Thursday, 16 December 2010

P vs. NP goes on

So if you remember, I wrote about a proof to the P vs. NP problem proposed by Vinay Deolalikar. Well, it turns out there are "fatal flaws" in his proof, thus rendering it invalid. So, unfortunately he can no longer get the Millennium Prize or the Fields Medal for this proof. However, he has provided a brand new way of looking at the problem and has no doubt inspired many researchers to follow his methodology or indeed even improve on it. Until then, we wait. It's been over a century, a couple more years can't really hurt.

Sunday, 12 December 2010

Gates of Hell

OK Internet, it's time we had a talk. Not every controversy has to end in the word "gate". Seriously, it's getting so annoying.

Firstly, not every little piece of news that is a tad controversial (which is practically all of them) deserves its own name. Learn to tone it down.

Secondly, the only scandal that ends in "gate" is The Watergate Scandal. Everything else can be and should be named after something else. It is named thus as the scandal revolved around a robbery of the Democratic Party Headquarters in the Watergate Complex.

Everything else that doesn't have a "gate" ending object central to it, should be named something else. Bigotgate, Chicanegate, Digggate, Cablegate, Whitewatergate, etc need to stop now.

Wikileaks

So, I've been away for a while. Between having minimal to no Internet and having no electricity, I have been less than connected to the Internet. That and I am fairly lazy, but still TIA. Now on to business.

I'm sure you have all heard of Wikileaks, the purported whistle blower website. It provides people with an anonymous "drop boxes", where they can submit documents detailing any wrongdoing. The site then goes on to state "our accredited journalists assess the submission. If it meets the criteria, our journalists then write or produce a news piece based on the document." It goes on further to describe ways of ensuring your anonymity when sending it via post and so forth. In theory this has provided whistle blowers with a way to expose wrongdoings. In theory.

I say purported as I do not believe it is a whistle blower site. Firstly, let us examine the concept of whistle blowing. It derives from the practice of policemen blowing a whistle to alert people around of the commission of a crime. It refers to a person who highlights something wrong that is happening, most in an organisation. Now, when I say wrong I mean illegal, but some people consider it includes immoral wrongdoings. So the site first came to prominence when it published Iraq/Afghanistan War Diaries. These gave details of operations and on the ground realities of the wars. They did bring to light some, for lack of a better term, disconcerting revelations. These could be considered whistle blowing, but there are many grey areas, which we overlook for the sake of argument and say this is valid whistle blowing. That, my friends, is where it all ends.

The next major publication was swiftly dubbed Cablegate (hate that name, cf.this post for the explanation). This was the leak of several secret diplomatic cables between Washington DC and diplomatic missions in several countries. Here's where we go from the legally ambiguous to outright illegal and the legitimacy of these leaks as whistle blowing is a little more than questionable.

To explain, let us detail the job of a diplomatic mission to another country. Most of us are familiar with the consular services, that is issuing visas, passports, etc, but that is only their public facing role. Diplomatic envoys are representatives of their sovereign government in a, presumably, friendly nation. It is their duty to not only represent their country, but also provide their country with information about the people, mainly politicians, of that country. As part of this duty, they send back profiles, if you will, on politicians to their government. These are sent in cables, which are
private communications.

Notice the emphasis on
private. Not only are these communiques private, but some of them are even classified. Granted, they may not be highly classified, but classified all the same. Only a limited number of people have access to these cables and presumably such access comes with a "do not tell anybody about this" clause. This is where the illegality comes in.

Whomsoever gave these cables to Wikileaks is guilty of a few crimes, depending which way you spin it. These range from the banal mail fraud to my personal favourite espionage. It's not even debatable if what these people did is wrong, it just is. Most of these cables do not expose any sort of wrongdoing at all.

As stated before diplomatic envoys report on local politicians. Although I would like to believe that these people are trained for and/or good at judging people, most of what they report is still personal opinion and conjecture. It is just inherent in this type of data. This is essentially office gossip at an international level. I'm pretty sure that someone somewhere has called their new Head of PR an "mistake-prone control freak" (my personal favourite quote out of all of the cables) and that is considered to be normal. Hence, no wrongdoing and thus no whistle blowing.


Furthermore, some of the "data" sent in the cables in nothing more than well crafted misinformation (this is completely ignoring the false cables that were released). Governments are aware that diplomats report back to their capital, as they have their own diplomats doing the same. So they may choose to feed a diplomat false information in the hope that their parent country will believe it and thus be manipulated into behaving a certain way. I will swiftly avoid any ethical or political debate by saying that all of that falls outside my purview.

Yes, I agree that there may be some cables whose leaking may have proved beneficial, but they are a minority. There is a saying in the security industry: "Even f you secure 99% of the system, you have still failed." The cables that potentially have a detrimental effect, though small in number, will have the greatest impact. Barring these, most of the cables' leakage and then release lead to nothing more than embarrassment for the governments involved.

And thus we see that the recent Cablegate (*shudder*) was basically neither legal nor legitimate whistle blowing. Effectively, Wikileaks are just fences for stolen digital data. Now this leaves us with the question of where the blame/responsibility lies. For that, I will put up another post, as it is quite a lengthy matter. That and you are probably really bored of reading this by now.

***SIDENOTE***
Just found this. No real relevance, but it's funny!

Tuesday, 10 August 2010

P vs. NP solved?

Again, I have been away for a while. I have been engulfed in my Master's Thesis (will possibly post that up as soon as its finished), which is taking up all my time. Despite that I had to come here and write a quick post about this (It will not be to my usual standard because it is rushed). Apparently we have a solution to a Millennium Problem. Just for those who are unaware, the Clay Institute of Mathematics set up the Millennium Problems, which are 7 open questions in Mathematics. These are not just any questions, but problems that have remained unsolved for hundreds of year. These are the hardest problems in Mathematics.

Previously, A proof of The Poincaré conjecture has be presented by Grigori Perelman, a Russian Mathematician. He did in fact refuse the $1M prize that goes with the Fields Medal, but the point remains, he was the first to solve a Millennium Prize Problem.

Of the 6 remaining, a proof has now emerged to the P vs. NP problem. Vinay Deolaiker of HP Labs has presented a proof that P !=(read not equal) NP. This Prof, if correct will have a massive effect on several areas of mathematics, but especially computer science and indeed cryptography. The proof is said to be 100 pages, but I cannot confirm nor deny this. I have not yet read it, but it is bound to be long. It is currently undergoing peer review, i.e. being checked and rechecked from very angle and being torn to bits by other Mathematicians.

I will try and keep you apprised of the developments and post more details about the problem and solution when i have time. Promise.

*EDIT*
So, If you follow the Link below in the comment posted by Jack, you will see some of the potential flaws in the proof. These may or may not hold and are being raised and addressed to check that the proof is robust. It may also be that there is a problem with the proof and it does not hold in its current form, but may hold with some modifications. As said before, time will tell.

Saturday, 17 July 2010

Password Storage

As you may or may not know, I have previously had a few not so pleasant words for people's activities on Facebook (cf. this post). I'm sure most people will agree that some people post unbelievable things on Facebook. Granted some of it user error, some of it is the interesting phenomenon called "Facebook rape" or simply "frape", but most of it is intentional. This has lead to the development of two very similar sites lamebook and failbook. The content is not all about people posting inexplicable things, but that is the gist of it. These sites have provided me with many hours of entertainment.

Now, you may be wondering what this has to do with password storage. This post is the link. So Ally stored all her passwords in a file, which I will for the sake of argument call pwd.doc. Now at this point that's a really bad idea. But then Ally thought about securing this file so she password protected it. Of course the most brilliant part is putting the password into the file itself, which as stated in the comments is like locking a copy of the key into a treasure chest. The pointlessness of that aside, Ally has now forgotten the password for pwd.doc, which is a bad thing.

What Ally has done is essentially a quick and easy password locker. The security of it debatable as Word document passwords can be relativly easily cracked. That aside, it is an excellent solution for what is just a bad situation. A recent study has shown that people have about 25 accounts requiring passwords and an average of 8 passwords. Each of these accounts has varying specifications for length, characters used, frequency of change and so on. This leads to sheer overload for the human brain.

The instant response is for people to write down all these passwords (as shown in the comments on the posts) which then creates a security threat. So the natural solution the that is a password locker. Instead of writing it all down on a piece of paper, you store it digitally and encrypt it. Which is is a password locker. There are several of these available on the net, ranging from free to £15 to any amount somebody thinks they can get away with. There are several issues to consider when creating a password locker, but that is for a later post. So Ally has essentially got a DIY password locker, which is now locked.

However, this was posted on Facebook, so that means that either:
a) Ally's Facebook password is stored in the browser,
b) Ally has the "Remember me" option ticked,
c) Ally remembers the password.

Going through each option one at a time, first up we have browser storage. Most people use their browsers password storage system, which stores passwords and then fills them in automatically to forms in web pages. This is an issue because a browser exploit could find all your passwords and we all know where that leads to. So door 1 has a goat behind it (for those of you unfamiliar with that reference cf. The Monty Hall Problem)

Lets look at the next option, "Remember me" which was covered in a previous post, in the 6th paragraph. So another goat

Finally, we assume Ally remembers the password. Well then, we can safely say it is more memorable that the password for pwd.doc. If we assume both passwords are equally memorable, then we can rule out this option. So we have a car, sort of. Lets say a goat-pulled car.

I could go on and on at length about passwords and their implications, but let's be honest, you'd rather hear it from someone. Bruce Schneier has several posts about passwords on his blog. Have a read through there if you are interested.

---NOTE: I will still post something about password lockers---

Wednesday, 7 July 2010

Another side-note

Well, I have previously pointed out how TV tries use cryptography as a plot point and fails massively, but I found a counter-example. I have recently started watching Numb3rs, and by recently I mean I'm only on Season 1 Episode 5. Which is the exact episode I want to talk about, well not really talk about in as much as I want to mention that they pretty much got the details of how cryptography works. There was a slight lack of finesse in it, but overall the general idea was conveyed. Needless to say this made me happy. Apart from that, as far as I can tell most of the math they do/show/explain on the show is fairly accurate. Looks like I have a new TV show to watch.

*EDIT*
Season 1 Episode 6, same as above.

Sunday, 6 June 2010

Really, Google? Really?

So it has recently come to light that Google will, according to this article, phase out Microsoft Windows in favour of Mac OS-X or Linux on the company machines. They are claiming that this is a security measure, citing the attacks on Google's Chinese operations recently. At this point in time I really have to wonder, what in the name of the seven deep dark pits of Hell are you not thinking Google? you could not be more wrong if you tried (yes, this annoys me so greatly my grammar is out the window.)

If you will allow me to explain for a moment. A few months ago, Google, amongst other large tech companies, was attacked by what became known as the Aurora Attack. An employee in Google China clicked on a link he received in an e-mail. I will assume it claimed to be an amazing picture of the Aurora Borealis or something of that nature. By clicking this link, he then infected his system and this spread throughout Google's network.

Now if we focus on the attack itself. Aurora is a Windows-based IE6-specific buffer overflow attack. This gives us 3 things that are needed for this attack to work:
  1. Windows
  2. IE6
  3. Buffer overflow attack
Let us now examine the 3 points each. Windows, more to the point Windows XP. Now Windows XP, as with most Operating Systems, really did not have any security features built into it, hence making them all as equally vulnerable. However most vendors have realised that this is no longer acceptable and have started adding security features to their OS's. We take the one specific feature in Windows XP, which is Data Execution Protection (details to follow in a later blogpost), which was added in as part of SP3, if memory serves. This was before the attack and would have prevented it, but it seems Google's computers were not up-to-date on software patches.

Next point is IE6, the all too famous Internet Explorer 6. The Bane of all web developers and the love of all its users. As with XP, it does not have any real security features built into it. in IE7 and IE8, there are some security features added in, but I am not sure what they are as I have not done a proper study, nor have I looked for any details. The point remains both IE7 & 8 were available at the time, as were Mozilla Firefox, Opera and of course Google's own Chrome browser. So not only were they using an unpatched OS, they were using an old outdated internet browser, despite having a browser of their own, which they will smugly tell you is more secure. It is undoubtedly more secure, so as to why it was not used escapes me totally.

Then we move on to buffer overflow attacks, which are well explained by my colleague in his blogpost. Also would recommend his post on ASLR/DEP.

There is also the matter of the Chinese activists getting their GMail accounts hacked. Well, what happened there is simple. Ever wonder how websites "remember you" and all your details? Simple, when you check the "Remember me" or "Keep me logged in" box, what the website does is store a small text file, called a cookie, with all your details on your computer. When you next visit the website, the browser loads up the cookie, passes on your details to the site and thus in a manner of speaking does the log in or you. Until recently GMail was based on HTTP and not HTTPS, meaning all cookies were passed around in the clear, as were all other communications. Given this situation it is fairly easy to intercept the packets going between GMail and your target and thus hack into their accounts.

Now, if we look at the choices of OS the employees have, we see Mac OS-X and Linux. Google seems to think there are more secure. Well, here's news for you Google, THEY'RE NOT!!! Honestly! As much as Apple advertisements would like to convince you that there are absolutely no viruses/malware for Mac, there are, just not as numerous as for Windows. "Why?" you ask me? Well, it's simple 80% of OS's out there are Windows, so its a numbers game, more targets means a larger chance of succeeding. Its pure and simple statistics. The same applies for Linux. Linux, on the other hand has a more unique problem. Since all the code is open source and freely available, someone could use the code to find a really nasty vulnerability. Granted that the code is a gajillion pages long, but the possibility still exists.

So, all in all, it really doesn't matter what Operating System Google uses, they all have vulnerabilities. Furthermore, if they don't keep up to date with the software patches and use secure versions of software, well then in my opinion they deserve to be attacked. Repeatedly. Citing "security reasons" for changing from Windows is the worst possible excuse Google could have come up with. Really, Google? GROW UP!

Tuesday, 1 June 2010

Facebook

Yes, I know I've been gone for a while, but I was busy. My apologies. Now that I am back, I will update more frequently. Now down to the matter at hand.

I'm sure most, if not all of you use or are aware of Facebook. Just as a brief recap, Facebook is a social networking site that allows you to add friends, communicate with them, play games, blah, blah, blah. To explain the problem at hand, we need to discuss some features of Facebook. The first one is Groups. Now a Group is basically a group of people brought together by some common theme, such as this group about potatoes. What people soon did was make groups for celebrities, fictional characters, TV Shows, movies and so on and so forth. Facebook thought "Well, this can't be right!" Thus were born fan pages. Its essentially a group with limited functionality, such as no messaging to all members.

Now, when a friend becomes a fan of something you get a message in your newsfeed saying "Friend is now a fan of Something." With your friend's name as a hyperlink to their profile page and similarly the name of the page links to the page itself. Of course Facebook changed "Become a Fan" to "Like", thus making it "Friend now likes Something."

However Facebook did not stop there. No, that would be easy and the sensible thing to do. They then went and did possibly the worst thing possible. They allowed the fan page hyperlink to direct to you to an external website!!! So now you can click on a page and you would be whisked of Facebook and taken to some other website.

Now where's the problem you ask? Surely Facebook checks all of these sites and ensures that they are safe and all that jazz. Sadly not. A large number of sites exsist where simply visiting the site makes you Like it on Facebook and publishes that your friends newsfeed, who the click on the link and so a worm is born. This has a non-destructive payload, but it is definatly proof of concept.

What's even worse, in a reaction to exceptionally long page names, somebody posted a page on how to remove them from your newsfeed. This lead to site, which then issued a pop-up saying "I don't know either!" Really funny right? Yes, because these sites can actually execute arbitrary code and do essentially anything. The main concerns here are Clickjacking and Cross-Site-Scripting. These can be used to do well potentially anything to your system.

Ironically as I am writing this post, I have come across this blog post from Sophos' Graham Cluely. This shows that it is possible and it has been done. I will leave you to read that, as well, his post is probably better then mine will ever be.

Right, so having been a bit scared, what do we do? Simple:
DO NOT LIKE RANDOM PAGES!!!
DON'T DO IT!!!
Seriously, don't!

Friday, 9 April 2010

The Digital Economy Act (it's not a Bill anymore, get your facts straight)

I will apologise straight that this post is disjointed, but I am slightly annoyed and really don't care at this point in time.

Right, I have had it up to here with people whining and complaining about the "draconian", "oppressive", "suppressive", "unrealistic" and "unreasonable" UK Digital Economy Act (full text of the Act available here). I have two words for you:

SHUT UP!

No really, STFU. As far as I'm concerned it' about time something was done. If you do not support the Act, you are welcome to skip to the last few paragraphs.

Basically as I said in my post about the Nobel Peace Prize Fiasco, the Internet quickly evolved into something that it was not intended to be. People have grown accustomed to it and assumed that it is their right to have free access to everything. Sadly, that's not how reality works.

The P2P programs of yesteryear, such as Napster, Kazaa, etc, are gone. These basically allowed users to share files with anybody on the Internet. In theory a good idea, but the problem was they were sharing illegal copies of music, movies, TV shows etc. Now that is blatantly illegal. There is no two ways about it, it's ILLEGAL.

ILLEGAL as in IT'S A CRIME as in 5 YEARS IN PRISON OR $100,000 FINE. Now I'm sure all of you have some music/movies/TV shows/whatever that you downloaded from the Internet. Well good for you, now STOP.

For too long people have just assumed that it is fine for you to download content from the Internet instead of paying for it. People think that it is their right. People think that the Internet is a place where no rules apply and they can get away with everything. Well guess what, it's NOT.

Fine we've had a good run till now, but the honeymoon period is over. The Internet needs to be regulated. It's not up for debate, it has to be done. Most of the problems caused by the Internet could be solved with simple regulation. As a security professional I welcome this Act, in the essence of it.

This is a fairly comfortable middle ground. Now all you nay-sayers out there, consider this: security experts (as in real experts) have said that no person should be allowed to connect a computer to the Internet without having due cause and having being ascertained to be capable of doing so in a secure manner. You would need to apply for some sort of Internet User Certificate, which would allow to go online. Still think the DEA is "draconian"? Really things could be worse.

Whether you like it or not, there needs to be regulation and oversight of the Internet. Until now, it has mostly been governed by mob rule and good faith. Well we've just about run out of that and there's a new sheriff in town. You may not like it, you complain about it till the horses come home, but he's not going anywhere. The sooner you accept it, the better.

Yes, lots of ISPs have opposed it and complained. In fact TalkTalk has said it will not comply with the provisions of the act (cf this article). Now as most people may cheer this, they may soon find that TalkTalk will change its tone. If they do not comply they will be shut down. It's a statutory requirement. You don't have to like it, you just have to do it.

Now the actual text of the Act is not quite perfect. They was a large lack of technical expertise when creating the Bill, which shows in its text. And, yes it was rushed through Parliament, but I watched part of the debates, there were a handful of MP's present. So anybody who complains it wasn't given enough debate, ask them where they were during the reading of the Bill.

It is not a perfect legislation, nor is it ideal, but it's a start. As with most Laws, it will be revised and revisited and amended, hopefully with more technical oversight. f course the interesting thing is with a General Election less than a month away, it means any sort of debate/modification of this Act may be done under a new Government, but that remains to be seen.

Friday, 26 March 2010

Small side-note

As I have been very busy the past couple of weeks, I haven't been keeping up-to-date with most of my TV viewing. I just recent managed to watch FlashForward S01E11. What made me laugh was the part where Dr. Simon Campos is trying to "brute force" an encryption algorithm. Their attempted accuracy made me laugh a little. As with the portrayal of most computer-based security in the media, they try, but fail at accuracy. Points for trying though.

More complaints about the iPhone (from other people this time)

As anybody who knows me will tell you right away, I abhor the iPhone (cf. my previous post). Now it has emerged that security professionals rank the iPhone as the "worst workplace risk." Essentially all "smartphones" are a risk in a secure environment, however some are more so than others. The iPhone came 1st with 57%, followed by the Android phones at 39%, BlackBerry at 28% and Nokia Symbian smartphones in last with 13%. (Please note these figures are straight from the article and I am not exactly sure how the

Apple's constant "bare-minimum" approach to security is what has landed them in this position. This philosophy of "just enough security to keep us afloat" is actually the worst idea ever. Throughout its relatively brief history, Information Security professionals have realised one thing very quickly: The weakest get attacked the most.

Its simple, if your system is constantly being attacked, you should then upgrade your security. This means, if you did it right, there is now somebody who is less secure than you are. No prizes for guessing who the most attacked person is. Theoretically, by being the least secure and then upgrade should eventually push everybody up to a decent threshold level of security and the world would be a better place. Of course, not every sees it that way or don't care.

As far as I am concerned, all mobile devices should not be allowed to enter a secure environment. There is a plethora of possible security risks involved there (which I will cover in another post). As it says in the end some companies are discouraging or even banning iPhones in the workplace. It's a start, but I think that all smartphones should be discouraged or banned. Just in case people are thinking I don't like smartphones, I own a smartphone. Even so they are still a security risk.

Friday, 19 March 2010

JCSecurity (This may partly be my fault)

Recently while discussing my blog with a colleague, he mentioned his former blog. He also mentioned that it had been offline for a while. Conversation moved on swiftly and I mostly forgot about it. Just a few minutes ago he has informed me that it is back on track and he's *hopefully* going to keep it alive for quite a while. I would recommend you all to read his blog

Thursday, 11 March 2010

Fault-Based Attack on RSA

So, right in the wake of Ross Aderson's attack on Chip-And-Pin comes another scary story, this time on the famous RSA encryption scheme. Just as a quick detour, I will briefly go over the key concepts of private-/public-key cryptography. After which I will go over the attack and then the implications. Readers familiar with the concepts are welcome to skip over the next 4 paragraphs.

Private-key or symmetric cryptography involves 2 parties sharing some secret key K (and obviously a cryptographic scheme). Party A can then encrypt a message m, using K and get the resulting encryption or ciphertext c. This can then be transmitted to Party B (details of transmission and the various attacks there-in are skipped). Once Party B has received c then they can decrypt it using K and read m. Which is all fine and dandy, until you add in more people.

If you add in Party C to the system, then you need 2 more keys; 1 for A & C and 1 for B & C. IF you re-use the same key, then anybody can read the message, which is now what we want. As the system grows, the number of keys grows exponentially fast (for n users, you need (n(n-1))/2 keys). Even if you could generate and store that many keys, how do you give the keys to everybody in a secure manner? This is called the key distribution problem, which motivated public-key cryptography.

Public-key or asymmetric cyptography is based on the principal that every user creates 2 distinct but related keys, called the public key and private key. The public key, as the name suggests, is public and is published in "telephone directory" of sorts (details skipped, this leads to a few open problems). The secret key is kept secret, as the name so aptly states. Now when party A wants to send m to Party B, they look up B's public key in directory and encrypt it using that key and send c as above. B can then decrypt c using their secret key. "So that solves the problem, right?" Not quite, as public-key cryptography is much slower the private-key.

So this leads us naturally to a compromise: hybrid encryption. The principal is that you send 1 message using public-key cryptography, which contains a key for private-key cryptography. All communications from then onwards are done using private-key cryptography. Again this is just a brief idea, but should be sufficient to appreciate the problems given below.

What this attack does (full paper can be found here) is basically exploit a vulnerability that arises from the combination of hardware and software used to implement this scheme. As most of you are aware, computers have gotten really, really, REALLY fast. This is due to the fact that the transistors are getting smaller and smaller, hence allowing chip designers to fit more in the same space. Of course, this leads to the problem of bit errors; as they are smaller and closer together small changes in voltage/current/magnetic field can cause a single bit to flip, which will then propagate through the whole calculation. Having said that, there are solutions, which I really don't understand, so take my word for it, this problem is managed.

However you can still induce these errors, by passing a small, transient electrical pulse to the processor. These pulses last for less than 1 clock cycle, hence affecting at most 1 bit. Normally all this would do is give you an erroneous output, and be of no use to anybody, but this is where the software part comes in. This specific attack relies on the Fixed-Window Exponentiation (FWE) algorithm being employed. I will not detail the algorithm, those curious can look it up in the paper (link give above) and read up further if they so choose.

The basic operation in RSA is a single exponentiation, which is the message m raised to the secret key d (in standard RSA notation), which is md, modulo an RSA modulus N. Suffice to say, these calculations are not easy to perform on a chip and can be VERY SLOW. So there are several clever algorithms there that do these computations in an acceptable time, such as the FWE. it basically split the binary representation of d into "windows" and performs the calculations on that window and then moves on.

What the attack does, is induce a bit-error in the calculation, by send a small transient pulse, as described above. This generates a "broken" signature s', which the receiver will reject as incorrect. The attacker then gets broken signatures and based on some complex math, can start to extract single bits of the key. As the attacker learns more and more bits, it becomes easier to calculate the rest. I will at this point admit that even I am at a loss as to exactly how this works (mainly due to not having enough time to fully study the attack).

Although most people would think that this is just a theoretical result, but they did present the results of an experiment as well. They set up a system using an FPGA board running a SPARC-based Linux system. They managed to recover the key in 104 hours, which just over 4 days. It must be noted that this was achieved using 81 machines running a distributed algorithm, giving an estimated 1 year on a single system. Although, one must realise that most attackers would have control of several computers on which to run their algorithm, thus making the distributed system attack plausible.

So you make think "Why do I care about this RSA cryptography stuff?" Well simple, this is the basic scheme that is used in a hybrid key exchange as described above, to establish a secure connections. So if this attack is being run against you, after you have signed ~700 key-exchange messages, the attackers now know your private key.

But then you may think "700 messages is quite a lot!" Which in all fairness, for a single user, it probably is. But lets think of large corporations who on a daily basis engage in large numbers of secured connections with their customers for financial transactions(think of any medium to large e-retailer). Now they need to send signed certificates to large numbers of users (possibly in the thousands). If you were able to run this attack against them, well that would be a problem.

I'm fairly sure you would not be able to achieve the speeds of attack presented in the paper due to certain practical considerations, but you would still be in a fairly comfortable place. Even if it took you 20days to crack any retailer's secret key, that's not that bad. Once you have their secret key, you can then impersonate them very easily. Phising sites may look real, but cannot produce authentically signed certificates, which is where people sometimes catch on. With the secret key, you can sign certificates on behalf of the retailer and convince even the most aware and conscious users that you are legitimate. "Please enter your card details" and fraud ensues.

But now we look at the slightly less scary point of view: it's still fairly hard. It depends on a software/hardware combination. It is no trivial task to determine if a certain site's servers use that combination. Even if one were in possesion of such information, reliably accessing the communications channels and performing this attack would be another Herculean task. Furthermore, to remain in the spirit of this attack, one must do all of this UNDETECTED, which is easier said than done.

So, although this could be a major problem for some people, there is a simple solution: change the software. This removes half the vulnerability, and may be enough to completely invalidate this attack. Of course, you could also change all your hardware, but this more costly and a tad more difficult. There could be issues of your new hardware not working well with your old hardware, amongst other things.

But as I always say, they're two sides to the security coin; there is also the issue that it takes them 100 hours to recover a 1024-bit secret key, if you use a larger key (2048-bits or for really secure things 4096-bit) the complexity of the attack, and thus the time required, greatly increases. Also certain keys can be revoked, albeit with some difficulties. (the key revocation problem in itself entails at least at 2hour lecture, so let's no go there.) Key compromise is not the end of the world, it may cost you some reputation and issues with repaying your customers, but it may not kill you.

Tuesday, 9 March 2010

Bloggers!

cf. my post on the 24th of feb, mainly the part about bloggers. Now somebody important actually reads this and decided to capture this phenomenon in a TV series . Well truly the sarcasm was that they got the idea from my blog. However this weeks epsiode of House MD dealt with this issue, albeit wrapped in the usual medical drama. Highly recommend this episode, and the show in general.

Friday, 5 March 2010

Slight edit on Chip-and-Pin

cf. my post on 25th Feb, there is a small correction. It adherently is possible to fool online terminals, however the point still remains that you can not fool the bank verifying the PIN

Saturday, 27 February 2010

The Nobel Peace Prize, quickly turning into a joke.

(Straight off the bat, the security based stuff will not be covered. There's just way too much and it would deviate from the point.)

I sincerely hope that all of you are familiar with the Nobel Prize, more specifically the Nobel Peace Prize. This is awarded annually to the person(s) who have, to quote Alfred Nobel's final Will & Testament, "who shall have done the most or the best work for fraternity among nations, for the abolition or reduction of standing armies and for the holding and promotion of peace congresses."

So, as we have seen in history there have been some very deserving candidates, such as the International Committee of the Red Cross, President Woodrow Wilson, UNHCR, Mother Theresa, Archbishop Desmond Tutu, Kofi Annan and so on. It can truly be said to be the most coveted award known to man.

However recently its integrity of late has been highly questionable. Of course there is the glaring omission of Mahatma Ghandi, despite 5 nominations. The year Ghandi died, there was no prize awarded, as "there was no suitable living candidate." Of course it must be noted that there is a rule that no person may receive a Nobel Prize posthumously. This rule was bent in the case of Secretary General Dag Hammarskjöld, who was nominated while alive, but passed away before the award was given. Not to take from Secretary General Hammarskjöld's work, for he truly deserved the prize, despite his unfortunate demise prior to its award.

As we get a bit closer to home, chronologically speaking, we move to 2009. As most people will know President Barack Obama received the Nobel Peace Prize. It was awarded to him a scant 9 months after he assumed office. Now not only is that an exceptionally short period of time, but he very quickly afterwards announced INCREASES in troop numbers in Iraq/Afghanistan. I'm no expert, but that is not very peaceful, apart from being contrary to his election promises.

Now we jump forward just a shade to 2010. (Still love the fun people are having trying to say it out.) The nominations are in and they are: Russian activist Svetlana Gannushkina et al., Chinese dissident Liu Xiaobo and the Internet.

No, really, this actually happened. I know it was a while ago, but I thought I might as well throw my 2 cents into the mix.

UTTER TRIPE!

The Internet is full of nonsense, garbage, crap, trash and a variety of other things I can not bring myself to describe. Agreed there is a small percentage of it which is, as the citation goes, a tool to advance "dialogue, debate and consensus through communication" and to promote democracy. But, really? This is the equivalent of nominating an entire University for the work that 1 single academic has done.

Of course Svetlana Gannushkina is nominated with her activist group, but that is a group of individuals who share a common goal. Most of the people on the Internet really do not care about "dialogue, debate and consensus through communication." Don't believe me, then pop over to a public forum. It's really bedlam over there, with uniformed, irrational and uninhibited people arguing in the most disjoint manner possible.

Then there is the small idea that the Internet is an abstract concept. It's not a single person, nor represented by a single person and/or small enough group. The anthropormorphisation just makes me sick to the core. Of course there is also the issue of "what is the Internet?"

The term internet (notice the lower case 'i') is simply a network of networks. Glossing over the technical details, a network is several computers connected to share resources. Connect networks together and you have an internet. Now we have a special case of an internet, the Internet (notice the upper case 'I'). Yes, the terminology is horrible, but nobody saw it coming.

The 1st internets were DARPA-NET (Defence Advanced Research Projects Agency - NETwork) and JANET (Joint Academics NETwork). The use of these is obvious: military communication and sharing of academic data respectively. Somebody got the idea to make it global, and hence the World Wide Web was born.

Now herein lies the problem, there was no legislation to control this. People joined and did whatever they wanted. Hence the Internet is in the form it is known to all today.

If the Internet were to win the Peace Prize, then I would be exceptionally distressed.

Thursday, 25 February 2010

Chip-and-PIN payement System "broken"

For those of you not familiar with the concept, I will go over it quickly. The "Chip-and-Pin" or EMV(Europay, MasterCard, VISA) system is the usage of Smart Cards, which is basically a card with a tamper-resistant chip on it, for payments via Debit/Credit cards. That is the "chip" part, so now for the "PIN", which a 4-digit code, which you use to verify that you are indeed authorised to use this card. (Some people give thier card and PIN to family members, friends, etc., which is an entire discussion in itself.)

So this system is in wide use in the United Kingdom and has become a vital part of everyday life. So obvioulsy any sort of major security failure woulde be catastrophic. Professor Ross Anderson has published such an attack, or so he claims. Even Bruce Schneier thinking its a big thing

He uses what is known as a Man-In-The-Middle attack. The basic concept is that the attacker places himself between two parties who wish to communicate. He then intercepts all communications and distorts them to serve his purposes, what ever they may be.

I would advise you watch the video demonstration which was aired on BBC Two, with the accompanying article. Go on, watch it, I can wait.

So after having seen the video, I would like to tell you why this is not the end of the world:

  1. You need someone else's card. Arguably it is easy to get one, but the point is that if somebody has stolen your card, there are far worse things they can do than buy a bottle of water. There are several ways to use a card, without knowing the PIN, over the phone for example. Physical possesion of the card would allow you to use it in several circumstance without knowing the PIN.
  2. It only works in offline terminals. So you can't put it in an ATM or use it in any store where the transaction is verified online witht he bank. In that case, a cryptogram contain the PIN is sent to the bank which will then verify the PIN. You would well pressed to be able to fake that.
  3. You need a specific setup of reader, as the one used in the demo. Ofcourse one could get better at hiding the wire and the actual "performance" of the attack, but no amount of practice would allow you to hand a card with a wire on it to a merchant and not raise suspicions.
  4. The hardware and software is really non-trivial to construct. The script is in Python, which is a difficult language to master and all the harware is custom built. So really the kit is not absolutly accessible.
  5. If the card has been cancelled, this attack will not work. So again, because the attacker needs to steal your card, they only have the time between stealing the card and you reporting it stolen and cancelling your card.
So the moral of the story is: If your card is stolen, the thief can spend your money. Oh, wait, isn't that EXACTLY WHAT WE ALREADY KNEW! So now they have a smarter way of doing it, but it still depends on the attacker physically having your card.

Agreed, that this is a technical flaw and indeed a security hole, at least from a theoretical point of view. Practically speaking, this can be done on any stolen card (doing it to your own card, while possible is pointless), but there are worse things you could do. As a consumer, if my card is stolen I perosnally don't care how my money was stolen, just that i get it back. So taking a slighty pragmatic view-point, I would say that this is an issue, but nothing to lose sleep over, that is unless you have already lost your Credit/Debit Card.

iPhones

Hey, you!
Yes, you with the iPhone.
Get a real fucking phone!

Yeah not really related to security, but this is just me bored far too late at night.

Wednesday, 24 February 2010

First!

So.....yeah
Well as a general rule I am not very amused by blogs and/or bloggers (people who constantly update their blog just for the sake of updating it). However certain things make me so furious that I really just have to get it out there.

So all you people who think its cool/funny/whatever else to "first" as the first comment on anything, it's really not. Get a life