like using it for quick notes instead of millions of slips of paper like I usually do. ”

Yeah. Same here. Anything I use it for I assume is recorded indefinitely. Given what they have on me, I can go ahead and use it for plenty as it won’t change my level of risk. I just avoid such devices for anything new I do that’s security-critical.

@ Wael

“It took an hour to format. It’s gotta be better than good?”

Oh, it was great. Good is just one of my default words. I swore I gave your frameworks due praise in that thread or in the past.

@ Thoth

Check out NICTA’s Trustworthy Embedded Systems work and OKL4 tools. They’ve simplified a lot of it by creating a CORBA-style framework to integrate pieces of applications running in different protection domains. An assured toolset to do that combined with the components we need could produce a whole system with higher than COTS assurance.

Far as Trusted Path, that’s another nice piece of work in this area. Trusted path has been a requirement for a long time. See also Dresden’s Nitpicker GUI and EROS Trusted Windowing System (I think it was called).

@ Clive

Good point on reputation. We actually dodge some of this effect by the standards. We throw our reputation on a set of evolving standards, guidelines, and so on. We show how they prevent or catch many problems in uncertified products. We also publish data on new attacks, try to provide guidance for existing products to dodge that risk, publicly work on ways to mitigate it more thoroughly, incorporate it into our criteria, and have existing certified products deal with that to keep certification. Rather than recommending bad products, we’re seen as people doing what we can and fighting the good fight for our users. This has proven true with a number of companies in the security industry despite them doing a lot less for their customers.

So, I think some model along those lines will help deal with negative consequences of tying evaluation criteria with evaluators’ reputations. I can say for sure that our successes will outweigh our failures and we’ll be able to graphically illustrate that in comparison with competing organizations.

@ Jacob

Good call on EAL6+ being on the restrictions list. It’s why I told Thoth to use Iceland instead of Switzerland for such parts: they’re not on that list. Plus, we’ve seen exceptions for more open stuff because borders couldn’t contain it. Tor got an exception for their controlled aspects because U.S. export law makes an exemption for tools combating censorship. One idea I had for doing stuff here is to make extensive tools for censorship resistance that can be tweaked to do more than that by open software published elsewhere. The kind of tweaks my organization wouldn’t really have time to fight or prevent. 😉

I gave the details on export restrictions, including high assurance security, in this post. The discussion there was interesting. Many unknowns was what I got out of it.

@ Gerard
(@ Thoth)

“We can simply focus on the technicalities of secure systems as what we have always done and ignore the trolls 🙂 . We are better off doing something more constructive as what we have always done … ” (Thoth)

Exactly. I call them out where they’re distracting discussion and will start hyperlinking them like I did Andrew Wallace. That will shorten it. Past that, we need to put at least 80-90% of our energy into discussions with the people contributing the most. I’ll also add that it might be worthwhile to develop a front-end for pulling the site’s contents, whitelisting certain names/conversations, blacklisting others, and posting replies back. This could be useful in general for blogs with commenting policies that bring in trolls as a side effect.

@ Smoking Hot

It’s a nice alternative to admin- or wallet-intensive honeypots for businesses that would usually buy them. I think it’s good for keeping out the riff-raff like most such technologies. The best bet is a combination of prevention, detection, and recovery. So, my commercial model looks something like this:

1. Trusted systems and network with strong endpoint security, minimal functionality for critical apps, no risky hardware, dedicated wires, no Internet connection, a data diode for incoming data from untrusted sources, and a guard (or write-only media) for examining/signing/releasing outgoing data.
2. Untrusted systems for Internet, apps that need them, and so on that use their own network.
3. A thin client or KVM switch to easily switch between them.
4. Software on both that lets use of diodes or guards happen with nothing more complex than drag and drop, albeit with restrictions on formats & probable scanning.

5. Monitoring and recovery on both sides with untrusted side’s critical data also protected by trusted systems for stronger recovery.

6. Optional honeypots imitating both common and site-specific functionality which use strongest detection and recovery tech.

This overall setup keeps things simple. The users do critical things on the machines that are the most trustworthy. They have a method to bring in data they need to the stronger endpoints. They have a robust method to release what they intend to release and nothing more. They have higher chance of detecting compromises of trusted systems because their traffic is authenticated & easier to analyze than traditional clients. The extra hardware is minimal with each user costing $500-1000 plus $5,000 min for the guards plus whatever the normal cost is. The amount of security, performance, and so on above the baseline would drive the price up further.

Yet, this setup would be much more resilient to common infiltrations (even APT’s) without much extra difficulty or money. Plus, I’d rather drop $5,000 on a guard with application-layer protection than a honeypot any day. My money will go a lot further even with a knockoff of a high assurance guard. It can probably also run a honeypot if you tweak existing, open software for that. 🙂

Note: Here’s Boeings clever offering in this area. Both they and I were inspired by prior MLS, MILS, and physical separation work. Their scheme is more complex but has aspects worth imitating.

Nick P • May 27, 2015 6:21 PM

@ Clive

I read about that, too. Pretty cool. And, yes, I do miss slamming the phone down on someone. I need to get another landline for that. Not to mention, there are Vtech phones for $5 that are almost certainly designed for that. 🙂

Nick P • May 29, 2015 7:32 PM

@ Joe K.

Haha nice! Might test it out later. You might want to put “Bruce Schneier” and “Moderator” on that list, though. 😉

Nick P • May 30, 2015 3:27 PM

@ Justin

Great catch! Hence, isolation by default even for text editors.

Nick P • May 30, 2015 8:26 PM

@ tyr

Reading this article, my favorite quote among all the entertainment was this line:

“The story is so fantastic it doesn’t matter whether it’s true or not. If it’s true it’s better than our politicians, who are decidedly less accurate with guns. And if it’s a lie then it’s still a better story than any of our politicians can muster, and certainly more comforting. Realizing you’re in the capable hands of a man who defeats tigers in his spare time is reassuring. Hell, it’s practically an honor to have your country dominated by a man like that. ”

U.S. politicians’ images are truly lame compared to his. He plays every angle. If our politicians are going to be dirty, I’d at least like to have their back on occasion saying “Hell yeah, I can’t believe he did that. Maybe he didn’t because it was so awesome. Or maybe he did. Who knows!” I’d like to be proud and amazed of them at least once a year. Just doesn’t (or rarely) happens. The Russians seem to have a monopoly on that stuff.

Since Roosevelt, at least. 😉

Nick P • May 31, 2015 9:37 PM

@ tyr

Ah, CP/M. That OS fit in 3K because it barely did anything. Although, it was impressive what they did with 3k. If you like those, check out this 8-bit OS if you haven’t seen it. Uses some extra memory but they go really far with it for an 8-bit.

@ Clive Robinson

“One of the only benifts of being “bed ridden” –due to nasty chest infection and other nasties– is browsing the web.”

You know they install it in homes now, too? You don’t have to keep getting yourself sick just to browse the web. 😛

re 20 committee

THAT is an interesting site. My first reaction was “a lot of talk and little evidence backing it up.” Let’s trust the guys intuition to back almost everything he says. Looking at the Snowden section shows his true colors. He first is sure of the Beijing connection. Then, clearly it’s a Russian operation. He goes all righteous anger on Snowden for his foreign leaks: the traitor that did so much damage to our operations and deserves the most severe punishment. Yet, he barely touches the wrongdoing Snowden revealed, doesn’t call for severe punishment for those offenders in those articles, implies reforms were just around the corner thanks to people like him, and blames Snowden’s leaks for those failures too. You’d think this guy was or is in U.S. intelligence.

Oh wait, he was. Is? You never leave. 🙂

Note: I did like how he caught that Snowden said “the NSA” and said “Nobody says “the” in front of NSA.” Reminds me of similar thing in The Good Shepherd, that semi-disinformation film CIA loves. I’ve seen them do both yet his accusation was easily countered: Snowden was not NSA but received tasking from them. Of course he wouldn’t talk like an insider. A counter-intelligence “pro” like this guy should know that.

re The Dick Hunters

Man, that was hilarious. I showed it to a bunch of people lol. I could imagine all kinds of trouble coming from that job description. I’d put LEGO Dick Hunter on my tax return. IRS auditor would show up asking if I was in the male pornography industry and what it had to do with LEGO’s. I’d tell them “No, I just do it in a popular children’s game for their safety. I show up in their world looking for dicks that shouldn’t be there.” FBI shows up. I explain I was taken out of context: I merely try to stop children online from seeing dicks by… comparing everything they build to a dick. I show the FBI videos of the dicks we found and the kids building them along with us taking them down. Conversation gets more awkward by the time it gets to my boss. After seeing our massive unit (err division) working hard, the FBI realizes there’s no harm and heads home having learned a few new tricks of their own.

After it all passes, I decide I’ll just write “quality assurance” on my tax return next year. Assuming I still have the job.