RE: How the Greek cellphone network was tapped.
2. E2E crypto on mobiles would require cross-vendor support, which would mean that it would have to go into the standard. Unfortunately, standards in the mobile world are heavily influenced by governmnets, and the four horsemen of the apocalypse (drug dealers, paedophiles, spies, and terrorists) are still being used by government types to nix any attempts at crypto they can't break or intercept. Handset suppliers are traditionally uncomfortable with licensing fees for non-core function. This is why, for example, memory card support has been needed for so long, but is a relatively recent phenomenon. The suppliers didn't want to pay licensing fees to the card standards bodies, despite the massively increased data storage needs which were coincident with the addition of camera functionality to phones. Crypto has been an IP minefield for some years. With the expiry of certain patents, and the availability of other unencumbered crypto primitives (eg. AES), we may see this change. But John's other points are well made, and still valid. Downloadable MP3 ring tones are a selling point. E2E security isn't (although I've got to wonder about certain teenage demographics... :) And don't forget, some of the biggest markets are still crypto-phobic. Every time I enter China I have to tick a box on the entry form indicating that I am not carrying any communications security equipment. When my GSM mobile roams onto China Telecom, the unlocked paddlock logo appears denoting that even A5/2 isn't allowed. Yet China has mandated full cellphone coverage, even in rural areas, and for companies like Motorola and Nokia, it's a must-own marketplace. Features which may worry the often inconsistent and capricious State Encryption Management Committee (SEMC), who can block the entry of your product into China, is going to be pruned from the product list pretty damn quickly. Ian. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How the Greek cellphone network was tapped.
On Mon, 9 Jul 2007 17:52:38 +1000 Ian Farquhar \(ifarquha\) [EMAIL PROTECTED] wrote: And don't forget, some of the biggest markets are still crypto-phobic. Every time I enter China I have to tick a box on the entry form indicating that I am not carrying any communications security equipment. That's interesting -- the news just came out about Blackberry entering the Chinese market... See http://www.technewsworld.com/story/58167.html which (briefly) discusses such issues. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: a fraud is a sale, Re: The bank fraud blame game
re: http://www.garlic.com/~lynn/aadsm27.htm#39 a fraud is a sale, Re: The bank fraud blame game http://www.garlic.com/~lynn/aadsm27.htm#40 a fraud is a sale, Re: The bank fraud blame game recent item with the other side of the issue (as opposed to being able to profit when merchants have fraud) Data Security Advanced by New Aleratec Multi-purpose DVD/CD Shredder http://www.emedialive.com/Articles/ReadArticle.aspx?ArticleID=12940 from above: Identity Theft and Fraud cost business $600 billion a year, according to the Association of Certified Fraud Examiners. .. snip ... post from earlier this spring about series of articles essentially appearing simultaneously: http://www.garlic.com/~lynn/2007e.html#58 Securing financial transactions a high priority for 2007 ID fraud down, except credit cards http://www.pcadvisor.co.uk/news/index.cfm?newsid=8280 Survey: ID fraud in U.S. falls by $6.4B http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9010082aintsrc=hm_list Survey Indicates ID Theft May Be Diminishing http://yro.slashdot.org/yro/07/02/01/2127224.shtml Study: ID fraud in decline http://www.securityfocus.com/brief/423 US ID theft losses decline http://www.astalavista.com/?section=newscmd=detailsnewsid=3376 US ID theft losses decline http://www.theregister.com/2007/02/05/us_id_fraud_survey/ and ID Theft Is Exploding In The U.S. ttp://www.informationweek.com/news/showArticle.jhtml?articleID=197800774 ID fraud soaring across the pond http://www.silicon.com/financialservices/0,3800010322,39166236,00.htm - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: FIPS 140-2, PRNGs, and entropy sources
On 7/8/07, Joshua Hill [EMAIL PROTECTED] wrote: On Sat, Jul 07, 2007 at 10:53:17PM -0600, Darren Lasko wrote: 1) Can a product obtain FIPS 140-2 certification if it implements a PRNG from NIST SP 800-90 (and therefore is not listed in FIPS 140-2 Annex C)? If not, will Annex C be updated to include the PRNGs from SP 800-90? The PRNGs in SP800-90 are listed in the current Annex C (see item #6 on page 4; this occurred in January of this year). http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexc.pdf Hey, look at that! I guess I should have downloaded the latest version before posting my question... I was looking at a revision I downloaded back in November. Sorry for the superfluous question. There is no algorithm testing for the SP800-90 RNGs yet, but they are allowed for use in the approved mode of operation because of IG 1.10 (http://csrc.nist.gov/cryptval/140-1/FIPS1402IG.pdf). You'll also want to read IG 1.12, which directly pertains to the testing that is required to test the vendor's assertion that they have a compliant SP80-90 RNG. Thank you, that's very good information. 2) Does FIPS 140-2 have any requirements regarding the quality of the entropy source that is used for seeding a PRNG? Yes. The requirement imposed by FIPS 140-2 (http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) are in section 4.7.2: Compromising the security of the key generation method (e.g., guessing the seed value to initialize the deterministic RNG) shall require as least as many operations as determining the value of the generated key. (which would apply to any RNG output that became a key) and in section 4.7.3: Compromising the security of the key establishment method (e.g., compromising the security of the algorithm used for key establishment) shall require at least as many operations as determining the value of the cryptographic key being transported or agreed upon. (which would apply to any RNG output that is used in a security relevant way in a key establishment scheme) Again, good information. However, it seems pretty nebulous about how they expect you to measure the number of operations required to compromise the security of the key generation method. Do you know what kind of documentation the labs require? SP 800-90, Appendix C.3, states that the min-entropy method shall be used for estimating entropy, but this method only uses the probabilities assigned to each possible sample value. I'm guessing that measuring ONLY the probabilities associated with each sample is insufficient for assessing your entropy source. For example, if I obtain 1 bit per sample and I measure 50% 0's and 50% 1's, I have full entropy by that measure, even if my entropy source always produces 1010101010101010. Is the NIST Statistical Test Suite sufficient for evaluating your entropy source, and will the certification labs accept results from the STS as an assessment of the entropy source? Thanks and best regards, Darren Lasko - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How the Greek cellphone network was tapped.
* Ian Farquhar: Crypto has been an IP minefield for some years. With the expiry of certain patents, and the availability of other unencumbered crypto primitives (eg. AES), we may see this change. But John's other points are well made, and still valid. Downloadable MP3 ring tones are a selling point. E2E security isn't (although I've got to wonder about certain teenage demographics... :) It's also an open question whether network operators subject to interception requirements can legally offer built-in E2E encryption capabilities without backdoors. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
