Schneier on Security

Clive Robinson • November 11, 2017 6:33 PM

@ nobody,

Now what if Alice & Bob’s locally-kept private keys are stored a second time, this time encrypted with BigCompany’s public key, and the encrypted result is cached strictly locally in some accessible manner if you have physical hardware access?

There are a couple of problems that immediately spring to mind.

Firstly “cached strictly locally” is unlikely to be a reality. Most modern devices are designed such the “communications end point” covers the whole device, thus there is no “locally” at any level unless there is a genuine strictly user enforcable “energy gap”.

Secondly the user has no way of checking that the BigCompany Public Key is not “backdoored” in one of very many ways. See the Klepto-cryptography stuff developed by Adam Young and Moti Yung… It will make you think “What the heck”. Or the more recent “Coppetsmith renewed” attack on the Estonian e-ID card which ATS Trchnica reported had already been improved upon bringing in not just more cards but at a lower investment per PubKey recovered as well…

When you tie the two issues together you get a realy big “Big Brother” feeling. In essence you know that if there is any legislative or technical trick available to the IC they are going to use it for access to the signed key, no if’s, but’s or maybe’s, it’s a definate. Which actually makes the idea worse than a centrally held “Key Escrow’…

Clive Robinson • November 12, 2017 6:52 PM

@ Anders,

nearly every intel cpu since 2008 found vulnerable

Maybe people will now understand why I repeatedly talk about using pre 2005 or even 2000 hardware for security reasons in “energy gapped” security mode.

But people need to consider it’s not just Intel playing this dirty game… Which is also why I talk about making diodes / pumps / sluices using very low cost microcontrolers and old ASCII based file formats like TXT, CSV, RTF etc.

But I’m not the only one @Nick P used to say pre 2010 PC hardware and a number of people have talked about using USB-2-serial converters and microcontrolers to do protocol checking etc.

Whilst you can not catch eveything, you can catch most “low hangong fruit” attacks and quite a few advanced attacks, rven from State level and above attackers. Because when you write your own checking code and rules you blind side tje majority of attackers (yes it’s a form of security by obscurity but that can work in your favour in bespoke / unique devices).

Clive Robinson • November 12, 2017 7:31 PM

@ Iggy,

Per usual, the most reliable and sturdy impediment to all security fixes is the human.

Also known as “(ab)users”, “Custards” and similar well earned derogatory names 😉

Or as a couple of old sayings have it, “The trouble with fool proof systems, is you can never find any fools to operate them” and “There are few things more dangerous than a user, with wire cutters and the root password”.

@ Cassie,

115V/200V 400 Hz* 3-phase AC can be pretty energetic if it gets to the wrong places.

Oh if only it were at audio or lower frequencies…

Modern high efficiency light weight PSUs now run at frequencies into the bottom of the HF bands. Some used in transport vehicles like trains take in 600V DC at 1000 Amps and by using “series resonant PSUs” running in excess of 1.5MHz have realy tiny “magnetics” but at immense power densities up in the 1KW/cm range…

The problem is these RF low end HF frequencies can as an arc easilly cross five to ten times the distance that audio frequency signals can. Worse they also tend to cause break down from parasitic effects very much more readily (thus a circuit breaker when open is just a low value capacitor not an Open Circuit).

However when it comes to power switching “arcs” are plasma, that like any good conductor bend in magnetic fields. Thus a contact surounded by a suitable electromagnet can be self quenching even for DC high voltage and power, or as in the days of old mercuary vapour rectifiers[1] caused to jump from one contact to another to “ground out” etc.

[1] If you have never seen a mercury vapour arc rectifier in use you have truely missed one of the “mystic delights” that high power engineering can offer. The arc is a rich violet colour with very high UV content, and flickers like a living creature under torment over the mirror like pool of mercury. It’s a very primal sight that is usually locked away in closed cabinates as it can like a welders arc or looking directly into the sun fairly quickly damage your eyes.

Clive Robinson • November 13, 2017 2:00 AM

@ Rachel,

… has an article about a new documentary on film actress Hedi Lamarr (?)

It’s been a while since she was last mentioned here.

If memory serves correctly Hedy Lamarr’s co-inventor was a concert musician and the 1940 patent application was for what we would now call “Frequency Hopping Spread Spectrum”. Due to the wartime secrecy the patent although issued not just remained secret, it was also applied for in her real not stage name, thus it was only many years later that the connection was made. It turns out she was “not just a pretty face” but had a very active and fertile mind and invented many things.

She was at one time a house hold name, which is why Mel Brooks took the micky out of her in his film “Blazing Saddles” (which is very much non PC these days, and mostly remembered for “Mungo” and the “campfire bean eating” scene).

What is not clear is if she also had a hand in the invention of Direct Sequence Spread Spectrum, which was used as part of the BR-US Hotline used by Winston Chirchill to talk securely to Roosevelt. Called SIGSALY it was developrd by amongst others Alan Turing for AT&T and it went into service in 1943. It used two precisely aligned turntables to play records of “noise” and was in effect a One Time Pad cipher system.

Clive Robinson • November 13, 2017 5:20 AM

@ 65535,

Can you give us a hint on how to build such a machine? I know the Windows 2K Pro had 4 service packs and a ending rollup service pack. What level of Win 2K are you using?

I use the server version, that I patched up then using a list of services (that’s nolonger on the Internet) stripped it right back of most of the uunneedrd background crap. Then using “Tom’s Info” made a version that would run from CD with the tool and a couple of other apps. This way it was “turnkey” for most hardware using a standard display and PS2 keyboard. Much the same sort of thing as various organisations did with NT4 through XP for making the front end for test instruments and medical equipment.

The problem is that it want’s PATA not SATA and USB support is crap. The SATA 2 PATA problem involves the use of adaptors you used to be able to get to backup laptops to extetnal drives.

As for web browsing I don’t do it from any of my development machines as they are most definatly not Internet connected in any way. If I need to read “marked up” on them I generaly print it out via a postscript to file device on a modern host. then move the PS file to either text (PS2ASCII or PS2RTF) using standard filters. This I then transfer via one of my instrumented serial data diodes then use the appropriate editor/viewer (W2K versions of vi and ghostscript etc).

Clive Robinson • November 13, 2017 6:11 PM

@ Martin, Bob Paddock,

It’s now considered amateur to try and hide information in unformatted partitions.

It always was a daft thing to do in an immature file system that originated with a single user single tasking ethos that more or less is still in place.

We saw the problematic ethos from befor day zero with CP/M which MS-DOS was effectivly based/copied on/from. But it should have died with the Ia286 transition and PC-AT architrcture… But no “backwards compatability” was the main driver so a hugh tsunami of not just technical debt but irresolvable technical issues built up. Which we still see and curse about to day. Which we tend not to with other OS’s…

Even today Microsoft still has problems with the notion of storage devices being swappable (ie fixed drive letters like “C:” onwards, single user/process thus no OS managment with removable media as “A/B” drives etc built in). Thus the sensible ideas of mountable / unmountable drives and multiple File System Types and the locking etc that goes with it, is still fundamentally alien to MS OS’s at the places and processes it should be in the computing stack.

As for having support for different file systems for different purposes, it’s still nowhere near, which makes MS-OS’s “non prime time” at best. You only have to look at the likes of Oracle that in effect “managed it’s own drives for appropriate behaviour and response” to see just how immature MS and it’s storage ethos still is and why (think high availability issues).

The fall out from the “single user single process no mountable drives ethos” remained a “legacy issue” from then onwards. Even after the demise of MS-DOS…

The NTFS system was not much better due to flaky journaling behaviour. But the hidden issue behind it was down to “Dave Cutler and Co” with the whole “Better Unix than Unix” claim that gave rise to NT it’s self and how legacy issues badly compromised it[1].

The NT Kernel has always been very bad at secure or robust process managment, and relied on processes “cooperatively” telling the kernel what they were doing… Which with a moments thought most people will realise is a real no-no security wise (as malware writers could easily hide malware from the NT kernel and thus any other supervisory process, and not only did they… they still do).

Which ment the required “locking” that alows for corretly functioning mounting / unmounting and altetnative file systems and access methods could not be done where it should be… So MS chose to ignore the issue which is just one reason Local Area Networking file systems / file servers, Optical Drives, tape drives etc were something that Microsoft had to play the desperate “keep up game” to try and stop the competition. Which resulted in the fundemental issues not being addressed where they should be, but repeatedly “wallpapered over” very badly at inappropriate levels in the computing stack.

Thus the whole “non demountable” drive issue is still there today along with other newer nasties… Of which,

If you don’t turn off Windows Indexing…

Is just one part of the problem.

MS baked in an ethos into it’s Kernel due to past failings to address issues in a mature manner. Thus vast cancerous lumps of “quick fix” mainly “cludge code” are festering in there and other OS helper services (it’s one reason why one exe/dll gets so baddly “overloaded” functionality wise). Thus it’s why obsoleate or inappropriate functionality can not be exorcised, replaced, or upgraded by third parties as required to support new technology. And often not by MS either without considerable issues due to “new technology” in the hardware or communications, Solid State Memory and USB being just two examples.

As now we are in the era of “user space I/O” to get around performance bottle necks the MS OS is looking not just tired but one wheeze and a gasp from the nackers yard. For all it’s hype MS is still very much in the “Desktop computing” mindset at fundemental / foundational levels. Which might account for why it’s jumped on the “Cloud” and “Data rape for profit” ideas well behind it’s competitors.

It’s sad but MS is not realy “integrated” as a sensibly functioning organisation. Whilst it does do leading edge research, it often does not get into it’s products in sensible ways if at all. So the work is lost to the organisation unless a competitor picks it up and runs with it. When “New for Microsoft” –old for others– things do happen they are usually 50% hype, 30% catchup with / steal from compettitors / take them over, and 15% “cludge it on quick” and inappropriately, with 5% –if you are lucky– something worthwhile.

But as the original teardrop network attack and more recent WannaCry ransomware showed MS don’t actually “clean the stables” with major OS releases they just slap new UI paint on with a bit of plastering where unsightly cracks appear… Whilst in other circumstances this might be considered appropriate for stability, it’s frequently legacy “technical debt” for MS and this is hurting them. Thus the real question is when will the share holders notice or care? Bill Gates did once and tried to get the code base cleaned up, but the fundemental / foundation issues are mainly still there and it shows when you know where to look.

[1] This is not my first comments on these MS OS issues on this blog… This one back in July 2010 was of note for other reasons but you will get the idea,

https://www.schneier.com/blog/archives/2010/07/internet_worm_t.html#c449919

Or,

https://www.schneier.com/blog/archives/2009/01/interview_with_10.html#c347942

(let me know if you want more 😉

Clive Robinson • November 14, 2017 3:34 AM

@ Nick P, All,

The guy that did a scheme conceptually similar to mine with trusted CPU’s checking untrusted CPU’s is at it again with this one:

Thoth pulled a similar paper up a while ago,

https://www.schneier.com/blog/archives/2017/08/friday_squid_bl_587.html#c6757771

For what is plagiarism of the CvP Prison / Trusty / Warden hypervisor concept and use of Voting Protocols to gain a security advantage which gave rise to the idea of “Probabilistic Security”.

In both cases there is a co-author “George Danezis” who is currently at University College London and previously at Ross J. Anderson’s Cambridge Computer Labs is included. As I previously noted George Danezis is well aware of this blog as he linked to it on his own blog in the past[1] and also the Cambridge Computer lab blog “lightbluetouchpaper” on which he had authored posts.

[1] George Danezis also has a newer blog,

https://conspicuouschatter.wordpress.com/2017/07/21/thoughts-on-oft-target-hotpets-17/

Which likewise repeates a lot of what I’ve said on this blog numerous times… Maybe I should get him to be my “Ghost writer”…

Clive Robinson • November 14, 2017 4:04 AM

@ tyr,

Business threw them [MS] lots of money and they got bigger which added a whole new layer of problems that will be fixed Real Soon Now.

MS got the money via three basic tactics.

1, Promise the best features, but do not deliver, to kill more honest competition.

2, Steal others ideas to kill the competition, knowing the court case would take forever.

3, Use the old “nobody got fired for bying IBM” phone the boss tactic.

It was the third trick that got them the most money via big contracts. Put simply they would as policy send in a team to beat up on anyone who did not buy MS. They did not care if they lost money on the tactic as long as the rest of the industry saw the person destroyed, as it “sent the message”.

As time went on they developed a fourth traditional tactic practiced by monolithic uncompetative organisations which was “Build the patant portfolio” and use it “offensively”. When Sun started out they were mindfull of this sort of tactic and had put defences in place. One day IBM rocked up and “demanded rent”, Sun showed the IBM execs that what they were claiming was false and told them where the door was. An IBM exec just sat there and effectively said “pay us or else” indicating that IBM had thousands of patents and they would find something, and even if they did not they could bankrupt Sun via litigation anyway.

Thus in many respects MS stole the IBM business plan as well…

With regards,

And Clve puns are fun till someone loses an i

Especially if you C”leave it out” etc etc so three puns for the price of one 😉

Clive Robinson • November 14, 2017 6:43 AM

@ Who?,

Energy gapping our systems? I wish it will be another choice, but the truth is that our systems are too compromised at the physical level.

In the end I can not see the loony right doing anything but backdooring hardware at the most fundemental levels they can, no matter what damage it does to society.

For them it is a question of “status” they would quite happily blow the world economy to hell and beyond back beyond medieval times. Damaging everybodies intetests including their own in the process, just as long as they got an increased “status gap” out of it… Many will just follow their lead without thought for all the “authoritarian follower” reasons such as jingoism, faux legitimacy, delegated power, immunity from legislation / responsability etc.

We’ve seen this in the UK with Brexit, and we will see it in other places in the near future. Our convivial host @Bruce has seen and recognised one facet of it and in effect called it a return to feudalism.

To be able to achive this end the loony right need to ensure they can enforce it which means coopting the “guard labour” and “judiciary” directly or indirectly. Which is why we are seeing the bad legislation being repeatedly thrown at the legislators, each time a little bit sticks and more freedoms are lost. As once noted long ago “The price of freedom is eternal vigilance” and lets be honest we have been either “asleep at the wheel” or “sleep walking over the cliff”, rather than recognise the nightmare that is approaching.

However we still have some options currently other than just Energy Gapping our systems, but they may not happen or in some cases last. To see why we have to recognise that those involved are also “resource limited”, thud their push to “backdoor” hardware is from the top down, whith just the high end procrssors currently.

As I’ve been known to note on the odd occasion “The future is parallel”. Whilst some things are unavoidably sequential many things are not if you go about it the right way. Thus as I’ve pointed out with the Castle-v-Prison (CvP) idea you can use many low power CPUs to get similar user performance to a high end processor, but… You can also use it to mitigate much insecurity including the likes of backdoors, malware etc, almost for free in the process.

As you can see from the chat I’m currently having with @Nick P above,

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764066

There is a company in the UK that calls it’s self “Enigma Bridge” that has taken the ideas that Nick P, Thoth, Wael, myself and one or two others have invented and talked about here and without crediting the source knowingly used them to build such hardware…

But there are other limitations the loony right and Co suffer from, irrespective of how much they backdoor the hardware. There are the laws of physics and mathmatics that they –including the Australian PM– can not legislate against no matter how much science fiction they watch.

Back in the 1990’s I had an interest in improving financial transaction security. I realised then that it could not be done as long as attackers could see beyond the “security end point”. Thus relying only on securing one of many communications paths was effectively pointless if an attacker could see beyond the channels security end point.

I saw two solutions to this. The first was to put the human in the security chain and thus extend the security end point off of the communications device through them. Thus they provided the “air gap” by in effect a variation on the 1980’s idea of a “Sneaker net”. The second idea was to use a secure side channel to authenticate each transaction in near real time using randomized tokens/nonces etc thus removing various attack senarios.

Others had thought of the randomised side channel but only used it to authenticate the user not the individual transactions via the use of “One Time Passwords”. One such was the German TAN which was a printed list of passwords that the user received in the post. The problem was that it could and I belive did in practice fail due to Man In The Middle attacks. It could also fail to a KeyMat Copy Attack, where someone could intercept the individuals post, carefully open the envelope copy the list and put it back in the envelope and carefully re-seal it so that the user would be unaware of the tampering and copying when they finally received it in their post box. Which was why I looked at sending a TAN via SMS at the time of each transaction not authentication.

In effect I was looking at sending the equivalent of a One Time Pad in real time that the user used to make the individual transactions secure. Which is coincidently pretty much exactly what Quantum Key Distribution (QKD) does. QKD however should do it more securely due to the idea that it’s not possible to copy quantum bits without it being detected[1]…

The point is the use of “One Time Messages/Phrases/Codes/Passwords” can be done with a couple of “code books” and pens/rubbers/etc to prevent “code reuse”. And if the code books are correctly made and managed/used “theoretically” secure, and may even be indistinguishable by third party observers from harmless “open traffic”.

Likewise the use of “One Time Ciphers/Pads” can be used with just pencil and paper and have the same theoretical security. However it’s generally much harder to hide the use of an OTPad than OTMessage from a third party observer. However the OTPad has the advantage that it is only the PAD you need to agree in advance of the communication not the meaning of the codes.

Thus by using a human as a “firewall” to extend the security end point well beyond the communication end point that the attacker can use, you mitigate any backdoors or end run attacks they might come up with, within the communications system. Likewise any legislation that requires access to “message plaintext” if you use OTMessages correctly.

However that only solves the first two of the three basic information uses,

1, Communications,
2, Storage,
3, Processing.

Anything that requires more “processing” than an individual can do in a given time, brings us back to the use of technology. Thus CvP type systems or/and “energy gapping”. Most likely in the future both CvP systems and some level of “gapping”.

Oh one last thing to think about you don’t need to use “plaintext” to process information. In the case of a stream cipher it is “additive” at the bit level. This means that you can change either the plaintext or the keystream to process the information. Back in the 1980’s I had cause to think about this for storing secret information in volatile memory such that if an attacker ceased the memory powered up they could not recover the secret information. Thus having to over write information in memory or ensuring there was no residual information held in memory even though powered down both of which are time consuming were not issues.

The way I did it was with what I call “data shadows” essentially you don’t store “plaintext” you store data as many parts or shadows thus the data value “23” could be stored as the sum [+6,+7,-12,+10,+50,-25,-9,-4]. If any one of the values was unknown to you, you could not get back the data value, the same for an attacker. There are several ways you can do this which I won’t go into but just mention the idea of “secret sharing” you can look up.

The point is I could have several sub tasklets that could each change just one of those data shadows. Thus to change the data value I only need to inform one of the tasklets at some point in time. From this it can be seen that you can actually spread thr data shares and tasklets across as many CPU/Memory units as you wish and these need not even be in the same building or country. Thus you can put things beyond any one countries juresdictional reach. @Nick P and myself have indirectly discussed this in the past to deal with things like getting across boarders etc.

[1] Whilst the QKD system is secure in theory there are two issues. Firstly theory does not make practical systems people do, thus human failings can open up side channels that can leak information. Giles Brasard who built the first QKD system was acutely aware of this due to the high level of sound the polarizing filters made he could tell what state the Quantum Bit was in. Secondly theories are not reality they use assumptions and mathmatics to describe the real world and approximately model it. Whilst this is normally “not a problem” such as Newton’s laws on motion and gravitation being less precise than Einstein’s theories on relativity. The same is not true when it comes to security, where less precision means “wriggle room” which is why mechanical locks can be picked. Thus a cautious view point needs to be used when assessing the new, and yes some real QKD systems were successfully broken…

Clive Robinson • November 14, 2017 10:51 AM

@ Wael,

With regards “The Mexican Magician”. I know a better version involving,

A couple of secret agents in training had been tasked with learning the art of tailing and slipping a tail. The most experienced is like glue and he’s tailing the inexperienced girl every where all around London. Finally as she looks like she’s about to give up she turns onto Oxford St and as the guy slips round the corner after her she is nowhere to be seen. He looks around every where but she has most definitely disappeared without trace.

On getting back to the training center after a fruitless search he decides he is realy in need of a drink. So he goes up to the canteen and there, much to his supprise, she is as bold as brass drinking a cup of tea. So he gets a cup and a bun and goes over and sits down opposite her, and says to her “How did you give me the slip?”

She puts down her cup and smiles and says “Easy I used every spys dream”. The guy looks at her and say’s “You what?”. She pauses sips and the replies over the rim of her cup “Well you know that part of Oxford street?” and the guy nods, she continues “Well it’s full of travel agents and airline companies” and the guy nods again. She then puts her cup down and turns on a huge smile and says “Well I slipped into the one on the corner and came out the side door behind you” and the guy looks puzzeled and says “Ok, but why is that every spys dream?” she laughs and says “Because I vanished into Finn Air”…

Clive Robinson • November 14, 2017 6:26 PM

@ Wael,

In a way it does.

Don’t yah just hate that…

It always leaves me thinking “How could I have been clearer / more to the point / etc.”

So you know what I’m going to ask and then do… So you might as well trot it out and save us both time 😉

Clive Robinson • November 14, 2017 8:15 PM

@ Wael,

For a mobile device equipped with CarrierIQ, EG isn’t an option as it renders the device useless for Communications.

Err not quite true.

For communications to happen one or more Shannon Channels need to be established between two end points. That is an individual Shannon Channel is assumed to have a transmitter at one end and a receiver at the other. Importantly the input to the transmitter and output from the receiver although being Shannon Channels in their own right are assumed not to put any constraint on the Shannon Channel under consideration between the transmitter and receiver.

So,

}==(a)==[TX]—(b)—[RX]==(c)=={

a = input channel to transmitter TX
b = Shannon Channel under consideration
c = output channel from receiver RX

From the security perspective the TX and RX points can be considered the communications end points for an observer of the Shannon Channel at (b). Thus the observer at (b) can not see traffic at points (a) or (c).

The question you are thus asking is if the TX and RX points pass the desired communication between the parties “a” and “c” where is the energy gap EG?

Well a Shannon Channel can carry another Shannon channel inside it so we get,

}=(a)=[EC|TX]–(b)–[RX|DC]=(c)={

EC = EnCryptor
DC = DeCryptor
| = Energy Gap

The energy gap is crossed by the passing of a piece of paper that has the same text written on it that the observer “b” can see in the energy in the Shannon Channel. But importantly the observer “b” can not observe the pieces of paper that cross the energy gaps |. Thus can not see the security end points EC or DC. That is the security end points are beyond the communications end points for the Shannon Channel that the observer “b” has access to. But the Shannon channel into the EnCryptor EN can be seen by “a” and likewise the Shannon Channel out of the DeCryptor DC can be seen by “c”.

Now depending on your definition of “usable” the delay in the filling out, passing across the energy gap and reading of the piece of paper may be intolerable.

In which case you replace the energy gap with a choke point of an instrumented Data Diode. Provided the design of the Data Diode meets the EmSec requirments it acts the same way as the Energy Gap. The important thing to note is that the information going across the Data Diode is the same as observer “b” can see in the communications Shannon Channel. That is the ciphertext not the plaintext that parties “a” and “c” can see at points (a) and (c).

I hope that helps clarify… Which just leaves,

Any Questions?

Clive Robinson • November 15, 2017 4:54 AM

@ Wael,

To defend against a built-in Snitch (inside your virus infested smart phone) that sits at points a and b is a different problem, and that’s the one I am asking about

If you are saying that you need to use an insecure device for both communications and security end points, then as I’ve frequently said it’s not going to be secure no matter how secure the application may be, they will be able to do an End Run attack to the plaintext.

The only way to have a chance of opperating securely is to have the security end point YOU “OWN” thus fully control, past the reach of the communications end point THEY “OWN”.

Thus with a Smart Phone etc that means you need to extend the security end point OFF OF THEIR DEVICE and ONTO YOUR DEVICE.

The simplest way to do this as I’ve said for years with banking transaction authentication is to put the human in the security path to act as a natural firewall on the secure channel between the comms end point and the security end point. The easiest way to do that is to read ciphertext off of the smart phone display, and write it on a piece of paper. Then either manually decode it (OTP etc) or type it back into a token or computer that does not have communications ability, just a simple UI. Thus if the token does not have any other transducers (like microphones or LEDs that can act as photodetectors) and is properly screened then it is Energy Gapped (unless the user lets the Smart Phone camera see the token screen or user typing).

But as I said

… depending on your definition of “usable” the delay in the filling out, passing across the energy gap and reading of the piece of paper may be intolerable.

Thus you need to replace the Energy Gap with a mandated choke point that is instrumented. So,

}==(a)==[EC}-(i)-{TX]–(b)
–[RX}-(i)-{DC]==(c)=={

}-(i)-{ = Instrumented “i” choke point.

Note that the choke point is in the ciphertext path which contains the same information that the eavesdroping party “b” can see. So if they perform an end run attack at TX or RX communications end points they learn nothong they did not already know at point (b).

So whilst they own the TX and RX communications end points, they don’t own the security end points EC and DC so they can not end run around them to see the plaintext.

With regards,

But we don’t use our phones for SMS, IM, and emails only! How will that paper help in securing Audio/Video communications, or how would it help us preserve other ‘meta-data’, location, BT Mac addresses, nearby WiFi hotspots, books and articles we read, photographs,… That’s what I meant by the previous comment about ‘protection profile’.

We use “THEIR” device as though it is “OUR” device at our peril. Also the “richer” the information we send the harder it is to secure.

Thus common sense says we have to give up the beads, baubles and froth services that whilst nice are of no real importance in communicating information in the general case. Thus Email and Audio / SMS only for stuff that needs to be kept secure, by keeping the security end point off the device they own.

The problem with communications in general is hiding the Transmitter from observation by a hostile entity. As was once dryly observed about the very large transmitter masts –that ended up being used for “Home Chain Radar” during WWII– and German bombers [1].

There are only two ways to hide a big tree, chop it down and burn it or put lots of other big trees around it. You do the former and you don’t have a big tree any longer, the latter you have a forrest, but it does not stop people stumbling into the big tree when running through the forrest. All you can hope is they are either hunting rabbit or being chased by tigers, thus don’t care about the trees, other than to avoid them.

Admiral Karl Donitz had similar thoughts about the transmitter problem and giving away the location of U-Boats. Which he partially solved with his “Fleet Broadcast System”. Which I’ve mentioned before as an idea that can be significantly enhanced as a method of resolving some of Tor’s fundemental failings. In that you cannot hide the transmitter but you can hide who is receiving it, and if everybody forwards / transmits at the same rate of traffic then identifying who is communicating with who becomes very difficult if not impossible.

There are two basic methods of communicating information securely, as prearranged meaning codes and ciphers with prearranged KeyMat.

One advantage of a code is that it can be made to “look innocent”, another is it can do a degree of compression or word length hiding. The major downside is you can only communicate message meanings you have already agreed. A further down side is correlation attacks, that is if you use a code message more than once an observer can start to correlate messages with subsequent actions.

The main advantage of a code is that it can be slipped in with a general conversation. Thus it can be used like stego under the nose of an observer. Thus with care codes can remove the need for energy gapping or choke points.

How you go about things is defined by situational OpSec. There is no “one size fits all” solution. What offers an advantage in one situation is a disadvantage in another situation… Advice that is often given is “You can not have everything in life” thus you have to look for choices and work out of those you have what is best.

Osama bin Laden was a believer in the use of “high tech solutions” such as Satellite Phones. Because that is what the CIA had tught him when he was fighting the Russians in Afghanistan. What he was told by the CIA was only partialy true, that is the Russian’s at that time could not track satellite phones, but the US could. He got the rest of the education / message a few years later when a “beam riding” missile killed a general who the Russians wanted badly, when he was using his satellite phone. Shortly after that Osama realised that the way to fight the US was to use their technology against them when attacking and not to use their technology when defending. Thus he went very low tech for his communications but turned passenger aircraft into intercontinental missiles. He then started to use the Western technology in a propaganda war. Knowing that the US drones could be used to “Find Fix and Finish” mobile phones and those using them a simple plan was devised to exploit the US over confidence in meta-data. Known targets would use a mobile phone a few times using sufficient OpSec that they would not get an immediate call down of a hellfire missile. Then the mobile phone would be passed on to a group of innocent civilians. They would use the phone in the normal way, thus the US would fly in a drone and “Finish” the mobile with a hellfire and kill a whole group of civilians. The US then gey very bad publicity and OBL and Co get a juicy piece of black propaganda to not just humiliate the US with but also use to recruite new members…

Thus you must always evaluate your OpSec and methods continuously, and be prepared to change methods and tactics in an instance.

The only thing that is definitely clear is that at the State Level of attacker any electronic device is “theirs” unless you can show othereise. You can not do that with most modern technology due to the level of integration and the way most civilian communications systems are mandated to work. Thus your only available solutions are Mitigation and Issolation and to what level you use them and when.

The other thing State Level attackers know is humans get tired and humans make mistakes and mistakes kill. It’s the reason for “store everything” the NSA et al have built a virtual time machine, that alows them to go back in time and find and follow mistakes and build connection maps. The idea for this originated from Bletchly during WWII and it became known as “Traffic Analysis”. The only way to not get caught by this game is as the 83 movie had the WOPRA computer say “Strange game, the only way to win is not to play”. But overwhelmingly people “do want to play, and play big” and thus they are their own worst enemy as we get to read every day over and over and over…

If you want security then you have to play by securities rules, and they change as technology changes, thus “air gap” became “energy gap” your only touch stone is the laws of nature. Or as was once said about sailing in the antarctic seas, “Prepare for the worst that nature gives, and hope for the best”.

[1] For her sins my mother was present at the meeting this was said to Robert Watson Watt, and she hated the man with avengence thus took joy in seeing him taken down a peg or three. Her viewpoint of the man was “he invented nothing but stole credit for everything”. I’ve spoken to others who had personal contact with him and they said similar, one went as far as to suggest a new place to locate his knighthood…

Clive Robinson • November 15, 2017 8:50 PM

@ Wael,

Do you remember the other question about “Is all Cryptography based on a secret”

I suspect you’ve left a word out there, otherwise the answer would always be yes.

… using keyless Cryptography that uses channel characteristics to secure the insecure channel?

We’ve had quite a few over the years involving phased near field systems and MIMO type systems.

More recently I’ve proposed extentions to the “something you know” factor such as “place and time”[1] to prevent judicial coercion. They also have the advantage of having an entropy level way higher than that of things like random passwords when the human memory is involved.

However as you say,

But now we need to think of other solutions.

So far most of the new ideas have come from re-examining “accepted facts” to find the hidden assumptions that make the “facts” just “customs”. By examining the assumptions limitations can be removed or changed etc.

For instance with the extension to the “what you know” factor. Nearly every one assumes on hearing “what you know” that it is the equivalent of a pass word/phrase… A small number will when pushed include a concious bio-metric or “muscle memory” such as signature or a gesture. But in all cases I’ve asked people they have never thought about why there are other better “what you know” factors, that very effectively get around attacks thought up by others.

That said there are limitations on what we can give people using common technology. But they likewise have to realise that they have responsability as well…

As someone noted on the thread about Facebook and revenge porn,

If you don’t alow compromising photos to be taken then they can not be used against you.

That is there is no opportunity for the breach of trust which underlies revenge porn.

In general people are very very bad at “trust”, thus they indulge in risky behavioir, which can and sufficiently often does go bad. There is no technology out there that can force people to behave responsibly. Only the absence of technology removes the opportunity of it being used in a risky way.

People are also “lazy” or “contrarian” if you tell them “do it this way”, then as sure as roosters don’t lay eggs, they will do it “their own way”.

So we need to add an observation to the laws of nature,

You can not fix human or even limit it…

Which if it’s not mittigated during design of something new, means it will not go the way it should…

[1] I can easily remember many places I have only ever been to once in my life to the nearest half metre and the time of day I visited them even after nearly fifty years. And I know they are very very unlikely to change in my life time. Although I’ve not been there those that have can probably tell you the time of day they “kissed the Blarney stone”, but more importantly they can also give you a less obvious location near it like where they had a cup of tea, or where the coach stopped or some point around the hotel they stayed in the night before. What I can not tell you for love, money or on pain of death is the random eight character password I used for a central server admin account from the last month working for my previous employer. Nor for that matter the current random admin password on my own server thats built into the safe in my workshop (though it is on a couple of post-it notes tucked away at locations I know should I ever need to know 😉

Clive Robinson • November 18, 2017 10:15 AM

@ 65535,

Here is where you get into a gray zone. How does the average small business or person setup your semi-pro data diode? Do you have any specific hardware [serial ports and db9 pin cables] and software you use?

For the right sort of person it’s fairly trivial to do. But like hens teeth that sort of person is rarely found on the ground. You kind of have to look at Hard Science and Electronics graduates not people with a General CS background.

In essence you look for a micro controler development system for an MCU with at least two serial ports, or a USB and serial port or two USB ports. With a large chunk of RAM and ROM and a 16bit or above CPU that has atleast a 20MHz clock[1]. You then cut the code in assembler and blow it into the MCU.

Don’t aim for the moon the first time around or even to jump over low walls 😉 Just learn to get things working and to do something simple like converting different “End Of Line” formats (say CR/LF to just LF and back again). Then get basic hardware and then software flow control working. Then buffering and working at differnt input and out put baud rates on the two serial ports etc.

Having got it reliable to that point then you can start looking at stripping out control chars changing parity etc or converting 7bit ASCII to another character set and the other way around.

Then when you’ve got solid foundation you can look working on more than a couple of chars at a time through to simple file formats to check they are error free.

The next step up is “store and forward” where you take in chunks of files and work on them in more depth before outputing them. This means getting to grips with memory cards etc. You can even get it to speak to various secure cards etc as Thoth was looking at doing and Marcus had done for similar hatdwre resons but totaly different objectives.

If you are looking to go down this road I will mention as I have in the past that MicroChip make 24bit and 32bit MCUs –some with DSP– that are around 1-3USD and they also have some relatively cheap prototype boards with peripheral boards to do memory cards and smart cards etc as well as serial cards. So you can buy in everything you need as a series of ready made parts.

These MCUs are realy “Computers on a chip” and there is a project that has ported an early version of BSD onto one of them which gives you an idea of their power (think microvax etc).

If you want to build them as products then you will need to have some manufacturing skills, even if it’s just building nice cases. However for more than ten units you’ld be loking at electronics design and manufacture, which includs the usual fine tip soldering skills but also designing and building PCBs. If you don’t have these skills they are not hard to learn, but just like any craft you need to put the hours in to get reasonably good. That said you can often find via Hack-a-Day and similar stuff thats already been designed and built such as USB1 to RS232 converters RS232 V24 signal level converters down to 5V or 3.3V and a whole bunch of similar boards including project boards that have a couple of serial ports etc, so for low volumes it definitely pays to look around.

Another advantage of MicroChip is they have a lot of application notes and reams of pre-developed software for talking to USB and Memory / Smart cards etc and even network adaptors.

Finally though you need to think seriously about “Security by Obscurity”, it’s normally considered a “dirty subject” in ICTsec but not Physical Security.

You have to accept that all code has bugs, thus a potential for usable vulnerabilities exists. However if you develop your own code an attacker has a much much harder time attacking it. Especially if you set things up so that they can not reach it electronically and hopefully not physically as well.

In effect you have shifted the attack problem close to the top of the tree, well away from the low hanging fruit that is the usual fodder of the day to day attackers you will normally face. They are in effect “Opportunists in a target rich environment” thus unless they have other reasons to target you, they will quickly move on to where the cost reward metrics are way better.

It’s only if you or your customers have a very very different cost reward metric will you attract state level or equivalent commercial attackers. If you have or are likely to have high value IP etc that will attract them –as many small companies do– then you realy need to be thinking physical security and system issolation as a starting point. Working your way upward to totaly issolated systems in physicaly hardend SCIF like environments. From experience I can assure you working in that sort of environment is not fun (been there done that have the sweat bleached T-Shirt and “night-club suntan” to prove it). Building such places starts with rather more than a back hoe as anyone who has built a fallout habitat good for months will tell you and that’s before you consider the SCIF and other energy / EmSec requirments.

[1] You can do most of the basic stuff on a lesser CPU/RAM/ROM spec, I’ve used 8-bit/2K/32K parts with “bit banging serial” in the past but you very quickly run out of head room to do the higher level stuff. As the way more powerfull MCUs are only cents more it would be a false economy to use lesser parts unless you were going into large scale manufacture of 10K and up parts in one production run.