Interesting development in forensic analysis:
Comparing the unique pattern of the frequencies on an audio recording with a database that has been logging these changes for 24 hours a day, 365 days a year provides a digital watermark: a date and time stamp on the recording.
Philip Harrison, from JP French Associates, another forensic audio laboratory that has been logging the hum for several years, says: “Even if [the hum] is picked up at a very low level that you cannot hear, we can extract this information.”
It is a technique known as Electric Network Frequency (ENF) analysis, and it is helping forensic scientists to separate genuine, unedited recordings from those that have been tampered with.
Dr Harrison said: “We can extract [the hum] and compare it with the database – if it is a continuous recording, it will all match up nicely.
“If we’ve got some breaks in the recording, if it’s been stopped and started, the profiles won’t match or there will be a section missing. Or if it has come from two different recordings looking as if it is one, we’ll have two different profiles within that one recording.”
Posted on December 12, 2012 at 12:59 PM •
Related to this blog post from Wednesday, here’s a paper that looks at security seals on voting machines.
Andrew W. Appel, “Security Seals on Voting Machines: A Case Study,” ACM Transactions on Information and System Security, 14 (2011): 1–29.
Abstract: Tamper-evident seals are used by many states’ election officials on voting machines and ballot boxes, either to protect the computer and software from fraudulent modification or to protect paper ballots from fraudulent substitution or stuffing. Physical tamper-indicating seals can usually be easily defeated, given they way they are typically made and used; and the effectiveness of seals depends on the protocol for their application and inspection. The legitimacy of our elections may therefore depend on whether a particular state’s use of seals is effective to prevent, deter, or detect election fraud. This paper is a case study of the use of seals on voting machines by the State of New Jersey. I conclude that New Jersey;s protocols for the use of tamper-evident seals have been not at all effective. I conclude with a discussion of the more general problem of seals in democratic elections.
Posted on October 7, 2011 at 1:11 PM •
At the Black Hat conference lasts week, Jamie Schwettmann and Eric Michaud presented some great research on hacking tamper-evident seals.
Jamie Schwettmann and Eric Michaud of i11 Industries went through a long list of tamper evident devices at the conference here and explained, step-by-step, how each seal can be circumvented with common items, such as various solvents, hypodermic needles, razors, blow driers, and in more difficult cases with the help of tools such as drills.
Tamper-evident devices may be as old as civilization, and today are used in everyday products such as aspirin containers’ paper seals. The more difficult devices may be bolt locks designed to secure shipping containers, or polycarbonate locks designed to shatter if cut.
But they all share something in common: They can be removed and the anti-tampering device reassembled.
Here’s their paper, and here are the slides from their presentation. (These two direct download links from GoogleDocs also work.) There was more information in the presentation than in either the paper or the PowerPoint slides. If the video ever gets online, I’ll link to it in this post.
Posted on January 24, 2011 at 1:20 PM •
The problem lies in the way that ASP.NET, Microsoft’s popular Web framework, implements the AES encryption algorithm to protect the integrity of the cookies these applications generate to store information during user sessions. A common mistake is to assume that encryption protects the cookies from tampering so that if any data in the cookie is modified, the cookie will not decrypt correctly. However, there are a lot of ways to make mistakes in crypto implementations, and when crypto breaks, it usually breaks badly.
“We knew ASP.NET was vulnerable to our attack several months ago, but we didn’t know how serious it is until a couple of weeks ago. It turns out that the vulnerability in ASP.NET is the most critical amongst other frameworks. In short, it totally destroys ASP.NET security,” said Thai Duong, who along with Juliano Rizzo, developed the attack against ASP.NET.
Here’s a demo of the attack, and the Microsoft Security Advisory. More articles. The theory behind this attack is here.
EDITED TO ADD (9/27): Three blog posts from Scott Guthrie.
EDITED TO ADD (9/28): There’s a patch.
EDITED TO ADD (10/13): Two more articles.
Posted on September 27, 2010 at 6:51 AM •
The NSA has patented a technique to detect network tampering:
The NSA’s software does this by measuring the amount of time the network takes to send different types of data from one computer to another and raising a red flag if something takes too long, according to the patent filing.
Other researchers have looked into this problem in the past and proposed a technique called distance bounding, but the NSA patent takes a different tack, comparing different types of data travelling across the network. “The neat thing about this particular patent is that they look at the differences between the network layers,” said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington.
The technique could be used for purposes such as detecting a fake phishing Web site that was intercepting data between users and their legitimate banking sites, he said. “This whole problem space has a lot of potential, [although] I don’t know if this is going to be the final solution that people end up using.”
Posted on December 30, 2008 at 12:07 PM •
Interesting article, available to subscribers only (unfortunately):
Prehistoric evidence indicates that people have always been concerned with detecting whether others have tampered with their belongings. Early human beings may have swept the ground in front of their dwellings to detect trespassers’ footprints. At least 7,000 years ago, intricate stone carvings were pressed into clay to seal jars and later, writing tablets. What is the most secure way to ensure that people are not messing with your things? Roger Johnston’s tests have covered everything from ancient clay seals to metal flange seals used to secure cargo containers and electronic seals used on nuclear material. He has found that high-tech, expensive seals are often no more reliable, and factors such as properly training inspectors to know what to look for are often just as important as the seal itself. Johnston has also developed some new electronic seals that are harder to defeat because they use “anti-evidence”: They provide the correct passcode only when they are not tampered with, and the passcode is erased if they are interrupted.
Posted on October 26, 2006 at 7:01 AM •
We’ve all received them in the mail: envelopes from banks with PINs, access codes, or other secret information. The letters are somewhat tamper-proof, but mostly they’re designed to be tamper-evident: if someone opens the letter and reads the information, you’re going to know. The security devices include fully sealed packaging, and black inks that obscure the secret information if you hold the envelope up to the light.
Researchers from Cambridge University have been looking at the security inherent in these systems, and they’ve written a paper that outlines how to break them:
Abstract. Tamper-evident laser-printed PIN mailers are used by many institutions to issue PINs and other secrets to individuals in a secure manner. Such mailers are created by printing the PIN using a normal laser, but on to special stationery and using a special font. The background of the stationery disguises the PIN so that it cannot be read with the naked eye without tampering. We show that currently deployed PIN mailer technology (used by the major UK banks) is vulnerable to trivial attacks that reveal the PIN without tampering. We describe image processing attacks, where a colour difference between the toner and the stationary “masking pattern” is exploited. We also describe angled light attacks, where the reflective properties of the toner and stationery are exploited to allow the naked eye to separate the PIN from the backing pattern. All laser-printed mailers examined so far have been shown insecure.
According to a researcher website:
It should be noted that we sat on this report for about 9 months, and the various manufacturers all have new products which address to varying degrees the issues raised in the report.
BBC covered the story.
Posted on August 30, 2005 at 7:59 AM •
Sidebar photo of Bruce Schneier by Joe MacInnis.