Re: comments wanted on gbde

[Dan Kaminsky]

Re, GDBE--

Some initial thoughts:

I wouldn't be surprised if platters couldn't be analyzed for usage
levels / magnetic degradation (Peter?).  Even without a clean room, ATA
is pretty rich -- anyone remember the guy who graphically plotted the
spiral damage caused by a falled drive head w/ nothing but a massively
hacked ATA driver?  There's also likely to be useful information from
drive sectors duplicated by the drive firmware (there's extra space in
every drive; when particular sectors are judged buggy content from
them is migrated onto the spare space).

I saw nothing establishing the integrity of sectors during
*decryption* in 7.5.  Random / polluted sectors will decrypt, though
into unpredictable noise (which tends to do bad things to file system
code).  Previous versions of sectors will also decrypt successfully --
the cleaning lady can take lessons from Mallory, as it were.  It's
useful to immediately grant though that their threat model is much more
aligned towards drives that will never be hot again.

One wonders if there is a delivery service for Key-key's.

--Dan


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: No Encryption for E-Passports

[Thierry Moreau]

See the following comments submitted to the Department of State

- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1
Tel.: (514)385-5691
Fax:  (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED]
===
  Comments on the
  Department of State Public Notice 4993 (RIN 1400 AB93)
   about
Electronic Passport
 
   March 7, 2005
 
 
 
 by Thierry Moreau
 
 
  CONNOTECH Experts-conseil inc.
 9130 Place de Montgolfier
   Montral, Qc, Canada H2M 2A1
 
   Tel.: +1-514-385-5691
   Fax: +1-514-385-5900
 
E-mail: [EMAIL PROTECTED]
Internet: http://www.connotech.com


Introduction
We appreciate the opportunity to submit comments on the
electronic passport (e-passport) global project and proposed
regulation changes ([1]). Some of these comments have a
broader scope than the regulation change (this seems to be
invited by the Department of State by the public notice
discussion of e-passport encryption debate, i.e. [1] page
8306, center column, 2nd to 4th paragraphs). Our comments are
centered on the information security aspects of the e-
passport global project, notably the ICAO Public Key
Infrastructure (PKI) framework, i.e. [2].
The uniqueness of security requirements for the global
interoperability of e-passports has been recognized early in
the ICAO development process that brought the document [2] to
its current version. As a result, most of the traditional PKI
concepts has been omitted or simplified. We believe there are
merits in the scheme found in the document [2] for the e-
passport security, including the selection of un-encrypted e-
passport electronic chip data. The driving design criteria
has been operational hindsight rather than conservatism. We
are concerned that this hindsight is not always reflected in
the [1] public notice.
Our comments below are itemized, and they do not have
equal importance, significance, or relevance to the specific
regulatory change.
Unencrypted e-passports is a valid direction
We generally concur with the ICAO selection of
unencrypted e-passports. Encryption would mean a global key
management scheme to determine the circumstances in which an
e-passport would be unlocked by a reader. Such a key
management scheme would imply granting reading rights to some
organizations and denying such rights to others. Those
opposing the unencrypted e-passports would certainly be even
more suspicious of any workable key management scheme for
encrypted e-passports. We have yet to see any suggestion as a
key management scheme that might appear acceptable to a
security expert who claimed that unencrypted e-passport are
putting US citizens at risk. This explanation seems reflected
in the Department of State statement that in order to be
globally interoperable, encryption would require a higher
level of technology and more complicated technical
coordination with other nations. ([1] page 8306, center
column, 2nd paragraph) although we would have liked the
Department of State to speak for itself (e.g. Such technical
coordination includes notably the cryptographic key
management for electronic chip decryption keys.).
Doubtful representation of e-passport technology,
reader requirements and skimming threat
According to the document [2], Everyone who has the
appropriate equipment is able to read the chip contents of
the MRTD, but only the parties that are provided with the
appropriate public key certificates and certificate
revocation lists will be able to verify the authenticity and
integrity of the chip contents. (Document section 2.4.4) So
we find misleading the [1] public notice that eavesdropping
requires a reader furnished with the proper public key ([1]
page 8306, center column, 4th paragraph). In fact, reading of
electronic chips by international transportation operators
(e.g. airlines) is encouraged by the ICAO.
The e-passport proponents should not minimize the
significance of unauthorized e-passport reading threats.
Anti-skimming features are important to US travelers wishing
to protect their anonymity and privacy. The Department of
State should provide reliable information about their
effectiveness and their prudent use, since the momentary
disabling of anti-skimming mechanisms (e.g. the removal of a
metallic shield surrounding the electronic chip antenna)
materializes the e-passport bearer authorization to read the
e-passport.
Doubtful representation of e-passport technology,
global skimming countermeasures
We are puzzled by