Schneier on Security

Clive Robinson • December 31, 2020 9:14 AM

@ Arthur Chance, Fish, ALL,

As Fish says, this is simply copying old EU legislation

Even back in 2008 those requirments were obsolete…

In a way it tells you something more subtle.

EU technical standards for the likes of “Placing on the market” of electronics and communications equipment are not generally “perscriptive” (thats a fault you find with many US legislation espetially environmentall).

They are usually “frame works” that delegate technical standards to the likes of the standards bodies. To see this have a look at RT&TTE Directives and how you end up with British Standards Institute, IEE, IEEE, CENLEC even some ANSI and NIST standards.

This is because those drafting the legislation are neither politicians or lawyers but engineers, scientists, and academics. The lawyers do get a final say on things simply because providing “language neutral” legislation for 27 nations and ensuring the translations all legaly mean the same thing is a job for specialists.

The point is the politicians are as much as possible kept out of technical standards for obvious reasons.

The 2008 treaty was however very much a political initiative driven by politicians and law enforcment agencies. How to be quite honest rarely have technical knowledge or care.

So it’s 99% certain what is in the 2008 legislation was copied and pasted from some other document by some clerk taking direction from either a politician or senior law enforcment person/group that are in effect as in contact with technology as the rings of Saturn are with the Earth, which is “not much, and very variable in effect”.

In short anything going into legislation should pass under the eyes of independent domain experts that are as free from political and economic influance as possible, to stop this crap happening.

Politicians may think they know everything because of their “camel nose” personality failings. But in all honesty they need to give way to domain experts to ensure that things don’t go badly wrong. Which has happened so often with ICTsec related legislation the whole field should hang it’s head in shame…

Clive Robinson • January 1, 2021 10:08 AM

@ Winter,

At rock bottom, all directions go up.

A not often used these days expression is,

“Life in the crab bucket”

Unless you’ve actually ever go crab fishing it’s a little hard to understand.

Basically you can catch enough crabs that they very nearly fill the bucket, so much so you would easily think they could escape, and in fact they could quite easily.

The reason they don’t is as one crab starts to rise up all the other crabs grab hold of it and not just pull it back down but actually climb on top of it.

When I was around eight, and on holiday the hotel managers son who was about twevelve taught me how to crab fish as the tide went out, all you actually need is a lump of raw bacon hide with fat on about 2cm by 1cm tied with strong string onto the end of a long bamboo garden cane. No hooks are needed because once the crab got a hold of it it would not let go…

So “crab bucket” is a euphamism for working class and lower middle class streets. Proud enough to as a friend used to say “T’drink turps out of a jam jar”. But you try doing any bit better than the rest of them and they will drag you back down. But they all will drag you back just to get a taste of bacon even though grabbing it will lead to their doom…

At the end of the day Brexit was about living in a crab bucket… The people that were going to do worst by Brexit are the ones who voted most keenly for it and will be the first to be dragged down by those aroind them as unemployment will rise and jobs and money scarcer than a silver threepence piece that gran used to keep by for the christmass pudding.

Clive Robinson • January 1, 2021 12:43 PM

@ Winter,

I am very happy the UK will still participate in the EU New Horizons program.

Which one… The one to get the longterm disabled into an unsuitable job, or the one to do with space technology?

With regards the Space technology, the damage has already been done.

Ownership of UK space technology companies has been given at “fire sale prices” to German and French companies because of the EU National Security rules. The few UK Universities doing space related trchnology degrees have pretty much all down graded them and turned them into introductory “General engineering degrees”. Leicester being a case in point that had quite a reputation for space enginering has basically dumbed down now that Europran students will not be allowed etc.

Though nobody in the current UK government has said anything their xenophobic attitudes are not just well known but well established. Co-operation will not happen due to the inability to get visas to do more than very basic degrees, the Universities know this, they also know that the companies that would have provided employment will just be “brain/talent drains” those with ability will have to obtain EU Citizenship Status to meet the National Security requirments. So all of those companies over the next decade will be chasing little scraps fighting each other and bringing each other down. Similar is going to happen to aero space now that COVID has changed the direction of the aircraft industry.

Basically all but “grunt type” engineering jobs are going to leave the UK, and those eith the ability will follow thrm.

It does not take the brains of a Nobel laureate in economics to realise the following,

In a crowded boat freedom of movment is restricted on board but you can swim in the sea and that looks atractive. But only in the very short term untill the cold and tiredness set in then you are going to wqnt to get back on board. Nor do you need Nobel brains to realise that being on board and pissing out, is better than being down in the water bring pissed upon. Alright you have to give up the freedom of just pissing anywhere you like when on board but you are in return way better off.

Thus only a real idiot would swear cuss and bitch at those on board before jump over the side… Because it’s fairly obvious what is going to happen. To mix metaphores you can not just jump in and swim to greener pastures unless you are a manatee (sea cow, with all that implies).

But we actually know all this from living history.

It was fairly clear during WWII that industry was being decimated by the war effort, it was all production and no maintainance and no teinvestment. If the war in Europe had not stopped when it did, within about six months Btitain would have to capitulate. As it was large parts of the population started to starve and if it was not for US food parcels from concerbed US citicens –opposing US Gov policy– tens of thousands would have staved to death or died of deprevation related diseases.

Thus Seventy years ago various people in what was then laughingly called Great Britain could see the way it was going and decided that signing up to a European coalition made sense and moves were made and in 1952 Great Britain was the first nation to sign on the dotted line of the proposals for trade unification.

Then unfortunately as ever petty politics got involved and short term thinking reared it’s stupid head. More stupid than that of the crab who’s behavioirs they emulated…

But eventually people realised that being in the boat was better than being out of it.

However when they tried for membership in 61 France’s Chatles de Gaulle was having none of what he saw as “perfidious albion” in Europe. He said “Non” via the veto procrss and blocked UK membership every which way he could three times and it was a quater of a century later after de Gaulle had resigned that in 73 what was now a very reduced in circumstances Britain and Ireland was alowed in along with Denmark. As in effect “a package deal”.

Those who persued the idea of a united Europe from the end of WWII knew very well that the British Empire was over and that Britain was at the bottom of a list of 60 or so countries in just about every way measurable. It’s only claim to being a great nation was it’s supposadly independent nuclear deterrent, which was in reality anything but due to the War Debt with America. Just about every technical development the UK moved forward on got killed by the American demands that the war debt be paid back. When that threat failed UK politicians were bought of in other ways. Which is why the UK is unique in the history of space exploration, to have got a satellite into space to then kill off all that investment… The reason is the US prommised the UK free launches, then when the UK launch capability had closed the offer disappeared like the fairy gold it had always been. Similar happened with faster than sound flight, fly by wire aircraft, and a list so long that you would fill rather more books than you would have shelf space for. That is what the “special relationship” means to US politicians. It’s why the “Brain Drain” happened and continued untill Margaret Thatcher got rid of the war debt and made a few US politicians “sit up and beg”. The reason for that was in the main the Falkland Islands, the US state dept thought they would get better access to the resources in the antartic and surounding seas if they propped up the corupt Argentinan regime. Thus they tried many tactics to ensure the Falkland Island’s were handed over to Argentina. In many respects we are luky the US plan failed otherwise the chances are South America would be in the same state the Middle East is in currently (though arguably it’s not much better).

Those who were most pro Brexit were at best little boys in the school playground when all the entry into the EEC happened. As their parents made money by financial cheating that was easy to do back after WWII with Bretton Woods broken by bonds they did not see the effects of three day weeks, strikes, fuel shortages, power cuts and worse, much of which I do and I can assure you with no fondness.

Thus they have a very peculiar view of what they want the UK to be, which is simply a no questions asked money laundering bank close to Europe with strong ties to America. Their plane is utter futility the world has moved on and finance has always played very much third fiddle to engineering and manufacturing[2] and the UK can not in any way survive off of the tiny drips the finance industry hands over in the way of taxation.

But then more sensible heads even most that actually work in the finance industry know this and voted against Brexit.

But the crab bucket won based on the false promises of bacon from the sky for all… and now we have to live with the consequences… No bacon just the fit fighting out before economic cannibalism claims them

Within a decade the UK will probably be Nation 70-80 down the list of the measures that are important to the everyday person… We will have a new Brain/Talent drain as Britons turn into what the greasy greedy politicians claim to dislike more than criminals, yes those “Economic Migrants” but flowing the other way to other Nations…

[1] https://en.m.wikipedia.org/wiki/Accession_of_the_United_Kingdom_to_the_European_Communities

[2] Actually fourth or worse when you consider services like thr advertising and media industries and that off shoot of engineering that is architecture and design.

Clive Robinson • January 1, 2021 4:18 PM

@

So, how to incentivize our science compatriots?

That as they say “Is an interesting qurstion” which in effect tells you the answer befor they say anything else…

A little history, back on the 1980’s when 8bit CPU chips still ran by necesity below 8MHz I did some personal time research.

Put simply the printed circuit board lines/traces can be viewed as VHF-Microwave antennas, but still quite efficient at lower frequencies that “coupled in the near field”. The protection diodes caused by the CPU substrates and power metalisation are effrctively “crystal set” receivers or “envelope detectors” so any constant RF field generates a DC offset on the PCB trace as well as the CPU substrate input or output. Whilst such voltages had minimal effect on output pins they had significant effects on input pins. Few realise these days that the input “buffers” be they inverting or not could be viewed as high gain analog amplifiers with bandwidths up into the tens of MHz depending on vintage.

So I’d observed that VHF two way radios could when close enough to a logic / microprocrssor card could be used to cause them to malfunction.

Most engineers would have just shrugged there shoulders made a note to add RF shielding and go get on with the next task the boss had given them. I am however as was once observed “A curious bugger of the most exemplary kind” thus it caused thoughts. Put simply I wondered what would happen not with FM/PM signals that are essentially constant envelope, what would happen with high Pulse Repitition Rate modulation or envelope modulation, thus onto could it be used to exploit the execution of code? To which the answers are a distorted version of the modulation appears on the PCB trace and yes you could exploit the code.

Thus the idea of “EM Fault Injection” was born and I went on to do some interesting things with it including reading the function of smart cards by illuminating the chip with low level microwaves (at ~10GHz) and by the process of cross modulation read off what the chip was doing. That is it produced the same results as power line analysis but without having to get into the smart card reding device with test instruments.

You would have thought a lot of people would be interrsted in such a potential security issue. Mostly the chip people wanted it hushed up with the usual threats and others were not interested as they thought power analysis and the like was just to fancy and nobody would use it as an attack method.

The only person who appeared interested was Ross Anderson over at thr cambridge computer labs and that was some years later. He was looking at tryingvto use random self clocked logic as a way to defeat power analysis on smart cards. I pointed out that a suitable level EM signal would “injection lock” the self clocking and bring them all into alignment thus further attacks be made. Ross sent me the details of a reseatcher in Europe who was using “pico coils” to fire pulses of energy into chips very close up. Basically the same idea dump energy at the circuit in a way that causes bits to flip etc. We had a chat and he said he would let me know next time he was comming over to the UK. Well it did not go any further.

As you might have read Ross did do some research into illuminating the lead of a PC keyboard that he put in his Security Engineering book and eventually two researchers at Cambridge Labs showed that by using 10GHz CW EM you could get energy into an IBM security TRNG and take it’s entropy down from 2^32 or ~1 in 4billion down to about 2^7 or ~1 in a hundred. Thus making “guessing attacks” or “brut force attacks” nearly trivial.

Since then not very much it’s all been TEMPEST stuff which is “Passive EmSec” not “Active EmSec”. One laugh though was the neigh sayers over using acoustic channels. You may remember BadBIOS and the issues that caused. Well it turns out that not just myself but other engineers had looked into using audio to network Personal Digital Assistants like the Psion Organizer and earlier back in the early 80’s so we knew not only it could be done but had done quite a bit on it all of which basically went next to nowhere as IR became the prefered choice even though it was more expensive, then leads with unreliable connectors and they wonder why it was unpopular… Any way when the BadBIOS audio channel was mentioned all those that had never picked up a soldering iron declared it impossible. So I dug up an old IO card to put the “hidden code” on that would survive hard drive wipes and it talked via the speaker and mic connected to a sound card on bits of wire. I mentioned it on this blog as did @RobertT but the neigh sayers were adament. Then a couple of students did it with a couple of laptops on chairs in a corridor and wrote it up “as a paper”… Then the neigh sayers disappeared and the next thing you know malware writers were putting acoustic channels in apps so you could be tracked by advertising etc…

Oh and more resently RowHammer demonstrated what you can do by dumping energy into Dynamic memory and in effect flipping bits by de stabalising the analog refresh circuitry…

So about a quater century to a third of a century time for academia to “wake up”…

So as the old saying goes “don’t hold your breath” with even the simple stuff.

Comming up with ideas for appropriate measurands is going to need an information theoretic approach and that is not exactly simple stuff.

Clive Robinson • January 1, 2021 5:51 PM

@ Ignorant US redneck,

It’s time for our annual New Years Feast so I’ll sign off for now.

Enjoy and keep safe, I usually celebrate the lunar new year or spring festival in China town with friends, it’s probably not going to happen this year due to lockdown So I guess a take-away instead, but that’s not till 12th Feb a lot can happen in that time.

But to all others have a happy new year and I hope it’s a better one in oh so many ways.