Schneier on Security

Clive Robinson • July 6, 2019 6:01 AM

@ Taz,

Yes public VPN ownership is a curious labyrinth, but that’s also true of many non security related technologies as well.

From the article,

Although the ownership of a number of VPN services by one company is not unusual, VPNpro is concerned that so many are based in countries with lax or non-existence privacy laws.

There is a flip side to privacy and where the companies are located.

Unfortunately countries with less lax laws are also the places with the “spy on citizen laws” that give you such things as lack of oversight court processes and National Security Letters or their equivalent.

It’s something @Nick P and myself discussed of and on several years ago on this blog.

So if you were chosing a country to found a privacy focused technology company in there are a number of things you would look for. From the privacy aspect three things would be high on your list are,

1, A country with no “snoop on the citizen” laws.
2, A country that is antagonistic to those countries with “snoop on the citizen” laws.
3, A country that you would try not to have clients in.

But from a user who want’s privacy aspect I would not use public VPNs as the currently are if I could avoid them, without using other technology to break their ability to do data snooping and metadata traffic analysis etc. One such thing is to lift the network stack up by using a “tunnel within a tunnel” as a new physical layer and create a “network on a network”.

If you think back to the early days of computing, what would happen is a branch office would use the equivalent of a “terminal concentrator” to multiplex numerous traffic streams into one traffic stream that went across a leased line to the main office where the streams were then demultiplexed and sent onwards. With IP networking you can do the same by having your “gateway router” shove all traffic into a Stunnel and send it over a “point to point” link where the Stunnel traffic is then stripped and fed into the upstream router. If the upstream router is in a private node with other routers that likewise use Stunnel to send on to their upstream routers you can fairly quickly build a private network on top of a public network in effect a “mix network” that you then need to strengthen in various ways.

Because the real issue is how do you deal with the problems of data and metadata. Data is in effect “plaintext” that would be inside the routing nodes or at the leaf nodes where you transition back to the public network. Metadata is the information to do with the traffic flow both rate and routing that makes traffic analysis possible.

Well you can use encryption to hide data, onion routing to hide routing information and null traffic padding to hide flow information. But the most important step is not to have leaf node transitions. That is all clients and servers remain properly part of the network ontop of the network.

Further as well as null traffic padding you can use the equivalent of a “Fleet Broadcast” system where individual packets get sent to multiple nodes such that whilst you might be able to tell which nodes have received a copy of a packet, you can not tell which of them it was intended for. That is a node will either forward the packet to the next router in the chain or use it instead of null traffic for padding purposes, where the next router might drop it or it’s self use it as a null packet to pad to the next node. To make this even more effective is to add uncertainty about if the packet is being forwarded on not to an observer. To do this requires also a “store and forward capability” thus the packet goes into the node, but when if at all the packet gets sent to the next node becomes difficult to impossible to determin. Whilst this is fine for certain non interactive traffic, it’s not for some types of traffic because of the undesirable effect of adding increased latency. However it is that latency that stops an observer following traffic by modulating packet delay.

There are other aspects to consider but hopefully you can see that getting privacy against a state level observer who has control of “choke points” is nowhere near as simple as just using a public VPN, as in practice it adds little if anything to privacy. But also shows that making statments as the article does is something you should take with a grain of salt, because otherwise it might cause you to make the mistake of not using a technology in an advantageous way.

Clive Robinson • July 6, 2019 2:02 PM

@ Bruce,

What ever they might look like, there is one thing that’s almost certain about a squid car, it would not when on frosty roads fish tail.

Clive Robinson • July 7, 2019 4:12 PM

@ The Pull,

Supposed undersea cable tap war going on

Don’t make the mistake of thinking “undersea cable tapping” means “tapping going on underwater” it’s mostly not.

For historic, geograpical and maritime safety reasons undersea cables come up in very few places[1] and once the general location is known they are incredibly easy to find on nautical charts and large scale topological maps the information of which is nearly all available in the public domain and Google Maps aerial views will actually show you the buildings.

The point is in general you have a “routing building” which uses standard well known telecoms protocols, with a spur off to the cable head building. Where the standard telecoms prorocols are converted to the virtually bespoke cable head end protocols.

Thus as a general case if you were going to tap the cables the easiest place is after the head end equipment router that is one or posibly two steps upstream.

One way to do this is to rent space in the routing building and lay in your own back haul. You would then as the NSA / GCHQ and other 12-20 “Five-Eyes” countries do find some way via implant or APT to subvert other routers to get the cable traffic “Tee’d off and forwarded” to your router thus off down your backhaul to where ever your local or regional processing center is.

If you look at Cornwall in the far South West of the UK you will see lots and lots of cables come up as do Satellite down links a few miles up the road. It’s kind of an accepted fact that as this is a major “choke point” even for European traffic that GCHQ have compleatly owned the main telecoms routing buildings.

But if you look at the submarine cables map you will see something that might make your blood run a little colder. Your internet packets follow the “all roads lead to Rome” philosophy only the center of the hub/web is the US and the main inter country nodes are in those extended Five-Eyes countries, all due to history, pragmatism and profits

Since the shindig at the 2014 Doha ITU world conference where various proposals to change the Internet and take it out of Five-Eye hands got narrowly defeated, the topology of the subsea cable network and overland backhaul inter country trunk circuits have started to change…

But if you want a bit of entertainment to eat popcorn to, we are currently going through what you might call the preliminary rounds of the UN ITU 2019 world Telecoms event. There have already been some off the wall suggestions[2] to do with “security” from non Five-Eye nations and I expect many more.

[1] https://www.submarinecablemap.com/

[2] Perhaps the most off the wall suggestion so far comes from France, they have proposed taking the entire 2 meter (144MHz) Amateur Radio band away and giving it to drone operators supposadly for “non-security” activities. Whilst the 2meter band is very good for “land mobile/portable” and “aeronautical mobile” for maned planes (they have the 135MHz allocation already) it’s actually a very bad band for drones as the antenna will be too long and there is insufficient bandwidth for what the French propose it be used for… Oh and of course there are all those satellites up there using both the 2meter and 70cm Amature bands, and they can neither be moved or turned off for upto the next 25years or so. It’s why quite a few people have pointed out the proposal is probably down to the well known Parisian Political Corruption that is endemic and some corporate is trying it on for other reasons that have not yet surfaced.

Clive Robinson • July 7, 2019 7:01 PM

@ Bruce,

As you used to write for The Guardian, and you have recently mentioned the shocking treatment of a reporter.

It might be of interest to you that two reporters one in the UK and one in the US have become targeted by the security services of a foreign nation.

It appears that the nation has been using not just US developed APT and similar computer attack tools but also using US personnel to do so.

So very much a “State Level Security Attack”.

https://www.theguardian.com/world/2019/jun/19/guardian-told-it-was-target-of-saudi-hacking-unit-after-khashoggi-killing

Clive Robinson • July 7, 2019 7:48 PM

@ All,

Five-Eyes attack Russian “google” Yandex.

https://www.reuters.com/article/us-usa-cyber-yandex-exclusive-idUSKCN1TS2SX

Whilst the malware used is relatively old, which would normally make attribution less certain due to “false flag operation” usage. This appears to be an updated version with –probably– not seen before code in it.

Thus whilst there is the possability someone outside the Five-Eyes could have got the original malware and aigmented it themselves, the odds are more in favour of it being either the US NSA or UK GCHQ.

That said the way it was used to target certain members of Yandex staff indicates that espionarge is the more likely cause for attack.

Interestingly in the article the suggestion that the attacks might enable “back stories” to be built for field operatives, raises a point that few actually think about…

It’s been argued that the likes of social media would prevent cover ID’s been established for operartives because of the inability to build “On Line Back Stories”. This attack tends to suggest that the reasoning may not be true. That is a SigInt Entity could get into the back end systems of Social media site servers and modify the records such that cover stories can be built for field operatives.

Which with hindsight should be obvious, afterall a persistent worry since the last century is the “revision of history” that is a newspaper could for several reasons not all legal, chose at some point for an earlier story to be pulled, modified or augmented, and it would be difficult to show it had happened.

Clive Robinson • July 7, 2019 8:27 PM

@ All,

It would appear that workers for the UC Customs and Border Patrol agency have atleast two rather offensive Facebook Groups,

https://edition.cnn.com/2019/07/05/politics/cbp-second-facebook-group-images/index.html

Having looked in from the outside, I’m not that surprised (I’ve seen it before with other “institutions”). But untill recently I gather little has been mentioned in US media, so it might be more of a suprise to others.

Clive Robinson • July 9, 2019 3:03 PM

@ Tatütata,

Downside: a thieve would only need to swipe the tiny memory card

Err maybe not these days… apparently according to some blurd I saw the other day PXE-Boot has come to the Pi 4B.

Thus a *nix style NAS box up in your loft / roof space running off of even another Pi 4 in a nice little fire proof safe suitably alarmed (see discussions between @Nick P and myself a few years back on this blog) would more or less remove that option for all but “warranted” intruders.

I’ve recently been looking at what would be required to take a “back box” off of a slim line UK dual fronted “in wall” mounted mains socket and add another box on the back of it to hold a Raspberry Pi. I think it would make a fun little project.

I’ve had a Pi wired up in the past to the back of one of those “four RJ45 PoE port” network mini-switch face plates, not because I wanted to hide it in the wall at the time, it was just the quickest and least expensive way to get four PoE sockets at the time to do an Asterisk on Pi VoIP demo. But once you’ve done something, why not get a bit of “self education” (play time;-) with it. Thus you’ld be supprised just what you can do with PoE, I ended up using it to power a little HF transceiver and charge a SLA battery to give the current lift on TX. Also I had a couple of audio dongles and a serial port based CAT controler so it could be operated from anywhere on the local area network thus all safely tucked away in a large air tight plastic cake box up in the loft. These days however PoE has got complicated to put it mildly, there are about half a dozen “proper standards” and as many again “manufactures standards” and heaven help those that don’t know what they’ve got. One such “manufacturer standard” for PoE is from Ubiquity and it’s a very non standard 24V…

There is a reason many PoE standards are 48V and it goes back a hundred years or so ago to the big glass Lead Acid Accumulators used to power the “Plain Old Telephone Service” or POTS as it’s been commonly re-christened. The POTS voltage was 48V DC[1] “positive ground”[2] “Phantom Feed”[3] and the standard stuck, ending up being used for the likes of studio microphones. What people tend to forget is the “ring voltage” it has to withstand which is basically upto ~200V peak AC… I remember using a “wiremans phone” which had it’s own hand crank generator as a “mega” for testing as with an ordinary multi-meter you had to carry it as well as the phone and the mega weighed more than both of them put together so it was “The last straw…” so got dumped.

[1] The POTS 48V like the truck and boat 24V and car 12V are not the stated voltages. The reason is the Lead Acid Accumulators in your car which are “12V” can go from 13.8 when new and fully charged down to a low of 10V when safely fully discharged, thus 12V is kind of on the middle. The same applies to 24V of 27.6-20 whilst POTS could do 55.2-40… Oh the life time of Lead Acid accumulators is dependent on what viltage you discharge them to. Down to 10V gives you maybe 200-500 charges, only down to 11v 750-1500 charges, go below 10V and you damage the battery to the point it might not hold even 10% of it’s original charge capacity again… For Sealed Lead Acid Bateries (SLABs) that use a paste as the electrolyte the voltages are slightly different. However the “capacity is not the volts times current rating printed on the side. The sensible no lower than 11V discharge only gives about 60% of the capacity you might otherwise expect. So 12V@7A only gives 50Whours as opposed to the 84Whours you might feel entitled to.

[2] As we now know “electron current” is in the opposit direction to “normal/conventional curent” charge flow. Back in the early telephone days where everything was “electromechanical” it made not a jot of difference which polarity you decided to use as ground so +V was often rhe default. It was only with the advent of Valves / Tubes where you had “low tension” 4-12V DC for the “heaters” that had to be very close to the cathode of the more than lethal “high tension” 180-15,000V DC voltage that using -V as the ground started to make some kind of sense. And with electronic design unlike that of electromechanical design of POTS and transport vehicles the -V convention has stuck. So much so that car manufactures are “switching over” from +V “chasis return” to -V “Ground return”, and yes the name change has meaning as well as the likes of automotive data busses have stopped using the “chasis” with it’s mostly iron thus very high AC impedence to return current, they now use a proper copper ground wire to try to minimise the AC impedence to significantly reduce electrical noise and increase reliability.

[3] All twisted pair (UTP) ethernet signalling is “differential” and the standards require the use of “Pulse Transformers” or similar for “galvanic issolation”. Thus you can use one twisted pair to carry +V and the other -V and take the power out of the “primary winding center tap”. The problem is there is only so much DC current you can pull through the winding before you start getting problems with the tiny ferrite core. Likewise there is the I^2 R power loss in the CAT cables which gives rise to heating issues. Back with CAT3 and some CAT5 there were less problems as you had “spare pairs” you could carry DC on but did not also have to carry data. Unfortunatly daya speeds have gone up so all four pairs are required to carry data and the likes of “crossover” cables can realy ruin your day with PoE…

Clive Robinson • July 10, 2019 1:20 PM

@ David #2,

most of these services glue you down with credit card or payment information which irrevocably identifies yourself.

It depends on which jurisdiction you are in. As far as I’m aware due to gambling legislation in the US you can not get “unverified” payment cards of any type other than some “gift cards”.

Some countries such as the UK alow there to be “unverified” “pre-pay with cash (via post office counter) cards from payment Card Issuers such as EVM. That in effect are anonymous or can be if you bend the rules slightly (some need a utility bill with the name you are using on it).

Though you need to watch out, some in the UK have massive monthly fees, others huge transaction fees and likewise top up fees, even when done from a traceable source such as a bank account.

There was a time when they did not have horrendous fees, and I looked into getting one to do Internet Shopping with… But the cost for most is unjustifiable these days.

Which kind of reminds me about the “If you make it illegal then only criminals will use it” we here in Crypto arguments. They have made pre-pay cards so expensive that it realy would only be of interest to criminals etc…

Clive Robinson • July 10, 2019 6:47 PM

@ vas pup,

The Beeb artical on the Norwegian Prison service,

1, Points out that it is more expensive in a given time period.

Which as in the UK we bang two or more in a cell designed in the Victorian era for one for 96% of the time with the human wastes they generate in thst time. Understandably leads to not just significant stress, but bullying and consequential violance. And is all down to UK Politicians, especially the soon to be Ex PM.

What the Beeb also mentions is,

2, The rate of re-offending in the UK is more than twice that of Norway.

But what they fail to mention importantly is that,

3, UK prison terms are longer than those in Norway, and considerably more for re-offenders.

4, In Norway they do not lock people up for minor crimes, they prefer social schemes where the offenders “pay back” to society by expending effort in improving society, and they usually take care not to disrupt work or home life, of the offender.

5, Often the non Norwegian non custodial “pay back to society” contains an educative element as well as support for mental healrh and other things like addiction. Thus aim to inprove the offenders lot as well as getting them to “pay back to society”.

6, UK prisons unlike Norwegian prisons spend next to nothing on rehabilitation education, mental health or addiction problems especially on the lesser crimes.

Thus the impression the Beeb artical gives about such a penal service being more expensive is more than somewhat biased. I suspect over an offenders life time it actually costs less than half the UK system. Oh and speaking of “Offrnder life time” I’ll let others look up the differences in violance and suicides between the UK and Norwegian systems, because to be frank it’s shocking.

The UK system like the US system is an industrialized process to make society worse a lot worse and now make private organisations significant profit. The only thing such corporations care about is minimising their non asset costs and having long sentences and significant number of reoffenders because that has two benificial effects,

A, It makes them a lot more profit.

B, It gives politicians an easy subject to decry, thus keeps them happy which is also good for profit, as long as the directors remember to kick-back some of that money back into the political party coffers…

Sometimes it’s hard to tell who the real criminals actually are…

With regards,

This article have interesting content for your input as possible security angle of such technology: Storing data in music.

Music like images has a very large amoubt of redundancy in it thus a high degree of entropy is available.

Back in the early days of DSP one trick was to alter the phase of various signals in audio. The reason for this is two fold,

1, The human ear has a very poor response to phase of individual tones (though it is reasonable at phase difference to get directionaliry).

2, By adjusting phase the actual electrical dynamic range could be significantly reduced.

The second point might need a little explanation. The “average dynamic range” is “the root mean square” (RMS) of the signals. However the peak dynamic range needed is the sum of the signals.

So if you had four 1V signals the peak voltage when all their peaks are in phase is 4V however the average is only sqr(4) or 2. Whilst this does not appear to be so bad amplifiers are power based and power is related to V^2 thus the peak is 16 times an individual signal whilst the mean is only 4 times the power. Thus by carefull phase modulation you can eliminate the peak power.

Now the fun bit, if you split the audio band up into frequency bins via an FFT you can rotate the phase of the bins to get the music to sound considerably louder than it realy is. Which is why the VU meters on heavy Rock hardly move whilst for clasical the meter needles jump up and down like fleas in a hot pan.

Now if you understand the notion of “differential encoding” where the mean of the two signals is constant because whilst on goes up 20% the other goes down 20% you quickly realise that you can select frequency bins to encode data in without the human ear picking it up. Further if you change the frequency bins in a pre-aranged way, not only will a VU meter not show the data, but the human eye watching the output of either a frequency or parametric equalizer won’t see it either.

The above is just a simple system that would fail to a suitable “spectral waterfall” or “Sonogram”. However by nodulating the data the same way as you would for a Direct Sequence Spread Spectrum (DSSS) signal which used to be used in Low Probability of Intercept (LPI) secure comms systems you can understand why the DRM people got all excited about it in the late 1990’s for “Digital Watermarking”. Thus we have known how to effectively hide data in not just music but images for a couple of decades.

Now a little knowledge about how the human inner ear works. Put simply there is a coiled tube that looks like a multi turn snail shell. This is because the tube is tappered in a way that it has a logrthmic decrease in diameter and it is built as a spiral. The inside face of the tube is covered in special cells that have what are best described as “hairs that act as resonators” and they do like all resonators or tuned circuits store energy. If a pure tone is sent, a resonator close to that frequency will start to store the energy coherantly and it will build up. Other resonators will also pick up energy but due to the frequency differences the energy will quickly die down as the phase difference will quickly cause the energy to oppose that in the resonator. So afterva time period only the resonator close to the frequency will have a significant amount of energy stored in it.

Now comes the interesting bit all resonators have a bandwidth that is related to the resonators natural frequency and it’s “Q” or “Quality factor”. Thus two frequencies close together will fall within the resonators bandwidth or “frequency bin”. The result is their amplitudes will add together and as the frequency difference between them causes a phase shift the amplitude of the combined signal will in effect be envelop modulated (think AM signal) at the difference frequency. Now if you have two pairs of frequencies with identical frequency differences you get two envelop modulated signals aye the same modulation frequency, but with a phase diference you can control. Thus you can PSK modulate to your hearts content and the human ear is going to be very insensitive to it.

The problem is knowing where these pairs of frequencies are. If you remember back, it was this blog that made clear to the world that due to the types of piezo microphones and speakers in laptops the notion of the BadBIOS above ordinary human hearing waa not only possible, but also how a technical trick from the 1970’s that enabled ROM code on PC I/O cards to load drivers in persistently at boot time was still in the BIOS specifications and Microsoft amongst others still honoured it in their latest OSs of the time.

Well that “high frequency” signalling has sufficient bandwidth to identify when data is being sent and the aproximate frequency bin to look in.

Wrap that all together as has been sujested before and yes you can send data in music as effectively as you can DRM watermark it.

Clive Robinson • July 12, 2019 3:33 PM

@ 7 July 2019 ……,

In addition, the Washington Post, IMO, has done some good reporting, too.

The problem is the WashPo appears to be following the bad habits of the New York Times.

The NYT has in effect created “fake news” by putting “Opinion pieces” in with “News reporting”.

This used to be a major “No No” in reputable newspapers.

But if you want a hint as to why,

https://www.cnbc.com/2019/06/19/new-york-times-ceo-on-how-newspaper-grew-300percent-amid-fake-news-bashing.html

Then look up Mark Thompson’s history at the BBC, quality it was not…

Mind you I guess Carlos Slim is not quite as happy,

https://www.bloomberg.com/news/articles/2017-12-19/biggest-new-york-times-investor-slim-hatches-deal-to-slash-stake