Re: Obama administration revives Draconian communications intercept plans
On Tue, Sep 28, 2010 at 1:47 AM, Florian Weimer f...@deneb.enyo.de wrote: Isn't this just a clarification of existing CALEA practice? In most jurisdictions, if a communications services provider is served an order to make available communications, it is required by law to provide it in the clear. Anything else doesn't make sense, does it? Service providers generally acknowledge this (including Research In Motion, so I don't get why they are singled out in the article). Florian, The article seems to be saying that this would prohibit service providers from building strong end to end encryption onto their service offerings, where they do not possess the key themselves. There are only a handful of services that currently have offerings that fit this description, because it generally requires that clients at both end points are both made by the provider. It does not appear that this would affect crypto offerings by other technology companies who do not provide communications services. Of course, the text of any forthcoming bill is not yet known, and in any case I am not a lawyer. Neither is Chris Soghoian, but he makes an interesting point about CALEA: http://paranoia.dubfire.net/2010/09/calea-and-encryption.html Ken - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: road toll transponder hacked
On Tue, Aug 26, 2008 at 9:24 AM, Perry E. Metzger [EMAIL PROTECTED] wrote: Despite previous reassurances about the security of the system, Nate Lawson of Root Labs claims that the unique identity numbers used to identify the FasTrak wireless transponders carried in cars can be copied or overwritten with relative ease. Nate hasn't disclosed details of the code that wirelessly overwrites a transponder's ID. The temptation would be too great for many to copy an annoying neighbour's transponder ID, and then drive through a busy mall parking lot cloning it onto every transponder in proximity. As mentioned in the article, the vendors have claimed it was read-only, even though it uses flash memory (I guess technically they could cut the write line in manufacturing, but realistically that was highly unlikely even before Nate did this work). I would speculate that they just looked at the high level design, which didn't contain any specifications for features to write to memory, and decided that meant 'read-only'. In the meantime, the implementers don't see any harm in adding a few extra features *beyond* what is in the design (viz.: the overwrite code) especially where that might be useful for testing and diagnostics. As an aside: Isn't it noteworthy how much less press this has gotten than the Boston subway hacks, even though it is (IMO) of much greater severity? There might be a lesson there for the Massachussetts Bay Transit Authority. Ken - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: road toll transponder hacked
On Tue, Aug 26, 2008 at 11:56 AM, Dustin D. Trammell [EMAIL PROTECTED] wrote: This is the same for the state-wide Texas tag, TxTag[1]. If your tag doesn't register, or you disable or remove it, the toll system can still accurately bill you based on your license plate and vehicle registration. If you're not in the TxTag system at all, they simply mail you a bill. I think this is a bit different than what Michael Heyman said. TxTag, IIRC, was implemented by the same company (Raytheon) that implemented the 407 ETR toll system in Toronto. In the case of the 407, there is no image recognition done if the car has a valid transponder. Only in the case of a missing or invalid transponder is the plate imagery used. Supposedly the OCR has a high enough error rate that there is still manual verification of plates before sending a bill, and accordingly a $3.60 additional charge is applied per trip. If the images are used even when the vehicle has a valid transponder -- as Michael Heyman suggests is happening with E-ZPass -- then it might be feasible to have back end defenses against cloning, though not without inconvenience to customers who borrow cars, buy new cars, or rent cars while their own is getting serviced. Also as Matt Blaze pointed out this makes the transponder wholly redundant. Ken - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: wrt Cold Boot Attacks on Disk Encryption
A lot of people seem to agree with what Declan McCullagh writes here: It's going to make us rethink how we handle laptops in sleep mode and servers that use encrypted filesystems (a mail server, for instance). What I'd like to know is why people weren't already rethinking this when people like Maximillian Dornseif (http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf) and later Adam Boileau (http://www.security-assessment.com/files/presentations/ab_firewire_rux2k6-final.pdf) showed you can read arbitrary RAM from a machine just by plugging into a FireWire port, due to lack of security considerations in the IEEE 1394 standard? Adam Boileau demonstrated finding passwords, but of course we already know that it's easy to locate cryptographic keys in large volumes of data (Shamir, van Someren: http://citeseer.ist.psu.edu/265947.html). Reading cold DRAM may have some applications on its own -- if only because of the large number of devices that it effects -- but as far as walking up to a locked machine/hibernated laptop/whatever and stealing its RAM contents, the game may have been up some time ago. - Ken - - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How the Greek cellphone network was tapped.
On 7/9/07, alan [EMAIL PROTECTED] wrote: Makes me wonder how this will effect the OpenMoko phone if someone builds an encryption layer for it. (OpenMoko is a totally open sourced phone.) Leigh Honeywell and Paul Wouters presented a 'crypto-phone' effort they have been working on at CCC in Germany last December. They later presented an update at a meeting in Toronto: http://www.task.to/events/presentations/securephone-task.pdf They are building on OpenMoko and the Neo1973 phone (http://wiki.openmoko.org/wiki/Neo1973), because it is the only phone they could find that allows OS modifications without breaking code signing. As I understand it, it's not true end-to-end. It makes a 'VPN' connection to an Asterisk PBX that you have configured somewhere in the world, presumably on a phone network trusted more than the wireless one you are currently on. If the PBX has to route the call back into public infrastructure to the other endpoint, then there is cleartext exposure again. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: encrypted tapes (was Re: Papers about Algorithm hiding ?)
Steven M. Bellovin wrote: The bigger issue, though, is more subtle: keeping track of the keys is non-trivial. These need to be backed up, too, and kept separate from (but synchronized with) the tapes. Worse yet, they need to be kept secure. That may mean storing the keys with a different escrow company. A loss of either piece,the tape or the key, renders the backup useless. This is correct. It is not that nobody ever thought of encrypting tapes, it is that there has been no uptake on the idea because the management overhead costs outweighed the perceived benefit. The big vendors didn't bother offering it because they didn't think they could make money, and the start-ups who have been trying to fill the gap found the market to be small. Now it is becoming clear that the perceived benefit has been underestimated. There are a number of small companies making products that can encrypt data in a storage infrastructure, including tape backups (full disclosure: I work for one of those companies). The solutions all involve appliances priced in the tens of thousands. The costs come not from encryption (how much does an FPGA cost these days?), but from solving the problems you listed, plus some others you didn't. Now that the benefit of storage encryption is clearer, tape vendors (StorageTek, HP, IBM, etc) are almost certainly looking at adding encryption capability into their offerings. There is an IEEE working group developing interoperability standards for storage encryption, including tape: http://www.siswg.org And in case anyone is really interested in this subject, Networking Computing magazine did a round-up of all the storage infrastructure security solutions currently on the market: http://www.networkcomputing.com/showitem.jhtml?docid=1607f2 Ken - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]