Schneier on Security

Clive Robinson • July 23, 2016 12:10 AM

@ neill,

i wonder if “secure one way communication systems” have been explored ?

There are actually many systems and it rather depends on what you mean by “secure one way communications”.

From a more theoretical perspective all communications are actually considered “one way” in that you have a single Shannon Channel in which information passes from a transmitter to a receiver in a noisy bandwidth limited channel. Shannon came up with this model from studying secrecy systems.

Back in WWI radio systems were somewhat primative and it was quickly realised that you could not realisticaly hide the transmitter from the “enemy” (see history of British Admiralty Room 40) thus you had to protect the message content by encryption. But it was also realised by U-Boat activity that two way communications revealed the location of both ends which made shiping vulnerable to attack. Thus methods to protect not just content but from transmission errors was needed. This gave rise to the early Fleet broadcast systems some of which were used to transmit just weather information.

By WWII things had moved on a lot the German idea of rapid attacks to overwhelm defences was absolutly reliant on radio communications to maintain control of the attack to stop what we now call “blue on blue” attacks. Thus radio systems were developed to much higher standards. In Britain it was finaly realised by one or two people that much intelligence could be derived from radio networks or “nets”. There are funny stories about the British getting thousands of coloured pencils from America and other places under very great secrecy. The reason was that the analysts at Bletchley gave each net not just a name but a colour as well such that net identification was visually more apparent. This gave rise to what became known as Traffic Analysis, and up until the early 1980’s it was a secret that the British and their American Allies wanted to keep rather more than they did the breaking of the German Enigma cipher system (see behaviour by UK and US SigInt towards Gordon Welchman). The reason can be seen by the difference in success the British had against various parts of the Axis forces. In essence the later plugboard Enigma was in practice unbreakable from just the cipher text, and the initial breaks by the Poles were down to the German KeyMan issues, that were later changed. The Enigma still had a fatal flaw which was that due to it’s reciprical nature no plaintext char would encrypt to it’s self. It was this that enabled the British to use “Known Plaintext Attacks” on their bomb systems.

However there was one series of nets the british had only occasional success and then only due to errors in German signaling systems and this was the Naval systems under Karl Donitz. He had read Churchill’s account of the goings on in Room 40 and was thus very much more aware of Radio Security than any others at his level of authority. Which was why the German Naval Enigma was sufficiently better and operated more securely than any other radio network. It would not have been broken at all except for “pinches” and that the German Navy had to work with the harbours and merchant marine which via the very much weaker “Dockyard” and “Weather” ciphers gave “known plaintext”. However towards the end of the war Karl Donitz changed from “Fleet Broadcasting” with a Net key schedule to individual key schedules for each U-Boot and it was only because the Atlantic war was virtually over that this loss of a way into U-Boat command traffic was not a compleate disaster.

During the Cold War Russian spys used not just Fleet Broadcast systems for one way traffic from Home to Out stations but individual One Time Pads for agents as well, even when the agents were acting in rings with only a single radio link. This was due in part to the way return traffic was handled. In many cases spys did not use high power transmitters back to their home countries, but low power short range systems that worked from vehicles back to the embassies.

However the technology had a problem untill the 1980s which was “local oscillator” (LO) and “Intermediate frequency” (IF) leakage. Put simply a radio receiver contains a radio frequency oscillator which is like a mini-transmitter. If it leakes it can be received and used to determine what frequency the radio under observation is tuned to[1] and by direction finding[2] find the location of the reciever. However you do not have to tune a receiver into the actual frequency the radio is tuned into to receive the transmission it is listening to, you can if close enough simply tune into the fixed IF[3] and demodulate that. In practice when you know where a receiver is you monitor the IF to see if the radio is turned on or not. If it is you can sweep down or up it’s known RF band and get a “bump” from it’s IF this then alows a surveillance officer to get an initial fix on the LO which can be received from much further away. During the cold war this sort of surveillance was done from aircraft to see who might be tuned into Number Stations and the like. It exploited a weakness in the Russia system, in that the Embassies radio operators would tune into the Numbers Stations to check the reception quality such that local jamming etc could be identified so that the likelihood of agent’s receiving the broadcasts could be sent back to the home control.

Some of the Fleet Broadcast ideas will work across IP networks and it’s something I’ve suggested Tor and other mix-nets investigate.

[1] In early “superregenerative” and later direct conversion receivers the LO was actually tuned to the frequency of the signal it receives

[2] During WWII many SOE and other radio operators were found by the German Radio Security Service, not by them transmitting, but by DIrection Finding the local oscilator leakage that could be received many hundreds of meters and sometimes several kilometers away.

[3] Listening in to the IF leakage was the way the British GPO television detector vans used to work. When I was quite young there was a TV program called Thunderbirds I liked a lot, but one of my parents did not, so I did not get to watch it very often. However I discovered that I could hear the sound around 90MHz on my FM radio. It was only on explaining this to a school friend who’s father was a Radio Amateur that I found out why (it was a harmonic of my neighbours TV IF). It was only after I had the radio bug seriously that my friends father let slip he had worked for the British Radio Security Service during WWII and as I discovered the techniques myself explained I was “not the first” to discover it. Some years later when wearing the green I got to meet Tony Sale who rescued Bletchly Park and I realised he was Peter Wrights old MI5 colleague and we swapped stories about things “radio security” most of which were about the failures not the successes, such as an MI5 officer being rushed to hospital with burns due to a “technical fault” with a hidden transmitter in his trousers…

Clive Robinson • July 23, 2016 8:18 AM

@ neill,

thank you, fascinating stories!

They were not ment as stories alone but food for thought / pointers to finding out more about what you are looking for (certain people think my replies are “to long” thus abbreviating coherently and in a readable way with out producing lists ends up with a brief narative time line).

With regards,

personally i don’t mind setting a PCB jumper for the sake of security … but users are so spoiled these days!

It’s not a case of “spoiling the users”, but cuting production line costs by a a few tens of cents, whilst reducing or eliminating the expensive “physical” part of rework / returns / support. As has recently been seen with domestic road vehicles even a software upgrade can cost millions, replacing a small 10Cent component tens to hundreds of millions, and thats all before the fines of having emmisions test cheating software found out… All these costs come out of profit, and oddly perhaps it is the regulation of the industry that has created the “slack” in finances that will stop these companies going to the wall, but it will reduce inovation and make more problems down the line as a concequence.

@ and Markus,

With regards data diodes, I’ve been building serial data diodes using the likes of opto couplers since the 1980’s (for the likes of the UK IC / Royal Signals back then) in part as a universal level converter, in part for galvanic issolation but also to reduce TEMPRST and similar EmSec issues. To that effect I’ve augmented them with “re-clocking” and “frame checking” using UARTs and microcontrolers, and to make them also act as “terminal concentrators” to drive radio / line modems. And I was certainly not alone in this respect, others like Trend were in the same game all be it at eye watering prices.

Thus I seriously doubt the patent that has been mentioned has any enforcability even in the US as prior art is well established and as such I think it is a “nuisance patent” used for leverage / negotiation not to protect an original idea, or novel secondary application idea. Like @Bruce I don’t advise the reading of patents as US law has some real nasties for the unwary…

Clive Robinson • July 23, 2016 8:47 AM

@ Thoth,

“Clove” hmmm… How spicy / fragrant[1] you make me sound B-)

With regards,

How would a war zone journalist be able to send back video feeds with lower chances of getting detected by [local hostiles]

There are two parts to this. The first is the actuall detection of the transmission, the second the discovery of the equipment to do it.

Of the two it’s the discovery of the equipment which is going to get you the worst treatment. Because you can not bring it into the country openly or purchase it there, thus you have to smuggle it in some how. Which automaticaly makes you either a criminal or non diplomaticaly protected agent of a foreign power (NOC / Illegal), which carries a death sentence without civil trial in many places, or summary execution in a war zone.

Neither is a good place to be in, so you need to look at “dual use” equipment you can legally bring in or obtain in country, such as satellite phones, laptops, digital recorders. The trick then is having the technical smarts to be able to do what is necessary to setup a sheilded satellite uplink and compress your “data” to fit in the bandwidth and duration of an ordinary conversation.

I know how to do much of this, and you can find out how to do much of it by “thinking hinky” having read what others have done as hobbies. @Figureitout almost certainly has demonstrated sufficient knowledge (even if the penny has not yet dropped for him, which I suspect will happen a few minutes after he has read this 😉

[1] http://allrecipes.com/recipes/1134/ingredients/herbs-and-spices/spices/cloves/

Clive Robinson • July 23, 2016 4:22 PM

@ Markus Ottela,

Was the EmSec protection to protect plaintext transmissions or to prevent unintended emissions that are conducted from computer’s other operations to the cables?

Mainly to stop “unknown” signals in both directions, that is emmission and susceptability. The aim is to put in a bandwidth / energy choke point in to stop the smart attackers who not content with passive listening illuminate your equipment with various EM frequencies modulated to encorage faults or cross modulation, thus lift out information that otherwise was not available.

With regards Trend equipment pricing it was a third of a century ago, and the easiest way to compare is it cost a little under a years wages for an engineer at the time.

Clive Robinson • July 24, 2016 12:35 AM

@ Albert,

This design could be built for “fixed”-frequency operation very compactly.

It’s operation is dependent on the Q and the stability of the tuned circuit, neither of which is good.

For those who don’t know what a slope detector is (and that’s nearly everybody these days) it’s a trick to make an FM signal that has a constant envelope have an envelope that varies with frequency, thus can be “envelope detected” as it’s the frequency changes you want to recover as audio.

Put simply all tuned circuits have a bandwidth based on the “loaded” circuit Q and “loaded” center frequency. Very roughly (and I do mean very) the frequency response of a single tuned circuit looks sort of similar to a normal distrubution curve you get taught in high school maths. With the bottom axis being frequency and the side axis being the response (or loss) amplitude. Thus if you tune the circuit such that the incoming FM signal is not at the maximum response but down either slope you will get an approximate AM envelope that the diode and integrator circuit will convert to an audio signal. Two things immediatly “come to eye” the first is you are losing response thus sensitivity as you go down the slope, and secondly the slope is only approximately linear at one place so the audio will be distorted in amplitude. What is less obvious is the circuit will respond to any signal that falls on the slope and thus two or more adjacent stations will be picked up and the strongest will dominate.

At 100Mhz which is aproximately the middle of the FM broadcast band you will be lucky to get a loaded Q of 10 thus your slope will cover a large part of the FM broadcast band. If you live in a low population area you might only have a handfull of FM stations to chose from, so the circuit will work for you. However if you live in North or East London you will find not just twenty or thirty licensed stations, you will gat as many again of unlicenced / Pirate stations. Thus you will be picking up ten or so stations atleast at the same time, which will not sound nice.

It’s this lack of “selectivity” that moved the radio industry from superregenerative receiver designs to superhetrodyne receivers with local oscillators and mixers to produce a much lower Intermediate Frequency where the Q of the detector would give much greater sensitivity but the preceading IF filter circuit would also give much greater selectivity. Cheap FM radios would also “tune” the RF amplifier to improve selectivity as well.

Anyway enough on Radio theory as @ianf will complain I’m off topic by to greater a margin or some other heinous crime 😉

Clive Robinson • July 24, 2016 2:00 AM

@ Dumber than Nick P and Clive Robinson,

Perhaps, perhaps not, being smart/dumb is not based on what you know, but how you use what you know for an intended purpose. It’s almost certain you have interests that I or @Nick P have little knowledge of thus in those areas you would have a head start on us.

The important part of learning, is something teachers do not know how to teach, which is how to learn. Every individual is different and what works for some does not work for others. Politicians (as clueless as ever) have a habit of believing how they were taught is the best way… Which just about everybody else knows it’s not from their own experience. A simple fact that the politico’s don’t appear capable of understanding, is the worst time to test people is when it’s “getting into summer”… The result is the overal marks are something like 20% lower than they could be. Which might be great if you want to make argument about how teachers should do better, but penalizes students who have environmental sensitivity issues which most people do in one way or another.

Thus the three types of teaching that are around, “spray and prey”, “teach by drill” and “drill to the test”. When done well all three methods should be used. Teach by drill where the teacher makes you write out notes laboriously in longhand is a good way to get the basics in. Which you need to understand what comes with the “spray and prey” disemination of information, but it is reliant on the students actually engaging with the process. Drill to the test is a way of focusing a student to cope with a test environment as it takes out some of the unknown, it also alows for increased “cramming” at the week or so before the test, most of which will be forgoton two or three weeks after the test…

Thus the most important part of your education in any subject is how well you as an individual engage during the “spray and prey” phase. The more engaged the more you will not just learn but learn for life in a way that is usefull for you and an employer.

Thus the real problem for a teacher is getting those they teach to engage, to get them to not just see what they are being taught is usefull but interesting to them as well. Thus teachers have to be able to communicate a passion for their subject that will lift up those they teach, that is the passion has to be appropriate for the level of skill those being taught are at. Part of that is challenging the students and encoraging them to compeate with themselves to keep pushing forwards. This is difficult to do for just a couple of years, let alone a whole career.

I once only half jokingly told a political type, if we could get the same level of enthusiasm adult males show for sport, in children about science and mathmatics we would have the “better mouse trap” education system.

As for books, I have a dead tree cave with several thousand books in (about 20,000 pounds in weight so it’s got floor reinforcement). It’s neither portable or replacable as most of the books are long out of print. A few years ago I had a cull of Microsoft and Novel books, though I still have and use all my Unix books, which might tell a story to many (I expect @Gerard van Vooren might make a comment at this point ;). I also still have all my O’Reilly books, including the same book in different editions (perl and python in particular).

As for @Nick P, I often joke about his “link farm” which he claims he does not have 😉 however he has mentioned in the past he subscribes to various online publishers like the IEE etc.

One skill you should develop is “constructive skim reading”. As you develop a feel for a subject you should be able to pick up a book or paper look at the contents/index, introduction and conclusions and decide if it’s worth investing time reading the rest of it. Academic papers do however have refrences, some are just padding but some are gold mines of further information, getting a feel for these can give you almost laser like precision on finding further information.

Finally “student books” for higher level high school and degree education are worth keeping, if you have a wide bredth in subjects you will come across “phrases of art” that are “domain specific” and you can not hope to remember them all or which version they mean (you see “borowed terms” such as “entropy” that develope a life of their own in different domains). Thus you can look them up. I would like to say that Wikipedia had replaced the need for them, but that is unfortunately not true, the near anonymous contributers often have their own axes to grind.

Clive Robinson • July 24, 2016 6:19 AM

@ crypto advice?,

Can anyone suggest a reason NOT to recommend VeraCrypt for a non infosec / OpSec profesional?

Sadly yes, it’s the wrong way to go about things as you have to consider “The security of the system” not “the quality/security of the application”.

It’s the old “weakest link” issue that @Bruce has mentioned on the odd occasion, or as it has also been put as “The vault door on a tent problem”.

You have to consider the entire computing stack from the base level device physics upto and above the corupt political/legislative level.

It fairly quickly becomes clear it’s broken beyond any single persons ability to secure, and as I’ve argued repeatedly in the past I do not think it is possible to fix at all no mater how many geniuses you put together to try to do it.

Thus if you can not fix it, you are only left with “mitigate it”. Whilst there is little you can do above the managment level because “stupid does as stupid will” you can mitigate the lower layers.

The first thing you have to realise is that to compromise you, the agent has to do two things,

1, Get access to your information.
2, Communicate the information to others.

Treachery is like fire, it needs both oxygen and fuel, remove either and it is extinguished.

I think it is now clear to anyone who can read a newspaper, that the UK government has effectivly corrupted the stack atleast as far down as the OS layer by legislation and the US has done likewise but in different ways. For most readers of this blog it should also be fairly obvious that the IAx86 based PC hardware is now corrupted by it’s manufacturer, and need I mention Win10 or any other Cloud insistent OS?

Thus any IAx86 PC you buy now and by far the majority of installed OS software, you should regard as irredeemabley back doored. So it is the first step that has been irreversibly taken and there is nothing you can do to change that. Thus you should consider any password/phrase typed on a PC keyboard compromised and hidden away somewhere pending the ability to communicate it to others.

Thus it is the second step you have to use by disrupting and preventing communication.

Whilst stoping the communication of the information is the way to go, it is often not understood what that entails, and thus why any crypto application running on the PC is not the way to go, if even a modicum of privacy let alone secrecy required for ordinary commercial confidentiality is the objective.

The NSA, GCHQ et al have long been aware that you absolutely must keep the entry of KeyMat away from the entry of plaintext or ciphertext. In the case of hard drives for computers these should be devices external to the computer and accessed through an “Inline Media Encryptor” (IME) with the caveat that “data is only secure at rest” and at no other time. That is when the “Crypto Ignition Key” is removed from the powered down IME and physicaly seperated from it via an approved KeyMan method… Or to put it another way the NSA, GCHQ etc know that in a powered up state a computer is an uncontroled Security disaster (as maning and Snowden have made all to clear, and the Chinese have known and benifited by with US etc weapons designs). Primarily that any KeyMat that touches a PC is irredeemably compromised hard drives or not (as demonstrated by GCHQ’s “Pinky-n-Perky on their grand day out shopping in London and with a little side visit to the Guardian basement to polish a political idiots machismo)… There are also cable distancing and other TEMPEST/EmSec requirments about how things are used when powered up. All of which is usually only for lowely Secret and below clasification (sort of inter office memo downwards not upwards).

So how to mitigate if your only option is to use IAx86 PC equipment and a crypto application?

The answer is use two PC systems and an enhanced form of air-gapping to stop all energy that might be used for covert communication by an agent to plaintext cross the gap. If you search back on this blog for “energy gapping” you will find my previous comments on how you should go about it.

However as I’ve said using a crypto application on any hardware made this century (ie after 2000) is potentialy compromised. Though equipment upto around 2010 that has been securely wiped and has a minimal XP or *unix (not the commercial Linuxes though) is probably OK. The reason for the dates is the usage of Flash ROM on I/O devices where malware etc can be hidden to survive reboots and hard drive wiping.

Personaly I would look at building your own IME and HSM as @Thoth and others have been discussing. Something along the lines of a Raspberry Pi with a Smart Card not just holding the KeyMat but doing the encryption/decryption as well might be a starting point. It will of course require a seperate system to put the KeyMat on the Smart Card…

Clive Robinson • July 24, 2016 6:07 PM

@ Tatütata,

I’m skeptical of the value of trying to extract intelligence from embassies by monitoring the IFs or LOs, especially in an urban environment.

Oh it’s real enough. Back untill the 1970’s valves (yep them glass bottles) some as small as half an acorn were still used for low VHF upwards as the FTs of transistors back then made them unsuitable. Further those delightfull diode bridge and “rat race” mixers needed upwards of 1.5volts into 50 ohms, which if you do the maths is quite a bit of RF power (some even needed +27dbm or half a watt, with -40db leakage from LO to RF port and no real front end that went up the antenna for all to hear).

Have a read of Peter Wright’s “Spy Catcher” you will find Tony Sale got a mention, much to his annoyance, along with a good description of using such leakage by both sides.

Oh fun note even though Peter Wright as MI5’s technical liason informed the CIA about this problem they carried on using “civilian commercial equipment” with these problems for years afterwards (TEMPEST protection for civilian commercial equipment was illegal in the US).

In the end what killed much of it off was the EU and the EMC regulations in the 1980-90s, much to the anoyance of the FiveEyes Signals Intelligence Services, who had been profiting from it due to “third world sales of second hand equipment”, much as had happened with crypto kit from Crypto AG in Zug Switzerland.

Clive Robinson • July 25, 2016 5:04 AM

@ Markus Ottela,

One missing piece in it was jail-like environment with no way to leak data (data diodes are the crucial thing here) — I might call them pits/black holes

Actually it was there each “cell” of the prison held it’s own CPU and limited local resources of memory and clock. To “pass work” from cell to cell shared memory was used by “letter box access” controled by a Memory Managment Unit (MMU), controled by the hypervisor not the cell CPU. Thus it used the better parts of Virtual Memory (VM) control to implement a secure Inter Process Communications (IPC) process. All the cell CPU saw was in effect was one or more fixed size letter box buffers it could either write to or read from.

In effect it used a cross between the ideas of “Mass Production” using *nix shell / parallel programing idioms to break the program down into tasklets that communicated much like the Sys V streams working on a base crossbar switch in shared memory.

The security came from the design of the MMU which acted like a programable diode. Being controled by the hypervisor not the cell CPU. So the cell CPU only saw the letter box buffers in a fixed position in it’s local memory map, and had no possible way to know where in the system shared memory it’s letter box buffer window mapped.

Clive Robinson • July 27, 2016 11:39 AM

More troubles with HTTPS

This attack that works on the three main PC OS’s has just poped up on my radar,

http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/

It will be shown at Black Hat,

https://www.blackhat.com/us-16/briefings.html#crippling-https-with-unholy-pac

Basically it alows an attacker to get the full URL which is problemattic for a number of security services. Not sure how bad it actually is I shall have a think about it later over a cup of the hot brownian motion generator 😉

Clive Robinson • July 28, 2016 2:36 AM

@ ianf,

That’s interesting. I had the impression that that homing in on wartime underground transmitters was achieved by triangulating what in popular WWII history books was called “carrier wave,” is it the same oscillator leakage we’re talking about?

Yes it’s the same oscillator in some cases but as with all things security it’s a bit more complex than a simple yes no answer. Carrier wave or CW is a generic term that is context sensitive. All it realy means is a radio frequency (RF) signal that is radiated, generally not modulated, unless you are talking about modulation in which case CW is short hand for Morse Telegraphy (confused?). Thus carrier wave referes to both the intended transmission of the morse signal as well as the unintended RF leakage from the oscillator in the receiver.

You need to look up Geoffrey Pigeon “The Secret Wireless War”, which contains the background to how the “Spy sets” came to be made and where, along with information from those involved. You can also find some documentation for some of the spy sets online now as they were declasified a few years ago.

The early sets needed to be small enough to carry and the thermionic valves (tubes) at the bigining of the war were large and circuit design was shall we say a bit primative and not what it was in later years. Thus circuits got simplified to get the set into a suitcase and this caused problems due to lack of issolation, shielding etc. One problem was the use of the same oscillator for transmit as for receive that got switched between the two.

Radio operators were found by the fact that their transmissions though short gave the German radio service Direction Finding (DF) teams sufficient time to get their first “cocked hat” or generalised triangulation on the operators location. If the operator did not move location then the DF vans would be waiting for the next transmission, where they would get within a few hundred meters. It was at this range that the German DF vans could receive the actuall oscillator leakage in receive mode thus had much more time to move in for the capture. The parlance for this three stage process is “Find, Fix and Finish”.

A good operator would move regularly and know how to make the signal difficult to DF. However as you will find in Leo Mark’s biography “Between Silk and Cyanide” SOE radio operators lives were needlessly endangered by the use of “Poem Codes” which were forced on SOE as a result of turf wars in Whitehall.

There were two problems with Poem Codes, firstly they were by no means secure, the second and most deadly was they had to be around two hundred charecters long to get any kind of security. At six words or thirty letters per minute sending a message was a lengthy proceadure, which gave the German Radio Security Service plenty of time to do the Find and Fix stages whilst others did the Finish. Which in some cases was the Gestapo, before the concentration camp and gas chamber (look up Noor Inayat Khan, who’s agent name was Violette Szabo, or watch the film “Carve her name with pride”).