Schneier on Security

Clive Robinson • January 4, 2024 9:16 AM

@ ALL,

The hardware bypass is described in the research paper by Kaspersky researcher Boris Larin as,

“If we try to describe this feature and how attackers use it, it all comes down to this: attackers are able to write the desired data to the desired physical address with bypass of hardware-based memory protection by writing the data, destination address and hash of data to unknown, not used by the firmware, hardware registers of the chip.

Our guess is that this unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or was included by mistake. Since this feature is not used by the firmware, we have no idea how attackers would know how to use it”

As I noted just yesterday in,

https://www.schneier.com/blog/archives/2023/12/friday-squid-blogging-sqids.html/#comment-430564

“In effect that is a “One Way Function” as you can not realy “black box out” the S-box (if it’s designed correctly).

The implication of which is “somebody knows” the S-box structure outside of what should be a very limited subset of people[1].”

Which is maybe why our host @Bruce has said,

“This is nation-state stuff, absolutely crazy in its sophistication. Kaspersky discovered it, so there’s no speculation as to the attacker.”

But on the more technical side back last century our host in his book on crypto algorithms,

https://www.schneier.com/books/applied-cryptography/

Showed how to use a Fiestel Round structure to turn a hash function into a keyed encryption/decryption algorithm.

Well it also works the otherway around an encryption/decryption function can be used as a hash and has certain advantages.

Nearly all modern CPUs of any power contain the hardware to do AES. Thus building in a “secret hash” / “keyed hash” using it would be trivial to do. If key is kept in internal EEPROM then building a “Golden Key” back door is almost as trivial.

As I further said yesterday,

“Because if it became known the 2nd Party was a US Agency, then the “NOBUS Back door” notion pushed so hard by William Barr and friends has been proved “blown for good”.

Which is just the sort of mayhem certain folks night like to chuck in some cosy “highly secret” 2 party agrement…

Just a thought from before my breakfast cup of tea ;-)”

If people want more info on how to do a secret / keyed hash to create such a hardware “Golden Key” back door I can describe it, but as I said it’s fairly trivial to do.

Stopping such built in hardware backdoors is possible and I have previously described how to do it on this blog with “Castles-v-Prisons”.

Clive Robinson • January 5, 2024 3:30 AM

@ hermenia, iAPX, ALL,

Re: You say tomato and I say tomahto[1]

“Of course, anything that hints at “reasonable explanation” is perfect for “plausible deniability” too.”

It’s been some years now since I commented on this blog that for reasonable deniability you needed two or more vulnerabilities that on their own achieved effectively nothing. But together they would open the back door[2].

The thing is deniability is a “Duck Test” ie the,

“If it looks like a duck,
Waddles like a duck,
Quacks like a duck,
Then why would you think it was a goose?”

Question applies.

The answer being that mostly you don’t care and many people will think a small goose is a duck or a large duck a goose. Or even in the song an ugly duckling turns out to be a swan.

But whilst most can be fooled and not care as you have no skin in the game, a Veterinary Surgeon does have skin in the game so should not be fooled, nor would another duck or goose.

But this has four different layers or wheels that need to be lined up[2].

Some will say that alone is actually proof it’s not deliberate, others will argue the exact opposite. Both for the same reasons “probability” but they come from different directions (So back to the slot wheels[2]).

So based on the fact this one has been caught “laying the golden eggs” I’m going with “goose that has been cooked”[3]. But some will still say maybe just maybe “hung out to dry” if it came via Peking…

(It’s early here, and I’ve not had my first cup of tea so the whit has run dry).

[1] The words of the song,

“You say eether and I say eyether,
You say neether and I say nyther; Eether, eyether, neether, nyther, Let’s call the whole thing off!
You like potato and I like potahto, You like tomato and I like tomahto; Potato, potahto, tomato, tomahto! Let’s call the whole thing off!”

[2] The original argument about aligning holes in defences was “think of it like holes in the layers of an onion”. I prefer to think of it like the slot disks/wheels in a combination lock. That is only when you get the slots aligned correctly does the lock arm/lever drop and the bolts can be slid back and the safe door opened. BUT each slot wheel can be aligned from being turned either clockwise or anti-clockwise so there is two numbers for it not one…

[3] Two for the price of one, via an Aesop’s Fable

https://en.m.wiktionary.org/wiki/goose_is_cooked

So “Like an Athens sausage, cooked in the middle of ancient greece”.

[4] The “Peking Duck” like many things acient and modern is alleged to have originated in Beijing China. It’s deep red in colour and is a well hung but greasy duck, and a firm favourit with some,

https://en.wikipedia.org/wiki/Peking_duck

Clive Robinson • January 5, 2024 7:50 PM

@ hermenia, Tatütata, ALL,

Re : The higher the stack the less probable it will balance[1].

“If this was an honest mistake, Google’s programmers are probably just as likely to have those. If it was a backdoor, Apple probably needs to be written off entirely as a supplier. “

You left out another option,

“Did Apple have any choice?”

To which I would say the answer is very probably “No” the problem there is not enough technical information to say one way or another, even though as @Tatütata points out,

“I guess that someone is facing the politician’s dilemma after some unsavory disclosure, which is having to chose between appearing hopelessly incompetent or deeply corrupt — and usually ends up looking both… Pleading that a memory wormhole protected by a 10kg padlock was left behind by accident beggars belief…”

But there is atleasy one thing that is very clear and has been for some time,

“The FBI and DoJ want a big scalp in Tech to stop Encryption.”

So they can scare everyone else into line with their unlawfull snooping agenda.

They tried it on with successful prosecitions of a couple of companies but it did not get them the scare value they wanted. Thus they went after the largest scalp in the industry Apple as a “set up” and found to their shock that Apple were not just going to “roll over” and instead opted to fight in court very publically and give the FBI/DoJ a whole heap of very very bad publicity. The Psycos at the DoJ and FBI did their “GWB big man walk” but it quickly unraveled untill the point it became clear the action in court was not just going against their brightest and best, but they were going to loose thus have an adverse to them judgment act as future president. So they did the only thing they could “jump out the door before the inevitable crash and burn”. And pulled the “rip cord” on “Plan Z”… Of which there is now circumstantial evidence they could have done before they started their unwaranted attack on Apple.

It’s a level of humiliation that the FBI and DoJ are never going to forget, because it showed them up humiliatingly for all to see, that despite their bluster their best Psychos could not deliver.

Now that fight cost both the US Tax payer and Apple a lot of money as well, and that is something politicians at the most senior of levels tend to get told directly to their face by various people and that creates a lot of tension. Because they realy don’t want people throwing grit in the gears of the gravy train delivering those hog barrels of grease that their voters want.

Thus there will be advantages for other players to “Pour oil on the stormy seas”.

Apple has a problem, in that it is very dependent on China in various ways which alone is enough to put them in US Political “Cross hairs”. Further Apple has supported both China, Pakistan and a number of other quite undemocratic if not tyranical/despotic governments, who have put the squease on.

Whilst Apple have done a few things to make the USG happy such as move some chip design etc to the US, some people will claim in their filibustering ways it’s not enough…

Thus Apple needs “Friends with leverage” to gag such fillibuster clowns in the US and keep the other “Monkeys off their back”. Possibly the one set of people with more leverage than anyone else in the world is the “Spooks”.

Whilst the likes of the CIA have some leverage, what Apple can give them they can get for less elsewhere without having to call in any markers.

The US NSA with UK GCHQ not only have the leverage, and the want they can put technology on the table to deal with those other Tyrants and Despots.

So… I’ve just given voice to what others are thinking,

1, This is a Golden Key back door.
2, Designed by the Five-Eyes.
3, Which has tailored ability.

It’s the last one that gives the game away, because the reality is not even Apple can push back against the Governments of China etc with the undemocratic, despotic, and tyranical leaders.

Remember the alledgadly wealthiest private individual in the world, owner of Amazon and a newspaper sufficiently upset the unellected ruler of the House of Saud who also controles the worlds largest Soverign Fund and all the political power that buys. Had shortly before that had a journalist actually butchered on diplomatic premises, and did not take kindly to people pointing out his psychopathic ways in newspapers…

Some people get their way no matter what… thus being prepared for what they demand, is a way to ensure you don’t come under the focus of their lens in the Sun.

Both the NSA and GCHQ know how to make a “Golden Key Back Door” that can have many many keys that are in effect non-overlapping. That is Apple can give Pakistan a Golden Key for their phones they ship for sale in Pakistan, likewise Saudi Arabia. However the Pakistan Key won’t work on Saudi phones and vice-versa.

So,

“Render unto Caesar what is in Caesar’s domain, but not other kingdoms. But the Kingdom of God still sees all twixt heaven and earth.”

[1] I guess my point aligning two fables, four songs and six puns on a very dry security topic kind of got missed…

The harder it is to pull it, not just into a stack that balances, but the greater the difficulty to align the slots so it clicks.

Clive Robinson • January 6, 2024 4:51 AM

@ ResearcherZero, ALL,

With regards the New York Times quote,

“Once you’ve built the tools, it becomes very hard to argue that you can’t hand them over to the U.S. government, the U.K. – it becomes something they can all use.”

There is a more subtle asspect to it.

It’s unlikely that “Law Enforcment Agencies”(LEAs) will get the “full access” they want. Which some might mistakenly see as keeping them under control.

Unfortunately what will happen as we’ve already seen is different jurisdictions will get different powers in different ways. BUT… importantly they will be able to “Collaborate across jurisdictions”.

As we are seeing as the,

1, Phantom Secure
2, EncroChat
3, SkyEcc
4, An0m

encrypted communications sagas slowly becomes more visable in court. And with it some of the smoke and mirrors clearing that hid,

‘Such cross jurisdiction
LEA collaboration that is like “aligning the slotted wheels in a combination lock”‘

Or just sticking a metric ton of HE up against it and sparking the fuse.

And the encryption and other information security used to make the equivalent of a vault door lies their in the dust blow off it’s hinges, and all we now hear is the hoof beats in the distance…

If the less honest than “Ned Kelly’s” of the ASD have access how long before every Extended Five-Eye Nation’s agencies come around helping themselves to a “cup of sugar”. AND… how long before the ASD is “calling in favours in return”?

Such favours can be parlayed into great power as some Australian Politicians have already shown.

Clive Robinson • January 6, 2024 2:25 PM

@ JonKnowsNothing, ALL,

Re : Radio Security and Encryption.

“I would expect, that after spending mega-$$$ on these systems it will be found that they don’t work as advertised.”

Depends on what you mean by

“don’t work as advertised”

The UK Home Office forced through an encrypted radio system some years ago, and as far as I’m aware it is sort of “secure” still.

However it has issues like nearly all “Digital Voice”(DA/V) systems compared to “Analog Voice”(AV),

1, Increased RF bandwidth for same audio quality as analog.
2, Decreased range compared to analog.
3, Increased power consumption compared to analog.
4, Interoperability issues from key scheduling.
5, Vastly increased cost of units.

The first attempt was via Motorola TETRA at the turn of the century and it was and still is a disaster for all of the above reasons. Known as “Airwave” it’s a masive financial hole into which the UK Gov is pooring cash. Motorola was accused of deliberate rising of costs to increase profits which resulted in them being hit with “price caps”,

https://www.theguardian.com/business/2022/oct/14/motorola-faces-price-controls-over-uk-emergency-services-radio-contract

Which is so contrary to Capitalist Freedom to rape pillage and plunder, that they are running to the law crying “Snot fair”.

TETRA was so bad that all the Emergency Services staff on the ground, voted with their feet and started using GSM Mobile Phones to talk to each other where TETRA was increasingly failing and failing badly. Whilst GSM Mobile works in normal times, as was found in the 7/7 London Bombings back in 2005 there is a significant issue sharing with “Public Networks” and it realy is not a good idea. However the mobile providers have a sort of partial solution to this (but I’m far from confident it will work). But GSM it’s self also has significant problems as well with coverage.

Part of the original driver for the UK Home Ofice to act was the communications disaster that “underground incidents” are highlighted by the 1987 Kings Cross Fire / Disaster (that I only just avoided on my way home). And importantly the lack of interoperability between the primary emergancy services of Police, Fire and Ambulance services making timely control at best near impossible. GSM solves the interoperability and most privacy issues, but not the underground issues.

The Home Office has thus taken a leaf out of the European Train Operating System based around GSM (mentioned on this blog a few months back). However they have gone for the outgoing 4G system which is being “pulled” in favour of 5G as we speak and 6G as soon as the US Gov can force it down peoples throats there way for various “Political” reasons.

This new UK Home Office system should it actually ever get on it’s feet before the technology is totally out of date, is called “Emergancy Services Network”(ESN) and will be supplied by the now infamous “EE”. It will connect a lot more than just the three primary emergancy services and will include the likes of the Coast-Guard as well as air-services and other services. It’s been said that even hospitals and Doctors will effectively be tied-in / connected as will many Local Authorities and Infrastructure Utilities (Power, Gas, Water, Sewerage),

https://www.gov.uk/government/publications/the-emergency-services-mobile-communications-programme/emergency-services-network

So an “All the eggs in one basket” solution… Based on the already proven failed notion that “One Size Fits All” must bring “Economies of Scale”, where it so far has only provided price gouging monopolies.

Also so many points of potential failure it almost certainly will have security failings.

However two points to note “back-up” due to “Power Fail” is going to be a disaster due to “Cascade Fail” the Home Office has been warned and ignored it as an issue. As well as ignoring the “latch down” effect issue as well[1].

But they’ve also ignored another issue which is the encryption algorithms in use.

The comercial “Private Mobile Radio”(PMR) system called “Digital Mobile Radio”(DMR) uses the standard AES block cipher and “is assumed” to be secure (it may actually not be). However GSM uses ETSI “specials” which are often Stream Ciphers with “extras” that enable “easy surveillance” as the A5 controversy back at the turn of the century and the more recent one has shown. ETSI can not be trusted in any way to provide secure communications.

The lateat ETSI for 5G is apparently “SnowV”. As earlier versions of “Snow” have had rather more than “technical breaks” this should be of concern to people.

Whilst you can run more trusted “Application Level” security based around AES on top of the suspect “Network Level” security based on secret ETSI algorithms it does not of necescity make your system secure, and almost certainly does not for the UK Home Office ESN system (the Home Office does not want secure radios getting on the second hand or stolen property markets, in fact they want to ban encryption in the UK entirely).

The real security problem as I anoyingly point out from time to time is “end points” and the “gapping” between the security domains they create.

All mobile phones have almost no gapping / segregation and the “Comms End Point” reaches beyond the “Security End Point” via the base system such as the OS and Drivers.

Thus why break the “Over The Air”(OTA) network layer encryption or even application layer encryption, when you can go directly to the plaintext user interface, on device and off device storage etc.

The sad thing is Amateur / Ham Radio where “encryption is not alowed” has it’s own digital video, image, voice and data standards. In the majority of cases the level of segregation is very high…

If someone decided they needed much more secure comms then those Amateur Algorithms are all “Open Spec” by law and nearly all are “Open Source” as well.

So the use of a “Smart Device” without WiFi/Bluetooth that is less than $100 but with Audio can be used with an inexpensive VHF/UHF “Walki-Talki” at less than $50, or any one of a number of HF/VHF/UHF “Shack in a box” “Go box” or “Man Pack” systems at less than $1000 and with care below $400 to give not just “World Coverage” but “Out of Space” as well without having to rely on infrastructure systems that in all probability will fail and fail badly[1].

There are some very real comms and utility infrastructure lessons comming out of current conflicts around the world. In all honesty non are unexpected to engineers, but untill recently nobody wanted to listen because the foolish mantra was,

“Capatilism would give the free market and the free market would decide”

Which as both you and I know is pure bovine scat piled up to above avalanche proportions and nature has a way of pointing out such follies as we’ve seen with “Supply Chain” issues and numpty trade wars. And will certainly see a lot worse in the near future, if the turning wheel of history stays in the rut.

[1] The two infrastructure systems that everything else is now absolutly reliant on are,

1, Mains Electrical Power.
2, Wide area networking Communications.

But… They are almost 100% interdependent due to “Share holder Value” getting rid of “workers”.

If power goes down the “remote control” in a control center a hundred or more miles away to bring it up is 100% reliant on that wide area networked communications. However in less than a few hours those networked communications will fail as minimal backup fails without mains power.

Thus you get a “cascade fail” into a “latched down” condition and way way to few people to go out and unlatch it all manually, if they can.

A lesson some people in war torn areas are currently discovering.

Oh and remember some primary systems such as nuclear power have issues such as liquid sodium cooling… When that solidifies due to heat loss then the way back is not at all clear is possible. Likewise oil pipelines if they cool then the heavy becomes near road tar. The only reason Texas did not get into a full latch down a little while back is that “Green Power” that generates power when the sun shines or the wind blows or waves go up and down. No it’s not 100% reliable, but it’s also not 100% dead in the water come a hickup in the system.