Re: cellphones as room bugs

2006-12-04 Thread Steven M. Bellovin 
On Sun, 3 Dec 2006 20:26:07 -0500
Thor Lancelot Simon [EMAIL PROTECTED] wrote:

 On Sat, Dec 02, 2006 at 05:15:02PM -0500, John Ioannidis wrote:
  On Sat, Dec 02, 2006 at 10:21:57AM -0500, Perry E. Metzger wrote:
   
   Quoting:
   
  The FBI appears to have begun using a novel form of electronic
  surveillance in criminal investigations: remotely activating a
  mobile phone's microphone and using it to eavesdrop on nearby
  conversations.
  
  Not very novel; ISDN phones, all sorts of digital-PBX phones, and
  now VoIP phones, have this feature (in the sense that, since
  there is no physical on-hook switch (except for the phones in
  Sandia and other such places), it's the PBX that controls whether
  the mike goes on or not).
 
 It's been a while since I built ISDN equipment but I do not think this
 is correct: can you show me how, exactly, one uses Q.931 to instruct
 the other endpoint to go off-hook?
 
I don't recall if it's Q.931 per se, as much as the CO.  Or rather, I
know for certain that various government security agencies were quite
unhappy about ISDN phones with speakerphone capability being deployed
in sensitive sites.  The speaker button was not, as I understood it, a
hard button; it was a soft button that the switch responded to.


--Steve Bellovin, http://www.cs.columbia.edu/~smb

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: cellphones as room bugs

2006-12-04 Thread Alex Alten 


At 10:21 AM 12/2/2006 -0500, Perry E. Metzger wrote:


Quoting:

   The FBI appears to have begun using a novel form of electronic
   surveillance in criminal investigations: remotely activating a
   mobile phone's microphone and using it to eavesdrop on nearby
   conversations.

   The technique is called a roving bug, and was approved by top
   U.S. Department of Justice officials for use against members of a
   New York organized crime family who were wary of conventional
   surveillance techniques such as tailing a suspect or wiretapping
   him.

http://news.com.com/2100-1029_3-6140191.html


Cellphones maintain contact with cell towers, so they can be roughly
tracked on the ground too, even when you are not talking.  With GPS
being embedded this may become much more accurate.

As an amusing aside, for a while someone was accidently calling my
land line with their cell phone.  You could hear them driving around, with
the usual car noises, and sometimes the radio on too. Occasionally I
heard them in conversation with someone else. This went on for months.

- Alex


--

Alex Alten
[EMAIL PROTECTED]



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: cellphones as room bugs

2006-12-04 Thread Peter Gutmann 
Thor Lancelot Simon [EMAIL PROTECTED] writes:

It's been a while since I built ISDN equipment but I do not think this is
correct: can you show me how, exactly, one uses Q.931 to instruct the other
endpoint to go off-hook?

You make use of the undocumented remote management interface [0].

Peter.

[0] Buffer overflow bug in the packet header parsing code.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: cellphones as room bugs

2006-12-04 Thread Taral 

On 12/3/06, Thor Lancelot Simon [EMAIL PROTECTED] wrote:

It's been a while since I built ISDN equipment but I do not think this
is correct: can you show me how, exactly, one uses Q.931 to instruct the
other endpoint to go off-hook?


That's the same question I have. I don't remember seeing anything in
the GSM standard that would allow this either.

--
Taral [EMAIL PROTECTED]
You can't prove anything.
   -- Gödel's Incompetence Theorem

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: cellphones as room bugs

2006-12-04 Thread John Ioannidis 
On Sun, Dec 03, 2006 at 09:26:15PM -0600, Taral wrote:
 That's the same question I have. I don't remember seeing anything in
 the GSM standard that would allow this either.
 

I'll hazard a guess: mobile providers can send a special type of
message (not sure if it would be classed as an SMS) with various
settings for your phone.  They do that, for example, to set the GPRS
settings.  IN many phones, one of the possible settings is to
automatically answer the phone, without ringing (the feature is used
in some of the hands-free settings).  The user would probably notice
that the phone is in use, but there may be some other trick around
that.

/ji

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Can you keep a secret? This encrypted drive can...

2006-12-04 Thread Marcos el Ruptor 
Compared to AES-128, AES-256 is 140% of the rounds to encrypt 200% as much 
data. So when implemented in hardware, AES-256 is substantially faster.


Excuse me, AES-256 has the same block size as AES-128, that is 128 bits. 
It's in fact slower, not faster, and in hardware it also occupies a 
substantially larger area.


If you are talking about Rijndael with 256-bit blocks, that's not AES and 
its variant with 256-bit keys would still be slower and would also occupy a 
substantially larger area in hardware than its counterpart with 128-bit 
keys.


Ruptor 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Can you keep a secret? This encrypted drive can...

2006-12-04 Thread Alexander Klimov 
On Sun, 3 Dec 2006, David Johnston wrote:
  Moreover, AES-256 is 20-ish percent slower than AES-128.
 Compared to AES-128, AES-256 is 140% of the rounds to encrypt 200% as
 much data. So when implemented in hardware, AES-256 is substantially faster.

AES-256 means AES with 128-bit block and 256-bit key, so AES-256
encrypts the same amount of data as AES-128.

As of hardware implementation, one can use several engines in
parallel, although even a single one can be faster than needed,
for example, with 280 MHz there are 2e7 blocks per second, that is
320 Mbyte per second.

-- 
Regards,
ASK

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: [-SPAM-] Re: Can you keep a secret? This encrypted drive can...

2006-12-04 Thread Brian Gladman 
David Johnston wrote:
 Jon Callas wrote:


 Moreover, AES-256 is 20-ish percent slower than AES-128. 
 Compared to AES-128, AES-256 is 140% of the rounds to encrypt 200% as
 much data. So when implemented in hardware, AES-256 is substantially
 faster.

AES-256 does not encrypt any more data per round than AES-128.

My guess is that you are thinking about Rijndael with a 256 bit block
and a 256 bit key.

  Brian Gladman

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Can you keep a secret? This encrypted drive can...

2006-12-04 Thread David Johnston 

Leichter, Jerry wrote:

| Jon Callas wrote:
|  
|  
|  Moreover, AES-256 is 20-ish percent slower than AES-128. 
| Compared to AES-128, AES-256 is 140% of the rounds to encrypt 200% as much

| data.
AES-256 has a 256-bit key but exactly the same 128-bit block as AES-128
(and AES-192, for that matter).

|   So when implemented in hardware, AES-256 is substantially faster.
| 
| AES-256 - 18.26 bits per round

| AES-128 - 12.8 bits per round
| 
| I imagine that this would matter when the implementation is in a hard disk or

| disk interface.
It would, if it were true.
-- Jerry
  
I stand corrected.. The source of my error was reading the rijndael 
spec, not the nist spec.


DJ

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]