serious threat models

[Steven M. Bellovin]

I hate to play clipping service, but this story is too important not to 
mention.  Many top Greek officials, including the Prime Minister, and
the U.S. embassy had their mobile phones tapped.  What makes this 
interesting is how it was done: software was installed on the switch 
that diverted calls to a prepaid phone.  Think about who could manage 
that.

http://www.guardian.co.uk/mobile/article/0,,1701298,00.html
http://www.globetechnology.com/servlet/story/RTGAM.20060202.wcelltap0202/BNStory/International/


--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CD shredders, was Re: thoughts on one time pads

[James Deane]

I have an Executive Machines EPS-1501X cross-cut
shredder (15 sheet, I think) which also shreds CDs. 
And it really shreds them, into about 1/4" x 1"
strips.  It's no louder than any home/office other
shredder I've used, though it is louder when shredding
CDs.

Jim

--- "Travis H." <[EMAIL PROTECTED]> wrote:

> On 1/28/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > In our office, we have a shredder that happily
> > takes CDs and is designed to do so.  It is noisy
> > and cost >$500.
> 
> Here's one for $40, although it doesn't appear to
> "shred" them so much
> as make them pitted:
> 
> http://www.thinkgeek.com/gadgets/security/6d7f/
> --
> "The generation of random numbers is too important
> to be left to chance."
>   -- Robert Coveyou -><-
> http://www.lightconsulting.com/~travis/
> GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9
> 204A 94C2 641B
> 
>
-
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> [EMAIL PROTECTED]
> 


-- --- - --- --- 
James K. Deane 
Physicist and Geospatial Analyst
[EMAIL PROTECTED]
-- --- -  -- 

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Unforgeable dialog.

[Trei, Peter]

Piers Bowness wrote:

> This is concept is surprisingly complex. Once the attacker sees the
"secure" dialog, > what prevents them from using the same techniques
and/or code to create a visually >  > identical spoof? 

(Hi Piers!)

I actually dealt with this in a former job, where I wrote a proxy
for Xwindows which did similar decoration for trusted and untrusted
X clients.

The trick is to invert the indicators - your rendering engine (whether
an Xwindows server, browser, or a windowing OS) has final say over 
the outermost frame of all windows.

You mark the *untrusted* ones in the outer frame - a malicous client can
do whatever it wants inside its windows, but it can't overwrite and hide
the untrusted indicators in the outer frame. (We put a fat black border
around them).

Of course, if you run on an OS where any app can modify any binary,
you're SOL.

Peter Trei

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Unforgeable dialog.

[James A. Donald]

--
Bowness, Piers wrote:
> Once the attacker sees the "secure" dialog, what prevents them from
> using the same techniques and/or code to create a visually identical
> spoof? There have been several OS-level designs to create
> hardware-supported secure dialogs. Needless to say, these schemes
> became exceedingly complex and had a variety of implementation
> issues (i.e. special graphics hardware, drivers, TCMs, etc.)
>
> I don't see your proposals as providing 'secure' data viewing or
> data entry solutions. IMHO, the best bet is currently provided by
> layered security software where each component monitors and reports
> on the others. Even this approach is temporary at best as we're now
> seeing with malware that attacks by first disabling the currently
> available protection layers (e.g., anti-virus, firewalls).

My computer does not get malware.  It regularly gets phishing and
legitimate emails that are very difficult to tell apart.

The techniques I discuss would make them very easy to tell apart.

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 1JOeu/66DKl9KMzOvnF83U6mD6SUSbLgXtgqAEz1
 4swvP0Ni9aalk9b1QtRcmLZWW2OeWw0Z77uFyH3Pj

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

US plans for "Information Operations"

[Steven M. Bellovin]

http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB177/info_ops_roadmap.pdf

Note that there's a plentiful supply of black pixels included...

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CD shredders, was Re: thoughts on one time pads

[Dave Korn]

Travis H. wrote:
> On 1/28/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>> In our office, we have a shredder that happily
>> takes CDs and is designed to do so.  It is noisy
>> and cost >$500.
>
> Here's one for $40, although it doesn't appear to "shred" them so much
> as make them pitted:
>
> http://www.thinkgeek.com/gadgets/security/6d7f/

  The review doesn't exactly inspire confidence.  They say the disk is 
"pitted"?  Isn't that just another way of saying that the machine does only 
minor surface damage to the protective plastic coating, and doesn't harm the 
fine metallic layer in the center of the disc where the actual information 
is?  And in that case, shouldn't you be able to recover the data with one of 
those cheap CD-polish-and-repair kits?

  I can't the point of paying for a machine that damages the disk _less_ 
than you could do by snapping it in half with your bare hands.  That seems 
to me to be a very major false economy: a shredder that doesn't shred is 
just /not/ an improvement on one that does, no matter *how* much cheaper it 
is.


cheers,
  DaveK
-- 
Can't think of a witty .sigline today 




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Face and fingerprints swiped in Dutch biometric passport crack (anothercard skim vulnerability)

[Adam Shostack]

On Wed, Feb 01, 2006 at 02:03:10PM -0500, [EMAIL PROTECTED] wrote:
| Anne & Lynn Wheeler pointed out:
| 
| > Face and fingerprints swiped in Dutch biometric passport crack
| > http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/
| 
| Didn't the EU adopt the same design that the US uses?

Passport standards are written by the International Air Travel
Association (IATA).

| Am I right to presume that the passport RFID chip used by the Dutch is the
| same -- or functions the same -- as the one used in the new US digital
| passports?
| 
| >From what I've read, it seems that the sequential numbering scheme the
| Dutch use on their passports may have made this attack easier -- but it
| was already feasible, and will be against the passports of other nations
| which did not so helpfully minimize their obfuscation technique with
| sequential numbering?
| 
| Anyone got more details than those offered in the Rinscure press release?
| Thoughts?

The papers explain the attack in fair detail.  I blogged every useful
linksI could find a few days ago at
http://www.emergentchaos.com/archives/002355.html, and there's more
links in comments.

Adam

| _Vin
| 
| 
| >
| > The crack is attributed to Delft smartcard security specialist Riscure,
| > which explains that an attack can be executed from around 10 metres and
| > the security broken, revealing date of birth, facial image and
| > fingerprint, in around two hours.
| >
| > .. snip ..
| 
| 
| -
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CD shredders, was Re: thoughts on one time pads

[Aram Perez]

On Feb 1, 2006, at 3:50 AM, Travis H. wrote:


On 1/28/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

In our office, we have a shredder that happily
takes CDs and is designed to do so.  It is noisy
and cost >$500.


Here's one for $40, although it doesn't appear to "shred" them so much
as make them pitted:

http://www.thinkgeek.com/gadgets/security/6d7f/


For a few more dollars, you can get one where the residue is powder:  
.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Face and fingerprints swiped in Dutch biometric passport crack (anothercard skim vulnerability)

[vin]

Anne & Lynn Wheeler pointed out:

> Face and fingerprints swiped in Dutch biometric passport crack
> http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/

Didn't the EU adopt the same design that the US uses?

Am I right to presume that the passport RFID chip used by the Dutch is the
same -- or functions the same -- as the one used in the new US digital
passports?

>From what I've read, it seems that the sequential numbering scheme the
Dutch use on their passports may have made this attack easier -- but it
was already feasible, and will be against the passports of other nations
which did not so helpfully minimize their obfuscation technique with
sequential numbering?

Anyone got more details than those offered in the Rinscure press release?
Thoughts?

_Vin


>
> The crack is attributed to Delft smartcard security specialist Riscure,
> which explains that an attack can be executed from around 10 metres and
> the security broken, revealing date of birth, facial image and
> fingerprint, in around two hours.
>
> .. snip ..


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CD shredders, was Re: thoughts on one time pads

[Jack Lloyd]

On Wed, Feb 01, 2006 at 05:50:24AM -0600, Travis H. wrote:
> On 1/28/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > In our office, we have a shredder that happily
> > takes CDs and is designed to do so.  It is noisy
> > and cost >$500.
> 
> Here's one for $40, although it doesn't appear to "shred" them so much
> as make them pitted:
> 
> http://www.thinkgeek.com/gadgets/security/6d7f/

If you packaged up your OTP material into blocks using an all-or-nothing
transform you could probably be certain that this would suffice, as long as the
blocks you used were large enough that it was at least statistically probable
that 'enough' bits of each block were destroyed or made unreadable. I believe
specifically you'd want to make sure that 2^n is an infeasible amount of work,
where n is the minimum number of bits that will be lost from any block by the
destruction process. This seems to generalize nicely, for example if an entire
CDs worth of material was processed as a single block under an all-or-nothing
transform, just snapping the disk in half might suffice to prevent any
(computationally feasible) data recovery [though it would be quite annoying in
practice, since you'd have to process the entire disk to read even a single bit
from it]

-Jack

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CD shredders, was Re: thoughts on one time pads

[Steven M. Bellovin]

>> In our office, we have a shredder that happily
>> takes CDs and is designed to do so.  It is noisy
>> and cost >$500.
>
>Here's one for $40, although it doesn't appear to "shred" them so much
>as make them pitted:
>
>http://www.thinkgeek.com/gadgets/security/6d7f/


Again -- what is the assurance level that they do a good enough job, 
and against what enemy?

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Unforgeable dialog.

[Bowness, Piers]

This is concept is surprisingly complex. Once the attacker sees the
"secure" dialog, what prevents them from using the same techniques
and/or code to create a visually identical spoof? There have been
several OS-level designs to create hardware-supported secure dialogs.
Needless to say, these schemes became exceedingly complex and had a
variety of implementation issues (i.e. special graphics hardware,
drivers, TCMs, etc.)

I don't see your proposals as providing 'secure' data viewing or data
entry solutions. IMHO, the best bet is currently provided by layered
security software where each component monitors and reports on the
others. Even this approach is temporary at best as we're now seeing with
malware that attacks by first disabling the currently available
protection layers (e.g., anti-virus, firewalls).

-Piers
--
Piers Bowness
"I know what I believe, and I believe what I believe is right." - G.W.
Bush



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]