Ross Anderson paper on fraud, risk and nonbank payment systems
[Read the paper here: http://www.cl.cam.ac.uk/%7Erja14/Papers/nonbanks.pdf Very interesting stuff, but not likely new to most here.] The Federal Reserve commissioned me to research and write a paper on fraud, risk and nonbank payment systems. I found that phishing is facilitated by payment systems like eGold and Western Union which make the recovery of stolen funds more difficult. Traditional payment systems like cheques and credit card payments are revocable; cheques can bounce and credit card charges can be charged back. However some modern systems provide irrevocability without charging an appropriate risk premium, and this attracts the bad guys. (After I submitted the paper, and before it was presented on Friday, eGold was indicted.) I also became convinced that the financial market controls used to fight fraud, money laundering and terrorist finance have become unbalanced as they have been beefed up post-9/11. The modern obsession with 'identity' - of asking even poor people living in huts in Africa for an ID document and two utility bills before they can open a bank account - is not only ridiculous and often discriminatory. It's led banks and regulators to take their eye off the ball, and to replace risk reduction with due diligence. In real life, following the money is just as important as following the man. It's time for the system to be rebalanced. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Fwd: [gsc] Digital cache with extended features
[Some interesting thinking going on. Wasn't there some similar ideas presented/published at a past FC conference?] Subject: [gsc] Digital cache with extended features Date: Sun, 06 May 2007 12:57:08 +0300 From: George Hara [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] It seems that, finally, the pieces fit together, and although the design is not as good as for account based systems, it's good enough. I have been pondering for some time about digital cash, but the pieces never fit. However, with a special design, it's possible to integrate the necessary features in digital coins. Basically, it's necessary for the owner of a coin to create the coin (core), blind it and send it to the mint for signing. In the core, the user must include a hash for a coin appendix. The coin appendix includes various information, but the most important is the asymmetric public key pair of the recipient. The coin appendix is not sent to the mint so that it would not serve later to associate exchanges. However, when a coin is exchanged, the coin appendix must be sent to the mint. And since its hash is already in the signed coin, it's certain that the correct coin appendix is associated with the coin. The mint guarantees to exchange the coin only if the signature of the exchange request is verified by the key pair which is in the coin appendix. This way, the spender can be sure that only the intended recipient can later spend the coin, and also have the best thing next to a proof of payment. If an online store publishes its public key pair, then even if the store claims to never have received the coin, the spender can simply publish coin (note that only the store can spend the coin, so everyone can see the coin) and tell the store to take it. This methods provides two features in one step: proof of payment and ability of organizations to secure every coin they receive with the public identity of the organization (not of individual members). A problem of this method is that the mint can monitor how much currency a specific digital identity exchanges. Of course, the mint can't know the total amount of currency received by a digital identity because there is no need to reissue a coin, and the recipient might never exchange some coins he received. Of course, everybody can just change their asymmetric key pair, but since they need to publish it, it can still be monitored. Now, there is certainly no need to use identities for recipients, but in practice most people would do it. The coin appendix could also contain a descriptor of its inheritors. But the problem here is that the coin would have to be put in an escrow service. It's not a problem if anybody sees it, because only it's current owner can exchange it, and in the future (after a date specified in the descriptor) only its intended inheritors can exchange it. The owner has to consider that if he still lives when the coin is about to enter its inheritable time frame, he must exchange it before that time and set a new date for inheritance. The coin appendix could also include an escrow identity. The mint must then guarantee to exchange the coin only if it's accompanied by a signed certificate from the escrow service. The coin appendix could also include a recovery identity, usually that of the original owner. This way, if the recipient never uses the coin because he dies, for example, the spender can take it back after a specified date. But this means that users must reissue the coins (for themselves) they receive, before the recovery date comes. Sure, the recovery date could be a year after the payment, but that still means that there has to be a reissue. The actual implementation of this design, requires two independent parts of the coin appendix, and therefore two hashes: * One part which contains the identity of the owner of the coin. This part is sent to the mint when the owner spends the coin. * One part which contains the identities of the inheritors of the coin. This part is sent to the mint when an inheritor reissues the coin. This way, inheritors are visible to the mint only when they actually inherit. All nice and cozy, but this design means that each transaction would take on average 1 to 2 seconds for the mint, plus about 8 times more traffic than for account based systems. (This considers that coin denominations are power of 2, so as to minimize the number of coins from each transaction.) One thing I am still unable to solve is how to hide coins. With account based systems it is simple: each visible account from the identity manager application had, automatically created, a hidden account (well, rather data which looked random to anyone without the right passphrase). I still have to think about these things to see if it's a path worth pursuing. (http://www.gardenerofthoughts.org/ideas/axiomaticid/digitalcache.htm) - The Cryptography Mailing List
Re: Was a mistake made in the design of AACS?
At 07:50 AM 5/4/2007, Nicolas Williams wrote: On Thu, May 03, 2007 at 10:25:34AM -0700, Steve Schear wrote: At 03:52 PM 5/2/2007, Ian G wrote: This seems to assume that when a crack is announced, all revenue stops. This would appear to be false. When cracks are announced in such systems, normally revenues aren't strongly effected. C.f. DVDs. Agreed. But there is an incremental effect. In the same way many people now copy DVDs they have rented many will gain access to HD content made Wait, are you saying that people copy rented DVDs onto DVD media? Or that they _extract_ the content? There's a big difference: there's no need to crack the DVD DRM system to do the former, but there is for the latter. I guess I wasn't clear. Unlike ripping and copying DVD's bit-for-bit, content ripped from H-DVDs and BluRay discs are first distributed as simply unencrypted copies. Watching this content means you will probably do so from your PC (e.g., using a curent version of Power DVD) as burning a bit-for-bit HD DVD/BluRay is either not available or economically practical. Later, HD videophiles re-encode the content using the same advanced coders (i.e., H./X/264 andVC1) so at least the feature movie can be stored on a dual layer DVD. Despite the smaller data size of the DVD (about 8.5 GB) vs. HD media (20+ GB) the quality of playback is impressive, good enough for all but the most discerning Home Theater buff. Well, there's an idea: use different physical media formats for entertainment and non-entertainment content (meaning, content created by MPAA members vs. not) and don't sell writable media nor devices capable of writing it for the former, not to the public, keeping very tight controls on the specs and supplies. Authoring DVDs are available for people wishing to master protected content. These, unlike the consumer variety, allows the CSS to be present. Special burners, never very popular with consumers, even video philes, are required. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: AACS and Processing Key
At 11:32 AM 5/2/2007, Perry E. Metzger wrote: Anyone very familiar with AACS have ideas on what optimal attack and defense strategies are? This seems like a fertile new ground for technical discussion. Ed Felton wrote and excellent piece on AACS from the technical and economic/tactical standpoint. This link is to the part that addresses your particular question: http://www.freedom-to-tinker.com/?p=1107 Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Was a mistake made in the design of AACS?
At 03:52 PM 5/2/2007, Ian G wrote: Hal Finney wrote: Perry Metzger writes: Once the release window has passed, the attacker will use the compromise aggressively and the authority will then blacklist the compromised player, which essentially starts the game over. The studio collects revenue during the release window, and sometimes beyond the release window when the attacker gets unlucky and takes a long time to find another compromise. This seems to assume that when a crack is announced, all revenue stops. This would appear to be false. When cracks are announced in such systems, normally revenues aren't strongly effected. C.f. DVDs. Agreed. But there is an incremental effect. In the same way many people now copy DVDs they have rented many will gain access to HD content made available by those more technically sophisticated. There a number of Bit Torrent trackers which focus on HD content. All current released HD-DVD/BluRay movies are available for download. For those with higher-performance PCs for playback, broadband connections and who know how to burn a single- or dual layer DVD, the content is there for the talking. A new generation of HD media players (initially from offshore consumer electronics and networking companies, for example, Cisco/LinkSys) are poised to enter the market. These appliances will allow playback of all the common HD encoded media, including those ripped from the commercial HD discs. This will place the content from pirates and P2P community in the hands of the less sophisticated Home Theater consumer. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Governance of anonymous financial services
At 12:15 PM 3/30/2007, Hal Finney wrote: If the backing is distributed among a multitude of holders (e.g., in a fashion similar to how Lloyds backs their insurance empire), who's identities are kept secret until audit time and then only a few, randomly selected, names and claimed deposit amounts are revealed to the auditors, might this statistical sampling and the totals projected from the results be a reasonable replacement for 'full asset' audit? To protect the identities of the holders could a complete list of the hashes of each name and claimed deposit be revealed to the auditors, who then select M of N hashes whereupon the operator reveals only those identities and claimed deposits work cryptographically? One problem is the holders could collude and play a shell game. Suppose that 30% of the holders were going to be asked to reveal their assets, then the company could back only 30% of the currency, and redistribute the assets to the selected holders before the auditors come. How about this method? 1.) Auditors meet at a defined place and time. 2.) Courier arrives and presents a fraction N of M of the backing, once at a time, to the auditors 3.) Auditors verify the fraction, account for it and enclose it in a container with a unique hard to forge seal 4.) Courier leaves 5.) Step 2-4 are repeated until the total of M has been presented to the auditors 6.) In the second round, the auditors request the same fractions N of M again. Not all N have to be presented, but can be 7.) One after another the couriers with the respective fractions present them again to the auditors 8.) The auditors verify the seals, and remove them 9.) The couriers leave There are two disadvantages to the process: 1.) It takes quite some time. 2.) It is expensive The advantages are: 1.) It is secure for the auditors and the operators 2.) It presents the full backing Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Governance of anonymous financial services
At 08:23 PM 3/29/2007, Allen wrote: Steve, I assume that you mean the owner of the on-line financial service when you say operator, correct? In which case what exactly are the auditors going to be looking at when comes time to audit but the operator's identity, whereabouts, the servers and a portion of the assets are undisclosed? As we have seen in the prosecutions of large corporation officers knowing their identity is no guarantee that stakeholders will not be defrauded. Can you explain why knowing the server whereabouts is required? Certainly there are cryptographically sound ways (e.g., time stamps from independent and trusted sources, hash chaining, etc.) that anon DBC mints can provide transaction logs that can be publicly examined and verified without ever touching the server. In a basic sense auditing is to see if the reality behind the books matches the books. That the number of sheaves of wheat you have in the warehouse match the number you have in the office. If you can not locate the reality what are you verifying? The scenario described and method I proposed I think do address the identification of assets. I maintain that random sampling can, when properly carried out, provide a mathematically sound confidence of the total size of assets. I think, rather than governance, this goes to the heart of trust in relationships. Governance to me is more the process of verifying that the trust is not misplaced and that audits are simply one way, but only one of many ways, of quantifying the level of trust one can have in the relationship. Agreed. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: private credential/ecash thread on slashdot (Re: announce: credlib library with brands and chaum credentials)
At 04:40 PM 2/20/2007, Adam Back wrote: There is quite some underinformed speculation as critique on the thread... Its interesting to see people who probably understand SSL, SMIME and stuff at least at a power user if not programmer level, try to make logical leaps about what must be wrong or limited about unlinkable credential schemes. Shows the challenges faced in deploying this stuff. Cant deploy what people dont understand! I certainly relate with that. Much of what is widely deployed fits that category with me. But then, look at how successful fiat money, paper money, is. That is certainly not understood by most, but it does not have the problem of lack of deployment. So maybe trust and understanding are not related with each other and we need to understand this point better. In actuality, most stuff is not understood. Who understands how their cars work, or their airplane rides across the country, or their computers, banks, medical systems and on and on? I say Adam has a good point, but maybe it's the wrong one. :) Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
New digital bearer cash site launched
With the expiration of Chaum's key patents it was assumed that someone would step up an try their hand at launching a DBC-based financial service. Some time has passed and I'm happy to announce that this has finally happened. Taking a cue from the lively Digital Gold Currencies, eCache's first denomination if gold backed. Unlike Digicash's instruments, eCache is using a mixing technique, rather than blinding, to help preserve unlinkability. Its mint is located on a hidden server in TOR-land. More information at: https://ffij33ewbnoeqnup.onion.meshmx.com/doc.php Comments are invited about the technology and governance aspects that such financial services invoke. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
At 03:57 PM 1/18/2007, Saqib Ali wrote: When is the last time you checked the code for the open source app that you use, to make sure that it is written properly? When is the last time you carefully checked the code for a closed source app that you use? (Besides the one you mentioned to start this thread) Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Real-world password guessing
http://dilbert.com/comics/dilbert/archive/dilbert-20070117.html http://dilbert.com/comics/dilbert/archive/dilbert-20070118.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote: Disk encryption, in general, is useful when the enemy has physical access to the disk. Laptops -- the case you describe on your page -- do fit that category; I have no quarrel with disk encryption for them. It's more dubious for desktops and *much* more dubious for servers. As governments widen their definitions of just who is a potential threat it makes increasing sense for citizens engaged in previous innocuous activities (especially political and financial privacy) to protect their data from being useful if seized. This goes double for those operating privacy-oriented services and their servers. As an example, when TOR servers were recently seized in German raids (with the implication that they were being used as conduits for child porn) the police knew enough to only take the hot-swap drives (which were encrypted and therefore paper weights after removal) if only for show. The main loss to the operators was repair to the cage locks. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
SC-based link encryption
I haven't been following the smartcard scene for a while. I'm looking to create a low-cost and portable link encryptor, with D-H or similar key exchange, for lower 100kbps data speeds. Is this possible? Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: cellphones as room bugs
At 07:21 AM 12/2/2006, Perry E. Metzger wrote: Quoting: The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. The technique is called a roving bug, and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. This technique was pioneered by some criminals (drug, I think) that would 'forget' their cell phones in police cars to they could listen in on them. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: cellphones as room bugs
At 07:21 AM 12/2/2006, Perry E. Metzger wrote: Quoting: The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. BTW, its easy to thwart this, even without removing the battery as recommended: just place a shorted jack into the phone's mic/headset plug. These plug's use an physical-electrical contact switching method to shunt the audio so the software AFAIK can route around it. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: fyi: On-card displays
At 02:45 PM 9/20/2006, [EMAIL PROTECTED] wrote: Via Bruce Schneier's blog, flexible displays that can sit on smartcards. So we finally have an output mechanism that means you don't have to trust smartcard terminal displays: http://www.cr80news.com/library/2006/09/16/on-card-displays-become-reality-maki ng-cards-more-secure/ I have a Mondex card from years ago that used a separate reader with LCD. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA knows who you've called.
At 08:05 AM 5/11/2006, Perry E. Metzger wrote: Let me again remind people that if you do not inform your elected representatives of your displeasure with this sort of thing, eventually you will not be in a position to inform them of your displeasure with this sort of thing. I think begging elected representatives to acknowledge your rights is generally a waste of time, especially when there is powerful or ingrained opposition. The Civil Rights movement got nowhere until there was massive civil disobedience. Widespread deployment of generic and otherwise acceptable technologies that can be re-targeted for end-user controlled privacy (not what governments would like to see, which is privacy mediated by corporations, licensed professionals or other regulated entities they can easily pressure) and/or insistence of powerful and wealthy individuals that they have the privacy they deserve and get it in such a way as its easily unavailable to the average citizen. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Black Hole Encryption
What happens to the quantum information ingested by a black hole? In 1997, Thorne and Hawking argued that information swallowed by a black hole is forever hidden, despite the fact that these dense objects do emit a peculiar kind of radiation and eventually evaporate. Preskill countered that for quantum mechanics to remain valid, the theory mandates that the information has to be released from the evaporating black hole in some fashion. Although Hawking conceded in 2004, the disagreement between Preskill and Thorne still stands. Smolin and Oppenheim now find that one of the main assertions made about black holes may be flawed. It is often assumed that as the black hole evaporates, all of the information gets stored in the remnant until the very end, at which point the information is either released or else disappears forever. Instead, Smolin and Oppenheim suggest that the information is distributed among the quanta thatescape during evaporation, but is encrypted and thus effectively locked away. The catch is that it can only be accessed with the help of the quanta released when the black hole disappears, in much the same way as a cryptographic key unlocks a coded message. The result offers a link between general relativity and quantum cryptography. DV Phys. Rev. Lett. 96, 081302 (2006). - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cryptography Expert Paul Kocher Warns: Future DVDs Prime Target for Piracy, Pay TV Foreshadows Challenges
At 10:40 AM 4/20/2004, R. A. Hettinga wrote: While it's unfortunate that security on the current DVD format is broken and can't be reprogrammed, HD is what really matters. Once studios release high-definition content, there will be little or no distinction between studio-quality and consumer-quality, said Kocher. This means that HD is probably Hollywood's one and only chance to get security right. The major problem facing Hollywood in protecting their HD content is that it runs smack up against an installed base of millions of HDTVs with only ACV (analog component video), including mine. These consumers were promised by the FCC that they would not be left to twist in the wind when newer set-top-box to TV connections evolved and it does not appear technically practical to retrofit these sets to accommodate encrypted DVI or Firewire inputs. The FCC has already stated they do not support broadcast flags for pay content and unless they back-peddle on this Hollywood appears to have only three other options: restrict the availability of HD content to cable broadcasters, prevent the sale of devices that can capture HD quality content from ACV, or insist that the resolution of ACV signals be degraded when copy restricted content is being broadcast. The first will bring great howls from existing HDTV owners with only ACV. The second is probably impractical since illegal devices (little more than 3-channel A-D converters on a PCI card) are sure to be produced and only a small number in the hands of skilled movie releasing groups are required to widely disseminate their content via the Internet. The third option is also sure to bring major complaints from existing set owners. steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Microsoft publicly announces Penny Black PoW postage project
http://news.bbc.co.uk/2/hi/technology/3324883.stm Adam Back is part of this team, I think. Similar approach to Camram/hahscash. Memory-based approaches have been discussed. Why hasn't Camram explored them? steve BTW, Penny Black stamp was only used briefly. It was the Penny Red which was used for decades. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: 'Smart stamps' next in war on terrorism
The postal notice itself says this is the first step to identify all senders, so this is not a matter of paranoia, this is reality. The post office is moving towards identification requirements for everyone, said Chris Hoofnagle, associate director of the Electronic Privacy Information Center. Mr. Hoofnagle scoffed at the notion identification could prevent crimes such as the anthrax attacks on members of Congress and news media two years ago. Anyone resourceful enough to obtain anthrax can get a stamp without going through the new channels, Mr. Hoofnagle said. A Treasury Department report from the Mailing Industry Task Force also recommended that the industry promote development of the 'intelligent' mail piece by collaborating with the Postal Service to implement standards and systems to make every mail piece - including packages - unique and trackable. What happens if I buy stamps and you need one, is it legal for me to give it to you? Mr. Hoofnagle said. If this foolishness is implemented I'm sure stamp exchanges will become routine at many public and private meetings. Such exchanges could become a good business opportunity. Ari Schwartz, associate director for the Center for Democracy and Technology, said intelligent mail can play an important role and improve the mail system. However, privacy issues must be seriously addressed, and moving forward with the rules on bulk mail could alleviate some concerns, he said. There is a right to anonymity in the mail. If you look back in the history of this country, the mail has played an important role in free expression and political speech and anonymous mail has provided that, Mr. Schwartz said. As others have mentioned, the Supreme Court has ruled that anonymous correspondence is supported under freedom of political speech. The USPS is a quasi-governmental organization with exclusive legal rights to transport and deliver first-class mail to our mail boxes. Exactly the kind of mail, which if anonymous could be protected speech. It seems fair to me that if the USPS wanted to foreclose on our ability to use anonymous first-class mail then they should be willing to give up the exclusivity of their first-class mail franchise, so competitors who will offer this can deliver to postal mail boxes. steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Software protection scheme may boost new game sales
Companies are using a new software protection system, called Fade, to protect their intellectual property from software thieves. Fade is being introduced by Macrovision, which specializes in digital rights management, and the British games developer Codemasters. What the program does is make unauthorized copies of games slowly degrade, by exploiting the systems for error correction that computers use to cope with CD-ROMs or DVDs that have become scratched. Software protected by Fade contains fragments of subversive code designed to seem like scratches, which are then arranged on the disc in a pattern that will be used to prevent copying. Bruce Everiss of Codemasters says, The beauty of this is that the degrading copy becomes a sales promotion tool. People go out and buy an original version. (New Scientist 10 Oct 2003) http://www.newscientist.com/news/news.jsp?id=ns4248 steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Freenet fork appears likely (was Re: Gmane -- Re: Why is Freenet so sick at the moment?)
On Sat, Oct 04, 2003 at 11:31:36PM -0700, Ian Clarke spake thusly: I have never ever characterized Freenet as being anything other than in development. If you don't like the fact that Freenet is taking so-long to perfect, then either help, or use Earth Station 5 - I hear its great. You never said anything to this effect when people started putting things in the network that could get them sent to prison so it was rather implicit. And now after finding that fred is unable to open /dev/random on my system due to what appears to be a bug (opening for write instead of read) I am now worried about the security of the encryption due to lack of entropy. I'm glad I don't use freenet for anything illegal/unpopular but I'm quite worried for those who do. On IIRC a new channel #fredisdead has been receiving quite a bit of interest (along with discussions on #anonymous and #freenet). It appears that a small group of developers, fed up with the recent spate of Freent problems has decided to take a step back, to release 692 and have started a revolt. http://mids.student.utwente.nl/~mids/freenet/fid.html steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Code breakers crack GSM cellphone encryption
At 02:37 AM 9/9/2003 +1000, Greg Rose wrote: At 05:18 PM 9/7/2003 -0700, David Honig wrote: A copy of the research was sent to GSM authorities in order to correct the problem, and the method is being patented so that in future it can be used by the law enforcement agencies. Laughing my ass off. Since when do governments care about patents? How would this help/harm them from exploiting it? Not that high-end LEOs haven't already had this capacity ---Biham et al are only the first *open* researchers to reveal this. Actually, patenting the method isn't nearly as silly as it sounds. Produced in quantity, a device to break GSM using this attack is not going to cost much more than a cellphone (without subsidies). Patenting the attack prevents the production of the radio shack (tm) gsm scanner, so that it at least requires serious attackers, not idle retirees or jealous teenagers. Not if they can type GNURadio into Google. steve A foolish Constitutional inconsistency is the hobgoblin of freedom, adored by judges and demagogue statesmen. - Steve Schear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Code breakers crack GSM cellphone encryption
At 05:04 PM 9/8/2003 -0400, Trei, Peter wrote: David Honig[SMTP:[EMAIL PROTECTED] wrote: At 02:37 AM 9/9/03 +1000, Greg Rose wrote: much more than a cellphone (without subsidies). Patenting the attack prevents the production of the radio shack (tm) gsm scanner, so that it at least requires serious attackers, not idle retirees or jealous teenagers. Why the heck would a government agency have to break the GSM encryption at all? The encryption is only on the airlink, and all GSM calls travel through the POTS land line system in the clear, where they are subject to warranted wiretaps. Breaking GSM is only of useful if you have no access to the landline portion of the system. LE agencies have been known to eavesdrop on cellular communications over the air when a wiretap might cause trouble later. They are also thought to possess cellular spoofing equipment so targeted subscriber instruments can be captured by mobile rouge cell sites for fun stuff (I seem to recall Harris Communications made these). steve A foolish Constitutional inconsistency is the hobgoblin of freedom, adored by judges and demagogue statesmen. - Steve Schear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: traffix analysis
At 09:17 PM 8/27/2003 -0500, Anonymous wrote: It will often be possible to also trace the communication channel back through the crowd, by inserting delays onto chosen links and observing which ones correlate with delays in the data observed at the endpoint. This way it is not necessary to monitor all subscribers to the crowd, but rather individual traffic flows can be traced. Using random throwaway WiFi neighborhood hotspots can blunt this type of attack. Even if they trace the link back to the consumer who lent his bandwidth it may provide scant information. steve Experience teaches us to be most on our guard to protect liberty when the government's purpose is beneficent. Men born to freedom are naturally alert to repel invasion of their liberty by evil-minded rulers. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -Louis Dembitz Brandeis, lawyer, judge, and writer (1856-1941) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Grey-World
An excellent site for those interested in tunneling, covert channels, network related steganographic methods developments. http://gray-world.net/ There is no protection or safety in anticipatory servility. Craig Spencer - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
New toy: SSLbar
It's a toolbar for Mozilla (and related web browsers) that automatically displays the SHA1 or MD5 fingerprint of the SSL certificate when you visit an SSL secured web site. You could of course click the little padlock icon and dig through a couple of dialogs to see it, but it's much easier when it's right there in front of you on the toolbar. So, what's the point? If you look at the fingerprint of an SSL certificate, and compare this against a fingerprint that you obtain from the site's owner via another channel (IIP, email, PGP-signed web page, etc.) you can be absolutely certain that the certificate is legitimate, and that you are exchanging encrypted data with the persons(s) you intended to. A more engaging description of the above - as well as SSLbar itself - can be found at https://194.109.142.142:1984/redirect.php?url=http%3A%2F%2Fsslbar.metropipe.nethttp://sslbar.metropipe.net Enjoy. A Jobless Recovery is like a Breadless Sandwich. -- Steve Schear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Session Fixation Vulnerability in Web Based Apps
http://www.acros.si/papers/session_fixation.pdf A Jobless Recovery is like a Breadless Sandwich. -- Steve Schear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]