Entries Tagged "encryption"

Page 37 of 56

Full-Disk Encryption Works

According to researchers, full-disk encryption is hampering police forensics.

The authors of the report suggest there are some things law enforcement can do, but they all must happen prior to a drive being buttoned up by encryption. Specifically, they say that law enforcement should stop turning computers off to bring them to another location for study, doing so only causes the need for a password to be entered to read the encrypted data. Also, in some cases, doing so causes the data to be automatically destroyed. Fortunately, there are some tools forensics experts can use to gather data if it sits untouched, such as copying everything in memory to a separate disk. The team also suggests that law enforcement look first to see if the drive has been encrypted before scanning it with their own software, as doing so will likely result in a lot of wasted time.

Paper, behind a paywall.

Posted on December 1, 2011 at 1:44 PMView Comments

Twofish Mentioned in Thriller Novel

I’ve been told that the Twofish encryption algorithm is mentioned in the book Abuse of Power, in the first paragraph of Chapter 3. Did the terrorists use it? Did our hero break it? I am unlikely to read it; can someone scan the page for me.

EDITED TO ADD (10/25): Google Books has it:

The line was picked up after three rings. The cell phones were encrypted using a Twofish algorithm and a 4096-bit Diffie-Hellman key exchange.

No one would be listening in.

Posted on October 25, 2011 at 12:58 PMView Comments

Official Malware from the German Police

The Chaos Computer Club has disassembled and analyzed the Trojan used by the German police for legal intercept. In its default mode, it takes regular screenshots of the active window and sends it to the police. It encrypts data in AES Electronic Codebook mode with—are you ready?—a fixed key across all versions. There’s no authentication built in, so it’s easy to spoof. It sends data to a command-and-control server in the U.S., which is almost certainly against German law. There’s code to allow the controller to install additional software onto the target machine, but that’s not authenticated either, so it would be easy to fool the Trojan into installing anything.

Detailed analysis in German. F-Secure has announced it will treat the Trojan as malware. I hope all the other anti-virus companies will do the same.

EDITED TO ADD (10/12): Another story. And some good information on the malware. Germany’s Justice Minister is calling for an investigation.

Posted on October 13, 2011 at 6:03 AMView Comments

Identifying Speakers in Encrypted Voice Communication

I’ve already written how it is possible to detect words and phrases in encrypted VoIP calls. Turns out it’s possible to detect speakers as well:

Abstract: Most of the voice over IP (VoIP) traffic is encrypted prior to its transmission over the Internet. This makes the identity tracing of perpetrators during forensic investigations a challenging task since conventional speaker recognition techniques are limited to unencrypted speech communications. In this paper, we propose techniques for speaker identification and verification from encrypted VoIP conversations. Our experimental results show that the proposed techniques can correctly identify the actual speaker for 70-75% of the time among a group of 10 potential suspects. We also achieve more than 10 fold improvement over random guessing in identifying a perpetrator in a group of 20 potential suspects. An equal error rate of 17% in case of speaker verification on the CSLU speaker recognition corpus is achieved.

Posted on September 16, 2011 at 12:31 PMView Comments

New Attack on AES

Biclique Cryptanalysis of the Full AES,” by Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger.

Abstract. Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key variant or upon 8-round attacks on the 192/256-bit key variants has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. In this paper we present a novel technique of block cipher cryptanalysis with bicliques, which leads to the following results:

  • The first key recovery attack on the full AES-128 with computational complexity 2126.1.
  • The first key recovery attack on the full AES-192 with computational complexity 2189.7.
  • The first key recovery attack on the full AES-256 with computational complexity 2254.4.
  • Attacks with lower complexity on the reduced-round versions of AES not considered before, including an attack on 8-round AES-128 with complexity 2124.9.
  • Preimage attacks on compression functions based on the full AES versions.

In contrast to most shortcut attacks on AES variants, we do not need to assume related-keys. Most of our attacks only need a very small part of the codebook and have small memory requirements, and are practically verified to a large extent. As our attacks are of high computational complexity, they do not threaten the practical use of AES in any way.

This is what I wrote about AES in 2009. I still agree with my advice:

Cryptography is all about safety margins. If you can break n round of a cipher, you design it with 2n or 3n rounds. What we’re learning is that the safety margin of AES is much less than previously believed. And while there is no reason to scrap AES in favor of another algorithm, NST should increase the number of rounds of all three AES variants. At this point, I suggest AES-128 at 16 rounds, AES-192 at 20 rounds, and AES-256 at 28 rounds. Or maybe even more; we don’t want to be revising the standard again and again.

And for new applications I suggest that people don’t use AES-256. AES-128 provides more than enough security margin for the forseeable future. But if you’re already using AES-256, there’s no reason to change.

The advice about AES-256 was because of a 2009 attack, not this result.

Again, I repeat the saying I’ve heard came from inside the NSA: “Attacks always get better; they never get worse.”

Posted on August 18, 2011 at 6:12 AMView Comments

Security Flaws in Encrypted Police Radios

Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System,” by Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze.

Abstract: APCO Project 25a (“P25”) is a suite of wireless communications protocols used in the US and elsewhere for public safety two-way (voice) radio systems. The protocols include security options in which voice and data traffic can be cryptographically protected from eavesdropping. This paper analyzes the security of P25 systems against both passive and active adversaries. We found a number of protocol, implementation, and user interface weaknesses that routinely leak information to a passive eavesdropper or that permit highly efficient and difficult to detect active attacks. We introduce new selective subframe jamming attacks against P25, in which an active attacker with very modest resources can prevent specific kinds of traffic (such as encrypted messages) from being received, while emitting only a small fraction of the aggregate power of the legitimate transmitter. We also found that even the passive attacks represent a serious practical threat. In a study we conducted over a two year period in several US metropolitan areas, we found that a significant fraction of the “encrypted” P25 tactical radio traffic sent by federal law enforcement surveillance operatives is actually sent in the clear, in spite of their users’ belief that they are encrypted, and often reveals such sensitive data as the such sensitive data as the names of informants in criminal investigations.

I’ve heard Matt talk about this project several times. It’s great work, and a fascinating insight into the usability problems of encryption in the real world.

News article.

Posted on August 11, 2011 at 6:19 AMView Comments

GPRS Hacked

Just announced:

Nohl’s group found a number of problems with GPRS. First, he says, lax authentication rules could allow an attacker to set up a fake cellular base station and eavesdrop on information transmitted by users passing by. In some countries, they found that GPRS communications weren’t encrypted at all. When they were encrypted, Nohl adds, the ciphers were often weak and could be either broken or decoded with relatively short keys that were easy to guess.

The group generated an optimized set of codes that an attacker could quickly use to find the key protecting a given communication. The attack the researchers designed against GPRS costs about 10 euros for radio equipment, Nohl says.

More articles.

Posted on August 10, 2011 at 4:11 PMView Comments

Zodiac Cipher Cracked

I admit I don’t pay much attention to pencil-and-paper ciphers, so I knew nothing about the Zodiac cipher. Seems it has finally been broken:

The Zodiac Killer was a serial killer who preyed on couples in Northern California in the years between 1968 and 1970. Of his seven confirmed victims, five died. More victims and attacks are suspected.

The killer sent four messages to newspapers in California’s Bay Area, only one of which has ever been decrypted. This first message ­ split into three parts ­ claimed Zodiac wanted to kill victims so that they would become his slaves in the afterlife.

The 408-symbol cryptogram was cracked by Donald and Bettye Harden of Salinas, California.

Code and solution—with photos—here.

EDITED TO ADD (8/5): Solution seems to be a hoax.

Posted on August 5, 2011 at 12:25 PMView Comments

1 35 36 37 38 39 56

Sidebar photo of Bruce Schneier by Joe MacInnis.