Entries Tagged "academic papers"

Page 62 of 86

Changing Surveillance Techniques for Changed Communications Technologies

New paper by Peter P. Swire—”From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud”:

Abstract: This paper explains how changing technology, especially the rising adoption of encryption, is shifting law enforcement and national security lawful access to far greater emphasis on stored records, notably records stored in the cloud. The major and growing reliance on surveillance access to stored records results from the following changes:

(1) Encryption. Adoption of strong encryption is becoming much more common for data and voice communications, via virtual private networks, encrypted webmail, SSL web sessions, and encrypted Voice over IP voice communications.

(2) Declining effectiveness of traditional wiretaps. Traditional wiretap techniques at the ISP or local telephone network increasingly encounter these encrypted communications, blocking the effectiveness of the traditional techniques.

(3) New importance of the cloud. Government access to communications thus increasingly relies on a new and limited set of methods, notably featuring access to stored records in the cloud.

(4) The “haves” and “have-nots.” The first three changes create a new division between the “haves” and “have-nots” when it comes to government access to communications. The “have-nots” become increasingly dependent, for access to communications, on cooperation from the “have” jurisdictions.

Part 1 of the paper describes the changing technology of wiretaps and government access. Part 2 documents the growing adoption of strong encryption in a wide and growing range of settings of interest to government agencies. Part 3 explains how these technological trends create a major shift from real-time intercepts to stored records, especially in the cloud.

Posted on June 11, 2012 at 6:36 AMView Comments

Backdoor Found (Maybe) in Chinese-Made Military Silicon Chips

We all knew this was possible, but researchers have found the exploit in the wild:

Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.

Here’s the draft paper:

Abstract. This paper is a short summary of the first real world detection of a backdoor in a military grade FPGA. Using an innovative patented technique we were able to detect and analyse in the first documented case of its kind, a backdoor inserted into the Actel/Microsemi ProASIC3 chips. The backdoor was found to exist on the silicon itself, it was not present in any firmware loaded onto the chip. Using Pipeline Emission Analysis (PEA), a technique pioneered by our sponsor, we were able to extract the secret key to activate the backdoor. This way an attacker can disable all the security on the chip, reprogram crypto and access keys, modify low-level silicon features, access unencrypted configuration bitstream or permanently damage the device. Clearly this means the device is wide open to intellectual property theft, fraud, re-programming as well as reverse engineering of the design which allows the introduction of a new backdoor or Trojan. Most concerning, it is not possible to patch the backdoor in chips already deployed, meaning those using this family of chips have to accept the fact it can be easily compromised or it will have to be physically replaced after a redesign of the silicon itself.

The chip in question was designed in the U.S. by a U.S. company, but manufactured in China. News stories. Comment threads.

One researcher maintains that this is not malicious:

Backdoors are a common problem in software. About 20% of home routers have a backdoor in them, and 50% of industrial control computers have a backdoor. The cause of these backdoors isn’t malicious, but a byproduct of software complexity. Systems need to be debugged before being shipped to customers. Therefore, the software contains debuggers. Often, programmers forget to disable the debugger backdoors before shipping. This problem is notoriously bad for all embedded operating systems (VxWorks, QNX, WinCE, etc.).

[…]

It could just be part of the original JTAG building-block. Actel didn’t design their own, but instead purchased the JTAG design and placed it on their chips. They are not aware of precisely all the functionality in that JTAG block, or how it might interact with the rest of the system.

But I’m betting that Microsemi/Actel know about the functionality, but thought of it as a debug feature, rather than a backdoor.

It’s remotely possible that the Chinese manufacturer added the functionality, but highly improbable. It’s prohibitively difficult to change a chip design to add functionality of this complexity. On the other hand, it’s easy for a manufacturer to flip bits. Consider that the functionality is part of the design, but that Actel intended to disable it by flipping a bit turning it off. A manufacturer could easily flip a bit and turn it back on again. In other words, it’s extraordinarily difficult to add complex new functionality, but they may get lucky and be able to make small tweaks to accomplish their goals.

EDITED TO ADD (5/29): Two more articles.

EDITED TO ADD (6/8): Three more articles.

EDITED TO ADD (6/10): A response from the chip manufacturer.

The researchers assertion is that with the discovery of a security key, a hacker can gain access to a privileged internal test facility typically reserved for initial factory testing and failure analysis. Microsemi verifies that the internal test facility is disabled for all shipped devices. The internal test mode can only be entered in a customer-programmed device when the customer supplies their passcode, thus preventing unauthorized access by Microsemi or anyone else. In addition, Microsemi’s customers who are concerned about the possibility of a hacker using DPA have the ability to program their FPGAs with its highest level of security settings. This security setting will disable the use of any type of passcode to gain access to all device configuration, including the internal test facility.

A response from the researchers.

In order to gain access to the backdoor and other features a special key is required. This key has very robust DPA protection, in fact, one of the best silicon-level protections we have ever encountered. With our breakthrough PEA technique we extracted the key in one day and we found that the key is the same in all ProASIC3, Igloo, Fusion and SmartFusion FPGAs. Customers have an option to program their chosen passcode to increase the security; however, Actel/Microsemi does not tell its customers that a special fuse must be programmed in order to get the backdoor protected with both the passcode and backdoor keys. At the same time, the passcode key can be extracted with our PEA technique which is public and covered in our patent so everyone can independently verify our claims. That means that given physical access to the device an attacker can extract all the embedded IP within hours.

There is an option for the highest level of security settings – Permanent Lock. However, if the AES reprogramming option is left it still exposes the device to IP stealing. If not, the Permanent Lock itself is vulnerable to fault attacks and can be disabled opening up the path to the backdoor access as before, but without the need for any passcode.

Posted on May 29, 2012 at 2:07 PMView Comments

Privacy Concerns Around "Social Reading"

Interesting paper: “The Perils of Social Reading,” by Neil M. Richards, from the Georgetown Law Journal.

Abstract: Our law currently treats records of our reading habits under two contradictory rules ­ rules mandating confidentiality, and rules permitting disclosure. Recently, the rise of the social Internet has created more of these records and more pressures on when and how they should be shared. Companies like Facebook, in collaboration with many newspapers, have ushered in the era of “social reading,” in which what we read may be “frictionlessly shared” with our friends and acquaintances. Disclosure and sharing are on the rise.

This Article sounds a cautionary note about social reading and frictionless sharing. Social reading can be good, but the ways in which we set up the defaults for sharing matter a great deal. Our reader records implicate our intellectual privacy ­ the protection of reading from surveillance and interference so that we can read freely, widely, and without inhibition. I argue that the choices we make about how to share have real consequences, and that “frictionless sharing” is not frictionless, nor it is really sharing. Although sharing is important, the sharing of our reading habits is special. Such sharing should be conscious and only occur after meaningful notice.

The stakes in this debate are immense. We are quite literally rewiring the public and private spheres for a new century. Choices we make now about the boundaries between our individual and social selves, between consumers and companies, between citizens and the state, will have unforeseeable ramifications for the societies our children and grandchildren inherit. We should make choices that preserve our intellectual privacy, not destroy it. This Article suggests practical ways to do just that.

Posted on May 23, 2012 at 7:25 AMView Comments

Alan Turing Cryptanalysis Papers

GCHQ, the UK government’s communications headquarters, has released two new—well, 70 years old, but new to us—cryptanalysis documents by Alan Turing.

The papers, one entitled The Applications of Probability to Crypt, and the other entitled Paper on the Statistics of Repetitions, discuss mathematical approaches to code breaking.

[…]

According to the GCHQ mathematician, who identified himself only as Richard, the papers detailed using “mathematical analysis to try and determine which are the more likely settings so that they can be tried as quickly as possible.”

The papers don’t seem to be online yet, but here’s their National Archives data.

EDITED TO ADD (5/12): The papers are available for download at GBP 3.50 each.

Posted on April 23, 2012 at 6:18 AMView Comments

Outliers in Intelligence Analysis

From the CIA journal Studies in Intelligence: “Capturing the Potential of Outlier Ideas in the Intelligence Community.”

In war you will generally find that the enemy has at any time three courses of action open to him. Of those three, he will invariably choose the fourth.

—Helmuth Von Moltke

With that quip, Von Moltke may have launched a spirited debate within his intelligence staff. The modern version of the debate can be said to exist in the cottage industry that has been built on the examination and explanation of intelligence failures, surprises, omissions, and shortcomings. The contributions of notable scholars to the discussion span multiple analytic generations, and each expresses points with equal measures of regret, fervor, and hope. Their diagnoses and their prescriptions are sadly similar, however, suggesting that the lessons of the past are lost on each succeeding generation of analysts and managers or that the processes and culture of intelligence analysis are incapable of evolution. It is with the same regret, fervor, and hope that we offer our own observations on avoiding intelligence omissions and surprise. Our intent is to explore the ingrained bias against outliers, the potential utility of outliers, and strategies for deliberately considering them.

Posted on April 17, 2012 at 6:15 AMView Comments

How Information Warfare Changes Warfare

Really interesting paper on the moral and ethical implications of cyberwar, and the use of information technology in war (drones, for example):

Information Warfare: A Philosophical Perspective,” by Mariarosaria Taddeo, Philosophy and Technology, 2012.

Abstract: This paper focuses on Information Warfare—the warfare characterised by the use of information and communication technologies. This is a fast growing phenomenon, which poses a number of issues ranging from the military use of such technologies to its political and ethical implications. The paper presents a conceptual analysis of this phenomenon with the goal of investigating its nature. Such an analysis is deemed to be necessary in order to lay the groundwork for future investigations into this topic, addressing the ethical problems engendered by this kind of warfare. The conceptual analysis is developed in three parts. First, it delineates the relation between Information Warfare and the Information revolution. It then focuses attention on the effects that the diffusion of this phenomenon has on the concepts of war. On the basis of this analysis, a definition of Information Warfare is provided as a phenomenon not necessarily sanguinary and violent, and rather transversal concerning the environment in which it is waged, the way it is waged and the ontological and social status of its agents. The paper concludes by taking into consideration the Just War Theory and the problems arising from its application to the case of Information Warfare.

Here’s an interview with the author.

Posted on April 16, 2012 at 5:55 AMView Comments

The Effects of Data Breach Litigation

Empirical Analysis of Data Breach Litigation,” Sasha Romanosky, David Hoffman, and Alessandro Acquisti:

Abstract: In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique database of manually-collected lawsuits from PACER, we analyze the court dockets of over 230 federal data breach lawsuits from 2000 to 2010. We use binary outcome regressions to investigate two research questions: Which data breaches are being litigated in federal court? Which data breach lawsuits are settling? Our results suggest that the odds of a firm being sued in federal court are 3.5 times greater when individuals suffer financial harm, but over 6 times lower when the firm provides free credit monitoring following the breach. We also find that defendants settle 30% more often when plaintiffs allege financial loss from a data breach, or when faced with a certified class action suit. While the compromise of financial information appears to lead to more federal litigation, it does not seem to increase a plaintiff’s chance of a settlement. Instead, compromise of medical information is more strongly correlated with settlement.

The full paper is available by using the one-click download button.

Posted on March 27, 2012 at 6:46 AMView Comments

On Cyberwar Hype

Good article by Thomas Rid on the hype surrounding cyberwar. It’s well worth reading.

And in a more academic paper, published in the RUSI Journal, Thomas Rid and Peter McBurney argue that cyber-weapons aren’t all that destructive and that we’ve been misled by some bad metaphors.

Some fundamental questions on the use of force in cyberspace are still unanswered. Worse, they are still unexplored: What are cyber ‘weapons’ in the first place? How is weaponised code different from physical weaponry? What are the differences between various cyber-attack tools? And do the same dynamics and norms that govern the use of weapons on the conventional battlefield apply in cyberspace?

Cyber-weapons span a wide spectrum. That spectrum, we argue, reaches from generic but low-potential tools to specific but high-potential weaponry. To illustrate this polarity, we use a didactically helpful comparison. Low-potential ‘cyber-weapons’ resemble paintball guns: they may be mistaken for real weapons, are easily and commercially available, used by many to ‘play,’ and getting hit is highly visible—but at closer inspection these ‘weapons’ will lose some of their threatening character. High-potential cyber-weapons could be compared with sophisticated fire-and-forget weapon systems such as modern anti-radiation missiles: they require specific target intelligence that is programmed into the weapon system itself, major investments for R&D, significant lead-time, and they open up entirely new tactics but also novel limitations. This distinction brings into relief a two-pronged hypothesis that stands in stark contrast to some of the debate’s received wisdoms. Maximising the destructive potential of a cyber-weapon is likely to come with a double effect: it will significantly increase the resources, intelligence and time required to build and to deploy such weapons—and more destructive potential will significantly decrease the number of targets, the risk of collateral damage and the coercive utility of cyber-weapons.

And from the conclusion:

Two findings contravene the debate’s received wisdom. One insight concerns the dominance of the offence. Most weapons may be used defensively and offensively. But the information age, the argument goes since at least 1996, has ‘offence-dominant attributes.’ A 2011 Pentagon report on cyberspace again stressed ‘the advantage currently enjoyed by the offense in cyberwarfare.’ But when it comes to cyber-weapons, the offence has higher costs, a shorter shelf-life than the defence, and a very limited target set. All this drastically reduces the coercive utility of cyber-attacks. Any threat relies on the offender’s credibility to attack, or to repeat a successful attack. Even if a potent cyber-weapon could be launched successfully once, it would be highly questionable if an attack, or even a salvo, could be repeated in order to achieve a political goal. At closer inspection cyber-weapons do not seem to favour the offence.

A second insight concerns the risk of electronic arms markets. One concern is that sophisticated malicious actors could resort to asymmetric methods, such as employing the services of criminal groups, rousing patriotic hackers, and potentially redeploying generic elements of known attack tools. Worse, more complex malware is likely to be structured in a modular fashion. Modular design could open up new business models for malware developers. In the car industry, for instance, modularity translates into a possibility of a more sophisticated division of labour. Competitors can work simultaneously on different parts of a more complex system. Modules could be sold on underground markets. But if our analysis is correct, potential arms markets pose a more limited risk: the highly specific target information and programming design needed for potent weapons is unlikely to be traded generically. To go back to our imperfect analogy: paintball pistols will continue to be commercially available, but probably not pre-programmed warheads of smart missiles.

The use of this weapon analogy points to a larger and dangerous problem: the militarisation of cyber-security. William J Lynn, the Pentagon’s number two, responded to critics by pointing out that the Department of Defense would not ‘militarise’ cyberspace. ‘Indeed,’ Lynn wrote, ‘establishing robust cyberdefenses no more militarizes cyberspace than having a navy militarizes the ocean.’ Lynn may be right that the Pentagon is not militarising cyberspace—but his agency is unwittingly militarising the ideas and concepts to analyse security in cyberspace. We hope that this article, by focusing not on war but on weapons, will help bring into relief the narrow limits and the distractive quality of most martial analogies.

Here’s an article on the paper.

One final paper by Rid: “Cyber-War Will Not Take Place” (2012), Journal of Strategic Studies. I have not read it yet.

Posted on March 14, 2012 at 6:22 AMView Comments

The Security of Multi-Word Passphrases

Interesting research on the security of passphrases. From a blog post on the work:

We found about 8,000 phrases using a 20,000 phrase dictionary. Using a very rough estimate for the total number of phrases and some probability calculations, this produced an estimate that passphrase distribution provides only about 20 bits of security against an attacker trying to compromise 1% of available accounts. This is far better than passwords, which are usually under 10 bits by this same metric, but not high enough to make online guessing impractical without proper rate-limiting. Curiously, it’s close to estimates made using Kuo et al.’s published numbers on mnemonic phrases. It also shows that significant numbers of people will blatantly ignore security advice about choosing nonsense phrases and choose things like “Manchester United” or “Harry Potter.”

[…]

This led us to ask, if in the worst case users chose multi-word passphrases with a distribution identical to English speech, how secure would this be? Using the large Google n-gram corpus we can answer this question for phrases of up to 5 words. The results are discouraging: by our metrics, even 5-word phrases would be highly insecure against offline attacks, with fewer than 30 bits of work compromising over half of users. The returns appear to rapidly diminish as more words are required. This has potentially serious implications for applications like PGP private keys, which are often encrypted using a passphrase. Users are clearly more random in “passphrase English” than in actual English, but unless it’s dramatically more random the underlying natural language simply isn’t random enough.

Posted on March 13, 2012 at 6:22 AMView Comments

"1234" and Birthdays Are the Most Common PINs

Research paper: “A birthday present every eleven wallets? The security of customer-chosen banking PINs,” by Joseph Bonneau, Sören Preibusch, and Ross Anderson:

Abstract: We provide the first published estimates of the difficulty of guessing a human-chosen 4-digit PIN. We begin with two large sets of 4-digit sequences chosen outside banking for online passwords and smartphone unlock-codes. We use a regression model to identify a small number of dominant factors influencing user choice. Using this model and a survey of over 1,100 banking customers, we estimate the distribution of banking PINs as well as the frequency of security-relevant behaviour such as sharing and reusing PINs. We find that guessing PINs based on the victims’ birthday, which nearly all users carry documentation of, will enable a competent thief to gain use of an ATM card once for every 11-18 stolen wallets, depending on whether banks prohibit weak PINs such as 1234. The lesson for cardholders is to never use one’s date of birth as a PIN. The lesson for card-issuing banks is to implement a denied PIN list, which several large banks still fail to do. However, blacklists cannot effectively mitigate guessing given a known birth date, suggesting banks should move away from customer-chosen banking PINs in the long term.

Blog post.

EDITED TO ADD (2/22): News article

Posted on February 21, 2012 at 7:36 AMView Comments

1 60 61 62 63 64 86

Sidebar photo of Bruce Schneier by Joe MacInnis.