How do legislation and security interact?

Here is an article discussing a new security measure for cell phones. The legislation is currently (Feb 2014) under discussion in California. (Basically, a law requiring a way to disable a stolen phone.)

Security and secrecy interact, and secrecy in escrow appears to be a theoretical problem in security. Passwords are secret and rightfully should be, but just as a bank vault cannot be made secure for infinite time, so we must theorize some procedure to account for a compromised escrow system. Bank vaults are secure either because it costs more to break into them than the contents are worth, or because they are monitored at intervals, such that the time required to break in, exceeds the interval, and the attacker would become observed.

If the Corporation is the escrow system, questions that make us think about how some attacker might hijack the system help us think about how an attacker would misuse it.

When we legislate about security, we take a step that is hard to modify later. This makes legislating difficult, because, as George Polya noted, our early efforts at solutions are not usually perfect solutions. A reasonable step to mitigate this problem might be to implement the concept of a pilot program, while this is not a panacea.

Security and secrecy are intertwined concepts, and when we legislate about security it is important to subject the provisions for secrecy to the scrutiny of rational skepticism.

Kirchhoff’s Principle is an example of this, and it is often unpopular. People are skeptical of an argument that first advances the premise that secrecy is only possible for finite time, and then advises end users to be satisfied that the entire security of the system ride solely on the secrecy of the password.

The reason that this is good, is that it reduces the discussion to a single point of failure. A person can reasonably be held responsible for the secrecy of a password, where s/he could not be held responsible for the secrecy of an entire system. We, as humans, also intuitively understand how to keep a password secret, and when it is compromised.

In this example, we can usefully ask these questions:

  • Is it necessary? In a State of the Union address, President Obama required two things for an infrastructure bank. 1. The loans must be for infrastructure. and 2. The infrastructure must be needed. In the news article, the expedience of the new law is argued from the observation that cell phone theft represents a large fraction of a particular crime statistic.
  • Will the measure be drastic, or a mere deterrent? Apple’s solution of requiring login credentials on demand, adequately discourages theft. For purposes of illustration we could alternatively choose a permanent “bricking” measure for the cell phone program we are talking about. Such an extreme measure makes the implementor give careful consideration to the accountability procedures of those authorized to “pull the trigger.”
  • How will the public be protected from governmental abuse? For example, what if irresponsible campaign staffers took to the practice of bricking each other’s phones during a campaign? What would protect them from each other, or protect innocent [third] parties from a kind of political “hit and run?” Here, we see that the private corporation is responsible, not the police department, as has been suggested for car “kill switches.” Presumably an irresponsible corporation can be sued or fined.
  • Does it preserve individual freedom? In the case of a car, we should to be able to drive it even when this is unauthorized. For example, driving an injured person to the hospital, even if the driver were unlicensed, or had failed to make his car insurance payment. This question is a way to account for possible civil rights abuses. In the case of a cell phone, can you call 911? At the moment we can’t do that anyway; we might want emergency help, but we do not want to be tracked by a homing beacon.
  • Does it solve the problem even if we do not like it? This measure deals definitively with the use of a stolen device, without actually locating the thief. Good to stop online gambling at a consumer’s expense; bad for eventual arrest and ultimate prosecution of the thief. It is politically pragmatic to discourage crime, even if there is no criminal prosecution.
  • Might this measure open the door to some form of regulatory capture? For example. would a customer who was trying to get his phone reactivated face prejudice as to whether or not he was creating a nuisance, because of various other possible infractions?

A very American way of introducing the above-cited discussion, would be for the manufacturer to implement some program, and then wait for someone to challenge the legality of the behavior in a court of law. This might describe the course that Gen. Alexander’s NSA has recently taken.

When a corporation does this, it leaves the outcome subject to a less researched political environment than if it is debated in a legislature. It has the advantages of allowing for improvement (as Polya’s method suggests,) and preserving the freedom and autonomy of corporations. The reason that the NSA is currently unpopular, is that it undertook an extensive initiative without publishing, resulting in the appearance of a secret agenda. The NSA is governmental, not a civilian enterprise.

Good law is maintained when the legislation is carefully devised, and worded so that it is hard to misinterpret or abuse.

Both strategies are deliberated, one by the legislature, the other by the courts. In America we want to preserve freedom, despite the din of mediocrity.

Advertisements
Posted in Uncategorized | Leave a comment

Matrix Algebra and a suggested Differential Cryptanalysis

There are two broad categories of cryptanalysis,  linear cryptanalysis and differential cryptanalysis.

[link uses the term “key” where this blog distinguishes “password” and “key” as concepts]

A creative use for matrix multiplication is to multiply the matrix built from two comparable texts [two ciphertexts, as in a chosen plaintext attack, or plaintext-ciphertext, as in an adaptive chosen plaintext attack,] with its transpose matrix.

One early experiment would be to count related occurrences of a given character, and name rows and columns after the text character that mapped to it. Another would be to correlate character pairings, in a similar fashion to an attack on Playfair.

The [square] matrix of A x A^T would show one characteristic, but A^T x A would show a different quality. They are reciprocal, but depending on the function (cell contents) the meaning of the information contained in each might differ.

Posted in Uncategorized | Tagged , , | Leave a comment

Salted hash tables defeat Rainbow Tables

Rainbow Tables are an attack to identify messages, usually key-material, that have been hashed. Long term, rainbow tables break hashes by destroying their efficacy.

At this time [Jan 2014], most people regard MD5 as broken, and Microsoft is moving to update usage practices from (unbroken) SHA1 to newer algorithms in 2015.

It is best practice to store hash values instead of passwords, on authentication databases. Currently, Target Corp. is in the news as an example of the problems that derive from such a breach of security. The data lost is not the same as the derived password list. It is more serious.

A simple expedient, to extend the life of a given hash, is to salt the hash in implementation, when keeping a hash table in a database.

For example, using a proprietary salt value, concatenate it to the (password and subsequent) results during repeated hashing. Another way, would be to XOR the salt with the value under repeated hashing.

Consider the problem from the perspective of using a pre-computed hash table. The attacker deterministically produces an incorrect password. But if the salt is selected from a reasonably large key-space, it is computationally expensive to build a suitable substitute, and the resulting table(s) would be useful only against that particular database, such that diversity of use would discourage individual efforts.

Posted in Uncategorized | Leave a comment

Why do we modify passwords for a key, in implementation?

Best practice, when implementing an encryption algorithm, is to hash the password creatively, for use as a key.

Under the accident that our key becomes compromised during its life cycle, the attacker can theoretically read other messages enciphered with the same password.

We hash the password, so that a compromised key does not enable the attacker to impersonate Bob or Alice using the actual password, and interfere more seriously.

When we change the password, intermediate messages might remain compromised, but new messages may still be secure, as long as passwords remain confidential.

Posted in Uncategorized | Leave a comment

April 2013 standalone factorization of Fermat(9)

In Spring 1991, I was able to use a home-made [kludge] Arbitrary Integer Arithmetic called “Cruncher” to expand F(9) in decimal, and check Lenstra’s 1989 factorization, which I had seen published in Discovery magazine.

I wrote it in GFA Basic, on an Atari 520ST, with (after borrowing SIMM’s from friends) 4MB of RAM. It had a Motorola 68030, screaming along at 20 M_Hz. Even so, it took about 5 mins, just to expand the product. At the time, I was proud to better an IBM clone.

I used the Trachtenburg method, in decimal, to multiply, and long division (again in decimal,) for modular division, as a check. Addition and subtraction were intermediate expedients.

Upon consideration, I concluded much later that the reason Lestra didn’t put the full decimal expansion on the blackboard, might have been that the reigning Arbitrary Integer Arithmetic at the time, Mathematica, stopped at a 100 digit decimal value. Thus the factors, 7, 49 and 99 digits respectively, were available from binary, but the 155 digit product might not have been. (Fermat numbers are excessively simple in binary.)

More recently, starting April 12th, 2013, I was able to use Prime95, (ECM2 feature) to factor F(9) in just under seven (7) days, on a standalone Windows 7/Ivy Bridge PC. I used an overclocked Core i5 3470k. I stopped when the 49 digit factor broke, since I was already certain the (99 digit) co-factor was prime.

I thought I was the first to do so on a standalone machine, and I published screen shots on my now defunct web site, http://www.indenturedgeek.com and my Social Networking g+ feed, under the handle r159753j. I no longer control the password to that account, but an interested party could scrape the photos, to verify.

Posted in Uncategorized | Leave a comment

Speculative Data Assurance strategies: PROM’s

When we devise solutions, sometimes we have to enumerate them first, before we can think about them in sophisticated ways.

RFID can harden [here’s howtwo-factor authentication (something you have and something you know.) Perhaps PROM‘s can assist in a similar way.

Programmable Read Only Memory is supplemented by Erasable Programmable Read Only Memory, and Electrically Erasable Programmable Read Only Memory. The one-way function of the Programmable ROM (usually ensured by ultra-violet erase, with a filter film covering,) would render it similar to a CD-ROM or a write-blocked SD Card.

PROM would differ from RFID in being subject to user initialization, with the necessary equipment, but thereafter becoming tamper-evident. This improves its appeal as an alternative to USB, for a dongle. An SD Card, with the write-block enabled, would serve a similar purpose.

Recent Snowden leaks assert NSA can tamper the USB channel. One would normally face this degree of scrutiny only if the information in question were of interest to a nation-state. Disreputable nation states subsidize industrial espionage, but the silent majority do not.

PROM’s have limited read bandwidth, so read-intensive operations would slow processing, which is usually not desirable, but could possibly be turned to advantage if creatively employed.

Theorizing infinite time, one could select a position on a CPU bus, to introduce an encrypted CPU core. This might differ from encrypted processing, or assist implementation.

A removable PROM could serve as a password-key which could be updated by replacement. These would not hot-swap, and current PROM’s are not manufactured to accommodate constant cycles of removal and re-installation.

Alternatively, we can theorize a hardware USB key encryptor, which implements, for example Truecrypt, with each hash and/or encryption algorithm on a separate (P)ROM, and designated by selector switches. Password entry might be accomplished with yet another PROM, or dip switches, or rotors a la the Enigma machine.

This scheme would obviate the requirement for the USB key end-user to know the password, and the USB drive would be secure in transit.

Posted in Uncategorized | Leave a comment

Experimental TEMPEST defeat for CPU’s.

“Tempesting,” is the verb for hardening a computer installation against radio-wave interception (and/or interference) from TEMPEST. This is a method of side-channel attack whose cost effectiveness has not been easily evaluated by the public.

The known defeat is a Farady Cage, and Embassies are rumored to employ such measures in basement safe rooms, encased in plexiglass.

An anti-static mat might be employed to safeguard components against damage from static electricity during maintenance and repair.

The experiment consists of inserting an anti-static mat (cut to size) in the side of a computer case below (and orthogonal to) the processor, in place of other radio interference measures. This is typically the side that is left secured when exchanging components.

It is to be hoped that this would secure the processor against interception, leaving hard drive controllers and Video Display Units (VDUs) to other safeguards.

Added 1/10: Attaching the grounding wire to the case is an additional variable, which may draw the metallic enclosure into the effect.

Updated 04/09: A friend who is an Electrical Engineer, had a wry response to the above assertions: “Either that, or it eliminates ANY interference, for a crystal clear signal.” I do not possess a working model of the TEMPEST exploit, so I have not been able to perform a repeatable experiment.

Posted in Uncategorized | Tagged , | Leave a comment