Entries Tagged "cryptography"

Page 48 of 51

Cryptographically-Secured Murder Confession

From the Associated Press:

Joseph Duncan III is a computer expert who bragged online, days before authorities believe he killed three people in Idaho, about a tell-all journal that would not be accessed for decades, authorities say.

Duncan, 42, a convicted sex offender, figured technology would catch up in 30 years, “and then the world will know who I really was, and what I really did, and what I really thought,” he wrote May 13.

Police seized Duncan’s computer equipment from his Fargo apartment last August, when they were looking for evidence in a Detroit Lakes, Minn., child molestation case.

At least one compact disc and a part of his hard drive were encrypted well enough that one of the region’s top computer forensic specialists could not access it, The Forum reported Monday.

This is the kind of story that the government likes to use to illustrate the dangers of encryption. How can we allow people to use strong encryption, they ask, if it means not being able to convict monsters like Duncan?

But how is this different than Duncan speaking the confession when no one was able to hear? Or writing it down and hiding it where no one could ever find it? Or not saying anything at all? If the police can’t convict him without this confession—which we only have his word for as existing—then maybe he’s innocent?

Technologies have good and bad uses. Encryption, telephones, cars: they’re all used by both honest citizens and by criminals. For almost all technologies, the good far outweighs the bad. Banning a technology because the bad guys use it, denying everyone else the beneficial uses of that technology, is almost always a bad security trade-off.

EDITED TO ADD: Looking at the details of the encryption, it’s certainly possible that the authorities will break the diary. It probably depends on how random a key Duncan chose, although possibly on whether or not there’s an implementation error in the cryptographic software. If I had more details, I could speculate further.

Posted on August 15, 2005 at 2:17 PMView Comments

U.S. Crypto Export Controls

Rules on exporting cryptography outside the United States have been renewed:

President Bush this week declared a national emergency based on an “extraordinary threat to the national security.”

This might sound like a code-red, call-out-the-national-guard, we-lost-a-suitcase-nuke type of alarm, but in reality it’s just a bureaucratic way of ensuring that the Feds can continue to control the export of things like computer hardware and encryption products.

And it happens every year or so.

If Bush didn’t sign that “national emergency” paperwork, then the Commerce Department’s Bureau of Industry and Security would lose some of its regulatory power. That’s because Congress never extended the Export Administration Act after it lapsed (it’s complicated).

President Clinton did the same thing. Here’s a longer version of his “national emergency” executive order from 1994.

As a side note, encryption export rules have been dramatically relaxed since the oppressive early days of Janet “Evil PCs” Reno, Al “Clipper Chip” Gore, and Louis “ban crypto” Freeh. But they still exist. Here’s a summary.

To be honest, I don’t know what the rules are these days. I think there is a blanket exemption for mass-market software products, but I’m not sure. I haven’t a clue what the hardware requirements are. But certainly something is working right; we’re seeing more strong encryption in more software—and not just encryption software.

Posted on August 5, 2005 at 7:17 AMView Comments

Plagiarism and Academia: Personal Experience

A paper published in the December 2004 issue of the SIGCSE Bulletin, “Cryptanalysis of some encryption/cipher schemes using related key attack,” by Khawaja Amer Hayat, Umar Waqar Anis, and S. Tauseef-ur-Rehman, is the same as a paper that John Kelsey, David Wagner, and I published in 1997.

It’s clearly plagiarism. Sentences have been reworded or summarized a bit and many typos have been introduced, but otherwise it’s the same paper. It’s copied, with the same section, paragraph, and sentence structure—right down to the same mathematical variable names. It has the same quirks in the way references are cited. And so on.

We wrote two papers on the topic; this is the second. They don’t list either of our papers in their bibliography. They do have a lurking reference to “[KSW96]” (the first of our two papers) in the body of their introduction and design principles, presumably copied from our text; but a full citation for “[KSW96]” isn’t in their bibliography. Perhaps they were worried that one of the referees would read the papers listed in their bibliography, and notice the plagiarism.

The three authors are from the International Islamic University in Islamabad, Pakistan. The third author, S. Tauseef-Ur-Rehman, is a department head (and faculty member) in the Telecommunications Engineering Department at this Pakistani institution. If you believe his story—which is probably correct—he had nothing to do with the research, but just appended his name to a paper by two of his students. (This is not unusual; it happens all the time in universities all over the world.) But that doesn’t get him off the hook. He’s still responsible for anything he puts his name on.

And we’re not the only ones. The same three authors plagiarized this paper by French cryptographer Serge Vaudenay and others.

I wrote to the editor of the SIGCSE Bulletin, who removed the paper from their website and demanded official letters of admission and apology. (The apologies are at the bottom of this page.) They said that they would ban them from submitting again, but have since backpedaled. Mark Mandelbaum, Director of the Office of Publications at ACM, now says that ACM has no policy on plagiarism and that nothing additional will be done. I’ve also written to Springer-Verlag, the publisher of my original paper.

I don’t blame the journals for letting these papers through. I’ve refereed papers, and it’s pretty much impossible to verify that a piece of research is original. We’re largely self-policing.

Mostly, the system works. These three have been found out, and should be fired and/or expelled. Certainly ACM should ban them from submitting anything, and I am very surprised at their claim that they have no policy with regards to plagiarism. Academic plagiarism is serious enough to warrant that level of response. I don’t know if the system works in Pakistan, though. I hope it does. These people knew the risks when they did it. And then they did it again.

If I sound angry, I’m not. I’m more amused. I’ve heard of researchers from developing countries resorting to plagiarism to pad their CVs, but I’m surprised see it happen to me. I mean, really; if they were going to do this, wouldn’t it have been smarter to pick a more obscure author?

And it’s nice to know that our work is still considered relevant eight years later.

EDITED TO ADD: Another paper, “Analysis of Real-time Transport Protocol Security,” by Junaid Aslam, Saad Rafique and S. Tauseef-ur-Rehman”, has been plagiarized from this original: Real-time Transport Protocol (RTP) security,” by Ville Hallivuori.

EDITED TO ADD: Ron Boisvert, the Co-Chair of the ACM Publications Board, has said this:

1. ACM has always been a champion for high ethical standards among computing professionals. Respecting intellectual property rights is certainly a part of this, as is clearly reflected in the ACM Code of Ethics.

2. ACM has always acted quickly and decisively to deal with allegations of plagarism related to its publications, and remains committed to doing so in the future.

3. In the past, such incidents of plagarism were rare. However, in recent years the number of such incidents has grown considerably. As a result, the ACM Publications Board has recently begun work to develop a more explicit policy on plagarism. In doing so we hope to lay out (a) what constitutes plagarism, as well as various levels of plagarism, (b) ACM procedures for handling allegations of plagarism, and (c) specific penalties which will be leveled against those found to have committed plagarism at each of the identified levels. When this new “policy” is in place, we hope to widely publicize it in order to draw increased attention to this growing problem.

EDITED TO ADD: There’s a news story with some new developments.

EDITED TO ADD: Over the past couple of weeks, I have been getting repeated e-mails from people, presumably faculty and administrators of the International Islamic University, to close comments in this blog entry. The justification usually given is that there is an official investigation underway so there’s no longer any reason for comments, or that Tauseef has been fired so there’s no longer any reason for comments, or that the comments are harmful to the reputation of the university or the country.

I have responded that I will not close comments on this blog entry. I have, and will continue to, delete posts that are incoherent or hostile (there have been examples of both).

Blog comments are anonymous. There is no way for me to verify the identity of posters, and I don’t. I have, and will continue to, remove any posts purporting to come from a person it does not come, but generally the only way I can figure that out is if the real person e-mails me and asks.

Otherwise, consider this a forum for anonymous free speech. The comments here are unvetted and unverified. They might be true, and they might be false. Readers are expected to understand that, and I believe for the most part they do.

In the United States, we have a saying that the antidote for bad speech is more speech. I invite anyone who disagrees with the comments on the page to post their own opinions.

Posted on August 1, 2005 at 6:07 AMView Comments

Seagate's Full Disk Encryption

Seagate has introduced a hard drive with full-disk encryption.

The 2.5-inch drive offers full encryption of all data directly on the drive through a software key that resides on a portion of the disk nobody but the user can access. Every piece of data that crosses the interface encrypted without any intervention by the user, said Brian Dexheimer, executive vice president for global sales and marketing at the Scotts Valley, Calif.-based company.

Here’s the press release, and here’s the product spec sheet. Ignore the “TDEA 192” nonsense. It’s a typo; the product uses triple-DES, and the follow-on product will use AES.

Posted on June 27, 2005 at 7:24 AMView Comments

SHA Cryptanalysis Paper Online

In February, I wrote about a group of Chinese researchers who broke the SHA-1 hash function. That posting was based on short notice from the researchers. Since then, many people have written me asking about the research and the actual paper, some questioning the validity of the research because of the lack of documentation.

The paper did exist; I saw a copy. They will present it at the Crypto conference in August. I believe they didn’t post it because Crypto requires that submitted papers not be previously published, and they misunderstood that to mean that it couldn’t be widely distributed in any way.

Now there’s a copy of the paper on the web. You can read “Finding Collisions in the Full SHA-1,” by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, here.

Posted on June 24, 2005 at 12:46 PMView Comments

Password Safe

Password Safe is a free Windows password-storage utility. These days, anyone who is on the Web regularly needs too many passwords, and it’s impossible to remember them all. I have long advocated writing them all down on a piece of paper and putting it in your wallet.

I designed Password Safe as another solution. It’s a small program that encrypts all of your passwords using one passphrase. The program is easy to use, and isn’t bogged down by lots of unnecessary features. Security through simplicity.

Password Safe 2.11 is now available.

Currently, Password Safe is an open source project at SourceForge, and is run by Rony Shapiro. Thank you to him and to all the other programmers who worked on the project.

Note that my Password Safe is not the same as this, this, this, or this PasswordSafe. (I should have picked a more obscure name for the program.)

It is the same as this, for the PocketPC.

Posted on June 15, 2005 at 1:35 PMView Comments

Attack on the Bluetooth Pairing Process

There’s a new cryptographic result against Bluetooth. Yaniv Shaked and Avishai Wool of Tel Aviv University in Israel have figured out how to recover the PIN by eavesdropping on the pairing process.

Pairing is an important part of Bluetooth. It’s how two devices—a phone and a headset, for example—associate themselves with one another. They generate a shared secret that they use for all future communication. Pairing is why, when on a crowded subway, your Bluetooth devices don’t link up with all the other Bluetooth devices carried by everyone else.

According to the Bluetooth specification, PINs can be 8-128 bits long. Unfortunately, most manufacturers have standardized on a four decimal-digit PIN. This attack can crack that 4-digit PIN in less than 0.3 sec on an old Pentium III 450MHz computer, and in 0.06 sec on a Pentium IV 3Ghz HT computer.

At first glance, this attack isn’t a big deal. It only works if you can eavesdrop on the pairing process. Pairing is something that occurs rarely, and generally in the safety of your home or office. But the authors have figured out how to force a pair of Bluetooth devices to repeat the pairing process, allowing them to eavesdrop on it. They pretend to be one of the two devices, and send a message to the other claiming to have forgotten the link key. This prompts the other device to discard the key, and the two then begin a new pairing session.

Taken together, this is an impressive result. I can’t be sure, but I believe it would allow an attacker to take control of someone’s Bluetooth devices. Certainly it allows an attacker to eavesdrop on someone’s Bluetooth network.

News story here.

Posted on June 3, 2005 at 10:19 AMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.