Schneier on Security

1&1~=Umm • March 7, 2019 5:35 PM

@Seros @Jeff:

“you’d either have to know exactly how to open it and close it again without obvious signs of tampering, or completely reproduce the letter on a new piece of paper”

True, but neither is as difficult as you might think.

In David Khan’s 1967 book ‘The Codebreakers’ he talks of Venice (Wien) as being at ‘the crossroads of Europe” diplomatically where many if not all diplomatic corespondence went through.

There was a ‘Black Chamber’ there where they had become experts not just at code breaking but more importantly at opening letters, packets, parcels and sealed one piece leather bags, even to the point taking hard wax seals off of leather, parchment, paper and braids etc and puting them back again and being able to cut and rejoin threads and the like (something modern day people smugglers and thieves do to lorries/trucks etc that are waiting in lorry parks for ferries or customs checks etc).

The David Khan book was not just a prized possession from my Uncle who had realised I could pick locks, but made me intensely curious when I was young to see if you could still do such things like that at home.

The answer is yes you could bqck then and you still can today. As an example take most modern white windowed envelopes, most are badly designed from a security perspective. That is they are made to look nice sometimes of good quality thick paper that has bern embossed etc. Any way if you look at the sides in most cases the short flap is glued under the back of the envelope not on top of it.

This enables you even with very cheap thin envelopes to put a thin bladed knife in from the side and cut the glue not the paper. You can then slide the contents out carefully open them out checking for ‘tell tales’ copy the contents and put it all back together you then re glue the flap using slightly watered down ‘White PVA wood glue’.

Importantly the knife you use should be sharpened to the point of being ‘just blunt’ then have it’s edge crosscut with a dimond file such that it’s edge is now like a microscopic fine saw edge. When you cut the glue you hold the knife at a slight angle and with light preasure in the direction of the cut slowly saw your way down. You will quickly learn the feel of the blade angle and also see if you start cutting the back of the envelope before you cut through it. So with care any small mistakes can be hidden in the re-gluing phase.

Oh and don’t think putting clear sticky tape over the flap sides and bottom of the enevlope and writing across it in ball point pen will stop people. A lot of such tapes use a glue that is easy to attack with a light hydrocarbon vapour and a smoothed blunt scalpel blade, that will lift the tape edge without marking it to let the vapour do it’s job (this also works on many cheap security tags like those wrist bands you get put on you at night clubs, music festivals and hospitals.

As has been said ‘the Devil makes work for idle hands’ especially those that are controlled by a very young and curious mind.

There was a scientist working at Sandia National Labs in the US who’s job it was to work out how to defeat all types of seals including those tamper evident ones. From what I remember he had a very high success rate.

That said things move on and technology intrudes when sometimes perhaps it should not (at the very least on the KISS principle). Thus this,

https://cbrnecentral.com/securityseal-detects-tampering-with-nuclear-material-containers/2532/

Does not realy inspire me with confidence in it as it’s way overly complex, thus probably full of attack vectors from the gate level in the microcontroller on up the stack.

1&1~=Umm • March 9, 2019 11:48 AM

@Seth:

“from the little I’ve read about physically uncloneable functions when they’re designed properly they are very secure to tampering.”

There’s a few rubs in there, first as many have found the reading material on PUFs is not exactly what you might call user friendly it goes from vague overviews into mathmatics few can understand let alone validate. Secondly the issue of “designed properly”, due to the way they work etc that is something you have to take on trust, you can not actually test it yourself (hence the twitchy feelings about ‘supply chains’ again). Thirdly ‘secure to tampering’ in the unlikely event that is true for that particular physical component of the system, it may well not be true for the whole system, and again it’s something you have to take on trust rather than something you can verify in a meaningful way.

If you look at a base use for PUF’s they are likened to a ‘Random ID numbers’. A typical wording you can find being,

“‘Physical unclonable functions (PUFs) are based on “locked” randomness (chaos), stemming from tiny imperfections in the manufacturing process of hardware, which result in the production (output) of a bitstring which appears random and can be considered as unique per hardware instance (device).'”

You see those last ‘fatal to the argument words’ “which appears random” and “can be considered as unique” try asking for a proof on either or both of those two points, especially when the mathmatics of both chaos and probability are involved. Oh and remember to duck quickly lest you are too close to all the arm waving you will get in response.

Then remember unlike a pot full of coins you can actually see and measure you are dealing with “tiny imperfections in the manufacturing process of hardware” which you can not yourself measure and verify and there are question marks hanging over the way they work in the actual devices anyway. For instance have a look over the arguments a few years back about Intel and it’s on chip random number generators that they would not alow user access to so the raw output could be measured, prior to them munging it through hardware hash functions. To see why this might be a concern, remember that it was based on Ring-Oscilators and so are quite a few PUFs as the on chip implementations are seen as an easy way to do both functions. Which as one (PUF) is supposed to have a static response and the other (TRBG) a dynamic response might give you pause for thought.

But as you read the link you see a refrence to what is in effect ‘crypto signing’ but no details as to how it’s being done or verified. As has been pointed out on this blog and other places ‘crypto signing’ does not actually mean very much. Because put simply it’s still a ‘Garbage in Garbage Out function’ all it realy does is appened more data to it, in a way you can then say that ‘the garbage out is the garbage that went in under the following assumptions’. Again all of this is done in a way you can not verify, likewise not even the organisation that builds such security susyemd and devices can verify the individual devices when they are built into a system, all they can do is cross their fingers that there are no ‘traitors inside’ the organisation and the designers had enough knowledge and ability (which is actually unlikely in most cases as IoT devices, Internet enabled security devices and even relatively dumb electronic locks show with brutal repeatability year after year).

I could go on, as there are a great many things going on in the devices and systems that can not be observed and verified in an individual unit, any one of which could malfunction, be incorrectly implemented, or have it’s proof found to be invalid at some point in the future. Or manufacturing processes improved such that the ‘chaos’ PUFs work on get very much diminished.

One such is Magnetic-PUFs, they are made by a contaminate to a physical mixture such that you get random sized magnetic particles when used as a magnetic recording surface on tapes or ABA mag stripe cards. The idea is that using a “read head” you get what is in effect a noise signiture from the random particle size on top of the data recording on the back of a magnetic stripe card.

It sounds all good untill you realise that the noise signiture is dependent not just on individual particles but many particles as they pass under the read head gap. Thus to deal with the read head tolerances and the wear/tear on the card plus magnetic particle changes due to unknown environmental changes all effecting the stripe the signal used has to be of quite a low frequency. The problem is that there are other magnetic mixtutes that have very very much finer magnetic particles, likewise other read and write heads with much finer gaps, thus it is possible to read the noise off of a magnetic card stripe, apply electronic filtering and write the result back onto the other magnetic material with much finer magnetic particles and write head gaps, such that when it’s read by the normal magnetic card reader it is fooled into seeing what it thinks after filtering and wear alowance and other reliability measures is the valid noise signiture. Can this attack be detected and prevented, yes by moving the bank card systems over to the finer materials and gaps. But they are many times more expensive and way more subject to wear thus higher maintenance, oh and worst of all much higher rates of legitimate transactions being rejected. So the economics on the millions of mag stripe card readers says it’s not going to happen, hence the move to Chip-n-Pin. Which unfortunately has been shown to have implement issues in the overall system, including other physical attacks such as micro shims doing a Man In The Middle attack between the contacts on the card and spring contacts in the reader. Which during the Chip-n-Pin system design this was not considered thus it left open a tiny crack that researchers found they could relatively easily exploit.

So it’s easy to see why the design of PUF based systems could fail not just directly with the PUF but also in the rest of the system around it. Way to many security systems are designed without sufficient thought, or have limitations on them which are required for reliability but also leave open cracks in the security which can be exploited. Have a look at supposadly unpickable mechanical locks to see mechanical ‘slop’ being exploited there are numerous Utube videos on this. Or how about it’s electronic equivalent where analog electronics with all it’s frailties such as noise susceptibility and peculiarities such as metastability has to alow for margins in filtering etc to get that ‘binary stream’. But also issues in the digital electronics such as Rowhammer or Meltdown both of which the potential has sort of been known about for oh half a century or so, but system designers ignored for various reasons, not least of which are lack of ‘thinking hinky’ and the cold hard ‘economics of the matketplace’.

But a final thought, one PUF mentioned when people talk about them is Optical-PUFs, the most common example being a glass block with bubbles in it that is then read by some kind of laser scanner. Much talk is about the size and position of the bubbles and how difficult if not impossible it would be to recreate such a piece of glass. Little or nothing is said of the process behind making the glass block and how you would read it out and the mechanics involved. Glass is when the bubbles are formed a liquid in which two processes are involved, the first is spontaneously generated bubbles by the process of nucleation the second is by filter bed infiltration. Glass being a relatively high viscosity liquid with relatively low gas saturation tends to make the bubble products of nucleation quite small and sparse. Filter bed infiltration is much like the mechanical oxygination process you see in fish tanks. Basically a gas is pumped through a defuser into the liquid. If the flow rate of both the gas and liquid over the diffuser are sufficiently controled you will get bubble patterns of the desired density. But it’s a mechanical process where the effect you are looking for ‘chaos’ is a side effect of the lack of process controls. To see what this effect means, pour a glass of champagne or lemonade into a flute glass, you will see the bubbles start at fixed points (nucleation sites). The bubbles rise in a very clear column untill they get to a certain size where the column breaks up and finally starts becoming chaotic untill you get that apparently random looking fizz at the top of the liquid. It’s thus clear to see that the level of chaotic behaviour is related to the size of the bubbles and how far up the liquid they have traveled. To small and not far enough makes the bubbles very predictable, to big and too far makes them usless for the intended process. Thus those bricks of bubble glass have a measure of cross correlation due to the control process. Thus you have apparently random macro distribution that is not random with what may be considered random as a micro signal.

Which brings us onto the tolerance of the mechanical scanning process that controls not just the path of the laser but how much is sensed. It’s fairly easy to realise that such a mechanical process also has a desired macro and undesired micro tracking that effects the reading of the signal. The micro signals tend to exhibit high frequency noise whilst the macro signals tend to exhibit low frequency signals. For a reliable system the more signal you have to noise the more reliable it will be. Which means that the signal you are actually getting from the glass block is primarily due to the production controls not randomness, because the randomness in the glass would be masked by the randomness in the scanning process.

But nothing is said about ensuring what is being measured is actually glass or actually a bubble. There are processes where by solid blocks of other materials as well as glass can have 3D images put in them by the use of lasers. Thus the question arises is can you make a copy of the glass block that is far from identical with it but sufficient to fool the scanning process. If you ask people you will find that little or no research has been published on this. Which means that either it has not been done or the results have not been published. If it’s the former then there is a reasonable chance that Optical-PUFs will be found vulnerable to the use of low cost scanning mechanics, which means that they could easily be economically unviable, or as bad unreliable and easily subject to wear and handeling issues.

The problem with PUFs is that they are new thus sexy with the ability to make people lots of money which means questions that should be asked and tests that should be carried out are at best have not yet have had time to be asked or done.

You will hear people talk of the ‘high security mechanical lock’ industry as being a ‘charlatan industry’ with legal threats being aimed at researchers. I very much suspect this is what will happen with PUFs in that as with DNA you will get ludicrous theoretical claims that realy do not stand up in practice once sufficiently investigated.