Schneier on Security

Clive Robinson • June 19, 2023 4:56 PM

@ Joe D, ALL,

Re : Paranoia is all in the observers mind.

“I guess I’m just not paranoid enough…”

Maybe, maybe not, we are “creatures of our environment” part of which is what our peers say or imply about us…

Back in the 1970’s and 1980’s by just a little of what our host @Bruce used to call “hinky thinking” I worked out so many ways to attack “systems” it got to the point where I could not look at anything without working out one or more often many ways to abuse it to advantage.

This was mostly not “computer systems” but everyday systems such as how you as an employee could safely take expensive stock items out of a supermarket by exploiting the disposal of packing waste.

How to fake fingerprints, and more importantly beat most standard forensic systems tests.

Being able to easily see how things could be used to harm people, I became more cautious in what I did, after all if I could work it out so could others…

My caution was so much so, that people for several decades accused me of being paranoid or a conspiracy nut… Even those who payed me a lot of money for sophisticated systems I developed to do surveillance, still thought I was paranoid…

On one occasion my sense of what I see as caution stopped me suffering from a nasty fate… The then UK Prime Minister had personaly decided I should suffer[1] for her convenience and profit… (do I need repeat the old saying about power and corruption?).

So yes whilst I’ve sailed close to the wind many times, I’ve always done it in ways that were not going to come back to haunt me.

Others who at the time thought my behaviours were paranoid were not as cautious… Now most of what I was doing four decades in the name of caution, is now considered the minimum you should be doing in self protection. As for those others in some cases they ended up wishing they had been as paranoid / cautious as I was…

The sad thing is they could see what I could see and I’d tell them what I saw as the implications of it. They however thought nobody would do such things thus found out the hard way that asking,

“Why would anybody do that?”

Was the wrong question, and the one they should have been asking was,

“Why wouldn’t somebody make benifit / profit from doing that?”

So, just a difference in outlook nothing more, between those thinking you are “paranoid”, and others thinking you are “dead meat, let’s eat”…

Remember the stories of Idi Amin “having a Hamburger for dinner” where the rest of the man from Hamburg ended up in the freezer…

There realy are those claiming to be “Nigerian Generals” and similar who will eat you alive if they can[3]…

[1] I’ve talked about it before but simply the state owned “British Telecom”(BT) had been not just incompetent but lied about it in the press. I could prove they were lying and wrote an article to be published on BT Prestel about it. I received several increasingly insistant invitations to “demonstrate” in front of BT personnel… As I’d written up the instructions quite clearly I became deeply suspicious. A legal friend and likewise my boss at the time both said I should ask for a written contract and payment in advance to see if they would bite[2]… When told that’s the minimum I would agree to they stoped “inviting”. A short while later a couple of people I knew who I warned thought I was paranoid so got arressted for “fraud” after demonstrating an even worse security fault with BT Prestel. Well I got told fairly recently that “Cabinate papers” showed that “Mad Maggie” wanted me thrown into prison, because she was selling off BT and wanted nothing to effect the share price… Hence the “bring me his head” order…

[2] My legal friend explained their reasoning, which was none of the invitations had been either direct or in writing, so if BT’s intent was honest, they would haggle over money and terms in writting. If however BT had ulterior motives, then they would know a contract and received payment would cover me in any potential legal action civil or criminal. The fact they stopped immediately after it was raised without any haggling gave their game away, so I simply walked away and chalked it up to experience.

[3] The “magic” of cannibalism is little different than in the belief in rhino horn and similar. The idea is that if you take in part of a powerfull animal or person then you gain their mystical strengths, vigor, vitality and even youth or other desird trait if accompanied by the right spell. Actually there is no cure for that sort of madness, or the one that follows the practice. Even though there is clear medical evidence of prion disease resulting, thus actual brain rotting madness of CJD etc, people believe what they want, not what is true,

https://www.msdmanuals.com/home/brain,-spinal-cord,-and-nerve-disorders/prion-diseases/kuru

Clive Robinson • June 19, 2023 5:54 PM

@ lurker,

“I thought that would be an unlikely attack on a tungsten filament”

Actually…

I’ve used tungsten filament bulbs to send audio signals across sizable distances.

The light intensity of any filament bulb over a small range responds quite rapidly over an upto 10% output from the brightest setting.

Yes it’s quite nonlinear but it works.

At much lower tempratures the resistive characteristics of a filament bulb can make it very usefull in Oscilator and Amplifier circuits for “amplitude limiting / stabalising”,

https://en.m.wikipedia.org/wiki/Wien_bridge_oscillator

Such filament bulbs are still actively being researched,

https://www.researchgate.net/publication/343831734_Study_on_Emitted_Radiations_from_Filament_Bulb_of_Different_Power/fulltext/5f43c044a6fdcccc43f57fb7/Study-on-Emitted-Radiations-from-Filament-Bulb-of-Different-Power.pdf

It was not just Wien and similar oscilators that used filament bulbs. Teleprinter circuits had filament limiters that you could see the light intensity change on as trafic got sent. Which is why those for military use had metal as opposed to glass envelopes, which made “fault testing” harder as an 80-0-80 line might not have much current but sure had “wake the dead” kick.

Clive Robinson • June 20, 2023 4:06 AM

@ Ted,

Re : Is your probability even?

“The next paper I need to read is “The curse of ECDSA nonces.”;-)”

Ah the “n word”[1] for the strange concept of “a random number used once”… That is “don’t put the ball back in the urn after drawing it”.

But how do you achieve it? when there are not enough grains of sand on Earth to use each as a numbered ball and get even close to the number needed for security…

There are to many eyes, simple ways, but under test all of them fail. It actually is a game for which complexity via determanism realy is required in quite some depth.

Perhaps as the next subject, but with more than reading just one paper 😉

Our host @Bruce has written atleast a book on the subject and he is by no means the only one…

[1] The word has atleast two meanings in the UK, the most prevelent is not the “random number used once” but as the purjative for someone who is undesirably attracted to children for gratification. Thus as a word it gets put in quite a few “Not Suitable For Work” watch lists, as well as making this web page disappear in “great firewalls” operated by conniving service providers at the behest of disreputable politicians on the make and worse.

Clive Robinson • June 20, 2023 11:30 AM

John Tillotson, ALL,

Re : Tape

“so a strip of electrical tape to cover up any LEDs…”

First of as I note above this is a “bulk effect” from the power supply and CPU load when doing intense crypto and similar activities.

So keep in mind “it’s a power supply issue” so will effect the whole circuit.

Thus three things to consider,

1, Is it the only LED?
2, Can you see other LEDs that are not “visable light”?
3, At what frequencies are the plastic case and tape transparent?

But it’s a “bulk effect” so it’s,not just LED’s you have to think about.

Transistors like FETs are often used for high current load switching. They will heat up and cool down quite rapidly if “surface mount” and could give a “trigger signal” for timing. Thus you hqve to consider “thermal imaging” as well.

Other parts of the circuit will generate RF that will radiate from the case. The type of oscillator used for the CPU will be “cheap and nasty” as will the oscillator circuit, as neither frequency stability or tank energy will be part of the design requirments.

So when the power voltage changes the frequency will change as either Frequency or Phase modulation, and it’s radiated level will change.

All of which can be picked up by a less than 50USD software defined receiver connected to a laptop or even Pi Zero or similar “Gum Stick” “Single Board Computer”(SBC) to be “data logged” then forwareded by WiFi or similar.

You can make a unit to do this increadibly easily… Heck first year studebts at the Technion Institute in Hafa had their “Pitta Bread” design back a decade or more ago. Based on ideas from MGK in Cambridge labs from a decade prior. Have a look at,

https://www.cl.cam.ac.uk/~mgk25/ches2005-limits.pdf

It will make interesting back ground reading. Any Blue or Red team member who does not know the contents and implications of that paper, realy should not be “playing” at being a security person of any worth these days… It’s not as though I’ve not been waving a flag saying “learn it, play with it, use it with intent” for the past decade here and other places.

But something every one should know from basic physics.

All materials have an EM frequency response. Thus they will exhibit all sorts of changes as,

“You go from DC to daylight and beyond.”

That is absorbtion, reflection and conduction all vary with frequency. If you use a material that is transparent at a frequency your device generates then you have a “side channel” through which information can haemorrhage.

Secondly many electrical devices are “Transducers” that is they convert energy from one form to another. Inductors for instance make “transformers”, but as they do work they are “inefficient” and energy gets conducted or radiated out of them. As anyone who worked with the design and use of “Switch Mode Power Supplies”(SMPSU) back last century will know it’s not just EM energy they transmit, the coils move in sympathy so they generate mechanical energy in exactly the same way your Hi Fi speakers do… Thus any change in the power supply will be broadcast as sound as well. Mostly these days it’s up above the hearing range of humans and other mammals so we don’t think about it.

As a security engineer you have to be not just aware of it but design to minimise it. Few that have not had that “TEMPEST / EmSec” oh so super secret –only in the US– course are actively aware of it. That’s even though it can degrade product lifetimes significantly (by causing “material fatigue” that “work hardens” then causes “micro fracturing” that then turns into full fractures and broken conductors and similar).

The key things to note about TEMPEST / EmSec with regards “compromising emmissions” are,

1, Bandwidth
2, Energy
3, Information types
4, Modulation / impressing

If people don’t know why then they need to read a good book on EMC backed by a first year graduate book on basic physics, and mathmatics.

I could go on apparently endlessly on the subject such as noting,

1, Information Systems are transparent.
2, Information Systems are not segregated.

Thus as Matt Blaze and students demonstrated back in 2005 that the naff little microcontroler in your Keyboard can send data to the Internet or other network connected device and you just will not see it unless you know what you are looking for. Have a look at the JitterBugs paper,

https://www.mattblaze.org/papers/index.html

Have fun.

Clive Robinson • June 20, 2023 4:08 PM

@ modem phonems, Leon Theremin, Winter,

“Analog Malicious Hardware”

A hardware vulnerabilty as you described is not new.

It has been described along with several other chip production vulnerabilities by @RobertT on this blog oh getting on for a decade back.

He @Nick_P and @figureitout had several chats over around a year off and on.

The upshot is few chip designers these days actually design functional blocks, they mainly hook up macros from the chip manufacturer or an external contractor.

An example of this is the SoC systems the likes of Broadcom make for mobile phones. They do not have the inhouse teams to do all the macros so they “buy in” the most notable part is the ARM CPU’s RAM and FlashROM etc. As I understand it from overhearing other people Broadcom have some propriatory radio systems macros and like NVIDA some proprietory video systems.

But even when the chip “tape-out” is finished by the designers, other tracks and logic get put in often by the chip manufacturer so they can “test”. So a backdoor or similar could be put in there.

The trick though is to not trigger the software checking on the chip layout, often this is proprietory to the actual FAB based on what their individual systems can or can not do.

@RobertT described how to hide certain types of via and couple signals from trace to trace etc so even quite experienced designers would not find things.

He also considered what should be “back doored” and considered pulling out the “carry bit” as likely being the most useful.

Any way search this site for his handle and have a read.

Clive Robinson • June 21, 2023 5:09 AM

@ ResearcherZero, ALL,

Re : OMG it’s Chinese it must be bad.

“Hualan’s Initio chips are used in encrypted storage devices as so-called bridge controllers, sitting between the USB connection in a storage device and memory chips or a magnetic disk to encrypt and decrypt data on a USB thumbdrive or external hard drive.”

Yes they are low end chips designed primarily for consumer and commercial use to “protect data at rest” against “unknowledgable attackers” threat model.

That is once powered down to loose active KeyMat, provide protection to a level suitable for “compliance” against casual theft and accidental loss and more serious theft by insiders and some data ransoming attackers.

Using them in millitary / Diplomatic / Government work where secrecy against knowledgable and well resourced –level/type III– adversaries is not what they’ve been designed for.

If you want to know who’s realy to blaim for these chips look no further than US Politicians…

The US via the NSA had various secure data product designs for all usage levels. However they were, “clunky to use”, “took for ever to obtain”, “half a decade or more behind COTS equipment”, and worst of all “Eye wateringly expensive” not just for the kit but all the extra auditing etc for “standard” KeyMat handling.

So the politico’s did a “Small Government” trick and said Government at all levels had to buy “Consumer Of The Shelf”(COTS) equipment…

“Hurrar another win for US style Capitalism.”

Only it was not, the US lost it’s native ability to provide the required level of security devices to foreign mass market manufacturers… As any fool with half a brain and an ounce of common sense would have realised… (but that was not the plan anyway, the plan was to put tax money in certain pockets by “outsorcing supply, service and maintainence”).

But how to “cover it up”… Well if you’ve not got native supply you’ve two basic choices,

1, Go without.
2, Get non-native supply.

As the first option was not possible for a whole heap of reasons. The second option had to be used.

For a time the devices used came from ZTE (Chinese Telecoms company). But for face saving reasons as with 5G and Huawei (Chinese Telcoms company) the politicians started banging the war drum as “wrap yourself in the flag” morons often do.

What were they trying to hide?

Well AT&T in very intimate relationships with not just the NSA and US Military, but other companies such as Boeing that were intimate with the NSA and US Military.

And the fact that the NSA and US Military had via MOST major US electronics and communications manufacturers put in backdoors and overrides… And sent them to every country in the world where they could…

It’s not a matter of suspicion they were caught red handed. Worse it became public and the response from China was quite mild mannered in comparison to the usual US noise and nonsense. China passed a couple of anti-espionage laws and started phasing US equipment out of finance and telecoms…

So when you read of a company,

“specifically flagged in warnings from the US Department of Commerce for its ties to the Chinese military”

ALL and I do mean ALL US tech companies have as strong if not stronger ties to the US Military and US SigInt etc agencies… So if you are not in the US,

“WARNING – All US tech companies are linked with US Military and US Espionage activities – DO NOT Purchase.”

So a question of which Country is going to do you more harm?

Well the simple answer is “The US have been repeatedly and publically caught out” other nations have not… What that realy means is,

Don’t trust any tech companies they all work with their Nations Millitary and Espionage Entities

So what to do?

The answer is “mitigate” as I’ve detailed in the past…

The first being the question,

“What is the business reason for this to be externally accessable?”

If the answer is –as is usually the case– none, then start at the top of the stack by segregating it entirely (that includes the users).

Then move down to the bottom of the stack and work on storage at rest security

For instance using RAID you can spread data “bytewise” across multiple encrypting drives. The RAID array can have it’s data fed through an “Inline Media Encryptor”.

Which whilst great for “Data at rest” is usless security wise when in use. Which was why the “segregate” step was first. Can you improve on this?

Yes you go back to the top of the stack where you have individual encryption for users and user groups on servers.

You keep alternating “top of the stack” and “bottom of the stack” working towards the middle.

Yes it’s a pain to setup and manage, but providing you “shop with care” all the pieces of the puzzle will be from different suppliers and supply chains. So an attacker ranging from your own National Government to any other entity will not have all the pieces needed…

So if you are playing technology wise against a level/type III adversary they will just take it to a different more physical level such as an overnight “black bag job” on the premises, till they exhaust all the technical hacks… Then they will as the XKCD cartoon has it, just go for the $5 wrench option on key employees or their loved ones.

Can you mitigate all of this, short answer is “probably yes” will you miss something in your mitigations again “probably yes”.

Which is why there are other options beyond the “technical” and “physical” security ones.

What you are trying to protect is “information” which means you also have “informational security” as well as technical and physical security available to you.

Whilst encryption is using information to secure information, it’s viewed as a “technical security” solution. But there are others steganographic systems hide information within information. Many think of it as being the “poor man cousin” to encryption it’s not.

The “One Time Pad”(OTP), gives “Perfect Secrecy” and nearly everyone jumps to the wrong conclusion that it’s “unbreakable” it’s not as history has repeatedly shown (KeyMan incorrectly implemented and administered).

The promise of the OTP is only,

“All plaintexts of the same length or shorter than the ciphertext are equiprobable”

From this comes a whole series of possibilities other security techniques such as most encryption systems do not offer.

An adversary faced with multiple choices they can not differentiate –ie all equiprobable– has lost before they have started. All they can hope to do is try to come up with some “differentiator test” usually by some statistical correlation.

The same works equally well for steganographic and other “informational security” systems.

It also gives something that can be more valuable when the adversary goes down the $5 wrench or other attack the wetware route, “Deniability”.

Such systems go back into the 1800’s at least. You come up with an “indicator system” that the 1st party (Alice) uses to tell the 2nd party (Bob) in a communications system if a piece of text within a message is valid or not. During WWII a variation of this were known as “Duress codes” or just message “check codes” so an agent behind the lines could indicate if they had been caprured and thus what they were sending was being pushed by the enemy. The physical equivalent is having two keys that will unlock a door but one of them in the unlock process will set off a “silent alarm” so the intruders will be stopped.

The research areas of “Equiprobable” and “Deniability” are shall we say very under represented in the accademic and non governmental domains, which is something that needs to be changed.

Clive Robinson • June 22, 2023 8:01 AM

@ Jon, ALL,

Re : Bob’s a snitch.

‘thus Bob can “help” law enforcement by providing the “key” – thus framing Alice.’

You’ve got half of it…

Alice provides the original key and the possability of “framing” is shown.

But what if Bob is being “honest” with the authorities and gives them the real key?

All Alice has to do generate a real key and a second key that turns her original “dangerous message” into a “safe message”. Thus she has deniability.

It’s an important concept which you only get with OTP type ciphers where the “unicity distance” is open ended. The reality of AES and all symetric ciphers in common use is that trying to create a “deniable key” is practically impossible if Alice’s message is longer than around 40bits of actual information…

So yes whilst OTP type systems do have real world disadvantages they also have real world advantages that other encryption systems do not have.

I mentioned the other day,

https://www.schneier.com/blog/archives/2023/06/ai-generated-steganography.html/#comment-423014

that the paper,

https://core.ac.uk/download/pdf/82748376.pdf

the AI Stenography was based on had issues.

One of which is the claim for “perfect secrecy” well it actually does not have that… Because of my interest in “deniabilty” just looking at the drawing of the way the system worked told me the paper had flaws…