Crime-Facilitating Speech
Interesting law-review article on crime-facilitating speech.
Entries Tagged "academic papers"
Page 79 of 80
Snooping on Text by Listening to the Keyboard
Fascinating research out of Berkeley. Ed Felten has a good summary:
Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new paper showing that if you have an audio recording of somebody typing on an ordinary computer keyboard for fifteen minutes or so, you can figure out everything they typed. The idea is that different keys tend to make slightly different sounds, and although you don’t know in advance which keys make which sounds, you can use machine learning to figure that out, assuming that the person is mostly typing English text. (Presumably it would work for other languages too.)
Read the rest.
The paper is on the Web. Here’s the abstract:
We examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard, and then recovering up to 96% of typed characters. There is no need for a labeled training recording. Moreover the recognizer bootstrapped this way can even recognize random text such as passwords: In our experiments, 90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts. Our attack uses the statistical constraints of the underlying content, English language, to reconstruct text from sound recordings without any labeled training data. The attack uses a combination of standard machine learning and speech recognition techniques, including cepstrum features, Hidden Markov Models, linear classification, and feedback-based incremental learning.
Tamper-Evident Paper Mailings
We’ve all received them in the mail: envelopes from banks with PINs, access codes, or other secret information. The letters are somewhat tamper-proof, but mostly they’re designed to be tamper-evident: if someone opens the letter and reads the information, you’re going to know. The security devices include fully sealed packaging, and black inks that obscure the secret information if you hold the envelope up to the light.
Researchers from Cambridge University have been looking at the security inherent in these systems, and they’ve written a paper that outlines how to break them:
Abstract. Tamper-evident laser-printed PIN mailers are used by many institutions to issue PINs and other secrets to individuals in a secure manner. Such mailers are created by printing the PIN using a normal laser, but on to special stationery and using a special font. The background of the stationery disguises the PIN so that it cannot be read with the naked eye without tampering. We show that currently deployed PIN mailer technology (used by the major UK banks) is vulnerable to trivial attacks that reveal the PIN without tampering. We describe image processing attacks, where a colour difference between the toner and the stationary “masking pattern” is exploited. We also describe angled light attacks, where the reflective properties of the toner and stationery are exploited to allow the naked eye to separate the PIN from the backing pattern. All laser-printed mailers examined so far have been shown insecure.
According to a researcher website:
It should be noted that we sat on this report for about 9 months, and the various manufacturers all have new products which address to varying degrees the issues raised in the report.
BBC covered the story.
New Cryptanalytic Results Against SHA-1
Xiaoyun Wang, one of the team of Chinese cryptographers that successfully broke SHA-0 and SHA-1, along with Andrew Yao and Frances Yao, announced new results against SHA-1 yesterday at Crypto’s rump session. (Actually, Adi Shamir announced the results in their name, since she and her student did not receive U.S. visas in time to attend the conference.)
Shamir presented few details—and there’s no paper—but the time complexity of the new attack is 263. (Their previous result was 269; brute force is 280.) He did say that he expected Wang and her students to improve this result over the next few months. The modifications to their published attack are still new, and more improvements are likely over the next several months. There is no reason to believe that 263 is anything like a lower limit.
But an attack that’s faster than 264 is a significant milestone. We’ve already done massive computations with complexity 264. Now that the SHA-1 collision search is squarely in the realm of feasibility, some research group will try to implement it. Writing working software will both uncover hidden problems with the attack, and illuminate hidden improvements. And while a paper describing an attack against SHA-1 is damaging, software that produces actual collisions is even more so.
The story of SHA-1 is not over. Again, I repeat the saying I’ve heard comes from inside the NSA: “Attacks always get better; they never get worse.”
Meanwhile, NIST is holding a workshop in late October to discuss what the security community should do now. The NIST Hash Function Workshop should be interesting, indeed. (Here is one paper that examines the effect of these attacks on S/MIME, TLS, and IPsec.)
EDITED TO ADD: Here are Xiaoyun Wang’s two papers from Crypto this week: “Efficient Collision Search Attacks on SHA-0” and “Finding Collisions in the Full SHA-1Collision Search Attacks on SHA1.” And here are the rest of her papers.
Plagiarism and Academia: Personal Experience
A paper published in the December 2004 issue of the SIGCSE Bulletin, “Cryptanalysis of some encryption/cipher schemes using related key attack,” by Khawaja Amer Hayat, Umar Waqar Anis, and S. Tauseef-ur-Rehman, is the same as a paper that John Kelsey, David Wagner, and I published in 1997.
It’s clearly plagiarism. Sentences have been reworded or summarized a bit and many typos have been introduced, but otherwise it’s the same paper. It’s copied, with the same section, paragraph, and sentence structure—right down to the same mathematical variable names. It has the same quirks in the way references are cited. And so on.
We wrote two papers on the topic; this is the second. They don’t list either of our papers in their bibliography. They do have a lurking reference to “[KSW96]” (the first of our two papers) in the body of their introduction and design principles, presumably copied from our text; but a full citation for “[KSW96]” isn’t in their bibliography. Perhaps they were worried that one of the referees would read the papers listed in their bibliography, and notice the plagiarism.
The three authors are from the International Islamic University in Islamabad, Pakistan. The third author, S. Tauseef-Ur-Rehman, is a department head (and faculty member) in the Telecommunications Engineering Department at this Pakistani institution. If you believe his story—which is probably correct—he had nothing to do with the research, but just appended his name to a paper by two of his students. (This is not unusual; it happens all the time in universities all over the world.) But that doesn’t get him off the hook. He’s still responsible for anything he puts his name on.
And we’re not the only ones. The same three authors plagiarized this paper by French cryptographer Serge Vaudenay and others.
I wrote to the editor of the SIGCSE Bulletin, who removed the paper from their website and demanded official letters of admission and apology. (The apologies are at the bottom of this page.) They said that they would ban them from submitting again, but have since backpedaled. Mark Mandelbaum, Director of the Office of Publications at ACM, now says that ACM has no policy on plagiarism and that nothing additional will be done. I’ve also written to Springer-Verlag, the publisher of my original paper.
I don’t blame the journals for letting these papers through. I’ve refereed papers, and it’s pretty much impossible to verify that a piece of research is original. We’re largely self-policing.
Mostly, the system works. These three have been found out, and should be fired and/or expelled. Certainly ACM should ban them from submitting anything, and I am very surprised at their claim that they have no policy with regards to plagiarism. Academic plagiarism is serious enough to warrant that level of response. I don’t know if the system works in Pakistan, though. I hope it does. These people knew the risks when they did it. And then they did it again.
If I sound angry, I’m not. I’m more amused. I’ve heard of researchers from developing countries resorting to plagiarism to pad their CVs, but I’m surprised see it happen to me. I mean, really; if they were going to do this, wouldn’t it have been smarter to pick a more obscure author?
And it’s nice to know that our work is still considered relevant eight years later.
EDITED TO ADD: Another paper, “Analysis of Real-time Transport Protocol Security,” by Junaid Aslam, Saad Rafique and S. Tauseef-ur-Rehman”, has been plagiarized from this original: Real-time Transport Protocol (RTP) security,” by Ville Hallivuori.
EDITED TO ADD: Ron Boisvert, the Co-Chair of the ACM Publications Board, has said this:
1. ACM has always been a champion for high ethical standards among computing professionals. Respecting intellectual property rights is certainly a part of this, as is clearly reflected in the ACM Code of Ethics.
2. ACM has always acted quickly and decisively to deal with allegations of plagarism related to its publications, and remains committed to doing so in the future.
3. In the past, such incidents of plagarism were rare. However, in recent years the number of such incidents has grown considerably. As a result, the ACM Publications Board has recently begun work to develop a more explicit policy on plagarism. In doing so we hope to lay out (a) what constitutes plagarism, as well as various levels of plagarism, (b) ACM procedures for handling allegations of plagarism, and (c) specific penalties which will be leveled against those found to have committed plagarism at each of the identified levels. When this new “policy” is in place, we hope to widely publicize it in order to draw increased attention to this growing problem.
EDITED TO ADD: There’s a news story with some new developments.
EDITED TO ADD: Over the past couple of weeks, I have been getting repeated e-mails from people, presumably faculty and administrators of the International Islamic University, to close comments in this blog entry. The justification usually given is that there is an official investigation underway so there’s no longer any reason for comments, or that Tauseef has been fired so there’s no longer any reason for comments, or that the comments are harmful to the reputation of the university or the country.
I have responded that I will not close comments on this blog entry. I have, and will continue to, delete posts that are incoherent or hostile (there have been examples of both).
Blog comments are anonymous. There is no way for me to verify the identity of posters, and I don’t. I have, and will continue to, remove any posts purporting to come from a person it does not come, but generally the only way I can figure that out is if the real person e-mails me and asks.
Otherwise, consider this a forum for anonymous free speech. The comments here are unvetted and unverified. They might be true, and they might be false. Readers are expected to understand that, and I believe for the most part they do.
In the United States, we have a saying that the antidote for bad speech is more speech. I invite anyone who disagrees with the comments on the page to post their own opinions.
SHA Cryptanalysis Paper Online
In February, I wrote about a group of Chinese researchers who broke the SHA-1 hash function. That posting was based on short notice from the researchers. Since then, many people have written me asking about the research and the actual paper, some questioning the validity of the research because of the lack of documentation.
The paper did exist; I saw a copy. They will present it at the Crypto conference in August. I believe they didn’t post it because Crypto requires that submitted papers not be previously published, and they misunderstood that to mean that it couldn’t be widely distributed in any way.
Now there’s a copy of the paper on the web. You can read “Finding Collisions in the Full SHA-1,” by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, here.
Defining "Access" in Cyberspace
I’ve been reading a lot of law journal articles. It’s interesting to read legal analyses of some of the computer security problems I’ve been wrestling with.
This is a fascinating paper on the concepts of “access” and “authorized access” in cyberspace. The abstract:
In the last twenty-five years, the federal government and all fifty states have enacted new criminal laws that prohibit unauthorized access to computers. These new laws attempt to draw a line between criminality and free conduct in cyberspace. No one knows what it means to access a computer, however, nor when access becomes unauthorized. The few courts that have construed these terms have offered divergent interpretations, and no scholars have yet addressed the problem. Recent decisions interpreting the federal statute in civil cases suggest that any breach of contract with a computer owner renders use of that computer an unauthorized access. If applied to criminal cases, this approach would broadly criminalize contract law on the Internet, potentially making millions of Americans criminals for the way they write e-mail and surf the Web.
This Article presents a comprehensive inquiry into the meaning of unauthorized access statutes. It begins by explaining why legislatures enacted unauthorized access statutes, and why early beliefs that such statutes solved the problem of computer misuse have proved remarkably naïve. Next, the Article explains how the courts have construed these statutes in an overly broad way that threatens to criminalize a surprising range of innocuous conduct involving computers. In the final section, the Article offers a normative proposal for interpreting access and authorization. This section argues that courts should reject a contract theory of authorization, and should narrow the scope of unauthorized access statutes to circumvention of code-based restrictions on computer privileges. The section justifies this proposal on several grounds. First, the proposal will best mediate the line between securing privacy and protecting the liberty of Internet users. Second, the proposal mirrors criminal law’s traditional treatment of crimes that contain a consent element. Third, the proposed approach is consistent with the basic theories of punishment. Fourth, the proposed interpretation avoids possible constitutional difficulties that may arise under the broader constructions that courts recently have favored.
It’s a long paper, but I recommend reading it if you’re interested in the legal concepts.
Wi-Fi Liabilities
Interesting law review article:
Suppose you turn on your laptop while sitting at the kitchen table at home and respond OK to a prompt about accessing a nearby wireless Internet access point owned and operated by a neighbor. What potential liability may ensue from accessing someone else’s wireless access point? How about intercepting wireless connection signals? What about setting up an open or unsecured wireless access point in your house or business? Attorneys can expect to grapple with these issues and other related questions as the popularity of wireless technology continues to increase.
This paper explores several theories of liability involving both the accessing and operating of wireless Internet, including the Computer Fraud and Abuse Act, wiretap laws, as well as trespass to chattels and other areas of common law. The paper concludes with a brief discussion of key policy considerations.
A Taxonomy of Privacy
Interesting law review paper by Daniel Solove. Here’s the abstract:
Privacy is a concept in disarray. Nobody can articulate what it means. As one commentator has observed, privacy suffers from “an embarrassment of meanings.” Privacy is far too vague a concept to guide adjudication and lawmaking, as abstract incantations of the importance of “privacy” do not fare well when pitted against more concretely-stated countervailing interests.
In 1960, the famous torts scholar William Prosser attempted to make sense of the landscape of privacy law by identifying four different interests. But Prosser focused only on tort law, and the law of information privacy is significantly more vast and complex, extending to Fourth Amendment law, the constitutional right to information privacy, evidentiary privileges, dozens of federal privacy statutes, and hundreds of state statutes. Moreover, Prosser wrote over 40 years ago, and new technologies have given rise to a panoply of new privacy harms.
A new taxonomy to understand privacy violations is thus sorely needed. This article develops a taxonomy to identify privacy problems in a comprehensive and concrete manner. It endeavors to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law.
The paper is a follow-on to his previous paper, “Conceptualizing Privacy.”
Analysis of Electronic Passport Security
These comments on the security of electronic passports are an excellent primer on the dangers of the technology. Definitely read Attachment 1: “Security and Privacy Issues in E-Passports,” a more technical paper by Ari Juels, David Molnar, and David Wagner.
Sidebar photo of Bruce Schneier by Joe MacInnis.