Re: fyi: Fingerprinting CPUs
[EMAIL PROTECTED] said: This subject came up before. http://citeseer.ist.psu.edu/shankar04side.html ah, yes, in various forms. The refs in that paper lead to this, fwiw.. http://dynamo.ecn.purdue.edu/~kennell/genuinity/publications.html JeffH - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
fyi: talk: Reflective side-channel cryptanalysis
From: Eu-Jin Goh [EMAIL PROTECTED] Subject: FRI 15 JULY 1630 HRS : Reflective side-channel cryptanalysis To: [EMAIL PROTECTED] Date: Mon, 11 Jul 2005 08:46:19 -0700 - --- When - FRI 15th July 1630 hrs at Gates 4-B (opposite 490) Who - Eran Tromer, Weizmann Institute of Science What - Reflective side-channel cryptanalysis - --- Abstract: Side-channel cryptanalysis exploits physical information leakage from cryptographic devices to undermine their security. Most side-channel attacks require special measurement equipment and are thus limited in applicability. This talk will present two side channels that can be exploited in many settings without special equipment. First, CPU cache contention leaks information on memory access patterns in several ways. Second, acoustic emanations from electronic circuit components can be information-bearing and are often detectable by a plain microphone. Applications of these side channels to RSA and AES will be shown. In some common cases these attacks can be carried out by software within the target computer, allowing an unprivileged process to glean secret information from privileged ones without any explicit interaction. This raises new challenges for multiuser, partitioned and sandboxed environments. Joint work with Dag Arne Osvik and Adi Shamir. - --- Map to Gates Computer Science Building http://campus-map.stanford.edu/campus_map/results.jsp?bldg=gatesdept=addr= - -++**==--++**==--++**==--++**==--++**==--++**==--++**== -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
fyi: Deniable File System - Rubberhose
From: Owen Blacker [EMAIL PROTECTED] Subject: Deniable File System To: UK Crypto list [EMAIL PROTECTED] Date: Wed, 19 Apr 2006 11:43:18 +0100 (BST) Reply-To: [EMAIL PROTECTED] http://www.schneier.com/blog/archives/2006/04/deniable_file_s.html Some years ago I did some design work on something I called a Deniable File System. The basic idea was the fact that the existence of ciphertext can in itself be incriminating, regardless of whether or not anyone can decrypt it. I wanted to create a file system that was deniable: where encrypted files looked like random noise, and where it was impossible to prove either the existence or non-existence of encrypted files. This turns out to be a very hard problem for a whole lot of reasons, and I never pursued the project. But I just discovered a file system that seems to meet all of my design criteria -- Rubberhose http://iq.org/~proff/rubberhose.org/ : Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. The devil really is in the details with something like this, and I would hesitate to use this in places where it really matters without some extensive review. But I'm pleased to see that someone is working on this problem. Next request: A deniable file system that fits on a USB token, and leaves no trace on the machine it's plugged into. - -- Owen Blacker, London GB Say no to ID cards: www.no2id.net - -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety --Benjamin Franklin, 1759 -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: mailer certificate retrieval via LDAP?
You should consider also posting your query to ldap@umich.edu JeffH - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
fyi: On-card displays
From: Ian Brown [EMAIL PROTECTED] Subject: On-card displays To: [EMAIL PROTECTED] Date: Wed, 20 Sep 2006 07:29:13 +0100 Via Bruce Schneier's blog, flexible displays that can sit on smartcards. So we finally have an output mechanism that means you don't have to trust smartcard terminal displays: http://www.cr80news.com/library/2006/09/16/on-card-displays-become-reality-maki ng-cards-more-secure/ So, when do we see the combined chip/fingerprint reader/display on a payment card :) Doesn't of course address the requirement that we want evidence (such as a signed paper receipt) that can later be adjudicated by a court with higher evidential standards than a bank statement that their systems work perfectly... - -- Blogzilla -- http://dooom.blogspot.com/ -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Skype reverse-engineering details]
Yes, that's a very interesting slide deck. An alternative URL to the talk is in this blog posting.. Skype.exe innards revealed... http://identitymeme.org/archives/2006/04/06/skypeexe-innards-revealed/ =JeffH - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Public key encrypt-then-sign or sign-then-encrypt?
There's also this paper.. Donald T. Davis, Defective Sign Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML., Proc. Usenix Tech. Conf. 2001 (Boston, Mass., June 25-30, 2001), pp. 65-78 http://world.std.com/~dtd/#sign_encrypt ..which addresses some of the questions, in a certain context, that Travis raised. =JeffH - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
fyi: A5 Cracking Project
From: steve [EMAIL PROTECTED] Subject: A5 Cracking Project To: [EMAIL PROTECTED] Date: Sun, 6 May 2007 16:54:58 + Hi, we are inviting people to design and build a A5/1 cracking machine. We are security enthusiasts. We started in January 2007 and built a GSM Receiver for 700 USD (http://www.thc.org/gsm). The first alpha version of the GSM receiver is available from our webpage. We are now looking for the next challenge: Cracking A5/1 for real. We put up a public wiki at http://wiki.thc.org/cracking_a5 for anyone to edit and to add information. If you are interested please also subscribe to our mailinglist by sending an email to [EMAIL PROTECTED] Spread the word happy hacking, steve -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
fyi: Ross Anderson on UK ATM fraud
see also: Reliability of security systems http://www.cl.cam.ac.uk/~rja14/#Reliability =JeffH From: Ross Anderson [EMAIL PROTECTED] Subject: Newsnight tonight To: [EMAIL PROTECTED] Date: Wed, 20 Jun 2007 19:19:24 +0100 We helped make a piece on ATM fraud a few weeks ago for Newsnight, pointing out that law enforcement on bank fraud is now deeply corrupt. The Home Office did a deal with the banks so that fraud victims must report the crime to the bank, not the police; the City force's card squad is a tied cottage (as Nick put it) as the banks pays its bills; ditto the Met's e-crime squad; ditto the Financial services ombudsman. This is jolly nice for the banks when the fraud is done by a bent insider they don't want exposed, and jolly nasty for the poor customer. It's also jolly nice for terrorists such as the Tamil Tigers who use ATM fraud to raise money to finance murder and mayhem. It's really wonderful for government spin doctors as fraud figures have fallen to near zero. I'm now told that the programme will run tonight. Unfortunately a lot of its teeth have been drawn (below) Ross ** Date:Wed, 20 Jun 2007 19:09:10 BST To: [EMAIL PROTECTED] From:*** @bbc.co.uk Subject: newsnight Just to let you know. The piece will run tonight. Sadly we could only include a small part of your magnificent contribution, so the angle about the tamil tigers was dropped, against my wishes. The banks spokesman is coming on afterwards. The Home Office and ACPO both refused to appear. Regards *** -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
wrt Network Endpoint Assessment (was: Re: Free Rootkit with Every New Intel Machine)
of potential related interest is.. Network Endpoint Assessment (NEA): Overview and Requirements http://www.ietf.org/internet-drafts/draft-ietf-nea-requirements-02.txt note term remediate/remediation. relevant snippage below. see also.. http://www.ietf.org/html.charters/nea-charter.html =JeffH snip/ 1. Introduction Today, most network providers can leverage existing standards- based technologies to restrict access to their network based upon criteria such as the requesting system's user or host-based identity, source IP address or physical access point. However these approaches still leave the network resident systems vulnerable to malware-based attack, when an authorized but infected system is admitted and the malware is able to spread throughout the internal network. As a result, network operators need a proactive mechanism to assess the state of systems joining or present on the network to determine their status relative to network compliance policies. For example, if a system is determined to be out of compliance because it is lacking proper defensive mechanisms such as firewalls, anti-virus software or the absence of critical security patches, there needs to be a way to safely repair (remediate) the system so that it can be subsequently trusted to join and operate on the network. The NEA technology strives to provide a mechanism to report the configuration of an endpoint for evaluation against network compliance policy. Such a mechanism could offer a useful tool for the network operators' arsenal but should be recognized as not being a complete endpoint compliance solution in and of itself. NEA typically involves the use of special client software running on the requesting system that observes and reports on the configuration of the system to the network infrastructure. The infrastructure has corresponding validation software that is capable of comparing the system configuration information with network compliance policy and providing the result to appropriate authorization entities that make decisions about network and application access. Some systems may be incapable of running the NEA client software (e.g. printer) or be unwilling to share information about its configuration. In these cases the network infrastructure might decide to disallow or limit access to the network. In many cases, the admission decision is provisioned to the enforcement mechanisms on the network and/or system requesting access. The decision might allow for no access, limited or quarantined access (possibly to allow for remediation), or full access to the network. While the NEA Working Group recognizes there is a link between an assessment and the enforcement of the assessment decision, the mechanisms and protocols for enforcement are not in scope for this specification. Architectures, similar to NEA, have existed in the industry for some time and are present in shipping products, but do not offer interoperability. Some examples of such architectures include: Trusted Computing Group's Trusted Network Connect [TNC], Microsoft's Network Access Protection [NAP], Cisco's Network Admission Control [CNAC]). These technologies assess the software or hardware configuration of endpoint devices for the purposes of monitoring or enforcing compliance to an organization's policy. These architectures are not interoperable because they are implemented using primarily non- standards based technologies. The NEA working group is working on defining standard protocols so as to enable interoperability between devices from different vendors allowing network owners to deploy truly heterogeneous solutions. This document describes the requirements for NEA candidate technologies and protocols. snip/ 4. Problem Statement NEA technology may be used for several purposes. One use is to facilitate endpoint compliance checking against an organization's security policy when an endpoint connects to the network. Organizations often require endpoints to run an IT- specified OS configuration and have certain security applications enabled, e.g. anti-virus software, host intrusion detection/prevention systems, personal firewalls, and patch management software. An endpoint that is not compliant with IT policy may be vulnerable to a number of known threats that might exist on the network. Without NEA technology, ensuring compliance of endpoints to corporate policy is a time-consuming and difficult task. Not all endpoints are managed by a corporation's IT organization, e.g. lab assets and guest machines. Even for assets that are
Re: Free Rootkit with Every New Intel Machine
[EMAIL PROTECTED] said: With TPMs it's a bit different, they're absent from the hardware by default in case you're referring to the TCPA (trusted computing platform alliance) TPM.. my understanding from a person active in the NEA working group (IETF) is that TPMs these days come along for free because they're included on-die in at least one of said chips. I don't recall whether he said it was the network interface (NIC) and/or one of the others. So anyway, he said ...enterprise-class systems (eg Dell Latitudes) mostly all already contain, TPMs and various network gear manufacturers have boxes that speak to them already, and NEA is just trying to standardize the protocols... I've noticed my latitude systems do in fact have a bios option for enabling/disabling their TPMs. (mine are disabled) the way in that IT depts ensure that vic...er...employees don't turn 'em off (as I understand it) is they set the BIOS admin password on their assets (computers) before their give them out. =JeffH - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
fyi: SHA-2 patent status
of possible interest... Original Message Subject: [saag] SHA-2 patent status Date: Mon, 25 Jun 2007 09:55:46 -0700 From: Paul Hoffman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Of possible interest (but hopefully no concern) to this list: a new IPR statement from the NSA to the IETF. https://datatracker.ietf.org/public/ipr_detail_show.cgi?ipr_id=858 --Paul Hoffman, Director --VPN Consortium ___ saag mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/saag - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Free Rootkit with Every New Intel Machine (aka TPM, AMT)
i'd also scrawled: my understanding from a person active in the NEA working group [1] (IETF) is that TPMs these days come along for free because they're included on-die in at least one of said chips. [EMAIL PROTECTED] said: Check again. A few months ago I was chatting with someone who works for a large US computer hardware distributor and he located one single motherboard (an Intel one, based on an old, possibly discontinued chipset) in their entire inventory that contained a TPM (they also had all the ex-IBM/Lenovo laptops, and a handful of HP laptops, that were reported as having TPMs). He also said that there were a handful of others (e.g. a few Dell laptops, which they don't carry) with TPMs. my bad. I'd neglected to add on enterprise-class systems after come along for free (a qualification he did indeed express). WRT to Dell notebooks, that'd be the Latitude models. In fact, with a little searching, i found the Dell pages below [2] that indicate TPM is installed on Dell's D-series enterprise class notebooks. [EMAIL PROTECTED] said: One of the driving forces for TPM adoption going forward will be enterprise remote or distributed management. Of course. And that's the driving force behind the IETF NEA (Network Endpoint Assessment) working group AFAIK [1]. =JeffH -- [1] http://www.ietf.org/html.charters/nea-charter.html [2] http://www.dell.com/content/topics/global.aspx/solutions/en/latitude_highlight ?c=usl=ens=gen ... Trusted Platform Module (TPM 1.1) The TPM, or Trusted Platform Module ships standard on D410, D610 D810. TPM is a security hardware device on the system board that will hold computer generated keys for encryption. It is a hardware-based solution that can help avoid attacks by hackers looking to capture passwords and encryption keys to sensitive data. ... http://www.dell.com/content/learnmore/learnmore.aspx?c=uscs=RC968571l=ens=h ea~id=smartcard~line=notebooks~mode=popup~series=latit~tab=recommendations What is TPM? The TPM, or Trusted Platform Module, is a security hardware device on the system board that will hold computer generated keys for encryption. It is a hardware based solution that can help avoid attacks by hackers looking to capture passwords and encryption keys to sensitive data. When deploying advanced security features like TPM in your environment, the archive and recovery of keys protected by the TPM is critical to avoiding the risk of data loss or inaccessibility in the event of a system failure. The security features provided by the TPM are internally supported by the following cryptographic capabilities of each TPM: hashing, random number generation, asymmetric key generation, and asymmetric encryption/decryption. Each individual TPM on each individual computer system has a unique signature initialized during the silicon manufacturing process that further enhances its trust/security effectiveness. Each individual TPM must have an Owner before it is useful as a security device. TPM Applications TPM is useful for any customer that is interested in providing an addition layer of security to the computer system. The TPM, when bundled with an optional security software package, can provide overall system security, file protection capabilities and protect against email /privacy concerns. TPM helps provide security that can be stronger than that contained in the system BIOS, operating system, or any non-TPM application. Which Dell systems support TPM? The TPM 1.2 security hardware device comes standard on the following LatitudeTM notebook systems: Latitude D420, D620, D820, OptiPlexTM desktop systems: Optiplex 745, 740 and Dell PrecisionTM Mobile Workstations M65, M90. Dell recommends the use of Microsoft® Windows® XP Professional XP Professional operating system with TPM which includes advanced security, mobility and networking features. TPM is currently not supported by Dell on Red Hat® Linux® operating systems. Customers who deploy TPM should also purchase Wave Systems Embassy Trust Suite from Dell Software Peripherals to enable full TPM features including key archival and migration. --- end - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
fyi: UK National Information Assurance Strategy Launched
From: Peter Tomlinson [EMAIL PROTECTED] Subject: National IA Strategy To: [EMAIL PROTECTED] Date: Mon, 02 Jul 2007 16:00:16 +0100 From http://www.cabinetoffice.gov.uk/csia/ : News National Information Assurance Strategy launched http://www.cabinetoffice.gov.uk/csia/national_ia_strategy/index.asp On 27th June, a National Information Assurance Strategy was launched at the IA07 event in Brighton. The annual event is hosted by CESG and brings together key players in industry and government to work in partnership to address the UKs needs in safeguarding information and ICT. The document is available at: http://www.cabinetoffice.gov.uk/csia/national_ia_strategy/index.asp . I haven't read it yet, and so cannot comment, but in a related area I'm puzzled: having heard that Cabinet Office will be supporting Cabinet, I wonder what will happen to all the technical stuff such as Govt Gateway and even CSIA. Peter -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Enigma for sale on eBay
[EMAIL PROTECTED] said: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=270146164488 ebay now says (as of when this messge is sent): This Listing Is Unavailable This listing (270146164488) has been removed or is no longer available. Please make sure you entered the right item number. If the listing was removed by eBay, consider it canceled. Note: Listings that have ended more than 90 days ago will no longer appear on eBay. =JeffH - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
fyi: Storm Worm botnet numbers, via Microsoft
food for consideration. yes, #s are from MSFT as he notes, but are the only ones we have presently wrt actual Storm extent, yes? If not, pls post pointers... =JeffH -- Storm Worm botnet numbers, via Microsoft http://blogs.zdnet.com/security/?p=533 Posted by Ryan Naraine @ 7:40 am Categories: Patch Watch, Hackers, Microsoft, Browsers, Rootkits, Vulnerability research, Spam and Phishing, Spyware and Adware, Botnets, Exploit code, Viruses and Worms, Data theft, Pen testing, Passwords Tags: Microsoft Corp., Worm, Machine, MSRT, Productivity, Microsoft Windows, Cyberthreats, Spyware, Adware Malware, Viruses And Worms, Security, Operating Systems, Software, Ryan Naraine icn_balloon_154x48 +14 16 votes Worthwhile? If the statistics from Microsoft\u2019s MSRT (malicious software removal tool) are anything to go by, the Storm Worm botnet is not quite the world\u2019s most powerful supercomputer. The tool \u2014 which is updated and shipped once a month on Patch Tuesday \u2014 removed malware associated with Storm Worm from 274,372 machines in the first week after September 11. In all the tool scanned more about 2.6 million Windows machines. These numbers, released by Microsoft anti-virus guru Jimmy Kuo, puts the size of the botnet on the low end of speculation that Storm Worm has commandeered between 1 million and 10 million Windows machines around the world. [ SEE: Storm Worm botnet could be world\u2019s most powerful supercomputer ] The MSRT numbers, though helpful, shouldn\u2019t be relied on as gospel. For starters, the tool targets a very specific known malware (it only finds exactly what it\u2019s looking for) and attackers constantly tweak malware files to get around detection. In addition, it is only delivered to Windows machines that have automatic updates turned on, which means there are liely tons and tons of hijacked machines that never gets a copy of the MSRT. Still, Kuo claims that the September version of MSRT made a dent in the botnet. Another antimalware researcher who has been tracking these recent attacks has presented us with data that shows we knocked out approximately one-fifth of Storm\u2019s Denial of Service (DoS) capability on September 11th. Unfortunately, that data does not show a continued decrease since the first day. We know that immediately following the release of MSRT, the criminals behind the deployment of the Storm botnet immediately released a newer version to update their software. To compare, one day from the release of MSRT, we cleaned approximately 91,000 machines that had been infected with any of the number of Nuwar components. Thus, the 180,000+ additional machines that have been cleaned by MSRT since the first day are likely to be home user machines that were not notably incorporated into the daily operation of the Storm botnet. Machines that will be cleaned by MSRT in the subsequent days will be of similar nature. The September release of the MSRT probably cleaned up approximately one hundred thousand machines from the active Storm botnet. Such numbers might project that the strength of that botnet possibly stood at almost half a million machines with an additional few hundred thousand infected machines that the Storm botnet perhaps were not actively incorporating. Kuo also confirmed fears that the botnet will slowly regain its strength once those cleaned machines become reinfected because those machines are likely unpatched and not equipped with any security software. --- end - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]