Re: Is cryptography where security took the wrong branch?

2003-09-04 Thread Ed Gerck

Arguments such as we don't want to reduce the fraud level because
it would cost more to reduce the fraud than the fraud costs are just a
marketing way to say that a fraud has become a sale. Because fraud
is an hemorrhage that adds up, while efforts to fix it -- if done correctly
-- are mostly an up front cost that is incurred only once.  So, to accept
fraud debits is to accept that there is also a credit that continuously
compensates the debit. Which credit ultimately flows from the customer
-- just like in car theft.

Some 10 years ago I was officially discussing a national
security system to hep prevent car theft. A lawyer representing
a large car manufacturer told me that a car stolen is a car sold
-- and that's why they did not have much incentive to reduce
car theft. Having the car stolen was an acceptable risk for
the consumer and a sure revenue for the manufacturer. In fact, a
car stolen will need replacement that will be provided by insurance
or by the customer working again to buy another car.  While the
stolen car continues to generate revenue for the manufacturer in
service and parts.

The acceptable risk concept is an euphemism for that business
model that shifts the burden of fraud to the customer, and eventually
penalizes us all with its costs.

Today, IT security hears the same argument over and over again.
For example, the dirty little secret of the credit card industry is that
they are very happy with +10% of credit card fraud over the Internet.
In fact, if they would reduce fraud to zero today, their revenue
would decrease as well as their profits.

There is really no incentive to reduce fraud. On the contrary, keeping
the status quo is just fine.

This is so mostly because of a slanted use of insurance. Up to a certain
level,  which is well within the operational boundaries, a fraudulent
transaction does not go unpaid through VISA,  American Express or
Mastercard servers.  The transaction is fully paid, with its insurance cost
paid by the merchant and, ultimately, by the customer.

Thus, the credit card industry has successfully turned fraud into
a sale.  This is the same attitude reported to me by that car manufacturer
representative who said: A car stolen is a car sold.

The important lesson here is that whenever we see continued fraud, we must
be certain: the defrauded is profiting from it.  Because no company will accept
a continued  loss ithout doing anything to reduce it.

What is to blame? Not only the shortsighted ethics behind this attitude but also
that security school of thought which is based on risk, surveillance and
insurance as security tools. There is no consideration of what trust is or
means, no consideration whether it is ethically justifiable.  A fraud is a sale is
the only outcome possible from using such methods.

The solution is to consider the concept of trust(*) and provide means to
induce trust among the dialogue parties, so that the protocol can be
not only correct but also effective.  The problem I see with the protocols
such as 3D Secure (for example) is that it does not allow trust to be
represented -- even though it allows authorization to be represented (**).


Ed Gerck

(*) BTW, I often see comments that it is difficult to use the concept of trust.
Indeed, and unless the concept of trust in communication systems is well-
defined, it really does not make sense to apply it. The definition that I use
is that  trust is that which is essential to a communication  channel but
cannot be transferred through that same channel. This definition allows one
to use Shannon's communication theory formalism and define trust without any
reference to emotions, feelings or other hard to define concepts.

(**) Trust  is often used as a synonym for authorization (see InterTrust usage,
for example). This may work where a trusted user is a user authorized by
management  to use some resources. But it does not work across trust
boundaries. Trust is more than authorization.

Ian Grigg wrote:

 This is mostly prevalent on the
 Internet, where there is a sense of self-taught, non-
 commercial application of cryptography.  My time in (or
 close to) a telco taught me the difference, as there,
 they have an engineering focus on cryptography, and really
 understand what it means to calculate the cost of the

 For them, leaving a weakness was just another risk
 calculation, whereas so much stuff that happens on the
 net starts from we must protect against everything
 and then proceeds to design the set of everything
 for ones convenience.

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

GSM : listen in to a call while it is still at the ringing stage ...

2003-09-04 Thread Barry Wels

GSM Association downplays mobile security concerns

von John Walko
September 3, 2003 (4:13 p.m. GMT)
LONDON - The GSM Association is playing down concerns raised by a team
of Israeli scientists about the security of GSM mobile calls. The
researchers, from the Technion Institute of Technology in Haifa,
revealed they had discovered a basic flaw in the encryption system of
the GSM (Global System for Mobile)specification, allowing them to
crack its encoding system.

The GSM Association, which represents vendors who sell the world's
largest mobile system, confirmed the security hole but said it would
be expensive and complicated to exploit.
Eli Biham, a professor at the Technion Institute, said he was shocked
when doctoral student Elad Barkan told him he had found a fundamental
error in the GSM code, according to a Reuters report on Wednesday
(Sept. 3). The results of the research were presented at a recent
international conference on cryptology.

We can listen in to a call while it is still at the ringing stage,
and within a fraction of a second know everything about the user,
Biham told the news agency. Then we can listen in to the call.

Using a special device it's possible to steal calls and impersonate
callers in the middle of a call as it's happening, he added. GSM code
writers made a mistake in giving high priority to call quality,
correcting for noise and interference and only then encrypting, Biham

The GSM Association said the security holes in the GSM system can be
traced to its development in the late 1980s when computing power was
still limited. It said the particular gap could only be exploited with
complex and expensive technology and that it would take a long time to
target individual callers.

This [technique] goes further than previous academic papers, [but] it
is nothing new or surprising to the GSM community. The GSM Association
believes that the practical implications of the paper are limited,
the group said in a statement.

The association said an upgrade had been made available in July 2002
to patch the vulnerability in the A5/2 encryption algorithm.

It said any attack would require the attacker to transmit distinctive
data over the air to masquerade as a GSM base station. An attacker
would also have to physically stand between the caller and the base
station to intercept the call.

The researchers claimed they also managed to overcome the new
encryption system put in place as a response to previous attacks.

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Entanglement goes macroscopic

2003-09-04 Thread R. A. Hettinga


Entanglement goes macroscopic 
3 September 2003 

Quantum entanglement is a phenomenon usually associated with the microscopic world. 
Now, however, physicists from the Universities of Chicago and Wisconsin in the US and 
University College London have seen its effects in the bulk properties of a magnetic 
material for the first time. The researchers believe that their work has implications 
both for understanding quantum magnetism and in building quantum computers - where 
entanglement is the key to the increased power of such devices (S Ghosh et al. 2003 
2003 Nature 425 48). 

Entanglement is a feature of quantum mechanics that allows particles with two distinct 
quantum states to share a much closer relationship than classical physics allows. If 
two particles are entangled, then we can know the state of one particle by measuring 
the state of the other. For example, if one particle has a spin 'up' then the other 
automatically has a spin 'down'. Entanglement is crucial for quantum computing and 
teleportation but its effects are not generally seen beyond the scale of subatomic 

Figure 1 

Thomas Rosenbaum at the University of Chicago and colleagues performed their 
experiment on a single crystal of a simple magnetic salt that contains lithium, 
holmium, yttrium and fluorine (figure 1). The holmium atoms in this salt all behave 
like tiny magnets and, in the absence of a magnetic field, their magnetic moments 
point in random directions. When a field is applied, however, the moments align up 
with the direction of the field (figure 2). 

Figure 2 

The researchers measured the ease with which the magnetic moments aligned with the 
field at different temperatures. They then compared this 'susceptibility' to the 
material's ability to absorb heat and found that the two properties were very 

The susceptibility increases smoothly as the sample cooled while the heat absorption 
varies in a more irregular way. This is in contrast to ordinary materials and, 
according to the researchers, can only be explained if there is quantum mechanical 
mixing - or entanglement - of the different magnetic states in the system. This is 
because entanglement effects contribute much more strongly to the susceptibility than 
to the heat absorption. 

To confirm their findings the researchers combined their experimental results with 
computer simulations and theory. The salt's susceptibility was found to match 
theoretical values that had taken quantum entanglement into account. 

The researchers say that their work shows that entanglement can occur in a disordered 
solid that is far from perfect. We see these dense, solid state magnets as promising 
systems for both fundamental quantum mechanics and potential quantum computing 
applications, Rosenbaum told PhysicsWeb . The challenge remains to manipulate the 
entanglement to perform actual quantum logic operations. 

The group now plans to investigate whether it can see similar effects at higher 
temperatures because it obtained its data at temperatures near absolute zero. 

R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]