Obama Administration Not Pursuing a Backdoor to Commercial Encryption

The Obama Administration is not pursuing a law that would force computer and communications manufacturers to add backdoors to their products for law enforcement. Sensibly, they concluded that criminals, terrorists, and foreign spies would use that backdoor as well.

Score one for the pro-security side in the Second Crypto War.

It's certainly not over. The FBI hasn't given up on an encryption backdoor (or other backdoor access to plaintext) since the early 1990s, and it's not going to give up now. I expect there will be more pressure on companies, both overt and covert, more insinuations that strong security is somehow responsible for crime and terrorism, and more behind-closed-doors negotiations.

Posted on October 14, 2015 at 9:39 AM • 84 Comments

Comments

AlanSOctober 14, 2015 10:24 AM

From the "It's certainly not over" department: James Orenstein Calls Out Jim Comey on His Prevarications about Democracy.

What Orenstein did, then, was to make it clear this continues to go on, that even as Jim Comey and others were making public claims (and getting public acclaim) for not seeking legislation that would compel production of encrypted data the government — including, presumably, the FBI — was seeking court orders that would compel production secretly.

SteveOctober 14, 2015 11:03 AM

Which probably means that NSA has already broken the major encryption schemes and can read the plaintext like the daily newspaper.

Bill StewartOctober 14, 2015 11:41 AM

Unfortunately, Obama hasn't decided that mandatory crypto backdoors are legally wrong or even technically broken and told the agencies who work for him to stop pushing for them.

He's only decided they're not politically feasible at this time, but is letting his agencies use them as a demonstration that they've backed down on perfectly legitimate requests so can they please have some smaller requests as a concession.

James SutherlandOctober 14, 2015 11:43 AM

@Steve: Or they've figured out they don't actually have the resources to do anything sensible with the plaintext they already harvest from open sources, let alone anything they might obtain from breaking encryption...

CuriousOctober 14, 2015 1:11 PM

If the US president isn't pursuing a "law", what about the use of his executive powers?

I simply am imagining that a discussion about there being or not being a "law" as such, could be thought of as possibly being a distraction of sorts.

Encryption Only Effective Against External ThreatsOctober 14, 2015 1:29 PM

Encryption is only effective against external threats or data trafficking. It does nothing against a local key logger or instrumented Operations System. Windows 10 and “User Experience” updates to Win 7 & 8 give full access by simply flipping a few bits remotely controlled in an authorized malicious “Update”. This is why exactly Update descriptions are no longer descriptions provided. Naïve users have given up their fundamental Constitutional rights by simply agreeing to the Windows EULA. The Cyber sharing law provides Big Data collectors complete legal immunity for sharing data. The USA government and FBI are grateful for the High Tech industries recent increased cooperation.
This is the major reason why The European Supreme declared the Safe Harbor agreement illegal.

European Supreme Court: Because of NSA, U.S. Corporations Have No Self-Agency To Agree To Privacy Obligations
https://www.privateinternetaccess.com/blog/2015/10/european-supreme-court-because-nsa-u-s-corporations-have-no-agency-to-guarantee-privacy/

B. D. JohnsonOctober 14, 2015 2:06 PM

Not only do you have the "bad guys would exploit the back door" problem, you also have the fact that bad guys simply wouldn't use the encryption schemes that have back doors. The cat's out of the bag, so to speak, and open-source non-backdoor encryption is (and probably always will be) available for those that look for it.

rgaffOctober 14, 2015 3:00 PM

@James Sutherland

"don't actually have the resources to do anything sensible with the plaintext they already harvest from open sources, let alone anything they might obtain from breaking encryption"

Except.. you see... if you're trying to hide something, you MUST be doing something illegal, so ALL RESOURCES must be devoted to reading THAT... and go on fishing expeditions for any and all crimes you might be committing.

Funny a couple years ago "fishing expeditions" was only attributed to totalitarian regimes, now everyone expects it of democracies too...

AlanOctober 14, 2015 4:23 PM

What if the bad guys are the self same governingoes rulers, and they never gave up their back doors. Meantime, in the real world, a friend was offered a listen to ANY call she so pleased in therror whole metro area by a local detective friend of hers. In the 1970s. Whatcha gonna do when...

Constitution_vulnerabiltyoneOctober 14, 2015 4:55 PM

There are 8 vulnerabilities or SECURITY HOLES in the USA
Constitution. Since I am NOT stupid, (hopefully NOT crazy)
I point the finger to Russia (USSR) where Pres Putin simply
evades term limits that are CONSECUTIVE by rotating around
with 'friends.'

no, I don't think like our European Allies that Pres Obama is
Crazy at least in the American everyday usage.
note: please don't hassle me when I fly on the airplane on the
'black list.' Thanks.

1 *theme: Is President Obama Crazy? or About the Same Craziness
2 As I in terms of impeachment from office?
3 http://www.thegatewaypundit.com/2015/10/report-eu-government-believes-obama-is-quite-mentally-unwell-inquires-about-impeachment/

4 *title: Report: EU Government ‘Believes Obama Is Quite Mentally
5 Unwell’, Inquires About Impeachment
6 *date: Oct 13th, 2015

7 A senior diplomat with a European Union government allegedly

8 told former NSA intelligence analyst and counterintelligence

9 officer and [20]Daily Beast columnist John Schindler

10 that his/her government believes President Barack Obama

11 is ‘quite mentally unwell’ and inquired about impeachment.

12 *q: Is this columnist writer a clown? or is he credible

13 as a journalist and former COUNTERINTELLIGENCE OFFICER?

14 *q: Is the quote tweeted publicly?

15 *q: semi-official position of the government?

16 What is striking is that the ‘senior EU diplomat’ said

17 it was the opinion of his/her government, not his/her

18 personal opinion, that Obama was considered a candidate

19 for removal from office for insanity.

19 for removal from office for insanity.

20 *note: I personally don't believe the President is 'insane'

21 enough to be removed from office or at least any more insane

22 than the doctrine of World War III - M.A.D.

23 - Mutual Assured Destruction.

24 Ooooops! how odd that M.A.D. seems to be a pure

25 coincidence for mad or INSANITY.

26 *****************

27 *theme: Why President Obama Should be Appointed to

28 Speaker of the House/

29 *a: there is no legal obstacle to this

30 www.speaker.gov

31 **House of Representatives are looking for candidates

32 *legal examination draft of the Constitution

33 The constitutionally mandated process for removing Obama

34 from office over mental health issues would be to invoke

35 Section 4 of the Twenty-Fifth Amendment.

36 *quote: transmit to the President pro tempore of the
37 Senate and the Speaker of the House of Representatives ...

38 1.)If President is also Speaker of the House, then

39 a.)declare himself crazy

40 b.)declare himself NOT crazy and this could nullify

41 Section 4 of the Twenty-Fifth Amendment.
42 ********************

43 http://history.house.gov/Institution/Origins-Development/Speaker-of-the-House/

44 Some Speakers have aggressively pursued a policy agenda

45 for the House while others have, in the words of Speaker

46 Schuyler Colfax of Indiana, “come to this chair to administer

47 [the] rules, but not as a partisan.”

48 Regardless, the Speaker—who has always been

49 BUT IS NOT REQUIRED TO BE) A HOUSE MEMBER AND ...

50 BUT IS NOT REQUIRED TO BE) A HOUSE MEMBER AND ...

51 *note: the reason why present Speaker of the House

52 John Boehner is resigning is the partisan fights within

53 the Republican/left-right wings/Tea Party/Democrat

54 parties.

Dirk PraetOctober 14, 2015 5:49 PM

@ Bill Stewart

He's only decided they're not politically feasible at this time,

Not just politically, but also legally. Any congressional or executive attempt at mandatory crypto back/frontdoors will be met with law suits by the EFF & co. as an unconstitutional prior restraint to free speech, as previously set forth in Bernstein v. United States and Junger v. Daley. As long as the DoJ is not feeling confident enough they can win this, it's not going to happen as a negative verdict might settle both the current and any future crypto wars once and for all.

@ Constitution_vulnerabiltyone

I've always wondered what kind of device @tyr is using fort his comments, but what the heck are you on !? It looks like it's coming straight from Pastebin or an ancient RPG III source editor on IBM S'38 or AS/400.

SteveOctober 14, 2015 7:15 PM

@James Sutherland Obviously, my tongue was slightly in my cheek when I wrote my comment (though not entirely), but consider this: when ever did the NSA decide they have too much plaintext to analyze?

Collecting information is like collecting money. You can never have too much.

Just ask Google.

Nick POctober 14, 2015 7:23 PM

@ Dirk

Found it. He must have a printf knockoff to clean it up before his I/O appliance puts it on the blog. Or there's so little memory that part of it gets cut off when the buffer overflows and wraps around.

Bob S.October 15, 2015 7:27 AM

As usual the announcement working is precisely dis-informational. Obama is not seeking a backdoor. But, he's leaving soon.

In the meantime, the globalist military-corporate-police coalition will be working feverishly on creating a worldwide legal structure for the backdoors, and of course using all means available to hack, crack, and break electronic security measures of any kind.

I certainly agree with " Encryption Only..." regarding windows. It's not only a keylogger, it can log EVERYTHING...keystrokes, mouse, passwords, docs, video, audio. You can get around google and facebook, but how do you get around an operating system that is a legal data logger? Meanwhile, software companies everywhere are using the EULA to dip into personal data. AVG, the free anti-virus, changed it's EULA and will be collecting personal data and maybe selling it, or maybe not, but at least you were told. Think about the implications of that one for a minute.

When CISA passes, likely before the end of the year, any pretense of data privacy will be eliminated in the USA. Everything done electronically will be available to world governments and corporations free or for sale to the highest bidder. I will be done posting here that day and transitioning to an entirely different way of electronic interaction. (I read an article describing the skullduggery involved with CISA a couple days ago, it's now been vaporized. Another new trend: Commentary disagreeable to the gov. disappears.)


It's like we have all become prey animals for the rich and powerful to devour.

And the beast is very hungry.

Marcos El MaloOctober 15, 2015 8:19 AM

@James Sutherland @Steve

Remember to take into account the hoarder mentality. Individuals suffering from this mental disorder feel the compulsion to collect stuff way beyond what they could reasonably use because "they might need it someday". I'm sure this has become ingrained in the IC culture.

bob tOctober 15, 2015 9:23 AM

A whole lot of double speak. If the company holds the private key and can make the information available to law enforcement, that's a back door. Period.

AlanSOctober 15, 2015 9:40 AM

@Grauhut

You beat me to it. Here's an additional link to a related blog post and the paper abstract.

How is NSA breaking so much crypto?

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (PDF)

We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to “export-grade” Diffie-Hellman. To carry out this attack, we implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logs in that group in about a minute. We find that 82% of vulnerable servers use a single 512-bit group, allowing us to compromise connections to 7% of Alexa Top Million HTTPS sites. In response, major browsers are being changed to reject short groups. We go on to consider Diffie-Hellman with 768- and 1024-bit groups. We estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break. We conclude that moving to stronger key exchange methods should be a priority for the Internet community.


Nick POctober 15, 2015 11:30 AM

@ AlanS

A nice write-up and detailed version of the decade old recommendation: use 2,048 bit or more. The RSA challenges, Moore's law, and HPC community already demonstrated this risk a while back. There were question marks all over 1,024. A good heuristic in security is not leveraging anything with lots of question marks about its security. ;)

AlanSOctober 15, 2015 1:51 PM

@Nick P

Quite so. So much for going dark. More effort needed...

The whole "going dark" thing strikes me as a both a scare tactic and a lullaby, depending on the audience. It is designed to make those who are prone to worry about 'terrorists' and other bogeymen feel less secure than they are and those who worry about civil liberties feel more secure than they are.

GrauhutOctober 15, 2015 4:43 PM

@Alan,Nick: Its not only key length, the problem is that many vendors always use the same big prime number in DH.

"For the nerds in the audience, here’s what’s wrong: If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime."

Rainbow table reloaded on steroids... :)

GrauhutOctober 15, 2015 4:54 PM

Is a FISA court order thinkable that orders a software vendor to use a "special set of primes" in DH?

This could be the "front door" the anti-security fetishists dream and talk about.

rgaffOctober 15, 2015 6:40 PM

@Nick P

That attack works against any length DH... but a common 2048 bit MIGHT be still out of reach for them to perform the precalculation work on... whereas 1024 definitely is within their reach! Or one could use 4096 bit and generate your own prime instead of using a common one...

I like figuring out what we think is safe and doubling that just in case, rather than always attempting to live right on the edge of the cliff... Instead of figuring out what is the shortest/fastest/most-efficient/etc we think we can possibly get away with... how about instead we figure out what is the longest/slowest/most-secure/etc that we can bear to wait around and pay for the electricity on...

Nick POctober 15, 2015 8:30 PM

@ Grauhut, rgaff

I was just seeing what you would say. The paper itself said 2,048bit keys are secure since they'd be over a billion times harder to crack. The problem is the key size at 1,024 or less because that puts attributes of the system within adversaries' computational reach.

Switch to ECC or 2,048 bit minimum.

SteveOctober 15, 2015 9:04 PM

@Marcos El Malo: Exactly my point.

I've worked in a lab where the PI has collected (and continues to collect, as far as I know) more data than can be usefully analyzed in several scientific lifetimes. I suspect that the NSA continues to snarf data beyond the point where it's useful.

If a email falls in a forest and there's no one to read it, does it make a sound? Or a difference, for that matter?

rgaffOctober 15, 2015 10:57 PM

@ Steve

"If a email falls in a forest and there's no one to read it, does it make a sound? Or a difference, for that matter?"

It's not about whether all emails are read by literal humans.... You see, with dozens to hundreds of thousands of laws on the books, so many that even the government itself has lost count, I guarantee you that you break more than one of them somehow every single day, and with everything you've ever said logged and recorded forever, it can be proved too! So if any powerful person doesn't like you and wants to put you away.... away you go. This is the way totalitarian governments work.

ianfOctober 16, 2015 2:09 AM


@ Steve “suspects that the NSA continues to snarf data beyond the point where it's useful.

Suspect no more. The more—if never mined—data is collected, the bigger the value of the mine (store).

The spying produces ever growing “aircraft hangars full of haystacks of data” [a terrorism expert quoted in a Frontline documentary (available online)]

@ rgaffif any powerful person doesn't like you and wants to put you away, [they will]

Correct; observe however that, unless it's a state-level (incl. rogue) actor that you've pissed off, there are easier ways to destroy your life, reputation, than by having some GCHQ minion sift through amassed "tollrope[*]" for passable evidence. All they'd need to would be planting some children pr0n on you while you're in transit, or a package of coke (that somehow "went unaccounted" during a raid against a drug dealer), then stage a bust "after anonymous tip-off."

[^*] Scotland Yard's label for the product of telephone surveillance of a target acc. to “Edge of Darkness” TV series ;-))

GrauhutOctober 16, 2015 4:38 AM

@Nick P: "So you're saying this attack works against 2,048 bit DH?"

The Attack only works because real life implementations of DH use hard coded single primes or a small catalog of them below 1024bit.

If you can do a rainbow table alike attack on a single prime number below 1024bit you can drive the same one against any prime number below 2048bit.

This only takes more computing power and we all cannot know what they have in their basements. And yes, i know the "number of atoms in the universe" argument. Do we here know all possibly knowable kinds of math?

At least those of us here who do not work in those basements can not know. ;)

Nick POctober 16, 2015 7:52 AM

@ Grauhut

I know how the attack works. It requires two components: (a) re-use of small number of hard-coded primes; (b) size small enough to crack. Having (a) without (b) makes the attack useless. So, keysize is the first consideration. The 2,048-4,096 bit schemes are safe from this attack because of their key size. Reducing key size to 1,024 bits or lower opens one up to this attack. Suddenly, one must watch out what primes they [re-]use.

So, the size was the problem. That problem was well-known for years with recommendations to use at least 2,048 bits. Same one applies now.

Miguel SanchezOctober 16, 2015 10:51 AM

On the post:
About time they shut their claps. This came on the heels of the Snowden disclosures, and could not have been more poorly timed. They have kept it up all the while the Snowden disclosures were at their peak media loudness. Now, it is quieted some.

Conspiracy theories aside, they had a strong need to proclaim this message, implicit, inherent, in what they have been saying here: "We need total information awareness level surveillance to keep America secure". ie, more data, equals more secure regardless of where that data comes from, such as from domestic, friendly civilians, or foreign, friendly civilians. They want it all.

Why? Because they have nothing.

This beats the science fiction drum that more data equals better data. This is simply not true. It says "Snowden was wrong, we are in a challenging, 'ticking clock' action movie where if we do not get all the data from the whole world, bombs will explode and Americans will die". It is nonsense.

What else could they say? Snowden is right? Fire the heads of US Intel? They are idiots? That these far reaching plans and instrumentations have done zero - zip - nada - to fight against terrorism... or anything else?

@Bob S.:

The Meat Eater's Guide to the Information Apocalypse. :-) I think that is the chief concern people have, but who, ultimately, cares so much about the little guys? I see this approach as backfiring. I think it is the ones who really don't want their secrets spilled that are in most danger to this. But, it is most like a 'birds eat free for all', that is king and queen and commoner alike, their naked secrets strewn out under the desert's hot sun. Up for the grabbing by all. To be tossed and rended in jaws.

More data gathered up, more backdoors kept in code (at the least unintentional vulnerabilities not report, at most intentional vulnerabilities injected into code)... more

@Steve, 'Encryption Only Effective Against External Threats', et al, basically 'they have backdoored everything effectively by one means or another already'


They very well may have. Android, iOS, major Linux Vendors, numerous major other OS vendors, Windows, Apple OS, all here, in the US.

The US intel and law enforcement has a choke point here and can exploit that by every means at their disposal. They did not turn shame faced at the Snowden disclosures. Instead, they ran directly at the cameras and said, "Yeah? So what? In fact, listen up world, we want more data, now."

@Steve, ianf:

“suspects that the NSA continues to snarf data beyond the point where it's useful.” ... & ... Suspect no more. The more—if never mined—data is collected, the bigger the value of the mine (store).


This is really what I see as the gist of the matter. The very reason why their entire domestic surveillance operation delivered nothing. (Discounting anything they wanted to keep secret on, let's get real, if they had a lot, they would have had a bone to throw and they had no bone after years of running these operations.)

Yes, technically "more data" means "more value". Theoretically. We have all surely seen this in the movies and tv.

There is, then, a lot of data for them to get. That is, they have a reason we can not deny for them to want to get as much as possible. That is what they do. They won't stop.

The governments, though, really, are just a small angle of the problem. The larger problem is the corporations and us, the consumers. We are, of course, trading somewhat our privacy for free services. That is the modern relationship of the private with the public.

But the government angle is scary here, because -- 21st Century, anyone? 1984. Communism. Nazism. Hoover. Fascism, authoritarianism, under left and right guises alike. If they can, they will.

Still, the problem is overwhelming. Technically, they can not sort through all of that data. They are creating more haystacks. It is like when a blind person is healed after being blind since grade school: their eyes do not work. Information overload. Their brains were wired in a different way and it takes a really long time to learn to process all that new visual input.

This literally blinds them when they need to see.

Meanwhile, they vastly overestimate the time required to actually parse all that data. But, they are starting, that they have to do. They have to have systems that can really understand 'in between the lines' talk, the complexities of human psychology -- and people do not even understand their own selves. Otherwise? Nobody would have any problems, which is far from the truth.

So, their trying to keep the doors fully open is both premature, vastly so; but, also required because such systems they will eventually want to have decades on down the line, to beat rival nations.

Put more succinctly: the nation that can best parse the most data, wins.

That *is* *Intelligence*, ladies and gentlemen.


rgaffOctober 16, 2015 11:39 AM

"more data" does mean "more value"... when your "value" is in how much dirt you have on individuals for personal vendettas.

GrauhutOctober 16, 2015 3:12 PM

@Nick "The 2,048-4,096 bit schemes are safe from this attack"

So you want to tell us you know all thinkable and possibly usable kind of math algos in the prime number arena?

I prefer socrates position, i know i know nothing (relative to the possible amount of knowledge in the universe [the one a unified theory will describe some day])

rgaffOctober 16, 2015 4:06 PM

@ Grauhut obviously nothing is "safe" forever... but you gotta use something in the mean time...

Nick POctober 16, 2015 9:30 PM

@ Grauhut

"So you want to tell us you know all thinkable and possibly usable kind of math algos in the prime number arena?"

Basically, if there's a chance of failure, it can't be used by your logic. I'm guessing you apply no cryptography at all based on such reasoning.

Meanwhile, I'm saying that the authors and those before them say 2,048-4,096 bit are safe from known attacks on the math. That's actionable. Also, I'm recommending something better (Bernstein's stuff). I've previously recommended for the most paranoid the use of pre-exchanged OTP's to generate the key material with endpoint setup like Tinfoil Chat & multiple layers of encryption. In between the two are secret splitting + an exchange with very different protocols (from DH to NTRU to McEliece).

So, I'm giving options people can work with and achieve something in the real world. There's no sense in taking a "there might be a flaw at some point so why bother" idea unless you're simultaneously promoting strict face-to-face meetings with bug sweeps, no computers and no records.

WaelOctober 17, 2015 2:56 AM

@Nick P,

I've previously recommended for the most paranoid the use of pre-exchanged OTP's

Two points that you are well aware of:
1- Exchanging an OTP has its known challenges
2- The end points need to be "secure"

We need a recommendation on how to overcome those two challenges :)

nighthawkOctober 17, 2015 4:26 AM

http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf

There already pushing the SHA-3 standard of KECCAK but take note all you crypto buff's that once again we can all look forwards to functions within the 224-bits, 256-bits, 384-bits, and 512-bits range.

Unfettered encryption... Not really when you consider the guy who gave us all rainbow tables was Robert Morris (Cryptographer) for Bell-Labs, now take a look at Google, pushing Poly and ChaCha for LibreSSL whilst saying they have nothing to do with Government Spying.

The truth is that SSL is broken by design, it doesn't wrap properly on either Windows, Macintosh, Linux or BSD and then you get the Plan 9 from Outer Space team humping your cryptographic hash function with the Space Bunny (Genie) or Blue Gene and Glenda Braun's Boobs!

Insider trading at Lucent is soo Legendary, so it's good to know that rather than put a stop to it all, they're goal is to just keep the fraud going!

nighthawkOctober 17, 2015 4:43 AM

I mean in all honesty how dumb can people be?

A building shaped like half a Pyramid with an all seeing eyeball.

Oh look, bell-labs is a building shaped like half a pyramid with no cap stone.

Oh, we see the light at last, 9P an invisible protocol designed to wash the net under the TCP/IP layer harvesting all of it! ANSI-C a standard not widely adopted or used which actually puts a complete end to Hacker break ins and crime on the world wide web in one fell swoop, but remember this is all coming from an agency who's stated goal is world domination of all the worlds information. Nice!

nighthawkOctober 17, 2015 5:35 AM

There she is the Un-identified Flying Object, the US of A's most secret space ship...

Let's take a look shall we.. u9fs, v9fs, socksfs

nighthawkOctober 17, 2015 5:37 AM

It's so top secret even the Russians are using it for there network spying (security)

Linux - MetaCity (Hands off our meta-data!)

nighthawkOctober 17, 2015 6:47 AM

Implant's in your PC? Don't fret, the Insider Trading Bunny turns them all off!

ianfOctober 17, 2015 9:09 AM


@ WaelExchanging an OTP has its known challenges

I hope you meant this OTP, rather than my OTP, let alone any of the other OTPs, mere contemplation of which is already that challenging ;-))


@ rgaff, Miguel Sanchez, Steve:

The "more data" = "bigger value" of a database is a general, hard to negate statement of fact, not one specifically of NSA's aircraft hangars full of haystacks. I'm sure there are math models explaining why this is so, but, in short, the bigger the sample, the lower the overall acquisition cost per record, and (in theory) the fewer compound false positives and other data debris.

For comparison, look at the immense amounts of satellite & deep space probe data etc collected over decades by NASA, JPL, astronomers, and other space actors… nobody is poring over them actively, but I am sure they are being added to, maintained, transferred to ever newer storage media, simply because there might soon be a time when they'll come in handy. Once gathered, the cost of storing the collection in perpetuity is negligible in comparison to the price of its once acquisition.

Same with the NSA (I'm not justifying their behavior, simply trying to see beyond the angst). They know that they have no hope in hell of ever skimming more than a teeny, teeny portion of it, but, as long as they put time/place stamps on every record by default, they (again, theoretically) stand a chance of reconstructing a path of something specific that has happened in the past (digital "walking back the cat"). Storing the entire firehose is also far cheaper than targeting only specific targets or data patterns (them CPU-cycles ain't free!)

    Mere ownership of such a vast data trove automatically gives the NSA immense continued funding power - which the US civilian overseers seem unwilling to curb. And there we stand, and can't do dick about it. Maybe, following the first step taken in ECJ, Europe will finally wake up from its post-WWII doldrums, and realize that only together do we stand a chance of containing the digital hegemony of friendly-faced Yankees.

Clive RobinsonOctober 17, 2015 9:56 AM

@ Wael,

We need a recommendation on how to overcome those two challenges :)

In a sentence,

Build a space ship and go live on Mars, it should be safe but dull for a few years yet...

Nick POctober 17, 2015 10:06 AM

@ Wael

I did mention TFC and face-to-face meetings. A strong implementation of the first solves endpoint issue and second is how you exchange OTP's. One CD-R per person with session and authentication keys from it each day could last longer than the CD-R itself. Heck, with modern storage, one can use an OTP the way it was originally intended without having to meet more than once every 1-3 years. That's if just sending text or keys for larger stuff (eg videos).

Clive RobinsonOctober 17, 2015 11:12 AM

@ Nick P,

One CD-R per person with session and authentication keys from it each day could last longer than the CD-R itself.

Many many years ago there was a scene in a James Bond film where he was at the wedding of his CIA chum Felix Liter. Felix was just hiding an optical media disk in the frame of a photo...

James Bond was played by Roger Moore, so this tells you how long ago and if I remember correctly pre-dated CDs...

The problem of course is how to stop used KeyMat being either reused or copied by an attacker...

On the assumption you could perfectly overwrite parts of a CD you would still have to do it on a block or sector basis, which means a lot of the OTP would go to waste.

The more dense the storage, the greater the size blocks and sectors tend to become thus the greater the wastage issue becomes.

Hence my interest in they 1990's in "card shuffling" algorithms to think about how to make more effective systems.

That is you have a block of memory that you use a suitable CS-PRNG to shuffle. Provided the content of the block is only shuffled not seeded by the CS-PRNG reversing the shuffle is going to be difficult. The trick then is to also find a CS-PRNG that cannot be reversed of which there are one or two. Thus an attacker can not in effect reach back in time.

Running two or more CS-PRNG over the same memory block at different rates interleaving and blocking will in effect give you an "entropy stretcher" of quite some ability. Which leaves you with the issue of seeding and selection method for rate, interleaving and blocking. Which could be done from a good old fashioned paper one time pad, thus making it's destruction more certain.

Yes there are problems with this idea but... Are they any worse or better than having the used portion of a CD based OTP hanging around waiting to be grabbed by an attacker... From my perspective a non rewindable system may be of more practical use under quite a few threat scenarios than a CD or equivalent where you can not effectively and easily destroy used KeyMat.

Clive RobinsonOctober 17, 2015 12:06 PM

@ Gerard van Vooren,

You may be right, I guess I'm going to have to borrow the DVD and watch it...

Nick POctober 17, 2015 2:40 PM

@ Clive

While that sounds interesting, I think it's way too complicated a solution for this problem. My old solution was, if it's one-to-one, to just include an index + length in the session opening message. In addition, you keep a record of where you are in the OTP on both sides. Then, the material doesn't get reused. Additionally, the online version makes sure both don't try the same thing asynchronously and send a message with same, next block.

Seems simple enough to me. More difficult if a whole group shares one for many sessions. That's why I limited it to one pad per person pair.

Miguel SanchezOctober 17, 2015 3:35 PM

@ ianf

Regarding 'more data, less value' and 'more data, more value' conundrum.

I would state it is a "conundrum". I think we all know this. There are many ways to say it, but let us start from the simple terrorist and foreign intelligence angle, where either case you are talking about domestic surveillance (which, by far, is the cheapest to startup, and it provides necessary experience for global expansion):

1. The best way to have caught terrorists would be to focus on those groups actually stating that they wish to exact terrorism on the US, and who have the actual capability to do so. Credible threats. Thing about terrorists is: it is about social messaging. They need both financing and recruitment, and ultimately, their objectives are about sending loud, powerful messages. These are not stealth thief groups.

So, for instance, during the late 90s, Al Qaeda was a very good group to watch. Hyper focusing on Al Qaeda would have been a very good game plan. And that is an extremely difficult and expensive matter to do.

There is a phrase, "keep one's eye on the ball".

2. Similarly, actually, foreign intelligence networks operating domestically, these are another primary target of domestic, widespread surveillance. These groups are actually much more scary then regular organized crime because they are nation state backed. And they are stealth, unlike terrorist groups. They usually have zero reason to be anything but stealth. If they do pull off a big operation, they do not wish to take credit for the crime.

This sort of group is much more difficult to find, but as anyone can suppose, the best way to do it is to first find some manner of lead into even the existence of such a network... then work back. Not approach the ocean with a strainer looking for a single coin.

...

My point is simply, there is a problem of focus, right through the middle of "all of this". Yes, they want to get all the data. Yes, if they have access to all the data, especially retrospectively, they can then act better on singular leads. They can actually have the data to build the systems they need to build to find and follow what they want to find and follow.


But, a massive problem they have, while doing this, is the immense distraction of trying to build up such a system while alternatively dropping that focus "from the ball". There is no way about that.

Still, do not get me wrong: these systems are inevitable. They must be. The value of that data is too strong. They are compelled to do so.


So, we can rightly wonder if the USG is not already making and hiding technical strides even as astounding as quantum computers designed to break cryptography... and if they have not teams designed to actually sabotage any advances in such technology, ala the OSS teams during WWII over the nuclear weapon... and if the USG intelligence is not in bed with the American telcos and the elected government at a unprecedented level... as well as have not entirely subverted the major software, including OS vendors, all of whom of most importance are here, domestically. In their own backyard, and so cost easy targets. In so many ways.

Fun conspiracy theories aside:

What really interests me about the conception of such systems is the problem of really correlating that data. Human beings are far more complex then mere stationary geographical subjects. Their speech is highly complex and full of subtlety. People themselves have a distinct problem with processing all the data they get through their day, and much of how they process that data is by creating strands of fiction around concrete observations poring through their senses. These strands of fiction are 'completing the picture' and reduce the need for constant, exactly analysis of all sensory input.

That is, can machines ever even begin to get to the level of truly understanding all the data that comes from human beings to even begin to fathom the weight of what is said?

As human beings tend to be so "dishonest" in their handling of data, then might it not be machines could actually be superior to human beings in exactly this?

Whatever the case may be - and there are thousands of other such questions that arise at poking at these rocks to dig into such a vast mountain - I do believe they are very, very far away from being able to actually use that data any time soon in a meaningful way.

The misdirection is just too vast away from the focus -- that is, the targets they should be focused on already overwhelm them... and how much more wide and far and deep is the peripheral, to even attempt to include the entire world of data? From all people? The very, very vast numbers of whom are entirely peaceful?


Clive RobinsonOctober 17, 2015 5:27 PM

@ Nick P,

While that sounds interesting, I think it's way too complicated a solution for this problem.

As I indicated the reason was a thought process to get around the issue of used OTP KeyMat still being available (actually a very serious real world issue in ComCens, not just for getting over run or bug out).

The original assumption being that if you were raided by an attacker who would get everything you had intact thus all the back traffic sent even if you had destroyed the plaintext. Or the more recent reason of being hit with a US NSL or UK RIPA letter requiring back traffic.

Forward security can be covered by security checks / duress codes, which an enemy --or these days IC-- can only be known from back traffic, torture etc.

For some reason the back traffic issue is very rarely mentioned in civilian circles, but is a very serious concern to those working in Mil, Dip and IC circles.

AnonOctober 17, 2015 8:31 PM

You have to wonder if anyone but criminals and terrorists want perfect forward secrecy. Between a CYA mentality and storage becoming cheap, most corporations are storing any IP indefinitely or at least until it ceases to have any commercial value.

Nick POctober 17, 2015 8:56 PM

@ Clive Robinson

Yeah, CD-R's don't work out so well for that unless you re-burn a lot. A variation of my simple scheme with forward secrecy is to split the KEYMAT up into blocks and delete the one's your done with. If each are encrypted locally, deleting just means loosing that key. Alternatively, if it was all in a TrueCrypt volume (on HD or CD-R), you could put those remaining in a new volume and loose the key to the old one. Takes a long time but requires no crypto implementation or even expertise really. Adversary only gets as many secret transmissions as are in one, partly-used block.

Far as a duress code, it might be implemented by the users (esp codewords), the device, the protocol, or use of a specific key. Best to not do it in the KEYMAT except initial setup as pad should stay random. Codewords are the common method but require you're in control of the words you're typing. The others are a risk where using it shows a difference that gives it way. My recommendation is to combine each for deniability and effectiveness: user sends a signal to a device that that embeds code in protocol that another device picks up.

So, it starts with a deniable change to the header in the session negotiation (or protocol in general). Like some port-knocking schemes, the duress code is integrated into the stream invisibly probably with crypto. The code could be at the beginning of the pad in a section dedicated to metadata and so on that configures the profiles of the users' communications. Where to store it is tricky and harder to pin down: secret program in the system, secret piece of hardware in the system, in the I/O or network devices, etc. Wherever it is, a tamper-switch or command should be able to activate it and affect the protocol messages. Has to be wirespeed, too, on both sides to limit detection. Do that with real speed or just masking.

So, that's what I see off the top of my head for OTP with FS and deniable duress but *without* very custom hardware. With custom hardware, it gets *a lot easier* using architectures with SOC as only trusted component, fine-grained crypto on everything else, and custom actions on user input. You can eliminate KEYMAT in a very, fine-grained way along with protection such architectures provide from software and peripheral attacks.

FigureitoutOctober 17, 2015 11:02 PM

Nick P
With custom hardware, it gets *a lot easier* using architectures with SOC as only trusted component, fine-grained crypto on everything else, and custom actions on user input.
--Hard part is firstly of course the supply chain attacks (security nightmares...) and then trying to prevent "end-run" attacks that just wait 'til the crypto is done (for instance, you encrypt VGA output until right when you decrypt to display on screen...unless...you wear glasses w/ a specific "key" built into the lenses...that may a partial solution to that problem (implementing...I'm not sure). Local eavesdropping necessary (or just having an internet connected device collecting that info which is becoming more and more trivial w/ Arduino, but thankfully which would still be expensive for space required).

I'm curious if being able to encrypt something that "covers up" plaintext signals of reconverting to actual use...In security, I generally assume the worst so I doubt it. You need layers of shields and some kind of logging system and careful use of internet inside shielded rooms.

WaelOctober 17, 2015 11:18 PM

@ianf,

I hope you meant this OTP, rather than...

I meant One Time Password / Pad. Didn't mean an OT 3, find another partner ;)

WaelOctober 17, 2015 11:36 PM

@Clive Robinson,

Build a space ship and go live on Mars...

Not sure which is harder to achieve... Might as well take the easier route, which maybe just as dull. Although rumor has it that even if you lived in a cave your life expectancy would be between 1 to 10 years depennig on which source you take to be accurate. Still may beat life expectancy on Mars :)

WaelOctober 17, 2015 11:41 PM

@Nick P,

A strong implementation of the first solves endpoint issue

Elaborate, please. I'm all ears :)

FigureitoutOctober 17, 2015 11:50 PM

Wael
We need a recommendation on how to overcome those two challenges :)
--We can recommend something but actually doing it is when it becomes meaningful or worthless. Backup knowledge is necessary to realize the threat model (if you scoff at it, and implement no counter measures, you wouldn't even know you're owned...the worst...where you'll give up the most private observations into *you*) and that takes at least 5-7 years based off my observations until you can finally catch your breath a little bit, would be curious if there's been actual experiments observing individuals turning into security-focused people; from low-hanging fruit to high-up spiky nutshells lol.

I have a feeling just "basic" security measures (according to people w/ high standards) by the somewhat huge audience of people that want security but don't won't to spend the time or experience the stress doing it, would eventually make attacks worth even less. The basics is if you store any passwords digitally that matter to make a tiny encrypted container for it w/ even a small password (much better than nothing). It's easy to imagine attacker's reaction stumbling upon heavily encrypted files when they're expecting plaintext folders lol, there's an infinite amount of possibilities unless you observed crypto externally...

Keyloggers or screengrabbers will kill just about any security so that requires much more work to have a chance.

WaelOctober 18, 2015 12:31 AM

@Figureitout,

We can recommend something but actually doing it is when it becomes meaningful or worthless

Recommendation = Concepts, Principles, and architecture
Actually doing something = implementation

From this perspective, we need the recommendation before the implementation. The exact quote escapes me at the moment, but it goes something like this: Theory with ought implementation / work is a limp theory; implementation without a theory is blind work.

I have a feeling just "basic" security measures

These will go a long way, I agree. Temporarily!

if you scoff at it, and implement no counter measures...

That's where you and I agree-and-differ! Don't think like an attacker! Adhere to security principles and take no shortcuts. Thinking like an attacker is a "second phase" for threat modeling; it shouldn't be the first step MO of the "designer". [1] -- the "unproven theories part"

Keyloggers or screengrabbers will kill just about any security so that requires much more work to have a chance.

It's all about control! You need to have a trusted, isolated component. But as you observed, even that can be penetrated unless you are located in a shielded location at the time of encryption/decryption. I won't link to the example I gave previously, because if I remember correctly, I said I won't link to it again. [1]

[1] But I can give a hint:

Star-date, supplementary... Continuing our mission into planet C-v-P...

WaelOctober 18, 2015 12:46 AM

@Figureitout,

I forgot to mention: continue what you are doing with experimenting and gaining practical expertise. This is also essential. Drawing boxes and arrows on a white board should be left to the older generation ;)

Clive RobinsonOctober 18, 2015 3:52 AM

@ Wael,

Drawing boxes and arrows on a white board should be left to the older generation

That depends...

Having taken an unexpected backwards flight down the length of a bus because the driver stamped on the brakes because an idiot younger car driver decided to be an even bigger idiot... This "older generation" is finding life with shoulder and neck injuries sufficiently painful getting sustainance to the mouth not to want to attempt white-boarding.

The quack says trapped nerve in the neck strain to the superior trapezius muscle and aggravation of the existing bursitis, so "keep off the crutches and let it settle"... Which I'm told by "She who must be obayed" is "not an excuse to be waited upon hand and foot", some people have no sympathy :-(

Clive RobinsonOctober 18, 2015 5:01 AM

@ Wael,

Thinking like an attacker is a "second phase" for threat modeling; it shouldn't be the first step MO of the "designer".

Hmm it's a "Chicken and Egg" issue.

To recognise something needs protecting or more protection than it currently has, you have to be aware it's under threat. To be able to make that recognition you have to be able to think like an attacker in some respects.

Let me put it this way, the earth in my front yard has value as food etc can grow in it. Do I take any precautions to stop it being stolen? No because my knowledge of human activity indicates it's very unlikely to happen. However the same reasoning about the fruit on my soft fruit bushes in the back yard was wrong, this year I had to escort a couple of times an old foreign woman and her grand children of of the property who were stealing the fruit. So now I have to calculate what is going to be needed to keep her and any other fruit thieves out of my back yard to protect the crop I use for jam and pie making...

ianfOctober 18, 2015 6:06 AM


@ Miguel Sanchez, I'm not quite sure what your meandering point was, but just a few quickies… before we drop it.

The best way to catch terrorists would be to focus on those groups actually stating that they wish to exact terrorism on the US…

Better still, have all the foreign visitors to the US answer the question “Do you have now, or have you ever planned to assassinate the POTUS” on their border entry forms (if they put down "no," and then attempt it anyway, they've already committed a felony!). Oh, wait…


Hyper focusing on Al Qaeda in the 1990s would have been a very good game plan.

CIA's first briefing on OBL was conducted by their analyst Gina Bennett in August 1993, but, until the twin embassy bombings in Africa in 1998, nobody really knew his long-range intentions. Thus, although main ICs were aware of the movements of his emissaries, they only watched, and never got wind of the (logistically pretty complex) 2001/9/11 attacks. Straws in the wind… from [53m, online] “Women in War film.”

If you want to learn about how FBI, CIA, State Dept., and other USG bureaucracies undermined each other's investigations, you could do worse than read Lawrence Wright's retracing OBL's road to WTC “The Looming Tower.”


@ Clive cable her-who-must-be

WHO ARE YOU GONNA WAIT UPON HAND AND FOOT WHEN IM DEAD – GHOSTBUSTERS ???

SkepticalOctober 18, 2015 8:44 AM


@rgaff: You see, with dozens to hundreds of thousands of laws on the books, so many that even the government itself has lost count, I guarantee you that you break more than one of them somehow every single day, and with everything you've ever said logged and recorded forever, it can be proved too! So if any powerful person doesn't like you and wants to put you away.... away you go.

I suspect many people break the traffic laws on a regular basis by exceeding speed limits, but nothing like what you describe exists in Western democracies.

Re: AQ and the 1990s:

Let's also remember that this was a time of sharp budget cuts for military forces, a time when CIA was forbidden from recruiting "dirty assets", a time when a proposal to use CIA to kill any individual was considered unusual and controversial, when the line between domestic and foreign surveillance was viewed as absolute, etc.

US counterterrorism efforts during that period were almost certainly understaffed, poorly integrated, and not adequately supported with assets from both inside and outside the IC. And that's not due to those inside the CT community, who were undoubtedly clamoring loudly at every opportunity, but due to politics and bureaucracy outside that community.

But hey - being surprised isn't exactly a new feature of military attacks.

And, in fairness to the US, after 9/11 - leaving aside the controversies about highly coercive interrogation techniques used on a small number of detainees, and the stretching of domestic electronic surveillance authorities - reforms were aimed precisely at the causal factors that led to the non-detection of the 9/11 plot. Information was better integrated; imaginative scenarios received greater consideration; sharper assessments were made of what we really knew, and what we didn't know; etc.

FigureitoutOctober 18, 2015 11:18 AM

Wael
--Recommendation = easy and not mentioning problems you'll run into that you can't just read a book or paper to solve...No solution in the back of book lol
Implementation = something tangible, warn people of bugs and save lots of time making decisions, discover if recommendation is impractical/bs

Don't think like an attacker!
--I can't help it, I need to know the holes and how to piss someone off looking for them. And I want to stop some famous attackers (wireless pentesting people, like Samy Kamkar, Michael Ossman, Balint Seeber, Travis Goodspeed, etc.) where they can't approach a target w/o being detected, probably the best is blowing a fuse, writing to spot in internal eeprom then somehow disable anymore writes, or switch to battery power and transmit garbage to use up batteries (I guess someone could carry extra fuses and batteries, well epoxy then w/ a "screwless" box, I personally hate those types of enclosures. I could put them up in trees (non-climbable ones) and roofs so that would look pretty fishy, and if I can get the backup power working good snipping power lines is too easy to detect).

continue what you are doing with experimenting and gaining practical expertise.
--Much easier these days, w/ dirt cheap breadboardable SoC's and more dev boards that I can't even use them all I don't need to worry about signal integrity and other hardware design issues on a board. What do you think about my framework for physical tamper detection? For inside a house to say an office or something, maybe an encrypted IR link to disable alarm if I'd use it everyday, Ken Shiriff had a great library where one can write custom IR protocols. Strongest point in my view is to interface w/ just a relay so any sensor that triggers a relay can be used. Then I'm curious about being being able to pseudo randomly switch between channels and how to keep that well synced w/o explicitly programming that (they mention ch. 76 is best and least interference, but of course an attacker while doing recon will check that channel first).

WaelOctober 18, 2015 11:53 AM

@Clive Robinson,

Having taken an unexpected backwards flight...

Could have been worse.

The quack says [...] some people have no sympathy :-(

You, having "worn the greens", should have developed thick skin. I'm sure her words didn't affect you :)

Nick POctober 18, 2015 12:06 PM

@ Figureitout

As I said before, one should do things incrementally because nobody will be able to afford or use that level of security anyway. Worried about EMSEC? Do trusted processing in a faraday cage without batteries. Worried about physical attacks? Learn to hide things and detect entry into the location rather than the computer. Worried about supply chain attacks? Build the stuff on hardware you acquire in truly random places that aren't right next to your house or have others you trust (or just pay) order it for you. The more generic looking the better.

Far as airgapped or TFC-style stuff, one can put the transport computer outside the faraday cage with a connection to those on the inside via IR or LiFi-style links to avoid modification of cage. Can cover them on inside to reduce light spread in case an attack via that is feasible from transport side. As always, the internal computers should be models with no built-in wireless capabilities. So, even at your threat level, a basic setup isn't hard especially if one pays an electrical engineer for help on the cage. Just never open it while the devices are on even for a bathroom trip...

@ Wael

" A strong implementation of the first solves endpoint issue
Elaborate, please. I'm all ears :)"

I've given plenty. The simplest cheat, thanks to Markus, is his scheme reimplemented on a system such as stripped Genode, seL4, Muen, and so on. That's both what it runs on and the code itself from Python to reviewable, systems language. Just compartmentalize the system to keep KEYMAT and operations on it isolated in dedicated partitions. Keep drivers and other risky services isolated in theirs, too, with input validation checks. For performance, trusted software might have shared memory access to necessary data (in or out locations) in untrusted partition's memory to avoid message passing. The style is "ask component X to do something on location Y with result in Z." This style is easy to mediate and optimize as the request might just go in a message buffer the trusted components can act on or ignore with an optional log.

If you can't do that, use OpenBSD or NetBSD with strongest default settings plus everything you don't need stripped out. Maybe FreeBSD or Linux with MAC, virtualization, etc for the Receiving node to limit damage. Others will mainly be 0-days in kernels so OpenBSD is best choice for them. Best stripping method is modifying body of uncessary functions to become mere return values that will crash the system if used. Even trial and error makes it easy to figure out which are truly necessary when system crashes after a change. ;)

WaelOctober 18, 2015 12:12 PM

@Figureitout,

I can't help it, I need to know the holes and how to piss someone off looking for them.

Then you have decided to switch to offense mode. Some say "offense is the best defense". May the Arduinosourcecode be with you!

Much easier these days...

Prices are a lot less, information is abundant and easy to obtain. Time is the limiting factor if you also have to make a living and live a "normal" life.

What do you think about my framework for physical tamper detection?

Too vague to evaluate. What's your TOE -- Target Of Evaluation? This is where threat modeling can come into play: to evaluate the robustness of a given implementation. How would you stop yourself from triggering the sensors by mistake?

FigureitoutOctober 18, 2015 1:21 PM

Wael
Too vague to evaluate.
--False positives is very difficult, yes. Electronics outdoors is very, very hard. If I'm using a long-distance radar system for instance it'd be best to attack during a rain storm, you can get closer w/o being detected. Probably won't solve in any sort of robust way except for indoor use (it'd be nice having potential path in w/ external detectors if attacker's in a hurry), like an office or say your bedroom where all I'm looking for is a door/window opening and it may be better to send encrypted signal to a powerful transceiver to me at work/school rather than keeping logs local (both is better probably). Definitely don't want to be stressing about an evil bunny rabbit triggering my detection lol. For a robust solution in a particular location I'd need around a year of testing to get a "baseline" of traffic (I can log cars/people on all streets to house), but that can't be designed for, too much unknowns from location to location, unless I use google earth and traffic reports and do some estimates; not robust for security though.

Rural areas would be best, these days there aren't that many animals that would trigger it and typically single roads inwards so definite bottleneck areas to watch and log traffic.

Power outages are an issue that would look like a detect, well thankfully many clocks go to a reset condition so a power outage while I'm away so should usually be detected (unless someone breaks in and resets all the clocks lol...that's just too spiteful...).

Simply doing video recording is not optimal b/c that'll be too much video to watch thru, I do like cameras that just turn on w/ movement though, w/ some of these newer video detection technologies and probably passive IR or MW, to cut down on film logs. At my work I got a few pictures emailed to me of the cleaning crew around my desk screwing around w/ a very featureful camera lol, but it gets firmware updates via internet so nope nope nope...

Then resetting the logs, if I just use a relay-based counter that's easily reset, that could be defeated to make it look like zero detects. If it's a relatively small eeprom, that could just be overwritten a ton and probably wipe out some evidence w/o some careful code to mostly defend against that or just write to a 32GB smartcard to increase time of filling up that memory. Fuses/batteries could be replaced. If attacker is sophisticated enough to externally ping/detect my system and DoS my internet or jam SMS during an attack, that's my assumption too, or that may be a way backwards into the system so I'm hesitant adding those.

Main thing would be for indoors I guess, or say an "outside" door, then a door to a room. I can't do it in my room b/c a window can see the door and potentially attack the sensor from there and make it look like electrical fault which I'll probably attribute to sh*t component or power spike, the door must be only way in; and a signal sent that can't be touched or covered up. There shouldn't be much birds or chip monks squirreling around triggering alarms in your office lol.

Alright, I'm rambling again. So quite a few issues still, grrr. I'd say the ultimate tamper-resistant version for if you have some high suspicions and lower resistance version w/ timestamps for continuous use (I'd probably use the second one most times).

Miguel SanchezOctober 18, 2015 2:39 PM

@ianf

The point is quite simple: by expanding out surveillance powers and trying to get "everything", you lose focus on the ball. On what you are trying to actual get information about.

It is a stupid mistake to make, and a major one.

It is also a common mistake.

A thief strikes in the city in stealth. The cops want to find the thief. They can start to build a system to grab data on all people in the city and watch that to find the thief. Or they could stick to 'where the evidence leads them' and try and find the thief by finding valid clues the thief actually leaves behind.

You are hunting a duck. You could try and set up satellites to watch every inch of the forest, or you could lay out traps for ducks, like using duck callers.

People get terrified to fly in planes because they see some vividly reconstructed plane accident on television. Yet, then they drive horribly everyday, where the real danger is for them to die.

It is quite simple.

Your focusing on Al Qaeda in the 90s was a misdirection. You forgot what was even being discussed because you read one book. It was an anecdotal example. I could have used the Boston Bombers. I could have used the Weathermen. I could have used countless other examples.

Yes, there were other factors involved in dropping the ball on Al Qaeda. But, expanding and looking everywhere else did not and would not have helped even under your argument's conditions.

One can have this or that pet theory about whatever case. Great. Good for you. You read a book, and someone persuaded you. Now you are their evangelist. Think, independently.

Don't just repeat what others tell you from their very limited perspectives and take that as the gospel truth.

Unfortunately, I believe you have your ego wrapped up in the matter, so you do not care what is being said about the actual point, at all. Which is that building out surveillance on everyone is wrong. It is wrong, morally. It is wrong, strategically to achieve their supposed aims.


Miguel SanchezOctober 18, 2015 3:04 PM

@Skeptical

'Al Qaeda in the 90s'

I brought up this topic, it was incidental. The point was simply that there is such a thing as *distraction* and *focus* in security. Real simple.

Also, specifically, the time line was the late 90s, not the early 90s, when the US government was obviously extremely pre-occupied still with the Cold War. Furthermore, this is not about casting blame, or getting into little emotional political details which unreasonable people favor.

If you want, you and ianf can argue amongst your selves, if you are not the same person, which I think you are.

Otherwise, I will have my say, as my viewpoint is entirely alien from yours. And from anyone else's on this forum.

Let's also remember that this was a time of sharp budget cuts for military forces, a time when CIA was forbidden from recruiting "dirty assets", a time when a proposal to use CIA to kill any individual was considered unusual and controversial, when the line between domestic and foreign surveillance was viewed as absolute, etc.


The CIA, by definition has to use "dirty assets" to do what they do. They never went and killed off all productive "assets" (agents) because of domestic politics.

Agent model of spying actually can be traced back to the informant model of law enforcement. It is effectively, regardless of your capacity at such tracking back, the very same thing. So, any informant is going to be "dirty", just as any "agent" is going to be "dirty". "Dirty" is moral relativism which outsiders, prissies, hypocrites like to bander about so they can feel like they are "good" people, and separate from all the "bad" people "out there".

There is no room for such childish moral relativism in true intelligence.

On the books, assassinations were rare. Off the books is where assassinations happen.

Everyone has some clue of this.

But hey - being surprised isn't exactly a new feature of military attacks.


The point is not blame, which is worthless. The point is simply that not having focused on Al Qaeda and focusing on everything else would have been a very bad idea. By any measure or any set of circumstances.

The topic was not Al Qaeda. The topic was simply pointing out that widespread surveillance is detrimental to surgical surveillance. The two directions are diametrically opposed to each other.

In fact, that is literal. To focus away, and to focus in every other direction away... is the very definition of the term 'diametrically opposed'!

It is absurd.

But, leave it to man to be bereft of reasoning faculties...

And, in fairness to the US, after 9/11 - leaving aside the controversies about highly coercive interrogation techniques used on a small number of detainees, and the stretching of domestic electronic surveillance authorities - reforms were aimed precisely at the causal factors that led to the non-detection of the 9/11 plot. Information was better integrated; imaginative scenarios received greater consideration; sharper assessments were made of what we really knew, and what we didn't know; etc.

Some minor changes were made which are arguably good. Many massive changes were made which are arguably bad. Much argument without much knowledge garners nothing.


WaelOctober 18, 2015 5:47 PM

@Clive Robinson,

To recognise something needs ...

What you have done here is "asset classification". You decided what to protect and the level of protection needed. You still didn't "think like an attacker"!

Clive RobinsonOctober 18, 2015 9:37 PM

@ Wael,

You decided what to protect and the level of protection needed. You still didn't "think like an attacker"!

To decide what to protect, you have to decide what is at risk and why. To do that you have to think like an attacker.

If I have ten arbitrary objects it is probably not possible to put each and every one in a safe, nor is it desirable to do so. Thus I have to make a choice which object needs most protection and which needs least. There are very many ways I could do this, but by far the majority used are based on the perception of which is most at risk to an attacker. That perception comes about from trying to think like an attacker...

So back over to you...

Oh and a little joke for you,

The chicken and the egg are in bed, and the egg is smoking a post coitus cigarette, the chicken looks disappointedly at the egg and says "Well that settles that old question.".

WaelOctober 19, 2015 12:22 AM

@Clive Robinson,

To decide what to protect, you have to decide what is at risk and why. To do that you have to think like an attacker.

Do you need to think like an attacker, or do you need to realize that the asset needs protection from thieves or "attackers" regardless of what method they choose? This determination is based on the value of the asset to you -- it's not based on the "skill" of the thief. In other words, the fact you decide to protect your Rolex is independent of how an attacker thinks. How you protect it is what we are discussing. Some say protect it by thinking like an attacker, and I am saying protect it by adhering to security principles. Then check your method by "thinking like an attacker" to verify that you applied the principles correctly and your implementation isn't weak or flawed. This task is what a penetration tester does! Penetration testers need to think and act like an attacker as part of their job. A designer / architect shouldn't! Some hired penetration testers are or were at some point known black hats! Don't think for a second that a black hat can be a great security architect; these tasks require two distinct skills sets.

So what usually happens when penetration testers find a method to attack the system is they go back to the developers and architects who end up putting a band-aid (stack canaries, no execute bit, ASLR, ... ) rather than check the principles they originally used and then refine them to fix not only the weakness, but to fix a whole class of weaknesses! Thinking like an attacker will fix an attack instance; proper concepts and architecture will fix classes of attacks, although both methods may sometimes reach the same solution. I claim one method is more efficient and robust than the other.

There are very many ways I could do this, but by far the majority used are based on the perception of which is most at risk to an attacker.

There are indeed many ways; and unfortunately, the "majority" thinking like an attacker isn't the optimum way. I think @Bruce also subscribe to this methodology (hoping I'm not putting words into his mouth.) He says in a different thread:

I generally am opposed to security measures that require us to correctly guess the terrorists' tactics and targets. If we detect solids, the terrorists will use liquids.

"Well that settles that old question.".
It doesn't! It makes it more confusing. You mean they came at the same time? Rats! Accidental pun not intended ;)

WaelOctober 19, 2015 1:14 AM

@Clive Robinson,

chicken looks disappointedly...
Oh oh... In my haste, I missed a keyword! Seems the egg came before the chicken, and I am guessing (fr-fr-from hearsay) the egg is also male :)


You and your "loaded" jokes! Impress me, add to the confusion, and show that the chicken came first! I gave the explanation of two out of three! There, back over to you :)

Clive RobinsonOctober 19, 2015 5:04 AM

@ Wael,

s! Thinking like an attacker will fix an attack instance; proper concepts and architecture will fix classes of attacks, although both methods may sometimes reach the same solution. I claim one method is more efficient and robust than the other.

Ahh now we reach the nugget of the difference of point of view.

As I've pointed out in the past there are,

Known knowns,
Unknown knowns,
Unknown unknowns.

Of instances within classes of attack, to which you pointed out I'd left out "Known unknowns" (which is a difficult one to get your head around). I have also pointed out in the past there are three basic classes of physical attacker,

Mindless / opportunistic,
Targeting without real planning,
Targeting with detailed planning.

The first of which generaly occur because people do silly things like leave things in a public place or visable in a car etc. The attacker passes by chance and attacks, either as vandalism or theft. This is the overly general "If it ain't nailed down..." reasoning based on the mindless / opportunistic attacker mind set, you look around see what can be taken and either nail it down or put it out of sight. You are however "thinking like an attacker" when you look around.

In the second case an attacker sees a reason to target a place or entity, and simply plans to come back later with simple tools and bag etc. The way you deal with this is to look around for what an attacker would see to cause them to target a place or entity. The solution in a target rich environment is not to look worthwhile compared to other targets. Again you employ "thinking like an attacker" to see what they would see and remove it from sight or reduce it's value below that of other adjacent potential targets etc by upping deterrence, thus working on the "low hanging fruit principle".

The third type of attacker goes after well protected high value items, generally as a target you can not reduce your visability thus you will be targeted, you thus increase the deterrence factor with obvious systems for the wanabees and hidden systems to catch out the more sophisticated. Again you should be "thinking like an attacker" when you do this.

In the first two cases although you are "thinking like an attacker" you should be doing it using broad principles or rules, because as I've pointed out in the past, thinking in classes rather than instances shares both benifit and cost. The example being fire / earthquake / bomb drills, where fire is such a significant risk drills are often a legal requirment. With a little sideways thinking you can broaden the drills and other rules/codes so they cover evacuation not just for fire but earthquakes, bombs etc with very minimal cost.

However when it comes to the third type of attacker broad principles do not work, you realy have to identify individual attack routes and make them ineffective sometimes with a broad approach such as fences, guards and dogs, sometimes with specifics such as safes or armoured display cases with hidden dark light / thermal CCTV, and hidden beams, preasure, temprature, volumetric, microwave, gas/particle, shock, sound, vibration etc sensors.

Thus the difference of opinion is not "think like an attacker" but rather "thinking in classes or instances", where in all cases you should first think in classes, and even when thinking in instances try to mitigate groups not individual instances.

WaelOctober 19, 2015 12:41 PM

@Clive Robinson,

As I've pointed out in the past there are, Known knowns, 
Unknown knowns,
Unknown unknowns.

Seems Donald got it wrong, then:

As we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don’t know we don’t know. 

Whatever happened to "known Unknowns"?

Thus the difference of opinion is not "think like an attacker" but rather "thinking in classes or instances", where in all cases you should first think in classes, and even when thinking in instances try to mitigate groups not individual instances.

There is another subtle difference! If you apply the right principles and implement them correctly, you will address classes of attacks indirectly as opposed to the direct approach of the alternate method which requires the impossible task of enumerating what all attackers think of; the Known Unkowns, in your parlance.

Personally, I prefer the application of a dozen or so principles than devining what the next set of attack methods of an unknown number of adversaries. But of course that's what works for me. Your milage obviously will vary (you'll get less miles per gallon.)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.