Sorry for the long delay in responding, I was traveling out of "radio range" this week.
At 06:23 PM 1/4/2008 -0500, Leichter, Jerry wrote:
| > | ...Also, I hate to say this, we may need to also require that all | > | encrypted traffic allow inspection of their contents under proper | > | authority (CALEA essentially).... | > Why not just require that the senders of malign packets set the Evil Bit | > in their IP headers? | > | > How can you possibly require that encrypted traffic *generated by the | > attackers* will allow itself to be inspected? | | You misunderstand me. We can for the most part easily identify | encrypted data, either it is using a standard like SSL or it is | non-standard but can be identified by data payload characteristics | (i.e. random bits). If it is a standard (or even a defacto standard | like Skype) we can require access under proper authority. If it is | not (or access under authority is refused), then just simply block or | drop the packets, there's no need to inspect them. Just because it *looks* like SSL doesn't mean that the key it leaks to you is actually valid. And if it *is* actually valid, it doesn't mean that there isn't a second layer of encryption inside the SSL session.
Generally any standard encrypted protocols will probably eventually have to support some sort of CALEA capability. For example, using a Verisign ICA certificate to do MITM of SSL, or possibly requiring Ebay to provide some sort of legal access to Skype private keys. If there is a 2nd layer of encryption then this would require initial key exchanges that may be vulnerable to interception or after-the-fact analysis of the decrypted SSL payloads.
Go back to my example: How will you distinguish between random bits and a compressed video stream? Do you assume that every codec in the world will be registered? How about a big scientific dataset of floating point values? Or some huge, validly formatted, spreadsheet of such values?
Well, in order to be useful, codecs need to be well known. If unknown then they probably follow well known algorithms and thus probably be ameniable to dogged digital forensics.
And that doesn't even consider obvious countermeasures. What happens if you decrypt and see a bunch of ASCII values that follow the first and second order statistics of English text? Sure, encoding my encrypted data like that costs me some overhead - but given the speed of today's networks, who cares?
Sure, but then interoperability goes out the window, and I'm pretty sure that most thieves and attackers are not going to rebuild complex protocol stacks and textual parsers from scratch. This is what software reuse is all about. In the case of botnet control lines then this may be more likely but it seems to me that once you identify the suspicious packet flows (which you are of course looking for on the infected machine), that dedicated forensics analysis can be done successfully. These packets would probably have some sort of anomolous signature compared to more normal packets of the same nature. Also, don't forget, at the very least L4 signature information will never be encrypted, otherwise it would be unroutable. And remember even if you can decrypt the botnet control lines (which still must do key distribution/exchanges over the same comm links as the victim computers so it should be possible to intecept them) you can certainly block them with something like a Cisco guard.
This train left the station a *long* time ago.
So it's not so clear that the train has even left the station. - Alex -- Alex Alten [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]