A rudimentary OpenDRM

We all know that Open Source was to free ideas from incarceration, not deprive programmers of income. Here is a rudimentary “OpenDRM” scheme.

Step 1 (Python script)

Comments Updated Apr 22

Step 2 (Python script) – One possible “salt3” might be a message digest of the object code itself. It is possible to write a finished version, tell the program to use the hash of the fileobject name in its computation, save it, and then compute the Key later, using the specific hash value obtained. This would allow updated versions to be remunerated supplementally. The hash used in the code can be uniform, and does not have to match the hash(es) for the proprietary database. After some thought, we are able to observe that an attacker could brute force a known hash for salts, to get from a known customer number to the next, if he decompiled the code and successfully analyzed it.

For this reason, the portion entered by the customer should be more like existing examples of a product code, than a 5 digit number.

example database (as pictured above – enter parenthetical comment as pictured for exact match.)

License

A work protocol for digital work product contract

Digital work product can be intercepted online, and distributed without the permission of either an employer or employee. To limit problems due to intercepted work product, here is an experimental protocol.

• Prepare an anonymous email account to receive the work.
• agree by contract what the work will be, and how much the compensation will be.
• contractor does the coding, computer aided drafting or other tech work product, encrypts it, and emails encrypted product to the anonymous email address. (If processing is the service, such as 3-d rendering, an encrypted DVD-R would serve the purpose.)
• employer receives email, and pays the agreed price.
• contractor releases the password (verbally) to the employer, who is authorized by payment.

The protocol above provides for internet transmission of work that is otherwise accomplished offline, to avoid “phone-home” viruses.

This does not guarantee the code will be as agreed in quality, but the reputation of the contractor will be important to his future job prospects.

The payment can be by check or wire transfer. Charlatans hate bank account numbers because the penalty for false ID at a banking institution is severe.

The reason to receive the work at an anonymous email is that the IP address of a base location can be tapped by competitors, who may wish to monitor or limit the progress of the employer. An anonymous email can be checked at an internet cafe or a library. If only encrypted data comes in there, little can be lost until it is decrypted.

This does not guarantee that a programmer might not keep backup copies of his work. The copyright implications may make this more or less desirable in various contexts.

Encrypt as needed, provide passwords later. 7-zip and WinRar compression applications both support AES encryption, and Truecrypt containers are available for more experienced users. The Variety of sturdy encryption algorithms works to the detriment of attackers.

A Residential Gateway implementation

Most DSL or Cable modem solutions employ a device called a “Residential Gateway,” that converts a transmission signal to a Local Area Network signal. Since most routers can clone the MAC address of a Network Interface Controller, it might be natural to want to more securely “lock down,” the implementation using MAC address filtering.

A superior setup might see the Gateway turning on MAC address filtering, with exactly one Media Access Control address, and that address chosen at random, not off the network.

Then, the router (downstream of the Gateway) is instructed to present or “clone” that particular MAC. As such, the Gateway now believes that the router is the only authorized device on the network.

Internally, the router is then instructed with a white list, to recognize only the MAC’s of authorized machines. Note: most routers list Hardwired MAC’s and Wireless MAC’s separately.

In a home network situation, this would not be as friendly to guests, as one might want to be, but it would be completely secure against external browsing. The “gold standard” for security is that it should be impossible to compromise without physical access.

Cap it off by instructing the Gateway not to reply to pings, and your network can be both unobtrusive and secure against anyone without physical access.

Another Vigenere fact: It can generate a “hash”

Vigenere only works if you implement the plaintext/password in a row/column order. If you reverse it, so you look up the password vertically (using it to choose the row,) and the plaintext horizontally (using it to choose the column) then the result is a hash – it is deterministic, but it cannot be reversed by the same or any other password.

To salt the hash, re-arrange the alphabet, and maintain the requirement that the row and column labels (index) retain the order of the transposition. Despite the intuitive expectation that messages encrypted with the same password would not change, they do so. Different salts result in different cipher-text of the same message using the same password.

Note: Although it is indeed a hash, this does not rule out “collisions,” and it is more of a novelty than a cryptographic tool. Nevertheless, it makes an excellent illustration for students of the field.

Illustration of Watermarking (Lossy Vigenere)

Simon Singh demonstrated a lossless Vigenere in his book, “The Code Book.” I learned it differently in my youth, under the moniker “Rogue’s Gallery.”

This (symmetric) Vigenere is “lossy,” and replaces lost information with the character “z.” The placement of the “z’s” is password dependent, so encrypting and decrypting with one password, and then performing the same operation with a different password, illustrates the principle of a password dependent watermark.

(Python Implementation)

Theoretical Corporate ID card scheme

Holograms are famously hard to duplicate. Here is a scheme to use a hologram in an ID card.

• Using film, make a hologram of the employee’s bust, with company logo in the shot.
• Make an ordinary color photo as well.
• Embed the holographic negative in the ID (possibly laminating it.)
• On the card, print the photo, the name, employee number, corporate logo etc.
• 3-D bar code a salted hash of the data, salted with salt “K”

To verify the ID, the gate-keeper must:

• Visually compare the photograph to the individual
• Using a laser pointer, or possibly a grocery store type mirror based LED projector, view the hologram, comparing it to BOTH the individual AND the photograph.
• Type ALL identifying data into a computer form, which performs a salted hash (salted with salt “P”) of the data, and performs an RSA signature associated with the authorized access point.
• Scan 3-D bar code hash.
• Using the Corporate RSA Public key, send signed info to escrow system for authentication.
• At key escrow system compare “P” salted hash to record of authorized users, and ensure that “K” salted hash also hashes to the correct “P” salted second value (hashing the hash.) This ensures that dummy employee numbers etc, are compared in two ways.
• Receive (in this example) authorization #, time and date stamped, RSA encrypted with public key of the authorized access point.
• De-crypt and authorize to proceed.

While this might seem cumbersome, it would be very difficult to deceive. It would also accommodate environments in which the gate-keeper did not recognize the employee personally. It would be somewhat slow, and it might be possible to improve it without compromise – this is a nascent idea.

International Digital Encryption Algorithm implementation.

The IDEA cipher was subject to an attack more efficient than brute force, in 2012.

Despite this, competent researchers still agree that the attack is not yet computationally feasible. If you’re a little nervous, here’s a way to harden your IDEA implementation.

Block ciphers are hard to parallelize in, for example, CBC mode, because the input for the n’th block is dependent on the n-1’th block. A quick solution to this, is to divide the plaintext into four interleaved groups, such that the first, fifth and every fourth block thereafter, is in one stream, the second, sixth and every fourth block thereafter is in the second stream, the third, seventh and every fourth block thereafter in the third stream, and the fourth, eighth and every fourth block thereafter is in the fourth and final stream [Applied Cryptography, Chapter 10.] In this way,  an attacker must compromise enough streams to interpolate any data he does not have.

The crucial factor is that the initialization vectors of each stream MUST be INDEPENDENT of each other. Here is a way to obtain four such independent initialization vectors.

• md5sum the password (if the password itself is too small, the issue is moot)
• Take the right-most 8 bits as an integer (0 to 255) “n.”
• add 1
• sha512sum the (unmodified) password n times (hashing the result successively)
• take the first 128 bits as vector 1, the second 128 bits as vector 2, etc.
• This result is deterministic, and can be completed identically by both sender and receiver.

IDEA has a 128 bit keyspace. Apply such procedures as are necessary to exclude weak keys, and then encrypt each stream with the relevant initialization vector, interleaving them again, as you go.

How do legislation and security interact?

Here is an article discussing a new security measure for cell phones. The legislation is currently (Feb 2014) under discussion in California. (Basically, a law requiring a way to disable a stolen phone.)

Security and secrecy interact, and secrecy in escrow appears to be a theoretical problem in security. Passwords are secret and rightfully should be, but just as a bank vault cannot be made secure for infinite time, so we must theorize some procedure to account for a compromised escrow system. Bank vaults are secure either because it costs more to break into them than the contents are worth, or because they are monitored at intervals, such that the time required to break in, exceeds the interval, and the attacker would become observed.

If the Corporation is the escrow system, questions that make us think about how some attacker might hijack the system help us think about how an attacker would misuse it.

When we legislate about security, we take a step that is hard to modify later. This makes legislating difficult, because, as George Polya noted, our early efforts at solutions are not usually perfect solutions. A reasonable step to mitigate this problem might be to implement the concept of a pilot program, while this is not a panacea.

Security and secrecy are intertwined concepts, and when we legislate about security it is important to subject the provisions for secrecy to the scrutiny of rational skepticism.

Kirchhoff’s Principle is an example of this, and it is often unpopular. People are skeptical of an argument that first advances the premise that secrecy is only possible for finite time, and then advises end users to be satisfied that the entire security of the system ride solely on the secrecy of the password.

The reason that this is good, is that it reduces the discussion to a single point of failure. A person can reasonably be held responsible for the secrecy of a password, where s/he could not be held responsible for the secrecy of an entire system. We, as humans, also intuitively understand how to keep a password secret, and when it is compromised.

In this example, we can usefully ask these questions:

• Is it necessary? In a State of the Union address, President Obama required two things for an infrastructure bank. 1. The loans must be for infrastructure. and 2. The infrastructure must be needed. In the news article, the expedience of the new law is argued from the observation that cell phone theft represents a large fraction of a particular crime statistic.
• Will the measure be drastic, or a mere deterrent? Apple’s solution of requiring login credentials on demand, adequately discourages theft. For purposes of illustration we could alternatively choose a permanent “bricking” measure for the cell phone program we are talking about. Such an extreme measure makes the implementor give careful consideration to the accountability procedures of those authorized to “pull the trigger.”
• How will the public be protected from governmental abuse? For example, what if irresponsible campaign staffers took to the practice of bricking each other’s phones during a campaign? What would protect them from each other, or protect innocent [third] parties from a kind of political “hit and run?” Here, we see that the private corporation is responsible, not the police department, as has been suggested for car “kill switches.” Presumably an irresponsible corporation can be sued or fined.
• Does it preserve individual freedom? In the case of a car, we should to be able to drive it even when this is unauthorized. For example, driving an injured person to the hospital, even if the driver were unlicensed, or had failed to make his car insurance payment. This question is a way to account for possible civil rights abuses. In the case of a cell phone, can you call 911? At the moment we can’t do that anyway; we might want emergency help, but we do not want to be tracked by a homing beacon.
• Does it solve the problem even if we do not like it? This measure deals definitively with the use of a stolen device, without actually locating the thief. Good to stop online gambling at a consumer’s expense; bad for eventual arrest and ultimate prosecution of the thief. It is politically pragmatic to discourage crime, even if there is no criminal prosecution.
• Might this measure open the door to some form of regulatory capture? For example. would a customer who was trying to get his phone reactivated face prejudice as to whether or not he was creating a nuisance, because of various other possible infractions?

A very American way of introducing the above-cited discussion, would be for the manufacturer to implement some program, and then wait for someone to challenge the legality of the behavior in a court of law. This might describe the course that Gen. Alexander’s NSA has recently taken.

When a corporation does this, it leaves the outcome subject to a less researched political environment than if it is debated in a legislature. It has the advantages of allowing for improvement (as Polya’s method suggests,) and preserving the freedom and autonomy of corporations. The reason that the NSA is currently unpopular, is that it undertook an extensive initiative without publishing, resulting in the appearance of a secret agenda. The NSA is governmental, not a civilian enterprise.

Good law is maintained when the legislation is carefully devised, and worded so that it is hard to misinterpret or abuse.

Both strategies are deliberated, one by the legislature, the other by the courts. In America we want to preserve freedom, despite the din of mediocrity.

Matrix Algebra and a suggested Differential Cryptanalysis

There are two broad categories of cryptanalysis,  linear cryptanalysis and differential cryptanalysis.

[link uses the term “key” where this blog distinguishes “password” and “key” as concepts]

A creative use for matrix multiplication is to multiply the matrix built from two comparable texts [two ciphertexts, as in a chosen plaintext attack, or plaintext-ciphertext, as in an adaptive chosen plaintext attack,] with its transpose matrix.

One early experiment would be to count related occurrences of a given character, and name rows and columns after the text character that mapped to it. Another would be to correlate character pairings, in a similar fashion to an attack on Playfair.

The [square] matrix of A x A^T would show one characteristic, but A^T x A would show a different quality. They are reciprocal, but depending on the function (cell contents) the meaning of the information contained in each might differ.

Salted hash tables defeat Rainbow Tables

Rainbow Tables are an attack to identify messages, usually key-material, that have been hashed. Long term, rainbow tables break hashes by destroying their efficacy.

At this time [Jan 2014], most people regard MD5 as broken, and Microsoft is moving to update usage practices from (unbroken) SHA1 to newer algorithms in 2015.

It is best practice to store hash values instead of passwords, on authentication databases. Currently, Target Corp. is in the news as an example of the problems that derive from such a breach of security. The data lost is not the same as the derived password list. It is more serious.

A simple expedient, to extend the life of a given hash, is to salt the hash in implementation, when keeping a hash table in a database.

For example, using a proprietary salt value, concatenate it to the (password and subsequent) results during repeated hashing. Another way, would be to XOR the salt with the value under repeated hashing.

Consider the problem from the perspective of using a pre-computed hash table. The attacker deterministically produces an incorrect password. But if the salt is selected from a reasonably large key-space, it is computationally expensive to build a suitable substitute, and the resulting table(s) would be useful only against that particular database, such that diversity of use would discourage individual efforts.