SSL MITM attack vs wiretap laws question
I have a question about the legality of doing a successful MITM attack against SSL (server-side authentication only). This is mainly a USA only question. Although Europe and Japan is of interest too. This is not a CALEA or ETSI type of situation. If the SSL connection is traversing an enterprise or a common carrier is it legal for that party to perform a MITM against it in order to examine the encrypted information? My reading of the US Federal wiretap laws seems to indicate that this is ok if one of the following conditions exists: 1. The enterprise/carrier posts a notice that all SSL connections are subject to inspection. 2. The enterprise/carrier notifies one or both parties of the SSL connection that inspection is taking place. 3. The enterprise/carrier examines the SSL to prevent DoS/DDoS/Worm/Phishing attacks or to do QoS (load balancing, bandwidth shaping, etc). I don't think wire fraud laws are involved, even though a properly signed yet fake X.509 PKI certificate is sent to the browser by the MITM enterprise/carrier pretending to be the destination site in order to extract the encryption keys used to encrypt the SSL connection. Any lawyers out there who would know how to interpret US federal law regarding this area? (European/Japan, or other rule-of-law type countries are of interest too.) Thanks, - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: phone encryption technology becoming popular in Italy
Hello, On 02/05/07 20:12, Dave Korn wrote: Interesting, but of course they're still a good way from 100% secure. It's really great that they issue the source, but unless they also issue the toolchain, and the source to the toolchain, so that anyone who wants can recompile and reflash their phone, it's less than secure. I know these devices. You are right. The source code you get cannot be used for full assurance, because you don't get everything required to build an image and replace the existent one with it. The source you get allows you to check and be convinced that the code has no software bugs that were not intended by the vendor. It does not aim to assure you against malicious attempts by the vendor to introduce back-doors into the product. So, you are secure, just not against everything... It's still more than you get with completely closed-source devices, let alone with ones that implement proprietary crypto... And, of course, the source code is probably published also because the marketing guys (probably) said that people skilled in the art will appreciate this feature when evaluating this product against others. Hagai. -- Hagai Bar-El - Information Security Analyst T/F: 972-8-9354152 Web: www.hbarel.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Was a mistake made in the design of AACS?
At 07:50 AM 5/4/2007, Nicolas Williams wrote: On Thu, May 03, 2007 at 10:25:34AM -0700, Steve Schear wrote: At 03:52 PM 5/2/2007, Ian G wrote: This seems to assume that when a crack is announced, all revenue stops. This would appear to be false. When cracks are announced in such systems, normally revenues aren't strongly effected. C.f. DVDs. Agreed. But there is an incremental effect. In the same way many people now copy DVDs they have rented many will gain access to HD content made Wait, are you saying that people copy rented DVDs onto DVD media? Or that they _extract_ the content? There's a big difference: there's no need to crack the DVD DRM system to do the former, but there is for the latter. I guess I wasn't clear. Unlike ripping and copying DVD's bit-for-bit, content ripped from H-DVDs and BluRay discs are first distributed as simply unencrypted copies. Watching this content means you will probably do so from your PC (e.g., using a curent version of Power DVD) as burning a bit-for-bit HD DVD/BluRay is either not available or economically practical. Later, HD videophiles re-encode the content using the same advanced coders (i.e., H./X/264 andVC1) so at least the feature movie can be stored on a dual layer DVD. Despite the smaller data size of the DVD (about 8.5 GB) vs. HD media (20+ GB) the quality of playback is impressive, good enough for all but the most discerning Home Theater buff. Well, there's an idea: use different physical media formats for entertainment and non-entertainment content (meaning, content created by MPAA members vs. not) and don't sell writable media nor devices capable of writing it for the former, not to the public, keeping very tight controls on the specs and supplies. Authoring DVDs are available for people wishing to master protected content. These, unlike the consumer variety, allows the CSS to be present. Special burners, never very popular with consumers, even video philes, are required. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Was a mistake made in the design of AACS?
Allen [EMAIL PROTECTED] writes: I know I'm in over my head on this so my apologies, but if the key is used in one machine in a product line - Sony DVD players say - then if they find the one machine that it came from and disable it, wouldn't figuring out the key for the next machine in the production run be relatively trivial as the algorithm and hardware implementation used by all machines of a give run be the same? Therefore, couldn't one buy several of them and use them one after another as they are discovered and disabled? Perhaps so, depending on the nature of the crack. It may require unsoldering chips from the machine motherboard or other rather difficult to perform operations that would not be possible for average users. Keep in mind that each machine costs several hundred dollars, and they will be turned into bricks once revoked. This raises the question of who is bankrolling this effort and what his motivations are. So, in order to prevent any of those machines from being used they'd have to disable a whole lot of machines owned by ordinary individuals, right? What are the downside risks for Sony in doing this? I imagine it is safe to say that this is not a step that AACSLA would take lightly. If they ever did this then I suppose the machine manufacturer would have to provide owners of the affected models with upgrades to newer machines. It's very hard to predict the future and it is not clear to me that we will get into a scenario where a very small number of sacrificial machines are the source of every HD movie being uploaded to the pirate nets, such that when these few machines are revoked, immediately another few machines are swapped in to replace them. It would require a relatively large degree of coordination among what I would imagine is a generally loose affiliation of attackers with diverse motivations. But as I said, my crystal ball is foggy. Hal Finney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Yet a deeper crack in the AACS
Article AACS cracks cannot be revoked, says hacker http://arstechnica.com/news.ars/post/20070415-aacs-cracks-cannot-be-revoked-says-hacker.html Excerpt: The latest attack vector bypasses the encryption performed by the Device Keys -- the same keys that were revoked by the WinDVD update -- and the so-called 'Host Private Key,' which as yet has not been found. This was accomplished by de-soldering the HD DVD drive's firmware chip, reading its contents, and then patching it. Once that was done, the firmware was soldered back onto the drive. This article was not too accurate, and further progress has been made. At this point it is possible to remotely patch the firmware of a particular kind of HD-DVD drive so that it will provide certain information without the usually required authentication. This makes it easy to retrieve the per-disk Volume ID, which must be combined with the widely-published Processing Key to generate the media keys that can decrypt content. If this Processing Key is invalidated on future releases, this hack will not be useful until new keys are discovered. It provides only part of the picture. The hack was a real accomplishment because firmware updates had to be authenticated with what was apparently something like an AES-based CBC-MAC. The hackers had to figure this out without much background in cryptography and working only with dumps of the firmware that used a somewhat obscure embedded CPU. They had to figure out what CPU was being used, find a disassembler for it, and examine assembly language dumps to deduce that crypto was involved, recognize AES, and see how to create their own checksums that would make their firmware updates succeed. Just goes to show the motivation and hard work that hackers bring to these efforts, largely for the love of the challenge. It's possible that the ability to modify firmware will lead to more successes for the hackers in the future, perhaps helping them to break into future versions of software players to extract their embedded keys. I peruse the doom9.org forums from time to time, where this work took place right out in the open, before the public eye. Definitely some smart people involved there. Hal Finney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
