Traffic Analysis in the New York Times

[Perry E. Metzger]

Sunday's New York Times "Week in Review" section had an interesting
article on traffic analysis, although the term doesn't appear once in
the entire article.

A large corpus of Enron internal electronic mail was made available
some time ago, and apparently a number of groups have been using it to
refine statistical traffic analysis techniques.

The original article has some nice diagrams, but unfortunately,
because of the NY Times' policies, the article won't be online in a
few days.

Perry

--
http://www.nytimes.com/2005/05/22/weekinreview/22kola.html

Enron Offers an Unlikely Boost to E-Mail Surveillance


By GINA KOLATA
Published: May 22, 2005

AS an object of modern surveillance, e-mail is both reassuring and
troubling. It is a potential treasure trove for investigators
monitoring suspected terrorists and other criminals, but it also
creates the potential for abuse, by giving businesses and government
agencies an efficient means of monitoring the attitudes and activities
of employees and citizens.


Now the science of e-mail tracking and analysis has been given a
unlikely boost by a bitter chapter in the history of corporate
malfeasance - the Enron scandal.

In 2003, the Federal Energy Regulatory Commission posted the company's
e-mail on its Web site, about 1.5 million messages. After duplicates
were weeded out, a half-million e-mails were left from about 150
accounts, including those of the company's top executives. Most were
sent from 1999 to 2001, a period when Enron executives were
manipulating financial data, making false public statements, engaging
in insider trading, and the company was coming under scrutiny by
regulators.

Because of privacy concerns, large e-mail collections had not
previously been made publicly available, so this marked the first time
scientists had a sizable e-mail network to experiment with.

"While it's sad for the people at Enron that this happened, it's a
gold mine for researchers," said Dr. David Skillicorn, a computer
scientist at Queen's University in Canada.

Scientists had long theorized that tracking the e-mailing and word
usage patterns within a group over time - without ever actually
reading a single e-mail - could reveal a lot about what that group was
up to. The Enron material gave Mr. Skillicorn's group and a handful of
others a chance to test that theory, by seeing, first of all, if they
could spot sudden changes.

For example, would they be able to find the moment when someone's
memos, which were routinely read by a long list of people who never
responded, suddenly began generating private responses from some
recipients? Could they spot when a new person entered a communications
chain, or if old ones were suddenly shut out, and correlate it with
something significant?

There may be commercial uses for the same techniques. For example,
they may enable advertisers to do word searches on individual e-mail
accounts and direct pitches based on word frequency.

"Will you let your e-mail be mined so some car dealer can send
information to you on car deals because you are talking to your
friends about cars?" asks Dr. Michael Berry, a computer scientist at
the University of Tennessee who has been analyzing the data.

Working with the Enron e-mail messages, about a half-dozen research
groups can report that after just a few months of study they have
already learned that they can glean telling information and are
refining their ability to sort and analyze it.

Dr. Kathleen Carley, a professor of computer science at Carnegie
Mellon University, has been trying to figure out who were the
important people at Enron by the patterns of who e-mailed whom, and
when and whether these people began changing their e-mail
communications when the company was being investigated.

Companies have organizational charts, but they reveal little about how
things really work, Dr. Carley said. Companies actually operate
through informal networks, which can be revealed by analyzing "who
spends time talking to whom, who are the power brokers, who are the
hidden individuals who have to know what's going on," she said.

With the Enron data, Dr. Carley continued, "what you see is that prior
to the investigation there is this surge in activity among the people
at the top of the corporate ladder." But she adds, "as soon as the
investigation starts, they stop communicating with each other and
start communicating with lawyers." It showed, she says, "that they
were becoming very nervous."

The analyses also found someone so junior she did not show up on
organization charts but who, whichever way the e-mail data was mined,
"shows up as a person of interest," Dr. Skillicorn said, in the
language of intelligence analysts. In the investigation of a terror
network, pinpointing such a person could be of enormous significance.

Dr. Berry said the e-mail traffic patterns tracked major events, like
the manipulation of California energy prices.

Re: how email encryption should work (and how to get it used...)

[James A. Donald]

--
On 30 Mar 2005 at 13:00, Amir Herzberg wrote:
> A missing element is motivation for getting something
> like this deployed... I think spam could offer such
> motivation; and, I strongly believe that a
> cryptographic protocol to penalize spammers could be 
> one of the most important tools against spam.

The cure for spam is not a provable link to a true name,
but a provable link to a domain name.

The problem with adoption is that this is only
beneficial against spam if widely used.  We face the
usual critical mass problem.

The proposal on my blog (blog.jim.com) focusses on
encryption at the individual level - one key per email
address, not one key per domain name. which would solve
the spam problem, but is less immediately helpful than
one key per domain name. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 Fl8/gx81XkbuiLaqs0tMz+/ctcqWpf8QrHNii7fo
 41mnxh9Ph2K70irDlta/Y+pRlE0zVmBG5xdTi+LFm


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Plan to Let F.B.I. Track Mail in Terrorism Inquiries

[R.A. Hettinga]

The New York Times
May 21, 2005

Plan to Let F.B.I. Track Mail in Terrorism Inquiries

 By ERIC LICHTBLAU


WASHINGTON, May 20 - The F.B.I. would gain broad authority to track the
mail of people in terror investigations under a Bush administration
proposal, officials said Friday, but the Postal Service is already raising
privacy concerns about the plan.

The proposal, to be considered next week in a closed-door meeting of the
Senate Intelligence Committee, would allow the bureau to direct postal
inspectors to turn over the names, addresses and all other material
appearing on the outside of letters sent to or from people connected to
foreign intelligence investigations.

The plan would effectively eliminate the postal inspectors' discretion in
deciding when so-called mail covers are needed and give sole authority to
the Federal Bureau of Investigation, if it determines that the material is
"relevant to an authorized investigation to obtain foreign intelligence,"
according to a draft of the bill.

The proposal would not allow the bureau to open mail or review its content.
Such a move would require a search warrant, officials said.

The Intelligence Committee has not publicly released the proposal, but a
draft was obtained by The New York Times.

The provision is part of a broader package that also strengthens the
bureau's power to demand business records in intelligence investigations
without approval by a judge or grand jury.

The proposals reflect efforts by the administration and Senate Republicans
to bolster and, in some ways, broaden the power of the bureau to fight
terrorism, even as critics are seeking to scale back its authority under
the law known as the USA Patriot Act.

A debate over the government's terrorism powers is to begin in earnest at a
session of the Intelligence Committee on Thursday, in what is shaping up as
a heated battle over the balance between fighting terrorism and protecting
civil rights in the post-Sept. 11 era.

The F.B.I. has conducted mail covers for decades in criminal and national
security investigations. But the prospect of expanding its authority to
monitor mailings alarmed some privacy and civil rights advocates and caused
concerns among postal officials, as well. They said the proposal caught
them off guard.

"This is a major step," the chief privacy officer for the Postal Service,
Zoe Strickland, said. "From a privacy perspective, you want to make sure
that the right balance is struck between protecting people's mail and
aiding law enforcement, and this legislation could impact that balance
negatively."

The new proposal "removes discretion from the Postal Inspection Service as
to how the mail covers are implemented," Ms. Strickland said in an
interview. "I worry quite a bit about the balance being struck here, and
we're quite mystified as to how this got put in the legislation."

Officials on the Intelligence Committee said the legislation was intended
to make the F.B.I. the sole arbiter of when a mail cover should be
conducted, after complaints that undue interference from postal inspectors
had slowed operations.

"The F.B.I. would be able to control its own investigations of terrorists
and spies, and the postal service would have to comply with those
requests," said an aide to the Intelligence Committee who is involved in
the proposal but insisted on anonymity because the proposal remains
confidential.

"The postmaster general shouldn't be able to substitute his judgment for
that of the director of the F.B.I. on national security matters," the aide
said.

The proposal would generally prevent the post office from disclosing a mail
cover. It would also require the Justice Department to report to Congress
twice a year on the number of times the power had been used.

Civil rights advocates said they thought that the proposal went too far.

"Prison wardens may be able to monitor their prisoners' mail," said Lisa
Graves, senior counsel for the American Civil Liberties Union, "but
ordinary Americans shouldn't be treated as prisoners in their own country."

Marcia Hofmann, a lawyer for the Electronic Privacy Information Center, a
public interest group here, said the proposal "certainly opens the door to
abuse in our view."

"The Postal Service would be losing its ability to act as a check on the
F.B.I.'s investigative powers," Ms. Hofmann said.

Postal officials refused to provide a tally of mail covers, saying the
information was confidential. They said the Postal Service had not formally
rejected any requests from the bureau in recent years.

A tally in 2000 said the Postal Service conducted 14,000 mail covers that
year for a variety of law enforcement agencies, a sharp increase over the
previous year.

The program has led to sporadic reports of abuse. In the mid-1970's the
Church Committee, a Senate panel that documented C.I.A. abuses, faul

Re: What happened with the session fixation bug?

[James A. Donald]

--
James A. Donald:
> > PKI was designed to defeat man in the middle attacks 
> > based on network sniffing, or DNS hijacking, which 
> > turned out to be less of a threat than expected.
> >
> > However, the session fixation bugs 
> > http://www.acros.si/papers/session_fixation.pdf make 
> > https and PKI  worthless against such man in the 
> > middle attacks.  Have these bugs been addressed?

On 20 May 2005 at 23:21, Ben Laurie wrote:
> Do they exist? Certainly any session ID I've ever had 
> a hand in has two properties that strongly resist 
> session fixation:
>
> a) If a session ID arrives, it should already exist in 
> the database.
>
> b) Session IDs include HMACs.

The way to beat session fixation is to issue a 
privileged and impossible to predict session ID in 
response to a correct login.

If, however, you grant privileges to a session ID on the 
basis of a successful login, which is in fact the usual 
practice, you are hosed. The normal programming model 
creates a session ID, then sets variables and flags 
associated with that session ID in response to forms 
submitted by the user.  To prevent session fixation, you 
must create the session ID with unchangeable privileges 
from the moment of creation.   Perhaps you do this, but 
very few web sites do. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 en30AWb8dk9T67RFzUse67CG7ZHHoOHC5OR/mndW
 4T4xroZR7GeKinK0sMRNQ+4Pdj6ApUEu4FCGDghE5



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

DTV Content Protection (fwd from [EMAIL PROTECTED])

[David Wagner]

Anonymous  wrote:
>DTV Content Protection
>
>[...] Similar concepts are presented in
>http://apache.dataloss.nl/~fred/www.nunce.org/hdcp/hdcp111901.htm by
>Scott Crosby, Ian Goldberg, Robert Johnson, Dawn Song and David Wagner.
>This paper assumes (unlike Irwin) that attackers have access to the
>private keys of chosen devices.  This is a questionable assumption [...]

The final version of that paper is at
http://www.cs.berkeley.edu/~daw/papers/hdcp-drm01.ps
Quoting from the paper's conclusion section:

  To recover the center's master secret, an attacker needs 40 key pairs,
  and we point out a variety of ways to get them.  An attacker can reverse
  engineer 40 different HDCP video software utilities, he can break open
  40 devices and extract the keys via reverse engineering, or he can
  simply license the keys from the trusted center.  According to the
  HDCP License Agreement, device manufacturers can buy 1 key pairs
  for $16000.  Given these 40 spanning keys, the master secret can be
  recovered in seconds.  So in essence, the trusted authority sells a
  large portion of its master secret to every HDCP licensee.

The $16,000 figure is taken from page 21 of
http://www.digital-cp.com/data/hdcp_license_agreement.pdf
Of course, you have to sign an NDA, too, but I'm not sure whether
that would deter a serious bad guy.

So, in effect, the trusted center has agreed to sell its master secret
for $16,000 and a promise.


Thank you for your post.  It was chock-full of interesting information --
particularly the bits about DTCP, which I had never seen before.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Microsoft info-cards to use blind signatures?

[David Wagner]

>
>The Identity Corner
>Stephan Brands
>
>I am genuinely excited about this
>development, if it can be taken as an indication that Microsoft is getting
>serious about "privacy by design" for identity management. That is a big
>"if," however: indeed, the same Microsoft researcher who came up with the
>patent (hello Dan!) was also responsible for Microsoft e-cash patent no.
>5,768,385 that was granted in 1998 but was never pursued.

What a strange criticism of Microsoft!  Here is something to know about
patents: many companies file patents all the time.  That doesn't mean
they are committing to build a product around every patent they file.
The fact that Microsoft hasn't pursued patent 5,768,385 tells you
essentially nothing about what they are going to do with this patent.

I wouldn't take patent filings as an indicator of intent or of future
business strategy.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]