Comments

Ismar September 27, 2019 6:01 PM

While thinking what to contribute to this weeks Squid blog the topic presented itself in a form of an uncalled for command prompt on my windows 10 Lenovo laptop displaying

“Installing Intel(R) ME 12.0 software components. Please wait”

This was followed by a couple of minutes of other prompts notifying me of low level drivers being installed.

As this was the first time the I turned the machine on after a week of absence (machine was turned off and not connected to the internet and no settings to prompt the installing of the IME were changed) I was intrigued to find out more and ended up with this page offering a perspective on the IME

https://hackaday.com/2017/12/11/what-you-need-to-know-about-the-intel-management-engine/

Even if this is a legitimate install / update to the IME the whole process is so poorly designed leaving me wandering about its purpose ?

RealFakeNews September 27, 2019 6:15 PM

IME can operate, IIRC, even when the “computer” is switched off.

Are there any background tasks running for auto-update? If not, it suggests the IME driver received an update signal.

IME has a mind of its own, and should be disabled as much as possible.

It’s a SoC, and has very low access including completely independent network access.

SpaceLifeForm September 27, 2019 6:36 PM

@Ismar @RealFakeNews

Observation of Lenovo laptop:

After being ‘offline’ (No ethernet) for over a year (seriously, I am NOT making this up!), this laptop boot behaviour CHANGED.

It was always powered up, but eth cable pulled. Supposedly, ‘shutdown’ state.

For over a year!

@Clive

This is why I want the Faraday Cage.

I really think there are hidden cell radios.

Upon September 27, 2019 7:29 PM

My daughter has an older Mac Mini. It’s not kept up to date. (One needs to buy newer hardware before the software can update, part of the forced upgrade cycle. Which is how she came to be using it.)

A couple days ago she was having some problems. So she thought she’d reboot it. (I blame all those Windows machines at school. I went with Macs so we didn’t have to constantly reboot.)

The Mac wouldn’t reboot. It would get partway through the reboot process and turn back off.

Turns out:

  • Under OSX, /var is a symlink to /private/var.
  • /var is required to boot.
  • Google Chrome had a bug that was removing the /var link.
  • However, Apple’s System Integrity Protection (SIP) would prevent this bug from manifesting on newer computers.

So this bug only affects older systems, or newer systems with System Integrity Protection (SIP) turned off.

Unfortunately it’s necessary to turn SIP off for certain software packages and hardware devices used by graphical artists. They were the first ones to discover this problem.

Google now wants you to reinstall OSX: https://support.google.com/chrome/thread/15235262?hl=en

However, earlier they gave far more detailed directions that work wonderfully:
(Which have now been removed. A problem with the ephemeral internet. Thankfully I had to print them out to fix my kid’s computer.)

Boot into recovery mode.
  (Hold down Command-R while turning the computer on.
   With a Windows keyboard on a Mac Mini
   this is the left windows key & R.)
Select your language.
Ignore the window that opens.
From the menu at the top, under Utilities menu, 
  open the Terminal application.
In the Terminal application, run the following commands:

chroot /Volumes/Macintosh\ HD   # "Macintosh HD" is the default
rm -rf /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle
mv var var_back  # var may not exist, but this is fine
ln -sh private/var var
chflags -h restricted /var
chflags -h hidden /var
xattr -sw com.apple.rootless "" /var

And then reboot. This removes the affected version of Google
Software Update, then restores the damaged portion of the file system.

Or, as Google now requires, you can just reinstall OSX from recovery mode.

This might help too: Mac startup key combinations.

Now, in my little tale, can you spot all the security failings?
I’m thinking “A LOT”.

True Nonsense September 27, 2019 9:02 PM

@RealFakeNews IME can operate, IIRC, even when the “computer” is switched off.

I assume the driver for the IME Ethernet must be burned into the ME firmware.
Countermeasures include:
1) Switch to AMD (I’ve dumped Intel for superior AMD 2400G with Asrock b450 HDMI 2.0b)
2) connect using a separate non-Intel pcie Ethernet card
3) Use a RJ45/1GB Ethernet to usb 3 converter (does ME have its own usb driver?)
4) for ‘smart’ devices (like IME) have an A/C foot switch to manually disconnect ALL computer power when not in use
5) use a VPN network router chained behind the external ISP router. Have a wireless A/C switch to power-off the VPN router. Now the entire home network can be isolated from the Internet.
6) wired is more secure than wireless

Hey Google
However all this is meaningless as almost every device sold in electronic stores or warehouse club data mines you in addition to your ISP performing deep-packet inspection. To counteract I use free Debian, LibreELEC and DD-WRT to good effect.

The choices vary depending upon the use case and eliminating the weakest links. Many members are addicted and unable to critically think. So their devices need to also be isolated.

dbCooper September 27, 2019 10:18 PM

On-topic:

I was worried for a moment when read “there is no prove they didn’t”.

Became reassured when saw that post was tagged as “movie-plot threat”.

Patriot September 28, 2019 12:07 AM

Another Hansen got paid. This time from the East.

Looks like he did a lot of damage.

The interesting part about his story is that he was taught to communicate–send information– without detection. How was that? Should Daniel J. Bernstein be happy? Is NaCl now on the popular radar screen?

It would be fascinating for that little tid-bit to come out.

Patriot September 28, 2019 12:27 AM

About Hansen 2.0, I should have made my point…

This week, he got ten years.

Last May there were two others, both from the CIA. The OPM hack continues to fester. It was one of the most serious and shameful security breaches in U.S. history, and as I have predicted, its effects are extremely damaging, and will perhaps even be catastrophic in case of war. Obama’s hapless administration should further be held accountable.

lurker September 28, 2019 1:46 AM

@Upon: can you spot all the security failings?
you mean apart from using Goggle products
or because you’ve got physical possession it doesn’t matter?

Gunter Königsmann September 28, 2019 1:53 AM

About the apple hack: I wonder if when security ever gets good enough that we stop getting an insight how a device works internally now and then we’ll be more secure. After all we are surrounded by eber more mighty devices we know less and less and governments tend to try to require them to have bsckdoorsthe keys for might get lost and found even if you trust every single government on this planet and all the people any government gives access to your devices.

There once was a Sci Fi radio show about the Last Detective. It was german-only and I didn’t like it too much mainly because I didn’t believe his computer he bought as a used device from the government could hack into any computer and database and it was never explained howc that is possible. Today I know.

Bong-Smoking Primitive Monkey-Brained Spook September 28, 2019 2:37 AM

@Gunter Königsmann,

I wonder if when security ever gets good enough that we stop getting an insight how a device works internally now and then we’ll be more secure.

And herein lies the greater danger: sometimes weaknesses could be beneficial — like accelerate sales of new iHardware-11? Perhaps slowing down older devices ain’t cutting it! goddamit, we’ll make’em insecure and ruffle some feathers.

RealFakeNews September 28, 2019 3:02 AM

@Ismar @SpaceLifeForm @True Nonsense

IME has “network access”. Further details are unclear.

IME originally appeared in the network adapter of enabled machines, then it moved into the chipset directly.

It shares BIOS storage space, yet is independent from it.

The IME firmware is completely seperate, and seemingly inaccessible.

My guess is if it is attached to a computer with built-in WiFi, then it also has wireless network access (why not?).

Because of its integration at such a low level it might be possible, as you suggest, to disconnect the onboard network cards and use 3rd party expansion cards to prevent the IME getting network access.

It’s also unclear if it is able to enumerate the bus and look for other cards. It would be interesting to know if it works over interfaces other than the built-in cards. That would immediately answer that question. Being inside the chipset, it would certainly be in the right place to do it.

AMD has a “kind of” equivalent (formerly called PSP or Platform Security Processor; now Secure Processor).

It’s interesting for a few reasons:

  • It’s ARM-based architecture and built into the CPU die

  • It runs alongside yet totally independent of the CPU

  • It manages the CPU start-up. If it fails any checks (CPU firmware integrity among other things), it holds the CPU reset line high and prevents CPU start-up

  • It actively watches CPU execution (for security reasons, of course)

  • Much less is known about it than IME

  • While not explicitly stated as having network access, AMD simply say it has “access to IO”

  • It can load “trusted modules” written by 3rd parties (what is unclear is whether these can be written without physical access to the machine, e.g. as a payload via the operating system).

  • It is unclear whether network support modules can be written/added

  • Like Intel IME, it’s always running as long as the system has power

  • It’s in every AMD processor after Bulldozer/2013 (Ryzen onwards)

  • AMD allegedly added the ability to disable it in the BIOS, but given where it is and what it does, this seems a little like “snake oil”. AFAIK there is no way to prove it’s actually disabled.

RealFakeNews September 28, 2019 3:20 AM

@Upon

Do symlinks in any *nix OS get treated with the same security as an actual directory would?

If the installer attempted to trash /private/var would it succeed?

I also seem to recall that during installation it asks for admin access to install. It might therefore actually have the permission to do it.

A more interesting question is why are Google removing the symlink?

I wouldn’t like to say what risk modifying the symlink posed. Is it possible to point it at a compromised /private/var ? Does the OS protection detect such a problem?

OneTwo September 28, 2019 8:18 AM

Chinese spy trains: when everything is computerized, everything is a security risk.

New iPhone Hack:
A pseudonymous Twitter user called axi0mX posted a thread today (Sept. 27) introducing checkm8, a “permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.”

“Most generations of iPhones and iPads are vulnerable,” axi0mX continued, “from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). … This is possibly the biggest news in [the] iOS jailbreak community in years.”

Nothing is absolutely secure. You are never safe. Everything is a risk, even legal words and deeds. The only solution is extensive restrictions and oversight of all govt agencies and powers.

SpaceLifeForm September 28, 2019 12:28 PM

@RealFakeNews

“My guess is if it is attached to a computer with built-in WiFi, then it also has wireless network access (why not?).”

Oh crap.

I forgot about the WIFI angle.
The laptop was NEVER configured to use WIFI. Never.

But WIFI was around.

This tells me that there may be a WIFI backdoor. That NO WIFI can really be secure. That any device that has WIFI, can infiltrate/exfiltrate without any WIFI Key.

Over the years, how many flaws found with WIFI?

I’ve lost count.

Security Theatre.

Backdoors, buried in Silicon.

Faraday for Freedom!

Clive Robinson September 28, 2019 1:01 PM

@ SpaceLifeForm and the usuall suspects,

This is why I want the Faraday Cage. I really think there are hidden cell radios.

I don’t know about cell radios and I have my doubts to a certain extent. Because of a couple of reasons,

1, To work in the cell network requires it to follow a whole load of protocols, not least of which is those at the hardware level that would require it to put out a sufficiently coherant RF signal that it would be fairly easily detectable with fairly low cost test equipment[1] (thus I suspect it would have been seen by now).

2, Likewise to work a whole bunch of other higher level protocols involving security against “fraud” would have to be followed[2] which would require collusion of the Network Service Providers unless Intel or AMD in effect set themselves up as “Virtual” network service provider with full roaming service agreements. Such entities would be seen not just as heavy network users but also be quite visable in the financial marketplace side of telecommunications.

Thus “cell radios” would not be my first choice and for similar reasons WiFi Bluetooth etc would not be my choice either.

My choice would be a quite low power Low Probability of Intercept (LPI) radio system built using a non linear very wide band Spread Spectrum system.

The reason is that to a test instrument, such a signal would be indistinguishable, from the EM output a normally functioning CPU makes any way.

In fact the only way to spot it, if it was built in with care, would be by knowing the nonlinear spreading code. In effect this puts the system in exactly the same class of problem as we have with supposed “True Random Number Generators”[3].

Thus you would be wasting your time either debating it’s existance or trying to prove it exists[4] which it might or might not for your CPU chip[5]. Thus you actually have only two options available to you,

A, Do nothing.
B, Take an appropriate mittigation strategy.

Option A is easy and in effect has no additional cost.

Option B is far from easy and could easily cost many times what you would pay for an individual computer.

Unfortunately the very high cost of Option B usually gives rise to “economy of scale” thinking, which is realy a very bad security choice.

Basically instead of taking mittigation at the individual system level, you build a secure room and put lots of systems in it, as this means the cost of the secure room is spread over all the systems in it. Which whilst it might look good on a balance sheet can play directly into an attackers hands on the “single rotten apple in a barrel” principle.

It’s one of the reasons I argue that a Sensitive Compartmented Information Facility (SCIF, pronounced “skiff”) should never be the sole security measure for electronic equipment. That is it should be viewed as an optional extra for the equipment that goes into making a secure system. The implication of which is every piece of equipment that goes into a SCIF at any time should not only be secure in it’s own right, it should also never come out again[6] (which is a very big ask for most people not just accountants).

This is also becoming a more and more important consideration with those insecure blobs we call human beings. As is becoming ever more clear the use of just about any EM emitter of sufficient frequency can be used as part of a “back scatter radar” to detect movment. Which means in effect a users hand and finger movments whilst they are typing etc. As history shows humans can not be made secure, for various reasons.

The upshot these days is in effect you need two Farady Shields, one for the human and one for the system. These should be suitably segregated such that the user and system can not interact except through a strongly mandated and instrumented communicatons channel (think on not just the “No Write Down, No Read Up” Bell-Lapadula vertical security model but also on the “named” taged security horizontal model).

Whilst this can be done by cautious individuals using secure data pumps and sluices it is not an easy task for even quite skilled people because it requires a breadth as well as depth of information that very few have or will aquire via their normal work activities. Worse both are fairly rapidly expanding knowledge domains, such that just keeping up can be a near full time job.

[1] Such test equipment could be as little as a $10-20 SDR dongle a couple of lengths of semi-rigid coax in SMA connectors for the dongle end and a miniture capacitive plate E Field detector and single turn loop H Field detector, and appropriate software much of which is both Free and Open and has pleanty of well qualified users (See GNUradio and similar).

[2] In theory they could abuse the “emergency services” system, which bypasses the Network Service Provider anti-fraud security features. But that just means the backend interface to that would have to be subverted and that would be harder than setting up yourself as a roaming service provider.

[3] TRNG’s suffer from the “hidden secret” issue which is an inverse variation on the “Chinese Room” paradox. Put simply you as an external entity supply the room/box with information the room/box responds with an output. In the normal Chinese Room paradox, you supply questions and the room supplies answers, your job is the same as the Turing Test. However the hidden secret in the Chinese Room is a very very large database of questions hashed as pointers into a much larger database of answers. Or a large complex and usually not invertable map. The largest such maps we have of this type are cryptographic functions. So to invert the Chinese Room paradox your job is not to “prove sentience” but to “prove compleatly nondetermanistic behaviour” or “True Randomness”. The simple answer as with the normal version of the paradox is that you can not do so no matter how long you observe in real human terms the output.

[4] To prove that your CPU chip contains a backdoor of this sort can only be done by catching it transmitting data / responding to data, or by “making an omelet” of it. That is by destructive testing. Destructive testing however only proves that your CPU chip is not backdoored and destroys it in the process. However it says nothing about any other CPU chip except for a probability[5].

[5] We went through this “probability issues” with the Bloomberg allegation’s about motherboards from a well known manufacturer of high performance server motherboards for cloud type activities. Lets say you buy ten CPU’s and destroy nine of them without finding a backdoor, what does it actually say about the tenth? The answer is not a lot, if the chip manufacturer only puts the backdoor in one in a hundred chips. The manufacturer can do this where a morherboard is part of a large order for server motherboards is destined for a “Cloud” type operation where thousands if not tens of thousands of motherboards are being used.

[6] The problem with secure equipment is that it is only secure against classes and instances of attack you are aware of and have mitigated. The problem is that as with CPU chips you have no way to know if any chip or other item in a piece of equipment is backdoored or not. Worse you have little or no idea of if it can store information or not. Thus the only mitigation is to destroy the system before you take it out of your security mitigations…

Wael September 28, 2019 1:46 PM

@Clive Robinson, @SpaceLifeForm and the usual suspects,

Take an appropriate mittigation strategy.

Faraday Cage → Shielding
Tesla Coil → Wide-spectrum interference

Sed Contra September 28, 2019 3:29 PM

Re: group name for squid

Given the use of the dark (ink) and stealth, like shenobi (ninja), perhaps the name should be ichizoku.

SpaceLifeForm September 28, 2019 3:41 PM

@RealFakeNews

Interestng parallels.

“IME originally appeared in the network adapter of enabled machines, then it moved into the chipset directly.”

(backdoors in silicon)

“It shares BIOS storage space, yet is independent from it.”

See SIM.

“The IME firmware is completely seperate, and seemingly inaccessible.”

See SIM.

Now, look at SimJacker and Checkm8.

Then consider TSA taking phone. Just for less than an hour.

Then consider that the OS can (cough) leak (cough), the PIN into the SIM.

Think September 28, 2019 4:33 PM

@clive

I prefer the simple answer for exfiltrating data out of hard to get to places supposedly ‘air gapped’.

My microphoned iron or better yet my microphoned remote control for cable or satellite can just phone home straight over the mains if equipped with a transceiver built into the base devices power supply. I can think of many variations on the theme.

Obviously the grid would have to be modified for it to work everywhere but special nodes could be setup.

https://www.explainthatstuff.com/broadbandoverpowerlines.html

https://m.youtube.com/watch?v=1SpY1vwEIJI

My concern would be that my purposely non-internet connected devices (by the same manufacturer) create an adhoc PAN with other like devices in my neighborhood and using the one (or several) device(s)that does have an internet connection to get all the devices stored information back to the mother ship. Information collection I agreed to simply by using the device.

lurker September 28, 2019 5:31 PM

@RealFakeNews: Because of [IME’s] integration at such a low level it might be possible, as you suggest, to disconnect the onboard network cards and use 3rd party expansion cards to prevent the IME getting network access.

If I were designing an IME system I would have the Power-Up-Test check that all onboard peripherals were present and working. Fail this test and boot fails…

SamJ September 28, 2019 5:48 PM

OK, I haven’t read every post but… “Faraday for freedom”? Hmmm. Not Coreboot?

I had a coffee at Victoria Station in London this morning, on the way to the airport, and was mildly intrigued at the public messaging on, let’s call it “the illusion of freedom”.

First: on a giant electronic billboard “Get ready for Brexit” (the UK isn’t ready & won’t be).

Then: same billboard: a video ad for Facebook privacy settings (you’re still the product, sucker, or as Mark Zuckerberg put it, “dumb f*cks”)

Then: A public service announcement (audio) about reporting suspicious behaviour: “See it, say it, sorted”.

Illusions of sovereignty, privacy & safety trolled passengers repeatedly without anyone noticing or engaging with the cumulative effect. Is it any wonder politics is commoditized now?

Clive Robinson September 28, 2019 6:58 PM

@ SpaceLifeForm, Wael,

Paper is safer, but burn after use.

One of the things I tell people frequently about transfering information is,

    PAPER, Paper, Never data.

I then caution about the hidden side channels of “fonts” and so called “proportional spacing”.

I also talk of ASCII only sent as hexadecimal in a checksumed and armoured format.

None of it is perfect but it certainly shifts the odds in your favour, away from an attacker (who lets face it has a fairly easy time of it).

I also talk of moving the security end points so that no unmediated traffic can do an endrun attack around an Application that converts armoured text to plaintext. This actually can favour the use of paper and a pencil / pen if secure hand ciphers are used. The One Time Pad is generally the example of a secure hand cipher, however it’s also not the only one which is important as the OTP has lots of issues as anyone who has had to do non trivial Key Managment (KeyMan) can attest.

I also point out why “air gaps” are nolonger sufficient and why they realy have to be “energy gaps” hand ciphers on paper can significantly help with this simply by putting not just “distance” but “sound barriers” in simply by walking to another area and closing doors etc. Randomly selecting different places to do the decryption of inbound and encryption of outbound such that ciphertext is the only thing that ever gets close to the communications end point is very benificial.

Put simply it kills “Fire and Forget” and all other kinds of remote attacks that can be automated. Thus it forces the attacker into a very expensive in resorces “targeted attack” which significantly crimps SigInt and LEO automated and remote over the communications end point attacks.

Oh the other thing, if you do use an OTP which you generate with say a pair of dice and a lookup table, then you know it won’t have a backdoor in it courtesy of mathematically illiterate legislators.

Faraday Cage → Shielding

Whilst effective at stoping certain types of attack it by no means stop all attacks. Especially if the equipment in the Shielding is either powered externally or has to be removed from the Shielding to be charged. The big issue of removing the equipment is that it might well have memory in which it has stored private information and once out of shielding then transmits it. Likewise any power cables will have a communications bandwidth if these are commected to a power source beyond your secure boundary then it’s potentially a side channel through which information can leak.

The solution to this is simillar to that used on boats, where you have two seperate batteries to help minimise noise on sensitive navigation and radio equipment. You switch the charger to the battery not being used to power the equipment then when that is near discharge you switch the charger out, switch over the equipment to the charged battery then switch the charger to the discharged battery. If you “metal tank issolate” the batteries as is sometimes done for lightning protection you will probably get sufficient issolation to stop information from the equipment leaking.

Tesla Coil → Wide-spectrum interference

Whilst true it’s actually not a very good jammer due to the fact it’s an intermittent low frequency pulse generator as can be seen on looking at a 455KHz IF output on an oscilloscope. The use of certain types of filtering equipment will reduce it’s effects considerably.

In digital comms, jamming usually is most effective when it uses the lowest transmitted signal power for any given interferance level at the receiver demodulator output. Generally this occurs when the jamming signal exploits the format of the actuall data transmission. Put another way a waveform with a frequency related to the data rate if it occures at the receiver sampling points will cause more uncertainty than other types of jamning signal.

It’s unlikely that either a Tesla Coil or similar self discharging system will be at let alone synchronized to the data signal sampling points.

Wael September 28, 2019 8:58 PM

@Clive Robinson, @SpaceLifeForm,

I then caution about the hidden side channels of “fonts” and so called “proportional spacing”.

We had that discussion not so long ago, on a few occsasions.

armoured format

What is ‘armoured format’?

This actually can favour the use of paper and a pencil / pen if secure hand ciphers are used.

Paper and pencil is of limited use, because: it’s slow, error-prone, requires a skillset, not general purpose, etc. Can’t use it to encrypt but the most primitive and short texts. Can’t use it with a movie or audio/video communications. Not practival to use with a text message over cellular chanels, etc. It’s only good for a spy or something.

The One Time Pad is generally the example of a secure hand cipher

Replace ‘secure’ with ‘secret’, and I am with you. The One Time Pad provides perfect secrecy — not perfect security. Perfect secrecy means it’s immune to cipher-text (CT) only attacks. Also it’s perfectly secret under some conditions.

I also point out why “air gaps” are nolonger sufficient and why they realy have to be “energy gaps”

I agree, but don’t forget that humans are blobs of energy, too 🙂 How many side-channels did we see over the past few years discussed here? Acoustic (BadBIOS,) Light (Some copiers,) perturbations to video (Extract sound out of a video recording,) etc.

if you do use an OTP which you generate with say a pair of dice and a lookup table, then you know it won’t have a backdoor in it courtesy of mathematically illiterate legislators.

Don’t! Remember that lazy guy back in WWII? Too lazy to keep throwning dice and the One-time pad became not a Two-time pad, but a Many-time pad over a period of several years that enabled the US Signal Intelligence Service (Rumor has it SIS captured some advanced-technology aliens in Area 51, and all of a sudden NSA was born) to “decrypt” Soviet ciphers. Look up project Venona

Whilst effective at stoping certain types of attack it by no means stop all attacks.

Nothing stops all attacks. Show me a hundred-foot wall, and I’ll show you a hundered-and-one-foot ladder 😉

Especially if the equipment in the Shielding is either powered externally or has to be removed from the Shielding to be charged.

That would be a design flaw!

Whilst true it’s actually not a very good jammer due to the fact it’s an intermittent low frequency pulse generator as can be seen on looking at a 455KHz IF output on an oscilloscope.

I have the oscilloscope; I don’t have the Tesla Coil, so I’ll take your word.

Wael September 28, 2019 9:54 PM

By the way,

(Rumor has it SIS captured some advanced-technology aliens in Area 51, and all of a sudden NSA was born)

They’re the ones that taught NSA (Nabbed Seventy Aliens) about the intricacies of Dual_EC_DRBG: (Dreadful Epileptic-Curse Detrimental “Random” Bit Generator.) They told them to truncate the output of the Generator to the least significant 16 bits and told them the relationship between P and Q, and “Alien Eve” in hanger 18’s your aunt.

Clive Robinson September 29, 2019 12:42 AM

@ Wael,

Remember that lazy guy back in WWII? Too lazy to keep throwning dice and the One-time pad became not a Two-time pad, but a Many-time pad

I remember it rather better than you do as it was actually reported as,

    Russian Women with typewriters

Which reminds me, a thought for you,

The OTP is claimed to be secure because all texts of the pad length or shorter are “equiprobable”

Stream ciphers however are quoted as being at best CS secure.

Thus how secure is the output of the stream cipher when super-encrypted with the OTP?

Logic dictates as secure as the OTP.

Now what if you have two stream ciphers which use entirely unrelated generation methods?

There are four possible answers,

1, Weaker than either generator.
2, As strong as generator one.
3, As strong as generator two.
4, Stronger than both generators.

The actual answer for unrelated generators is generally given as a conservative “At least as strong as the stronger generator”. However back in the 1980’s it was found that with book cipher encryption that chain encrypting with four books is effectively secure as a stream cipher.

The point being that in effect chaining unrelated stream ciphers increases the security in an exponential[1] way, with the limit being close to that of an OTP.

So as we can create a stream cipher with a block cipher driven by the output of a counter (x) passed through a mapping function. With the basic being a one to one mapping function y=Ek(x) or a constant offset function y=Ek(x+o). By changing the value of the encryption key k we effectively get unrelated stream outputs.

The question arises with a block cipher like AES in say CTR mode, “How many do we need to chain before the resulting output appears to be indistinguishable from a True Random source?”

[1] That is a curve of y = 1-e-kn where n is the number of ciphers chained and k is a constant for the relative strength of the cipher.

Andrew September 29, 2019 2:25 AM

The thing about “turning computer off” when not in use is still funny after all these years.
Because, of course, data cannot be accessed while the computer is in use….

Wael September 29, 2019 2:51 AM

@Clive Robinson,

I remember it rather better than you do as it was actually reported as

Right, you do!

Now what if you have two stream ciphers which use entirely unrelated generation methods?

The difference between a symmetric stream cipher and an OTP is that OTP uses a pad at lest as long as the message. stream ciphers make OTP more practical to use by using a small seed to generate a pad or key as long as the message. In other words: if ???? is the Message space, ???? is the ciphertext space, and ???? is the key space, then:

For OTP, |????| = |????| = |????|

For stream ciphers, the key ???? is a lot shorter than the OTP:

The stream key is generated by “expanding” a long pad from a seed:
????stream: {0,1}s → {0,1}n ; n >> s

Now, an important property of XOR is that if you have two random variables, X and Y, and X has any probability distribution and Y is a rv with a Uniform distribution, then the rv Z = X ⊕ Y has uniform distribution. So regardless of whether you cascade two or more cipher streams, the cipher won’t achieve perfect secrecy.

“How many do we need to chain before the resulting output appears to be indistinguishable from a True Random source?”

As many keys as add up to the length of the message. Remember:

Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin — Von Neumann

As for the “appearance” part:

before the resulting output appears to be indistinguishable from a True Random source?”

We talked about it in the past: it may appear to be random, but that’s not sufficient. It needs to be random. Then again, I like probability theory, but statistics ain’t my cup of tea, so take my words with a crystal of salt, the size of… Lot’s wife 😉

PS: I didn’t give an exact comment ID in the above link on purpose (I don’t want to admit that I haven’t read the German paper yet.)

Wael September 29, 2019 3:22 AM

@Andrew,

Because, of course, data cannot be accessed while the computer is in use….

Data breach is more likely to be detected in a timely manner when one is using the hosting computer.

Clive Robinson September 29, 2019 5:37 AM

@ Wael,

Your hash mistress has turned her attention my way 🙁

So I missed,

What is ‘armoured format’?

It’s a way of making a string of binary data not just fit in a text stream but often in a way that is more secure to errors or tampering within. At it’s simplest when dealing with just the likes of line noise you could use parity or simple checksums for error correction and a 3-4byte encoding of the data. The first instances my generation saw was to protect machine code from transcribing errors when using a variation known as “Motorola Format”. In short binary information such as encrypted data does not go down a data channel that uses “Inband Signalling” (think about C strings where 0x00 is used as a string terminator what do you do when your data byte is 0x00? Likewise with the thirty two control characters in ASCII).

Later systems used not just some form of data expansion and error detection, they then started via Hamming codes to correct errors so they acted as a form of Forward Error Correction (FAC). These days the likes of Reed-Soloman and similar codes are used with high density Read Only Memory of low reliability such as optical media.

The name “ASCII Armoured” kind of came into the general lexicon in the days when PGP was about the best way of geting some privacy for the average non highly technical PC user. It’s method made putting encrypted text into EMail almost –but not quite– trivial. The name association to PGP kind of got stuck in most peoples heads. Which is why many think “ASCII Armoured” means the protocol PGP uses, not as it started out a more general term for the process.

But I see that the word “chaining” has caused a similar problem,

As many keys as add up to the length of the message.

I was talking about “cipher chaining” not “text concatenation”.

That is all generators produce KeyMat / Key Stream to the same length of the plain text. Thus each character in the message gets encrypted by each generator in order.

If the generators produce fully independent streams then their identifing statistics tend to get masked by the other generators, thus “flattening the statistics”. At some point an observer at the output will be unable to tell if what they see is genuinely random that has been “debiased” or determanisticaly derived. Further that they have neither the time or computing resources to be able to tell even if there are some statistical clues that come through eventually.

As I’ve indicated befor real world OTP’s are not “Truely Random” anyway, as they are at the very least “run length” limited usually with a maximum length of 25bits being all zeros or ones and other patterns likewise reduced. The easy way to do this is with “a set of acceptable strings” that are a subset of the “all strings” set upto the run length. However as is generally the case, “the easy way” is not the “best way” or for that matter even close. Further there are other issues such as “in band signalling” and “alphabet size correction” that come into play as well as “pre-encryption”, “compression” or “statistics flattening” to limit various types of attack (have a look at VENONA again to see why).

JG4 September 29, 2019 7:50 AM

‘Holy Grail’ of Encryption Could Be a Game-Changer for AI
https://www.eetimes.com/document.asp?doc_id=1335061
By Sally Ward-Foxton, 08.23.19

Homomorphic encryption has often been referred to as the Holy Grail of encryption, since it allows computations to be carried out on encrypted data, without needing to decrypt it first.

I saw a couple of articles about gigapixel cameras, which probably are composite. They’ll go well with this:

https://www.nakedcapitalism.com/2019/09/how-facial-recognition-technology-is-bringing-surveillance-capitalism-to-our-streets.html

You could hope that this leads to better protection of human rights, just not the 4th Amendment right to be not surveilled all day every day.

Empire is self-optimizing resource-extraction asset-stripping engine, with gears made of guns and words, lubricated with the blood of the peasants (and any hapless dissidents), driven by greed, amorality and hubris, that crushes bodies and souls to make money and power.

Wael September 29, 2019 8:49 AM

@Clive Robinson,

Your hash mistress has turned her attention my way 🙁

She’s spreading her love 🙂

I was talking about “cipher chaining” not “text concatenation”.

I’m well aware of that, and I am sticking to what I said.

Jon September 29, 2019 9:47 AM

@ Clive Robinson

The OTP is claimed to be secure because all texts of the pad length or shorter are “equiprobable”

Which leads, imho, to a fundamental weakness of one-time pads: using them to frame people.

Given a message encrypted with a one-time pad, and incriminating data of equal or lesser length, it is a work of mere moments to generate an alleged “one-time pad” that causes the encrypted message to decode to whatever incriminating data you had handy.

Then you hand over the (generated) “key” to law enforcement, and watch the fireworks.

Jon

PS – For stream cyphers, I imagine it’s a bit more tricky to generate a ‘key collision’ that uses a bogus key to turn an encrypted message into something else yet equally plausible. J.

Clive Robinson September 29, 2019 10:25 AM

@ Thoth,

What happens when Trusted Boot goes wrong 🙂

Which is not unexpected, and possibly good for the majority of the users as it’s apparently only USB port exploitable, which means they have the jailbreak option.

However it’s not good for some users as it means the supposed “Lawful Entities” can also jailbreak the devices giving rise to potential Evil Maid type attacks.

But in other news it looks like Lenovo is upto it’s old “you are the product” tricks yet again. Last time they did it through the BIOS in a way that remained in the OS.

This time it’s the “Lenovo Solution Centre” (LSC) that is to blaim. As this requires Windows to run, if you removed the app, or blew it away with a Linux install etc you should be safe currently.

https://www.theregister.co.uk/2019/08/23/lenovo_solution_centre_cve_2019_6177/

However it’s been around since 2011 and Lenovo appear to be being disingenuous at best, if not effectively lying to owners of their computers…

Clive Robinson September 29, 2019 10:41 AM

@ Jon,

Which leads, imho, to a fundamental weakness of one-time pads: using them to frame people.

The same is true for PubKey encryption if you think about it.

The problem is the accused can not prove they “never had the key”. Which is a problem in the UK and Australia where the legislation assumes you do have it and are thus wilfully committing contempt or it’s equivalent. Which means having an open system such as EMail in your name is in effect an invitation to be abused. Thankfully as far as I’m aware nobody has abused the system so far but eventually someone will…

vas pup September 29, 2019 1:27 PM

@Patriot

What Mr Hansen did has no excuse.

On the other hand, are their actions to prevent (or at least minimize) similar cases in a future or our LEAs only good on ad hoc actions not seeing forest behind the trees.

Is anybody study loyalty and its management?

I guess when person with such unique combination of skills as Mr. Hansen (fluent in Mandarin and Russian + technical skills – do we really have many such people in US?) has problems, it is better to address those problems and help fix them HOME with help of the government rather than let person in trouble seek help in the foreign countries.
His skills should be utilized in US.
Is he going to help sysadmin in club fed?

It is like use crystal vase as a hammer. Sorry.

MICE worked perfectly for him. M- money in particular.

Jon September 29, 2019 1:34 PM

@ Clive Robinson

Hmm. Not entirely sure about that. The idea is to generate a bogus key for some ciphertext that decrypts that specific text into a message you control.

You would have to work backwards from a known public key to generate a private key that encrypts a different message into the same ciphertext.

I think that would be mathematically somewhat tricky (as well it should! Even if you know the plaintext AND the public key, that doesn’t mean you can work backwards to get the private key!).

Jon (but I could be wrong… Still, ‘s downright trivial with one-time pads.)

Wael September 29, 2019 1:56 PM

@Jon, @Clive Robinson,

You would have to work backwards from a known public key to generate a private key that encrypts a different message into the same ciphertext.

Not necessarily. It could be a vector for forcing a defendant to disclose the private key. For example:

Obtain the ciphettext (that was encrypted with a private key and pretend the public key is the OTP.) Then Compose an incriminating cleartext (of any length,) and if it exceeds the OTP length (Public key, in this case) then repeat the same key. XOR the encrypted message with the fake “incriminating” cleartext message of choice, and this produces your faked OTP.

Then confront the framed poor guy with the incriminating clear text and the derived OTP. He has two choices: disclose the private key, or face the music. Discussions of zero-knowledge proofs for this situation omitted 🙂

Similar techniques have been known in bit-flip attacks against stream ciphers.

Weather September 29, 2019 2:14 PM

Wael Jon
If you have one byte char that can equal four plus different letters of the plaintext not necessarily in a row, and the key mix’s up four byte box’s…

Wael September 29, 2019 2:23 PM

@Weather, @Jon, @Clive Robinson,

Even if the exchanged message is a completely random, bogus message between two correspondents, a cleartext message xor’ed with the random message will produce a “fake” OTP. Now you have a random message, a cleartext message, and an OTP that encrypts (or decrypts) them.

SpaceLifeForm September 29, 2019 2:26 PM

@Clive

The Lenovo laptop I was talking about is over two years old, for various values of two.

“This time it’s the “Lenovo Solution Centre” (LSC) that is to blaim. As this requires Windows to run, if you removed the app, or blew it away with a Linux install etc you should be safe currently.”

Based upon observation over many various values of two years, I’m not convinced that running Linux is going to prevent a backdoor.

The Lenovo laptop in question is running Linux.

But, importantly, it came with Windows installed.

And here is the key point, at some point, it was BOOTED into Windows. (7pro)

I think that the backdoor gets installed into the UEFI at that point.

So, my recommendation is that if you going to run Linux (not just looking at Lenovo hardware here), on any new machine, that you NEVER boot the pre-installed Windows. Never.

Wipe the drive via live Linux.

Completely wipe it with dd as many times as you desire and can tolerate.

Install.

Clive Robinson September 29, 2019 2:29 PM

@ Jon,

I send to your EMail account a message encrypted under an anonymous Public Key.

As a first stage attack, under the likes of the UK Regulation in Investigatory Powers Act (RIPA) a police officer can demand you provide a decryption and the key. Failing to do so gets you up in front of a judge, who can send you away for a couple of years or more.

As a second stage attack somebody can then send anonymously the anonymous public key and the message contents. It takes little work for someone to re-encrypt the message under the public key and then verify the two encrypted forms match.

If the contents of the message are suitably vile/offensive to the public morals then there will be legislation sufficient to ensure you go to jail for an even longer period.

They are both setups of an individual that an individual can not defend against.

The one with the OTP as it’s “post message” can be in theory easily ridiculed in a court of law as the defence can come up with other messages, say one involving all the jurors names and the judges as well in short order.

The PubKey attack can not be easily ridiculed at the second stage, thus the only defence is convincing a jury you’ve never seen the PubKey… Which is equivalent to trying to prove a negative…

Most encryption systems suffer from this problem and it’s not an easy one to mitigate against, except by not having any method by which such ciphertext can be pushed onto you. Thus any open receiving system such as EMail, SMS, Twitter, etc should be considered a potential threat vector.

The equivalent in the physical world would be for an attacker to send you drugs or some other illegal substance by post and “tip off” the appropriate authorities. This has been known to be done in the past in various ways.

Any system that alows someone else to put you in possession of an illegal or questionable item can be used to harm you in this way.

Jon September 29, 2019 3:06 PM

@ Folks

Thanks for interesting discussions, although I think some of you may be slightly missing the point. The idea is that you know the ciphertext (and possibly the plaintext too; doesn’t matter) – one specific ciphertext – and want to “helpfully” let someone else (say, law enforcement) decrypt it by telling them the key – except the key is bogus, and makes that specific message decrypt to something else.

I’m not sure the ‘equiprobable’ defense is going to go over well with a non-technical judge and/or jury, especially if someone is willing to perjure themselves and testify, under oath, “That is the key!”.

And once you’ve gotten an OTP, however generated, you’ve got the OTP problem.

@ Wael : Yes, you might have to fess up your private key, but not necessarily to the attacker. Courts (at least in the USA) have ways of ensuring that certain information is not revealed to everyone. You might have to share it with their attorneys, but if you can argue successfully that it’s a secret the accuser shouldn’t have, you might be able to keep it secret.

Anyhow, doesn’t matter: The point is rigging a key to mis-decode one specific ciphertext, and mis-decoding it into what you want it to be.

@ Clive Robinson : And you’re right there, too. You can easily email incriminating stuff to someone, encrypted, then run off to the cops and say “They’ve got this incriminating stuff, and here’s the keys to decode it” and get people in trouble that way too, but that’s not really what I was on about.

Anyhow, have fun, Jon

SpaceLifeForm September 29, 2019 4:18 PM

So, now even latest and greatest, ios 13.1.1 is pwned. Maybe not all recent hardware/firmware. Not clear.

But, Apple is losing their argument wrt security.

Trend is interesting.

checkm8 dude axi0mX

“HACKED! Verbose booting iPhone X looks pretty cool. Starting in DFU Mode, it took 2 seconds to jailbreak it with checkm8, and then I made it automatically boot from NAND with patches for verbose boot. Latest iOS 13.1.1, and no need to upload any images. Thanks
@qwertyoruiopz ”

The $64K (or $64B) question:

Is it a BUG or a FEATURE ?

Clive Robinson September 29, 2019 5:37 PM

@ Jon and others,

…but that’s not really what I was on about.

Fair enough. Like @Wael and one or two others in the past we’ve chatted about the many problems with One Time Pads both for the directly communicating parties and for what third parties can do in ways of an attack.

One way to limit the potential for such false key attacks is to “chain the plain text” or “chain the cipher text. The details are fairly dull to put it mildly, but in essence you encrypt the plain text or cipher text with it’s self (think of the OTP as a very small block cipher with ever changing key that is then used in one of several standard modes).

The problem of course is that you are looking for ways to make any single bit change to show up across many bits (ie an avalanche effect). This has to be in a way that is difficult to predict thus very difficult to counter. As always there is a problem in that any transmission / line noise will also cause the same effect as any manipulation, thus the addition of certain types of correction codes is also required.

Thus all of a sudden you are nolonger talking about a “simple hand cipher”…

Comming up with a good authentication system in the pressence of noise is one of these “Holy Grail Quest” type activities. Thus as a general rule engineers split the problem into two or more layers. That is you use authentication on the plain text, and you use error correction on the ciphertext.

You see this with some super-encryption systems done by two or more segregated computers. The first stage takes the plaintext compresses it then adds both authentication and error correction, this then gets encrypted with a block cipher in an appropriate mode. This first cipher text gets “put on tape” to be fed as plaintext into the super-encryption system where it first gets OTP encrypted with a key tape. The OTP output then gets put into a Forward Error Correcting coding system to be transmitted. Depending on factors such as distance and bandwidth other error correction may be used, especially in Low Probability of Intercept (LPI) radio systems that work well below the noise floor. Thus on a bit for bit basis the actual transmission bit rate can be ten or twenty times the original message text bit rate.

Having actually had to “play computer” with pencil and paper through each and every step when designing and testing code in the past, I can assure you it’s very definitely not something 99.9999% of humans could do reliably on a regular basis and still keep their sanity.

But such automated and complex types of authentication are usually not required between two parties…

It’s one of the things you don’t get to hear about so much when people talk about the “Code Talkers” of both World Wars and other battles. That is not only was their native language usually unknown to the enemy, the actual talkers knew each other well and used their own kinds of slang, jargon and other knowledge that was only common to the group.

For instance lets assume that you and I are from the same small town which has it’s own franchises and other places. If I said to you “Go the same distance as from the bakers to the hotel, then make the same turn you would to get to the barber’s” you would know I ment go two thousand yards then go to the left, but who else would?

This sort of semi-private shared knowledge actually made it onto the movie screen dramatisation of an actual event about an electronics inteligence officer downed well into enemy teritory towards the end of the Vietnam war. Using a common knowledge of a golf courses to tell his rescuer where he was going over an unencrypted VHF radio thay both knew was being actively monitored by the enemy as they actively hunted the downed man.

You can probably still see the movie it stared Gene Hackman as the downed man and Danny Glover as his relentless rescuer,

https://en.m.wikipedia.org/wiki/Bat*21

It was once voted as one of the best war films ever. If you look closely in this trailer,

https://www.youtube.com/watch?v=FNj3SSX1tJ0

You will see a mention of the golf courses as a transparancy is overlaid on a map.

Wael September 29, 2019 6:04 PM

@Clive Robinson, @Jon, CC: Tatütata, @Ratio,

one or two others in the past we’ve chatted about the many problems with One Time Pads

This is really bizarre. The day before yesterday, I started thinking about a similar problem and was wondering how to put it in a puzzle format. It was going to be the next iteration of a previous puzzle shared here, but I wanted to stay away from steganography. One of these days, if time allows…

nobody September 29, 2019 9:47 PM

U.S. based social media companies will have to share contents of encrypted messages with U.K. Police
https://www.bloomberg.com/news/articles/2019-09-28/facebook-whatsapp-will-have-to-share-messages-with-u-k-police

Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries.

This means, of course, that encrypted will not mean “unreadable by governments” in case someone thought that was the case.

Clive Robinson September 30, 2019 1:25 AM

@ nobody,

Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries.

Remember such treaties are usually like contracts, that is they contain a degree of reciprocity. So the US will have access to information held by British firms etc. Which is actually far more serious in some respects.

Further since UK PM Tony Blair signed off on a new extradition treaty it’s become clear that in such US-UK treaties they have become unbalanced in favour of the US legal process which is generally not good for defendants.

Oh and don’t believe that nonsense about “Death Penalties” as the Julian Assange case will no doubt end up showing the UK and Australian are quite happy to turn a blind eye.

Clive Robinson September 30, 2019 6:56 AM

@ Wael,

I started thinking about a similar problem and was wondering how to put it in a puzzle format.

Keep thinking, you never know it might become “Wael’s Conundrum”[1] or some such and end up chasing you around…

[1] Just remember a large people have observed over the years, that people who come up with original observations etc, rarely get them named after them. There is actually a “law” about it, but as that person was atleast the fifth person to note it, I shall not name them 😉

Clive Robinson September 30, 2019 10:11 AM

@ jon, ALL,

TL/DR: Someone mailed Brian Krebs a packet of heroin, and planned to call the cops on him when it arrived. You don’t need email to send incriminating material!

Yup… It does not surprise me in the slightest, I’ve heard of similar happening with people getting rather unsavour –to put it mildly– magazines mailed to their home addresses from the likes of Thailand. The person doing it knowing full well the US Postal inspectors pay special interest to those sorts of packages for illegal goods of various types. They also guessed that most people on receiving such a magazine will rather than call the police etc, just burn it or in some other way destroy it, unlike with drugs… Thus in effect making themselves look more guilty.

The one thing I’ve learned is that nearly all “tangible physical world” crimes have “intangible information world” equivalents, whilst the number of intangible information crimes far far out number the tangible physical world crimes for various reasons.

When you look into it there are similar imbalances in other domains. Which led me to start thinking about which was in effect a subset of the other.

The intangible information in effect wins hands down on the numbers, and thus further investigation leads to the conclusion that the physical tangible world we interact with is the subset of the intangible information “universe”…

But don’t say it too loud 😉 as some have rather strong beliefs it’s the other way around.

Wael September 30, 2019 12:02 PM

@Clive Robinson,

physical tangible world we interact with is the subset of the intangible information “universe” […] But don’t say it too loud 😉 as some have rather strong beliefs it’s the other way around.

Perhaps because we’ve come to learn that information does not spontaneously spawn out of sheer void, no matter how hard poor Dr. Lawrence Krauss tries to conjecture (otherwise.)

Alyer Babtu September 30, 2019 1:01 PM

@Clive Robinson @Wael

Re: tangible/intangible things

Probably any discussion needs to take account of and continue the questioning and conversation started by Aristotle and clarified by Aquinas.

E.g., as introductions

Thomas Aquinas: The Division and Methods of the Sciences (Mediaeval Sources in Translation) 4th ed. Edition ISBN-13: 978-0888442796

and

Joseph Owens. Cognition An Epistemological Inquiry ISBN 978-0268007911

Joseph Owens. An Elementary Christian Metaphysics ISBN-13: 978-0268009168

(In spite of its title, this is a book of philosophy)

Highly recommended!

Sherman Jay September 30, 2019 3:21 PM

While these are off current hardware topic, and they carry some political baggage, they do directly pertain to security, both national and personal. So I thought I’d share them.

hXXps://www.democracynow.org/2019/9/30/edward_snowden_us_surveillance_corporate_america

hXXps://www.washingtonpost.com/apps/g/page/world/national-security-agency-inspector-general-draft-report/277/

Also, I use an approx. 9 year old Lenovo intel celeron junkyard (literally) PC that I rebuilt, running Linux, to access the internet. With all the articles about the crapware in Lenovo’s and the fact that they are a chinese company, does anyone know of anything sneaky lurking in the BIOS, chipsets and processor (peculiar to Lenovo) beyond all the ‘fun stuff’ being discussed above?

amburgessshalertificatalyssajoustchurtz September 30, 2019 5:08 PM

RECOMMENDED FONTOGRAPHY/TYPOGRAPHY/RELIEF:
BRAILLE
ETC.
:::::: {ITSUCKED&THENiCRIED} :::::
https://www.ecosia.org/images?q=index+pictogram
::::::::::::::::::::::::::::::::::
sideloading tends to be useful

basebitwiseswitch, yet every term is a buzzword until we change languages.

There is no letter “c” in this dialect. Yet you may still check the dictionary and alphabet.

(P) & (C) Siglo, Author.

Julian Calendar

cardboard efvasive notta iota yadda bad idea

UUE

manchester_biphase_encoding_fault_tolerant September 30, 2019 5:18 PM

“don’t @ me bro” (step to my lou my darlin’)
SHA-NNNNNNNNNNNNNNNNNNNNNNN

mixup the basemath, please. let’s get this parity started, quickly.

…in supportive response to…

This is why I want the Faraday Cage.
I really think there are hidden cell radios.

This is very much also my opinion. Yet, since FC’s are rather difficult to build and/or maintain and are sometimes obsolete, it’s useful to backtrack into antiques and steampunk, WITHOUT THE PUNKS AND PRANKSTERS AND JOKERS AND JESTERS.

Yeah, however, yeah. Basically, I have been concerned about this basic possibility ever since remembering that miniturization is a @#$@#$*.

5G is not on our side either.

Within Maslow’s Heirarchy of Needs, the most long+term dependable items are those which have withstood the biological tests of time for several millenia.

We originate(d) from organic lifeforms.
We possibly were never meant to be involved with electricity (yet {several centuries premature?}).

sincerely,

iFeel_That_Someone_Is_LOST
MI=multiplex immediately
P=pass it on
y=yes
n=no
a=maybe
i=individual

careful with, to, of, by, from, collectivism

unanymity? improbable.

Wael October 1, 2019 1:10 AM

@Alyer Babtu,

Thanks for the book recommendations. Will save them for a time when I have time. Still haven’t finished half a dozen books I already got 🙂

Wael October 1, 2019 1:50 AM

@Clive Robinson,

Keep thinking, you never know it might become

I know what the problem to solve looks like. Given that encryption may soon be something of the past either due to technological or mathematical mutation (evolution-style mutation,) or legal changes, and given that no one wants to be caught “encrypting things” and attracting unnecessary attention, then what’s the solution?

Just remember a large people have observed over the years, that people who come up with original observations etc, rarely get them named after them.

I think I’ll have bigger things to worry about after I expire and get recycled (i.e. eaten by maggots.) Doesn’t matter what the living world thinks of me then. Someone else may take credit…

but as that person was atleast the fifth person to note it, I shall not name them 😉

Why do you keep doing this? Name the person so I sleep better!

JonKnowsNothing October 1, 2019 11:21 AM

in France

allow authorities to monitor individuals’ social media posts and purchasing activity on websites such as eBay in order to identify those committing tax fraud….
a three-year trial during which the tax office’s computer system would collect information on peoples’ lifestyles from social media accounts such as Facebook, Instagram and Twitter, and also monitor their activity on sites such as eBay and the French site Le Bon Coin.

In UK

HMRC already has a similar computer system allowing it to collect and use information from social media to identify potential tax fraud.

In AU, they are doing something like this but they are cross referencing your tax history with any social services you might have received or are receiving. I can’t say I understand anything going on Down Under but a bunch of folks have had their pensions cut to $0.00 because of some RoboDebt Claim of understated income years or decades ago. Apparently there isn’t any person you can talk to once the computer decides you are At Fault, they garnish any income you might have or tax refunds and/or halt pension benefits instantly.

They don’t seem to be able to do anything at all about those fabulous Off Shore Tax Havens. A $10 understatement of income + 20 years of interest penalty beats that and yanking someone’s pension to $0.00 is a more effective a “deterrent” for past missed calcs.

in USA if the IRS smells something odd about your tax returns, they can return infinitely to past taxes. You might only have copies for the last 7 years but they have no look-back limitations. And they don’t care if you have a receipt for an expensive medication either. They look at your “life style” and back calc what it takes to live “that style”.

They are scanning your social media histories for those photos you uploaded to friends of your vacations in exotic places and seeing if you really had a bargain conference package vs a disguised personal vacation.

As folks don’t seem to care about their privacy much… Taxes might work a trick instead.

Once it is known that all your purchase history at ABC-Z is now being cross referenced by Govs around the world for your undeclared $10 purchases.

ht tps://www.theguardian.com/world/2019/oct/01/french-plan-to-scan-social-media-for-tax-causes-alarm
(url fractured to prevent autorun)

Sancho_P October 1, 2019 6:05 PM

@Jon, @Clive Robinson, @Wael

”The PubKey attack can not be easily ridiculed at the second stage, thus the only defence is convincing a jury you’ve never seen the PubKey… Which is equivalent to trying to prove a negative…” (@Clive Robinson)

Um …
Couldn’t an OTP easily ridicule any ciphertext, no matter how it was made?

Only revealing both, method and key, may save your a**, if, and only if, they want.

The basic issue is: What is an encrypted message?
Is it what “they” do not understand?

Assume I send two pictures, one of certain bridge at dusk and the other of a church, it’s clock showing 8:00.
Is it a hidden / encrypted message?
Or an OTP for an other message?

Sancho_P October 1, 2019 6:07 PM

@Clive Robinson

”But such automated and complex types of authentication are usually not required between two parties…”

… and will definitely not prove innocence if one drops drugs or whatever into your pocket or mailbox.

Wael October 1, 2019 8:10 PM

@Sancho_P, @Jon, @Clive Robinson,

The basic issue is: What is an encrypted message?
Is it what “they” do not understand?

Cryptography is the science of hiding the meaning of the message. It follows that if the message is encrypted, then “they” do not understand it. But if “they” don’t understand it, then it does not necessarily mean that it’s encrypted — it could be in a language they don’t understand, some random noise, “they” are dumb,… In a strange twist of fate, you gave a good hint about the problem to be solved. Remarkable!

Is it a hidden / encrypted message?

Steganography is the science and art (sorcery and witchcraft) of hiding the existence of the message. So it could be “logical or” [1].

Or an OTP for an other message?

It can be whatever you want it to be. But it doesn’t matter — you’re guilty in all cases because it will be whatever “they” want it to be. You’ll need a cryptographer to prove your innocence — not an attorney!

[1] This is an example that combines primitive Steganography and Cryptography:

Clive Robinson October 2, 2019 7:57 AM

@ Sancho_P,

Couldn’t an OTP easily ridicule any ciphertext, no matter how it was made?

In theory yes, in practice it’s a lot more complicated, and people shoot themselves in the foot by not realising it.

Burn these words on your heart,

Encryption only protects the message contents, not the message.

Today we use the fancy expression “message meta-data” which translates to “Data about the message as an entity, not the entities that form the message contents”.

One of these “message meta-data” points of interest is “block length”. All ciphers have some kind of block length due to the fact they have a plaintext “Alphabet Set” that has a one to one mapping with the ciphertext “Alphabet Set”. The smallest practical size an alphabet set can be is the two element set {0,1} of binary. Prior to the use of electromechanical (pre WWI) and electronic ciphers (1970’s onwards) the two general usage alphabet sets in the Latin Language countries were the ten element set {0,1,2,3,4,5,6,7,8,9} of written numbers and the twenty six element set of the standard written alphabet.

The size of the cipher alphabet in general defines the granularity of the transmitted message size. Thus most modern block ciphers have alphabet sizes of 2^64, 2^128, 2^256 or other power of two greater than this. Which means the base ciphertext message size is going to be a multiple of the cipher alphabet size.

Thus simply knowing the length of a message can give you a good indicator of what type of cipher is in use.

OTP messages when sent via modern computer networks will be in multiples of 8bits for ASCII or even multiples of this if ISO Alphabets are used.

So if I see two or more ciphertext messages sent by you and they are all multiples of 128bits in length, it’s a fair bet you are using AES or other modern block cipher, not an OTP. Thus on probability argument it would be hard to ridicule such ciphertext.

So remember the next time you design a crypto program, to take the fundemental block size derived from the cipher alphabet size into account. So if most of your messages have 8bit block multiples not longer the natural assumption of those seeing them will be “stream or hand cipher” not 128/192/256 of Rijndael or other modern block ciphers.

Khai October 2, 2019 12:55 PM

New Communist Party Rules
First, all telecom carriers must use facial recognition to test whether an applicant who applies for internet connection is the owner of the ID that they use since Dec. 1. At the same time, the carriers must test that the ID is genuine and valid.
Second, all telecom carriers must upgrade their service’s terms and conditions and notify all their customers that they are not allowed to transfer or resell their cell phone SIM card to another person by the end of November 2019.
Third, telecom carriers should help their customers to check whether there are cell phone or landline numbers that don’t belong to them but registered under their names since Dec. 1. For unidentified numbers, the telecom carries must investigate and close the lines immediately.
https://www.theepochtimes.com/beijing-launches-new-rule-residents-must-pass-facial-recognition-test-to-surf-internet_3099181.html

Absolute Verified Identities is just as important to Silicon Valley
The Google and Facebook owned ocean cable directly connecting to the Central Chinese Communist Party (from Los Angeles to Hong Kong) is a cornerstone of the coming worldwide mass surveillance network.

However 99% of distracted Americans aren’t even aware of if its existence, as its not in their personalized news feed. Even if they knew they probably wouldn’t care or get angry for being disturbed.
In the meantime the brave citizens of Hong Kong are making huge sacrifices to keep their precious freedom from the all-consuming pure-evil totalitarian Chinese surveillance.

By inspection Amazon, Google and Facebook and the Chinese Communist Party all seek these common goals:
Omnipotent – having very great or unlimited authority or power
Omniscience – all-knowing (AI)
Omnipresence – being everywhere at the same time
Are privacy and freedom inversely proportional to these egotistical and psychopathic goals?

Examples
Who’s noticed the new cameras inside the car wash (pointing inside your car) or hardware stores performing facial recognition?
Or license plate scanning at drive through lines? Or data-mining you and your car when your oil is changed? Or easily hacked Android tablets forced into doctor treatment rooms?

From example if you want good security, privacy and freedom you need to buy your own island.

Sancho_P October 2, 2019 5:45 PM

@Wael,

”Steganography is the science and art …”

Nah, the message was: Let’s take this bridge down at 8:00.
Nothing hidden in the binaries. A simple comic can tell a story.
Right, it is whatever they want – they don’t need six lines like Richelieu did.

Sancho_P October 2, 2019 5:51 PM

@Clive Robinson

”So if I see two or more ciphertext messages sent by you and they are all multiples of 128bits in length, it’s a fair bet you are using AES or other modern block cipher, not an OTP.”

I do not understand that conclusion, why should a fix sized message block (for straightforwardness it could be a multiple of 128 bits) hint to a message net length, a block cipher, or any cipher at all?
Probability may hint to details, but would probability matter in court?

Also the assumption of 8 bit basis (or multiple of) may be a mistake as modern uCs have quite some speed to hide information + jitter + error correction for each datum within 32 bit (see https://hackaday.com/2019/08/07/new-teensy-4-0-blows-away-benchmarks-implements-self-recovery-returns-to-smaller-form/).

I think any cipher is good but should pass an external encryptor / scrambler before jumping the Net?

Patriot October 2, 2019 11:01 PM

The StackExchange group of websites seems to be undergoing self-immolation, and that is partly due to a bitter dispute over how StackExchange tries to start audio when you visit them.

StackExchange tries to start audio via an ad from Microsoft via Google.
This is the ad.

Long story short: it is browser fingerprinting. An eagle-eyed contributor spotted it.

So, you want to learn about stuff like information security? Welcome to our website (you are about to learn more than you had thought).

After they fingerprint your browser they can track you across the Internet without your awareness or consent. Welcome to 2019 and the era of TRUST.

emilkrik October 3, 2019 12:26 AM

@Patriot
StackExchange tries to start audio via an ad from Microsoft via Google.

The “This is the ad” link points to
https://static.adsafeprotected.com/sca.17.4.95.js

Well I can now see one positive side effect from my long “hosts” file.

BTW in other news…

Former Yahoo engineer pleads guilty to searching 6,000 user accounts for nudes
https://www.theverge.com/2019/10/1/20893462/yahoo-engineer-hacking-accounts-stolen-nude-photos-videos-guilty-plea

From the article (emphasis added):

It is unclear if Ruiz’s ability to access Yahoo accounts was directly a result of his employee status ⁠— meaning Yahoo routinely let employees access sensitive user information, like passwords or account recovery keys ⁠— or if he simply used internal knowledge of Yahoo’s cybersecurity protections and backend infrastructure to legitimately hack into users’ accounts.

Clive Robinson October 3, 2019 3:39 AM

@ Sancho_P,

I do not understand that conclusion, why should a fix sized message block (for straightforwardness it could be a multiple of 128 bits) hint to a message net length, a block cipher, or any cipher at all?

The argument a cipher is an OTP thus could be any message, is an argument in probability.

Outside of encrypted web traffic where key negotiation is done for you –probably weakly– key scheduling between two communicating parties takes in effect considerable effort in comparison to other communications efforts. Thus it is unlikely to be done for just one or two mesages. Thus each message sent that has a fixed length multiple of 64bits or more as it’s granularity is less and less likely to be an OTP message where the multiple is 8bits.

That would be easier for a prosecution lawyer to explain to a jury than for a defence lawyer to explain why an OTP makes every message of that length or less equiprobable.

Thus you kind of answer that question and your earlier question of,

Couldn’t an OTP easily ridicule any ciphertext, no matter how it was made?

When you say,

Probability may hint to details, but would probability matter in court?

It’s why I said,

    In theory yes, in practice it’s a lot more complicated, and people shoot themselves in the foot by not realising it.

So if you ever think you are going to have to “defend yourself” in court by using the “OTP equiprobable argument” to ridicule what the prosecution claims to try to get you convicted, then you also need to be able to not just defend with the encryption probability argument, but also all the other probability arguments relating to the message as meta-data.

Thus if you present to the court a copy of your encryption software that first encrypts the plain text with an OTP read in from the serial port or USB serial device then super encrypts with AES with the key in a file then you are in with a reasonable chance because “you’ve covered your bases”.

Beter still a script file that runs your OTP software pulling in keymat from an external device to turn a plain text file “in place” into a ciphertext file. Then after sending that file to an openly available commercial “comand line” EMail type software with in built encryption for file attachments it then performs a “secure erase” on the ciphertext file.

But you then have to remember that there will be atleast “file system meta-data” and “user history meta-data” you need to clean up. With depending on your OS other forms of hidden meta-data…

So unless you are using an old computer with no hard drives bust RTC and an old OS such as MS-DOS 5 or earlier, you have a lot to mitigate and defend in court.

It’s why I generally recomend using “Microcontroler development boards” to develop your own OTP systems data diodes etc. Thus using serial plaintext input from one serial port, keystream from a second serial port, it outputs ciphertext to a third serial port. With the sources being from either other “microcontroler development boards” or Single Board Computers with the entire OS storage etc being on a single micro memory card.

As for the source of OTP keystream I have designed “Fill-Guns” and “Crypto-ignition-keys” in the past using low power microcontrollers and RAM that run off of batteries which are in “tamper-proof” casings that cause all storage to be wiped if they are even physically moved.

As our host @Bruce once observed a very longtime ago, we now have cryptographic algorithms that are secure, what we don’t have is answers to the much harder problem of the key managment issues.

Little has improved in this respect in the intervening decades, in fact it is easier to show that things have got worse a lot worse. We nolonger own our consumer computers, phones etc. As a result of “telemetry” and similar privacy destroying technologies built into them, they now stand as witnesses to all our actions upon them.

Thus there are now very few people who can have privacy on or even near consumer computers or other electronics all of which spy on you (see Smart TV’s and other devices that “phone home” your every moment). For the majority who do not have the knowledge of how to neuter such “spy’s in your home” etc their best option for privacy is “avoidence” that is keep them away from you when you wish to do something private. Which is why in part I talk about using pencil and paper cipher systems such as the OTP despite it’s many failings.

Clive Robinson October 3, 2019 3:57 PM

@ gordo,

Libra Unraveling

Why am I not surprised.

If you remember when I looked at the structure I noted how Zuckerburg held all the assets, and control whilst the other “partners” basically held all the risk, and empty paper for their investment…

Sancho_P October 3, 2019 6:15 PM

@Clive Robinson

Thanks for elaborating, I’m still chewing on it due to my little knowledge and experience. However, in my model the standard (AES, whatever) encryption would be first on a machine with standard OS, and the OTP encryptor / scrambler (uC) would follow.
The reason is the treat model:
Not an outlawed, my threat model (from my former life) is more that of an journalist, technical editor or salesman who has to protect intellectual property when exchanging information with the mothership while being abroad. It’s not chat or text only, also drawings, photo / video a.s.f, so the first machine has to be a somehow modern PC with FDE but never connected to any LAN / Internet.

But I don’t want to stress our host’s patience (thank you!).

Clive Robinson October 3, 2019 7:45 PM

@ Sancho_P,

But I don’t want to stress our host’s patience (thank you!).

I think it’s a subject that is “right on topic for the blog” so don’t worry to much from that point. However it is the “current squid” so not the best place for long posts, as it makes other commenters posts less easy to see.

However if the past is any indicator of the future, save up your thoughts and questions untill this page is “nolonger current” then we can carry on here effectively out of other peoples way. Especially as I think @Wael and others might want to join in.

gordo October 4, 2019 6:43 AM

@Clive Robinson,

I noted how Zuckerburg held all the assets, and control . . . whilst the other “partners” basically held all the risk

Good call there, however, “all the assets, and control” might, more importantly and in the long run, be read to include the user base. As you’ve said previously[1], Libra represents a threat to the money markets as we know them, e.g., DM or ‘Direct Money’. Chaos being what it is, everything is always on the table. Should the money markets begin experiencing more frequent collapses any new solution would have to prove its resilience in the face of that kind of chaos. I think what we’re seeing is “the long game.” And yes, “pass the popcorn.”

[1] https://www.schneier.com/blog/archives/2019/09/friday_squid_bl_691.html#c6799019

tds October 4, 2019 6:45 AM

“How a Fringe Theory About CrowdStrike Took Root in the White House” A later article title substituted “Ukraine” for “Crowdstrike”.

https://www.nytimes.com/2019/10/03/us/politics/trump-ukraine-conspiracy.html

“In an April 2017 interview with The Associated Press, President Trump suddenly began talking about the hack of the Democratic National Committee a year earlier, complaining that the F.B.I. had not physically examined the compromised server. …”

nobody October 4, 2019 7:51 AM

U.S. Attorney General William Barr has asked Facebook Inc. to hold off on plans to add encryption throughout its messaging services

Barr Presses Facebook on Encryption, Setting Up Clash Over Privacy
https://www.wsj.com/articles/attorney-general-calls-on-facebook-to-limit-message-encryption-plans-11570130636

Mr. Barr made the request in an open letter signed by his British and Australian counterparts that was published Friday. The letter asks the company to delay the encryption plan until it figures out a way to provide government access to the services for investigative purposes.

Clive Robinson October 4, 2019 10:54 AM

@ gordo,

Suductive as changing the value of the currency is to politicians, they have almost always taken the short term view, “that suits them”.

Thus can they blaim the money markets for the even shorter term view, “that suits them”?

Not without being hypocritical. But that is a surface issue.

The more underlying issue is will politicians get control over the money markets so their writ rules?

I suspect the answer is no more than we the citizans have any way to enforce our writ over politicians.

And that is the real problem, if followed logically a single person with a very very short term view “that suits them” very well will get their way. George Sorous proved that.

His real problem is that his short term gain actually did him more harm in the long term.

To make a killing in the market means you have to live with the consequences. When you rip the guts out the beast is a long time healing.

Not understanding this leads to increased chaos, which some believe they can exploit. The problem is as history shows even they suffere the consequences of the damage they create.

Modern communications causes chaos to be flagged faster and faster, thus it’s explotation window shorter and shorter thus much more localised which significantly limits the profit potential. The response of “those who believe” rather than face reality is to increase the chaos. Hence we have the lunacy of High Frequency Trading, that ultimately has locality limits set by the speed of light and how fast an algorithm can crank one server to “snow” another server. The profit is in fractions of a cent per transaction thus hundreds of millions of transactions have to happen in fractions of human understanding time.

The thing about chaos is it is like throwing a pebble in a pond, at first you can understand the ripples, but as they spread and other pebbles get thrown in, it becomes entirely unpredictable. One consequnce is “chaotic addition”. That is those ripples can reinforce each other and the peak reach such hight, that it in effect gets the same mass and hight as any pebble that gets thrown in. At that point predictability ceases to be possible, the output is thus nolonger chaotic but random thus all stability is lost and entropy takes over.

For the economy to work, the “goods industry” not the “services industry” needs to function, that is “value added real wealth” not “inflation generated fiscal wealth” needs to have primacy. For the goods industry needs to function efficiently. For it to function even grossly inefficiently it needs stability.

Thus HFT and other similar faux markets threaten us all not just in the very immediate future but in the longer term.

Mr Zuckerburg’s plans are without any doubt going to be a faux market designed to “rent seek” for the chosen few. Which means it will almost certainly be used to create fiscal wealth for rapid conversion to assets by the use of inflationary tactics. Which as I’ve pointed out before make the rich richer and the poor poorer. The trick is by rent seking to stop the majority of society having any assets. No matter what the average fiscal income the inflationary cost of assets will rise above it…

Politicians and economists are happy to go along with this because they get the choice crumbs from the table.

I guess the ultimate end game is back to the stagnation of surfdom for several centuries if not a millennium or two.

As you’ve probably worked out that is the most probable outcome desired by the chinless wonders on this side of the pond. With almost at a stroke the chaos of the early days of the European “Junk Bond Market”…

Alyer Babtu October 4, 2019 1:01 PM

@Wael

Re: Gaylussacia baccata

There is something charmingly human about that phrase. It’s unassuming, with a mildly ridiculous self-deprecation, and at the same time conveys earnest loyalty. Like the berry itself, small and intensely flavored.

Even In this fallen world, everyone is nevertheless potentially someone’s huckleberry. And everyone is actually someone’s fool, but that is also part of the huckleberry code.

We need it especially in an environment that carries the intellectual hazard of arrogance and harshness.

https://m.youtube.com/watch?v=KPeHHpXOOds

Sancho_P October 7, 2019 4:23 PM

@Clive Robinson, @Wael

Now I don’t know how to start with, likely because the idea is trivial and complicated at the same time.

I think we all feel that privacy is both, important and at risk. But what if our privacy, creativity and intellectual property intersect in a machine that is at risk? A machine which is all we have? And makes our living?
Should we shrug off or stand up?

However, I’ll start from the beginning:

Instigated by @maqp’s TFC ( https://github.com/maqp/tfc ), I was thinking about my former personal needs to securely process and exchange information with our headquarters. Working abroad, it was often about confident technical and business data, in part interesting to customers and competitors. E.g. when investigating serious accidents or malfunction we had to use encryption, and once we lost a contract because data “leaked” from a fax device situated in our embassy (not sure it was the device or the operator).
Later I left for greener pastures (and more money), so I don’t know what they do today.
It’s all about business.

But times have changed.
Considering the threats we know about today, we can not afford a workhorse PC connected at any time to the Net when seriously working.
No, we can’t.
From Murphy’s law we know ransomware would encrypt our machine when working from Nairobi, just before our report is finished and sent.
And how would we send the report home when we can not connect the machine to the Internet?
“At any time” means from installation over updates to browsing. Never.

TFC is an anonymous, encrypted online chat / messenger with endpoint security, dedicated HW and SW, but it is not a suitable solution for that scenario. On the other hand, TFC has features which are not needed in such a business application, like instant and anonymous communication [1].

So I’m thinking of a three-stage solution consisting of a laptop (the workhorse) and a secure connection to a (probably compromised) phone used for the networking:
– The data encryption would be done on the laptop.
– The connection had to secure the data transfer and to keep maleware out.
– The phone would just send / receive data without any knowledge about content.

Most professionals already carry a laptop and a phone, it’s quite normal. The tricky thing is in between.

Of course I have more questions than answers, and a blog, particularly @Bruce’s, is not a good place to discuss, but I’ll try anyway:

Are there already solutions available for the plebs, FOSS or proprietary?
Is the scenario (the business application) worth thinking about?
How do e.g. public-interest technologists protect their work and data?
Would the CvP concept be useful here, and how?
Is “Three Stages” a viable concept at all?
Where are the pitfalls?
– All is theory, but is “Three Stages” worth discussing details?

[1] Anonymity is trickery, to say the least: Call 3 times anonymously
“I’m here!”.

Clive Robinson October 7, 2019 7:58 PM

@ Sancho_P, maqp, Thoth, Wael and others.

I think we all feel that privacy is both, important and at risk. But what if our privacy, creativity and intellectual property intersect in a machine that is at risk?

That is a situation that should not be possible in a sensibly designed computer and communications system.

The fact that we have so much insecurity and lack of privacy in the use of computers and communications, should immediately tell everybody something.

As you say,

But times have changed. Considering the threats we know about today, we can not afford a workhorse PC connected at any time to the Net when seriously working.

Actually times have not changed as far as Internet connectivity is concerned. Our solutions are still “Firewalls and patching” neither of which has ever been an effective solution as a number of people have known since befor the NSA, GCHQ and other SigInt agencies existed.

Whilst we do know how to build secure systems, in the computer market place –especially that which involves the ordinary consumer,– such systems are most definitely not abailable as a deliberate policy enforced harshly but mainly in secret.

That is there are those with quite malign influance and malice, who do not want the ordinary citizan to have even a modicum of security as they regards the privacy at any price. If such became possible it would be a compleate anathema to their power politics, deceit, and illegal profiteering.

In short their ethos being quite hypocritical, is,

    Though shalt not, whilst we shall, because we decree it to be so, and you are not entitled.

It’s just another variation on the old “King Game” of “Divine Right” and “Eminent Domain” backed up by the unthinking uncarring thugish Guard Labour. Thus the “Might is always right” view point of the self proclaimed “entitled”.

Once you understand that mentality you will realise that there is only one way to deal with it. Which is to defy every asspect of it without falling prey to retribution.

The question arises as to if you actually understand this at a sufficiently deep level.

Have a thing about it and if you broadly agree then we can start thing about how we,

    Defy every asspect of the self entitled point of view without falling prey to retribution from them.

name.withheld.for.obvious.reasons October 7, 2019 11:06 PM

As I understand it the United States is either at war or has carried out acts of war on the following (feel free to fill in any missions pieces):
Afghanistan
China
Iraq
Iran
Lebanon
Mexico
North Korea
Pakistan
Palestine
Russia
Somalia
Syria
Venezuela
Yemen

P.S. This is the fourth post to the blog that probably does not make it. Seems there is some sort of filtering, though initially posted to the site, disappears shortly thereafter. Without editorial comment or admonishment. I know we get to be here as a guest of Mr. Schneier and I have the utmost respect, just inform me if I am raining on the parade. Been here for nearly 8 nears, don’t want to make myself unwelcome.

Clive Robinson October 8, 2019 4:37 AM

@ Name.Withheld…,

… is either at war or has carried out acts of war on the following …

Yes and no, whilst certain acts have certainly been committed to those countries and very likely several more besides. I think you will find that various parts of the government have legal opinion that say it’s not what you or others say or think it is…

It is unfortunatly just one of several surface symptoms of a deeper underlying issue growing like an unseen cancer in the body of society.

Whilst the executive has not yet claimed “Divine Right” explicitly, they have certainly made clear since WWII that they believe in “Might is Right” and act acordingly as have several other nation states. They also have at various times made legislation that basically says that any action carried out abroad by US personnel can only be legal decided in the US Courts in action that can only be brought by the US Government. That is not in any other court system or by any other entity, as that would be illegal with respect to US legislation… Further that any attempt to do so will be met with an invasion of military forces.

When you consider other countries such as Russia also have similar extrajudicial, extraterritorial legislation, you know what is going to happen at some point. It’s not a matter of “if” but “when”, that is “it’s only a matter of time” before armed conflict occures and spills out into a wider arena.

In effect since the end of The War in Europe the US has carried out various acts including inventing and applying retrospective judicial actions, and commiting other acts that are quite deliberatly thought out to create instability in the world. In such acts they have far from been alone, and the pace of such changes is increasing at an ever increasing rate. The outcome of such destabilizing behaviour is then used to create profit. It was and still is –even though illegal– a “standard tactic” used by those behind various markets (have a look at who controls the US Aluminium market and the odd supply issues that perhaps only coincidently has caused larger than would otherwise be considered normal profits at the expense of the ordinary citizen).

One of the things many of us try to teach our children is that “Might is not Right” and “bullying”, “rape”, “murder” and similar “crimes against the person” are unacceptable to society and will be punished severly by society through judicial processes. But this is not the message various nations are sending out by both their legaslitive changes and actions.

What we as individuals can do about such behaviours beyond note it and say it is unacceptable, is extreamly limited, “Naming and Shaming” only works against those who can not ignore it. The current “War on Journalism” and their sources should make it fairly clear that those in power will brook no argument against them increasing power by at best illegal means, and that they see absolutely no reason to stop. George Orwell amongst other authors noted this in writing, sadly it appears that those in power have not only read them but see them as “training guides”, not what the authors intended at all, and most certainly not what society needs or wants.

As our host @Bruce has noted in the past we are returning to a “feudal past” with ordinary individuals turned into rightless surfs fit only for exploitation for the benifit of a very few. Such feudal systems almost always bring stagnation, regression and oppression with those at the top free to commit any excess they chose to against those at the bottom. Who in turn have no rights what so ever against their oppressors.

name.withheld.for.obvious.reasons October 8, 2019 9:26 AM

Oh, my list missed a few:
Ecuador
Honduras
Libya
Ukraine

@ Clive

Oh yes, I am well versed in the ways of science. I know how to tell if she’s a witch. “She turned me into a newt!” and “Well, we did do the nose.” weighs the same as a duck.

Sancho_P October 8, 2019 5:04 PM

@Clive Robinson, Wael, maqp, Thoth, all interested

While I basically agree, I think we have the might, the right and the obligation to do what has to be done from our own point of view. Retribution from the powers is OK, only the cowardice of the own citizens is hard to endure (long list of whistleblowers here).

But this is not about revolution, it is about protection from malware.
It’s a thought experiment, not a product.

However, I always trust in ant’s power (opposed to monopoly solutions), therefore the discussion should be about the design, not a turn key solution. A multitude of solutions would greatly hamper backdooring.

So my questions remain.
Is there already a solution available? Am I beating a dead horse?

+++

Just a proposal for brainstorming:

– Purpose / use:
Protection of workhorse computer.
Secure File transfer from home or abroad to mothership.
Secure transfer means authenticated and encrypted.
Stealth mode is not required as source and target are known anyway.
Communication delay up to one hour is not a problem (data channel).
An independent communication channel remains (e.g. phone call).

– How to:
Workhorse computer is not connected to the Net.
On both communication ends there are dedicated devices for data transfer.
For security, the data is not intended to end up on the mothership’s LAN.

– Assumptions regarding the threat model:
A failure will hurt business, but isn’t deadly.
Targeted by criminals (malware, industrial espionage) with limited resources.
Not persistently targeted by a state actor, as would be a spy, state enemy or terrorist.
Not a military grade communication.
The aim is not absolute security, but to severely hamper access to data.
For a state actor the burden to crack should be at least three man-months or full access to the workhorse (WH).
Attacker has access to LAN communication channel at source and target.
Attacker is not inside mothership (no mole compromising a pre-shared secret).
The networking device (ND) is deemed compromised (phone, tablet or notebook).
A MITM is possible (not trusted LAN, ISP), https may be compromised.

– Some statements, methods:
The secured computer is called workhorse (WH).
WH is a standard PC / laptop without any network access.
WH has a BIOS pwd and FDE.
A scrambler (SC) is located between Workhorse and networking computer.
The SC is a finite-state machine (no OS) to process 2 data inputs, 1 data output, config buttons and LCD.
Inputs are data only, there is no built in command interpreter.
The SC is supplied by battery, galvanically isolated and acts like a data diode.
+++

Clive Robinson October 9, 2019 9:50 AM

@ Sancho_P,

But this is not about revolution, it is about protection from malware.

The word “revolution” has to much emotional nonsense invested in it to be of any use in a security conversation, it’s about the equivalent of “Think of the children” or “If you have nothing to hide…”.

In security and privacy what we are dealing with is primarily a straight forward “Conflict” in essence over property and who has “control” of it. What the motivations of the players are is generally of no intetest other than what they are prepared to invest in maintaining or furthering their respective positions.

If somebody thinks they are “entitled” to commit acts against your property, you think or should think in turn that you are entitled to defend your property.

There sense of “entitlement” may make them think that they are thus further entitled to commit acts of “retribution” against you for thwarting their original acts.

The level of retribution they carry out is dependent on many things. One of which is if their original goal is still achievable or not. A “rational actor” will on having their original objective thwarted make a value judgment on what to do next. Non violent criminals tend to be rational, which is where the principle of “low hanging fruit” comes in. If they have not specifically targeted you they will do a simple ROI calculation and “go rattle somebody elses door knob”.

There are two important lessons to be learned from this,

1, Don’t make yourself a target.
2, Don’t take the fight back to the attacker.

The first should be generally obvious and is the idea behind what is now called “The Grey Man Principle”. That is you become invisable by not standing out in any way, you are not even a half seen face in the crowd, because you don’t even attempt to become part of a crowd. That is you don’t try to blend in and hope to remain hidden you try not to be where a crowd might be in the first place.

Look at it from the medical point of view, you only get an infectious disease by comming into contact with it. If you have no contact with the infectious disease then it cannot invade your body and subvert it for it’s own ends.

The second point is part of the first. Failure is part of normal existance, attackers expect to fail even with the best formulated plans. As the first point should make clear if they fail to find you as a target then they can not attack you, thus they “unknowingly fail”. If however you do get attacked that does not indicate the attacker knows of your existance or where you are… it’s a point that many people forget to their cost. What they primarily forget is “probability in a target rich environment” means almost certainly they are not a specific target or “person of interest”, because they see the attack as “personal” or “targeted”, when it most probably is not. Thus they compound the mistake by “hitting back” or in other ways ensuring that they do come to the attention of the directing mind behind the attacks, and thus make themselves a “Person of interest”, ensuring that further attacks will happen, thus there is a risk of a feud starting which will be quite resource consuming.

Which gives you the basis of the first part of an underlying strategy, not just for privacy but all forms of security in your every day life.

Which brings us to your comment of,

It’s a thought experiment, not a product.

As the old saying has it “No good deed goes unpunished”. Thought experiments consume resources, thus they have a “product” by definition. Thus the real question is “profit or loss” from the experiment? Even when thought experiments appear totaly abstract, the process of thinking changes your outlook in some way, and even it it only stops you investing more resources without benifit you have dodged further sunk costs. Thus potentially you have gained a new “opportunity” for the resources.

But also consider what a “product” might be, do you mean just a new item of “goods” or maybe new “services” that someone might make a direct payment for? How about it being a new “process” that improves efficiency, by new “methods”. The latter can be as simple as moving furniture in an office to reduce foot fall, but it might also at the same time increase security because people that don’t need to be near a sensitive point won’t be walking through or past it.

So the answer to your questions of,

Is there already a solution available? Am I beating a dead horse?

A, Yes there is a solution available to most problems.

B, Only if you fail to recognize the value of a solution.

Which sometimes reveals that the best solution is not to have a need for a solution, that is by in effect not playing a game you can not win at for various reasons.

Which at the end of the day is the real problem, that is what is going to help and for how little investment in resources to gain the advantages it offers…

Part of which originates in how you define the problem. If you say the problem is winning in a no win scenario there are only two solution’s

1, Don’t play the game.
2, Change the game so it is nolonger “no win” for you.

After a little analysis you will realise that these are your only two basic solutions. If you can do neither then the outcome is “you lose” which ever way you want to say it.

Thus you should now have the knowledge required to start looking for solutions and how to evaluate them against each other.

You should also realise that some of your “Assumptions regarding the threat model” are actually “invalid assumptions”.

For instance,

A failure will hurt business, but isn’t deadly.

Is not rational. If your personal security fails and thus alows an infectious disease to come into contact with you, the out come depends not on the security failure but your suceptability to disease and the severity of the disease. But importantly the security failure and the infectious disease may not happen coincidently.

That is a security failure is an enabler event, not a causal agent. Each has their own probability of happening. If the dice roll one way nothing happens, they roll another way and you get to roll the dice again and again. That is you might get lucky because the security fail and apperance of the disease may not be coincident on the first roll. If not you have to roll again, and you might get lucky and be immune in some way, if not you have to roll again and you might only getva runny nose, or you may get the lid nailed down. But even if you only get the runny nose, the disease will at some point make you more susceptable to other attacks, especially if the security fail has not been corrected.

Thus you have to realise that whilst “Cause and effect” holds true, the “effect” can actually be the start of a “cascade of causes” where the effects quickly become not just unpredictable but uncontrolable.

Likewise you can not assume an attacker is going to be of any particular skill level or resources.

The same applies to the content of a communication. The NSA knew from events in both WWI and WWII that Generals are human thus err. That is they may well send a message of great importance over a very low grade security circuit. They also knew that an enemy can make even the apparently most harmless of information of great importance, it is a part of what traffic analysis is all about. Thus the NSA argued that all communications links be regarded as critical to security thus be protected to a point fit for all types of traffic. Short term thinking politician’s disagreed and forced COTS equipment onto them and others. As we know both ED Snowden and the OPM leaks of information happened and became public… Thus the politicians are the ones that insisted on the “enabling event” and have ever since run around trying to stop people realising that fact…

Likewise putting a time limit on security is fairly pointless, it makes way way to many assumptions, nearly all of which will be wrong.

I could go on but it’s probably best you have a rethink on what your “threat model” should be.

Sancho_P October 9, 2019 5:40 PM

@Clive Robinson

Uh, long loop, isn’t it?
No, I’m not too old to make new mistakes, and I do not regret any mistake I’ve made so far 😉
Maybe I was lucky, but all my deeds brought me forward, one way or the other, so I don’t hesitate to go on.

”… but isn’t deadly.”:
I would not suggest to use any IT device for live threatening activities, because I know what can go wrong will go wrong.
But many can’t avoid to do business using IT, they should have a chance.

Thanks anyway, your caution at the peripherals places the method on a viable path.

Wael October 14, 2019 10:29 PM

@Alyer Babtu,

Re: Gaylussacia baccata

I got it from Doc Holiday. Nothing too profound; you gave me too much credit 😉

Wael October 14, 2019 11:38 PM

@Sancho_P, et all,

Assumptions regarding the threat model

Ideally you’d want to shrink the attack surface to “Protocol Only Attack Surface”[1]. One would think that’s the theoretical limit, but it could be shrunk further 🙂

[1] The visible attack universe is a TLS surface (line in this case — a one-dimensional thingy)

Sancho_P October 15, 2019 3:08 PM

@Wael re “Protocol Only Attack Surface”

Wouldn’t that shrink the surface too much for the traveling businessman?

Once “they” have exchanged my phone during x-ray at the border, I only realized when trying to unlock it an hour later (it had my bumper attached, but my microSD card was missing – very very bad!!!). I don’t know if it was done by their gov agency or a competitor (by bribing the customs officer), just a bad coincidence would have been very strange at that time.

So we have to assume attackers have physical access to phone, laptop and scrambler, especially when transported in the suitcase.
In the hotel one has to use the local LAN/Internet or phone provider (or StingRay/IMSI-catcher), a lot of unknown HW is involved to connect to an unknown provider.
“Protocol only” would reduce the surface to the intangible part only?

So let me add there for clarity:
+ There is absolutely no undetected access to the scrambler (open the device, exchange it) and the connection cable to the workhorse.
+ There is absolutely no undetected access to the workhorse (this requires very special treatment of that HW)

I have an issue with the term “Threat Model”, what should it describe?
It is very important to understand the attacker’s desire and it’s (assumed) capabilities, in clear wording, comprehensible to John Doe (= me).

Maybe that’s the most important point at all, ‘cause it could also clearly mean “kapu”.

Wael October 15, 2019 3:53 PM

@Sanchi_P,

Once “they” have exchanged my phone during x-ray at the border

That’s an OpSec thing. You shouldn’t have taken your phone along. You take a generic phone that provides enough functionality for the trip. Other confidential material should be accessible over the internet, if needed, in which case the attack surface is still limited to protocol.

So we have to assume attackers have physical access to phone, laptop and scrambler, especially when transported in the suitcase.

Right! Avoid being a target; don’t lug it along.

“Protocol only” would reduce the surface to the intangible part only?

Yes.

Maybe that’s the most important point

Yes. Understand the need for the device, assume it will be taken away from you or you’ll be asked polity to unlock it, or that the infrastructure is broken. Regarding the scrambler: it’s only safe when it’s away from the hands of your adversaries. Once they have physical possession of the equipment and the owner (your excellency) then all bets are off 😉

Sancho_P October 16, 2019 4:36 PM

@Wael (re typo, no prob until your handle is OK ;-))

Wait, OpSec thing, burner phone – are you a criminal? [1]

  • Over the Internet? You still think to connect your workhorse to the Internet?
  • Accessible? Until “Your account has been closed by our security department, sorry, no further comment.”?
    Set up from Spain, access attempts first from Egypt, then Nigeria?
  • Avoid being a target? Nice, I’m going to retire soon!
  • All bets are off: I was always treated with the utmost respect, the heaviest pressure so far was to deny me entry to the country (U.S.).

Let me clarify again:
It’s not about spies, spooks, smuggling drugs, CP, conspiracy, toppling governments or playing cops and robbers in the backyard.
Also politics and other big bribery is not the intended audience.

The point is doing regular business,
we should not confuse secrecy with confidentiality.
To put it into American view, imagine US business in Angola: While the Israelis likely know about details anyway, I think you’d want to keep the Chinese out. And the Russians. And probably the Angolans, too.

And it’s not about anonymity or metadata, the kind of business I’m thinking of isn’t a shady one. These people are known like yellow unicorns, often carry a letter of recommendation or invitation from the ministry of interior, just in case of trouble. Think of a scientist, or someone collecting data over months for an irrigation project:
Nothing to fear, but data to hide. [2]

In contrast to privacy, confidentiality in business isn’t absolute in the time domain, after a year the info may not be worth a beer anymore.

So the main purpose is to protect the equipment needed for work and to hide some content, while being well known to some curious parties.

These people can not use an outdated laptop from 1995 or fancy old OS. Up to date technical SW does not run on W7 or Snow Leopard (albeit I still have to use XP in a VM).
Linux is nice but not always an option, anyway, it wouldn’t be save to use it on a machine that is connected to the Net, it is not immune.

We have to segregate the WH from the networking stuff, otherwise we are just waiting for trouble.

But how to do it?

[1]
A burner phone makes you a person of interest. Don’t think they are stupid. Don’t!
Apart from the US, do you know of any country that would check your phone’s contacts or ask for your social media handles?
I haven’t been to Russia or China since years, are they doing it now?
(Airport) Security checks sometimes involve switching on laptops or even phones, but my luggage was always full of electronic equipment and tools, and seldom more than x-rayed.

[2]
There is always this fruitless discussion about “nothing to hide”, but:
Nothing to hide means nothing in mind.

Sancho_P October 17, 2019 3:49 PM

@Wael,
I’m used to deal, so would you accept 3/2 for the same price, too? 😉

Since 2 months Alice works abroad on a problem with an irrigation project. Her (FDE) laptop with technical and statistical SW, holding confidential project and contract data, is of importance for her daily work. Loss of it’s functionality would be bad (loss of time), but loss of data would be crucial for the project (and her company). External backups OK, but to avoid risks of ransomware, remote exploits and data extraction, the laptop can not be connected to the Internet (interface deactivated).

Mail and verbal communication with her mothership is done via phone and tablet.
To send her findings home (drawings, spreadsheets, …) she zips a directory containing data and comments, symmetrically encrypts it afterwards and writes that file via integrated SD card r/w to a microSD card, which she (USB) transfers via phone or hotel PC.

The problem: Is it secure?
The most dangerous part is the way back from the company to her WH (SD card infection), and the USB connector on the WH.
Can the SD card be used again? Is the card handling safe?
The USB drive (backup) is a risk – How to mitigate / avoid? (think of other technical electronics that may need USB, too).
Is one stage symmetric encryption OK? Content of the directory probably won’t change much.
Encrypted data end up on the ordinary company LAN, probably Bob’s equipment is compromised, compromised key, mole?
How to improve?

Wael October 17, 2019 8:38 PM

@Sancho_P,

so would you accept 3/2 for the same price, too? 😉

I’m afraid to ask what you want in return!

The problem: Is it secure?

It depends on several factors:
Is it secure from a confiscation perspective? No!
Data in transit secure? If she’s using industry standard encryption algorithms correctly, then probably “secure”. If you factor-in side channel attacks, then the degree of security is a function of the relative value of the data to an attack cost.

Can the SD card be used again? Is the card handling safe?

She’d need to use a non-business critical computer for that. Some call it a “jump server”, although in different contexts.

Is one stage symmetric encryption OK?

I don’t know. Not enough information.

How to improve?

Don’t violate any best security design or OPSEC principles! Or go through a full threat modeling exercise. I prefer the former.

Sancho_P October 18, 2019 6:09 PM

@Wael, Re in return …

Rrrright, we didn’t talk about that, however, we made a fantastic deal, didn’t we?

There are several very weak spots in the Alice scenario, even more at receiving Bob’s replies, glad I’m neither responsible nor involved in that plot any more.
¡OPSEC principles may be the most important part now, thank you!

Or (sarcasm/):
Great, we made tremendous progress today, bright future anyway, now there is a name for the game, and it’s “let the kids play”.
Thank me, applause, applause! (/sarcasm)

(Pls. apologize, today I’ve learned to celebrate everything, even the deadly fiascos)

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.