Schneier on Security

Clive Robinson • March 11, 2022 5:05 PM

@ Bruce, ALL,

More on “Bio-metrics of the mind” or stylometry.

As I mentioned earlier today bio-metrics of muscle memory and style, can in some circumstances hemorrhage information via side channels which means they leak meta-data out beyond encryption. So you can be found and tracked in sufficient real time for various people to “Find, Fix and Finish” you (ie “We kill by meta-data”). Even through the likes of Tor or any other low latency network.

Any way this deals with the “bio-metrics of the mind” side of author style,

https://serhack.me/articles/unveiling-anonymous-author-stylometry-techniques/

Clive Robinson • March 12, 2022 12:23 AM

@ ALL, especially in the US and UK

I would seriously suggest you all read this,

https://www.fsf.org/blogs/community/earn-it-threatens-encryption-and-therefore-user-freedom

Also remember as I’ve demonstrated in the past all such “legislation” agsinst End to End encryption is without any doubt going to fail.

In fact you can demonstrate “to your hearts content” that,

1, It is not possible to send actual “information” without redundancy in the communications channel.

2, Where there is redundancy of any kind you can set up a communications channel within it.

At which point you have established you will always be able to create a communications channel within a communications channel[1].

That is you will always be able to come up with an End to End Encryption system in any communications system and there is no legislation on earth or anywhere else that can stop such a channel being created, even if it goes through a censor[3].

Thus the question drops to “How do you keep an End to End Encryption channel undetected by a censor?

Which I’ve answered before[4].

But importantly it raises a second more interesting issue.

If the legislation can always be defeated and it can, then what is it’s actual purpose?

On the assumption that properly advised legislators are acting with purpose, then you have to look for what the purpose is?

There is the old adage of,

“If you outlaw it, then only outlaws will use it!”

So it is fairly safe to say that the purpose behind such legislation is not to “catch the outlaws” no matter what is claimed by the legislators.

That leaves a number of possabilities, two of which are,

1, To spy on all citizens.
2, To have on record a crime you can be accused of which you can not defend yourself against.

Most would be worried about the first, but there are some fairly easy ways around this if you needed to do so[5].

My main concern is the second, most if not all legislation involving ICTsec in the US and UK is very deliberately “over broad in scope” so much so that you can not realistically defend yourself against it, and if you try you will probably end up bankrupt in the process.

Such legislation is very wrong in any kind of society as history shows it always ends up being used for evil, oppression, and a lot worse.

EARN-IT is such legislation and people should be making a lot of noise about it and bugging the heck out of legislators any which way you legaly can in a way that the legislators know they can not ignore it. That is it will have repercussions on them personally (ie they get defunded / not voted for / repeatedly challenged, ridiculed etc).

[1] So infinite recursion in an infinite Universe or as some in the US would say “turtles all the way down”. But as we are dealling with the hairy mutts we call politicians[2] I prefer the UK “lesser fleas” discriptive.

[2] Proving if it were required that William Shakespeare’s “A rose would smell as sweet by any other name” can usefully have “rose” and “sweet” substituted with oh “politician” and “corrupt” as an example to end up with his variation of “Something is rotten within the state of Denmark”.

[3] From the “Information Security” perspective this is a highly important result, because it proves unambiguously that any system with communications that cross a controled perimiter is insecure and can leak secure information. The only two meaningful questions being

3.1, The actual transport method.
3.2, The available data rate to an attacker.

With the obvious provisos being If you do not know 3.1 then,

3.3, You can not know 3.2.
3.4, You can detect 3.1.
3.5, You can not mittigate 3.1.
3.6, You can not stop 3.1 when it is in progress.

[4] It involves the use of both an unbreakable “cipher” (OTP) and a “code” book to make the random output of the cipher look like “redundant” plaintext you would expect in ordinary human communications.

[5] Such as meet in person and have a quite chat whilst walking around an area where parabolic/shotgun mivs will not work, nor will emissive bugging devices. The problem is non emissive bugging devices such as old fashioned “tape recorders” upto modern smaller than a thumbnail electronic equivalents. On discussing this with someone who has, experiance with this their immediate answer was “go swimming together” or “stand by a fire where you can not be over-watched and write out sentence by sentance what you are discussing on ‘flash paper'[6] and burn each piece immediately after the other person has read it”.

[6] Flash paper is used by magicians amongst many others, their version is so fine that the heat it produces whilst burning creates sufficient updraft to lift it up into the air, and thus rises and disapears in not even a puff of smoke. You can make your own with “cigarette papers” that you’ve “washed” with a food grade nitrate such as “pink pickling salt” so you can eat them safely if required as an emergancy destruction technique. I’ve been told you can do the same with “rice paper” that is frequently used in confectionary such as is seen on the undetneath of home made macaroons and meringue nests.

Clive Robinson • March 12, 2022 12:43 PM

@ MikeA, ALL,

I recall your mentioning the difficulty of exchanging data over the “voice” channel of modern mobile phones (even 300bps FSK is dodgy as all get out).

It is problematical due to the fact speach over a short time is in no way random. Encrypted data is almost by definition random.

So how to make random look non random…

One way is not to send data, but speak words, You can do this by reading “text off of the computer screen”.

OK the bit rate is appaling but you will be able to get a few bits / minute through.

This was effectively how the “and now some messages for our friends” worked during WWII.

You had a “code book” in which you looked up the message transmitted.

So,

“The little duck swam across the frog pond” qcts as a “primary key” that you look up in the code book.

If the sentance is in your code book then the message is ment for you. You read what it actually means from the code book. Which might say,

“Bomb primary target A”

As the sentance is only ever used once it has all the security benifits of a One Time Pad. Which it is sometimes called “a one time phrase code”.

But it’s fairly inflexible if a meanng has not been thought up before the code book is compiled then it can not realistically be sent.

But what if you combined phrase with a One Time Pad?

So you could repeatedly use say one of the set,

{Hello, Hi, How’s the weather, Watcher}

Ad an opening salutation. To send two bits of information. What the actual two bits mean is upto the first and second parties in the communication.

Obviously if the sent bits always ment the same thing then the enemy could do simple correlation to work out what they ment.

However if you take the two bits and XOR them with two bits from a One Time Pad two advantages arise,

1, The third party can not correlate the meaning.
2, You as the first party can get full deniability against betrayal by the second party, provided you exercise care in your activities (the joys of Op-Sec).

The point is the “salutation” is “standard” regardless of if a covert channel is being used or not.

The censor can not say if there is a covert channel or not. By adding other techniques the two parties can “armour” their two bit message against spoofing and similar.

The use of the likes of “Forward Error Correction” where say three seperate “standard phrases” in the message have to agree after the OTP decode makes life for the censor difficult at best. Their only real option being to stop the communications in some way.

So If I wad to say,

“Watcher, you know we realy should meet up for a pint”

Potentially I’ve sent you 2bits with “watcher” another 2bits with “realy should” and another 3bits with “pint”. And if you think about it {“you know”, “it’s time”} gives you another bit.

So one byte sent in about three seconds…

Not exactly high speed but it has the advantage of,

1, Being Secure.
2, Being deniable.

The latter being sometimes more important than the former.

Clive Robinson • March 14, 2022 5:54 AM

@ SpaceLifeForm, ALL,

It appears the only Spectre mitigation that will work will require the performance hit of using ‘generic retpoline’. Otherwise, it will leak.

Yeah well “marketing slogans” and “go faster stripes” do nothing good for performance… As I’ve said for quite some time. Even on silicon turtles they are a drag and take power from the ability to perform…

The basic laws of thermodynamics say you do not get something for nothing as all processes are inefficient. The waste heat from an Intel CPU with all it’s go faster stripes if converted to coherant light could be seen with the naked eye reflected off the moon.

The big problem is they,

1, Run at CPU speed
2, Run all the time
3, take up a large amount of Silicon “real estate”

Thus they became a “Heat Death” isdue long before Intel got even close to the other physical limitations the laws of nature use to put a big crimp in Moore’s Law. Which is Why of the now big three architectures Intel, AMD, ARM Intel is the most inefficient and glows like a themopile.

Sadly AMD has been hanging onto Intel’s apron strings hence the problem with the Ryzen chip set.

For quite some time I’ve pointed out the issue of “Efficiency-v-Security” that is by trying to get something more, you nearly always open up securiry holes that you only find out about at a time when it’s realy going to cost you.

Nearly all of these CPU security holes have the bad news factor of being “visable across the wire”. That is across any connection to an external network or grid.

So it comes back to that question,

“What is the business case for having this computer connexted to external communications?”

Maybe if I ask it enough, people will start to realise potentially the legal issues they are running into.

Sooner or later the FTC, SEC, or similar are going to fine a big corporate for having their computers visable from the Internet etc, with the implication that it was deliberately done for the purposes of “insider trading” or another of many many of their rules.

They FTC in effect got the gun out of “the cupboard” with the fall out of Equifax and then loaded it with Log4J,

In issuing its notice, the FTC underscored that organizations have legal obligations “to take reasonable steps to mitigate known software vulnerabilities.”

https://www.csoonline.com/article/3646595/sec-ftc-warn-companies-to-remediate-log4j-vulnerabilities.html

OK they said “software” but these “hardware” vulnerabilities are very definately “known vulnerabilities” that in Intels case have been around for quite some time now…

If the FTC or SEC make the right noise then the likes of AWS, Microsoft, and many others to drag peoples legally confidential data into the “cloud” will get quite a kicking. As for “Smart Devices” with all the side channel leaks not “over the wire” but actually “over the air”…

Those comms stacks vulnarabilities we see in all the standard communications like GSM and all the other Mobile protocols, Bluetooth, WiFi, etc, we see over and over are “NOT GOING AWAY” any time soon or “forever” in current human terms. Again something I’ve warned about repeatedly and emphasised by pointing out just how long “Smart Meters” and “Electronic medical implants” will be with us and leaving us highly vulnerable…

That is vulnerable for “half a century”, or if you like longer than most people who own homes or have implanted medical electronics have left in “life expectancy”. So things being done today will be having known significant effects, when more than half the Western Worlds current population is dead and the others yet to be born…

Clive Robinson • March 14, 2022 7:57 AM

@ SpaceLifeForm, ALL,

With regards,

“Using these capabilities, we implemented several fuzzers for the GSM CC, GSM SM, as well as the LTE RRC protocol.”

I should have read down before replying to your earlier…

Does the expression “Colour mr unsurprised” have a local equivalebt where you are?

It’s the sort of thing I’ve been warning about for years.

The problem is two fold as to the base causes,

Firstly the “acturial methodology” when applied to “design” by engineers.

Secondly “Ease of test” when standards, protocols, specifications are drawn up.

Acturial methodology currently is still based on the “shaped random model”. That is things go wrong “randomly at a predictable rate” rather than “in a predictable way”.

That is an insurance company knows from collecting historical information and building into tables, aproximately how many homes are going to catch fire this year from “accidents” in any particular style of home. What they can not do is say if your home is going to catch fire or not (if they could then they would cancel your insurance at the begining of the year as they do with medical claims for the likes of cancer etc[1]).

So an engineer can from such tables make a calculation of how often a particular style of say lawn mower flicks a stone or similar into the air and in aproximately which direction. So bad designs like Pinto gas tanks can be avoided.

https://www.popularmechanics.com/cars/a6700/top-automotive-engineering-failures-ford-pinto-fuel-tanks/

Oh and do I mention Boeing and the “lets strap on bigger engines” fiasco?

Both were significant mistakes in design that should not and some say without intent could not have happened.

The result is we know rather more graphically what we knew before… That cars involved in rear end shunts with improperly designed fuel tanks will kill rather more people than normall. Likewise passanger aircraft with bad flight charecteristics will drop out of the sky and kill rather more people than normal.

The only issue is you do not know which vehicle and when, that appears on the face of it to be entirely “random”[2] which is why we say such events are “accidents” which incorrectly remove “blaim”.

But that other issue is testing…

I’ve talked about this in the past with “test harneses” and the like if people want to go back to the CarrierIQ” incident just over a decade ago I went into it in some depth.

What was shown was a “test harness” in the phone putting user entered data into a “testing buffer” and that the CarrierIQ testharness could also send back user entered data ti CarrierIQ’s servers. Unsuprisingly these two were seen as one and the same and an outcry arose,

https://www.networkworld.com/article/2183721/skeptics-find-flaws-in-carrier-iq-application-analysis.html

As I explained at the time “test harnesses” are a fact of life in engineering in any system more expensive than mid range consumer items or where things can not be seen. So most IC’s have them added by the “foundry” and some are available by JTag.

The problem is they “cross boundries” which in security is a very definate No No as not only does it allow information to leak, they usually alow status bits and the like to be flipped creating significant vulnerabilities.

But as I sometimes say “Hey if you doubt me go check for yourself”…

The information is out there all you have to do is find it and read it.

But as I also say,

One of the major failings of the ICTsec Industry, is it does not learn from it’s history

Thus it makes the same mistakes over and over often well within a decade… Which when you think about it makes the ICTsec industry almost unique when compared to any other form of modern industry.

[1] There are warnings coming out of the medical proffession that not only is Long Covid going to be an issue in comming years but a significant component of that is almost certainly going to be seen as cancers or autoimmune disease in the ten to thirty year from now range. News that has not been helped by two other things, first the Judge ordered release of hundreds of thousands of pages of Pfizer Vaccine information, and a study from Washington state that indicates from excess mortality rates covid related deaths are more than three times the official figures and up around 18million.

[2] Actually it’s not random as I’ve indicated with,

“There is no such thing as an accident they are all entirely predictable.”

Under the laws of nature. The issue is not one of knowledge, but what some might call foresight. That is certain events when set in motion will cause damage, destruction and death. The real issue is do you have enough “real-time” information, and enough “processing-time” to make the prediction and take corrective action to prevent it? The actual take away lesson being, “Going faster may get you somewhere quicker, even if it is to the state of being a mangled body or corpse”.

Clive Robinson • March 14, 2022 4:40 PM

@ lurker, Winter, ALL,

Re Limits to Growth (LtG)

The original “club was formed back in 1975 getting on for five decades ago.

Quite a few things have changed since the 1970’s, for instance the switch from relativeky cheap to make “filament bulbs” that were grossly inefficient when used, to first vaccume tube fluorescents which were expensive to make and sell, and produced a “hard light” but which gave around an 80% saving in combined running and maintanence costs through to the more recent LED Bulbs that in the production costs of the 1970’s would have been impossibly costly to make even though they use around 2% of the energy, and can last atleast 10times longer.

The problem is new LED bulbs are deliberately designed to only last about the same time as vaccume fluorescents due to an issume that is mostly unconsidered. That is for a product to produce savings it has to have a certain minimum amount of production. Thus increasing the length of lifetime in a LED bulb will destroy the industry that makes the bulbs.

Another issue is the price of energy. When we use lots of it the part of the price we pay that is the cost of production is small. However as we reduce consumption that cost rises faster than the reduction in generating capacity… You can actually work out that again the cost of production has a certain minimum to remain viable. If it’s not met then production of that type ceases entirely and will not start up again.

A very dangerous assumption in what is laughingly called “economic science” is “universal replacability”. That is that everything can be replaced with something else. It’s not true for a whole number of subtal reasons.

Take “coal production” replaced by “concrete production”. The argument is the amount of coal we can pull out of the ground and burn to produce energy, can be replaced by concrete to make dams. What it ignores is the fact there are darn few places you can build dams, and rainfall to fill dams is based on the global thermal cycle we are trying to reduce… It also ignore the loss of land and other resources like iron. Currently something like 90% of iron comes from being recycled, and it’s a very energy expensive process it does not take the work of a genius to see it is yet another “self limiting” process.

Ad I’ve indicated in the past the world is entirely finite in terms of non energy resources. So as the population rises simple logic tells you that your absolute share of those resources goes down. It’s not an issue that is currently open to argument and economists almost entirely miss it in their formulars.

But of energy resources some are finite yet ignored as such. Nuclear energy be it by fission or fussion is not even finite it is actually diminishing. There is no way around that, yet it is assumed it can replace carbon – water energy resources. It can not and it will not, and as I’ve indicated with coal production, once it’s stopped it won’t restart. The other issue is the immense startup cost of making a substitution and the sunk costs involved with continuing production. The nuclear industry had a very very dirty future, in that nearly all the materials that go into making the actual reactor become non-recyclicable. That iron in the steel containment vessle is not just “lost” it has a massive longterm cost involved as Chernobyl which has come back into the news recently demonstrates.

For “universal replacability” to be valid you need infinite resources available, yet we know the world has very limited finite resources. Each substitution we make limits our options… But also we need an infinite “garbage pile” for waste.

Few realise that the ultimate form of waste is low grade thermal energy we call heat. To extract usefull work out of thermal energy there has to be a thermal incline from hot to cold. The thing is as you extract energy you decrease the available incline, that is using energy makes less energy available. There is only three things you can do to maintain a stable temperature,

1, Increase the waste disposal by radiation into space.
2, Reduce the amount of radiated energy falling on the earth.
3, Somehow capture and store the energy.

All three are effectively finite in some way…

The more we understand the more the LtG needs to be updated. That is it will aleays be a work in progress.

But the one thing it does tell us that is the major elephant in the room is, if mankind is to increase in numbers two things have to happen,

1, Resources have to be more equitably distributed.
2, We need to find new sources of resources, and disposal of used resources.

There is a limit on what the first can do even if we hard limit the population, and the second means mankind will have to “get out of the bound conditions” of the Earth.

The reality is “we have to go back to the stars” or more correctly space and other planitary bodies. If we don’t then with certainty mankind will become extinct. Most likely by either disease or choking on the waste we create.

Clive Robinson • March 14, 2022 8:38 PM

@ SpaceLifeForm, ALL,

I’m not sure the algorithm is that efficient, but, it does reflect the fact that the larger the semiprime, then there are fewer possible primes that can be factors.

It’s been a while since I looked into it but…

There is another asspect people need to consider.

RSA has a vast amount of redundancy in it’s choice of primes (this was mentioned in a 1980’s paper).

This alows for an absolutly massive “Covert Channel” that can be used to break RSA in it’s PubCert.

Put simply if you have a hidden PubKey used in say a Blum Blum Shaub (BBS) random generator, then you can,

1, Randomly pick one of your two Primes say P and then encrypt it or a number close to it using the hidden BBS PubKey.

2, You then select the second prime Q such that the top bits of PQ match the output of P after encrypting.

3, You then have a PubKey certificate where the top bits when decrypted with the secret key of the hidden PubKey give you a close starting point.

4, You then search with an optimised search for P which gives you Q.

5, You then build the Secret Key for PQ.

From then on in it’s game over…

The thing is no matter how hard you look at the PubKey that comes out of this process you will not be able to tell it’s been “backdoored”. The only person who can is the person who has the Private Key of the PubKey hidden in the BBS random generator.

As I’ve mentioned before quite a few years ago now, I developed PoC code that did exactly this and put it in the source tree of a commercial product to prove a point about the futility of “code audits” the way the company carried them out.

Code audits were and still are considered “Just a checkbox on the release list” they are rarely caried out by the better or experienced coders. Therefore they miss such obvious backdoors…

By the way it’s not just RSA that can be backdoored this way, many Crypto Algorithms can… Remember the NIST “Red Face” over the NSA behaviour that caused a NIST standard to be pulled. Then there was that backdoor code in Jupiter Network Routers… Just two iceberg tips in a veritable see of icebergs.

If any crypto algorithm you consider using has redundancy then a covert channel can be built with that redundancy, it realy is that simple.

Nearly all “mathmatical crypto algorithms” contain a considerable excess of redundancy… So you have to be adept at mitigation, which very very few people are.

[1] See the work of Adam Young and Moti Yung for more details, I gather Moti reads this blog from time to time, so if people want to say thanks just say high.

Clive Robinson • March 15, 2022 3:03 AM

@ Bruce, ALL,

Under the perennial question,

“Does it always take a war to get people to shift their butts and start looking into doing the right thing?”

Via,

https://nitter.net/SteveBellovin/status/1503388031428014083#m

We get,

FCC launches inquiry into Internet Routing Vulnerabilities

“Description: The Notice of Inquiry seeks comment on steps that the Commission should take to protect the nation’s communications network from vulnerabilities posed by the Border Gateway Protocol”

https://www.fcc.gov/document/fcc-launches-inquiry-internet-routing-vulnerabilities

It realy should be on,

1, How to replace it with something more secure.
2, Something less fragile.
3, More fitting to wider distributed networks with greater time lags.