Re: Obama's secure PDA
On Jan 29, 2009, at 11:17 PM, Ivan Krstić wrote: I'd find mobile e-mail just as useful if it went through a proxy that stripped out _everything_ that's not plaintext. I open attachments on my phone about once in a blue moon, and wouldn't miss the ability if it were gone. As a postscript, it appears this type of proxy is exactly what's been set up: To minimize the risk, the government technology gurus have made it impossible to forward e-mail messages from the president or to send him attachments, people informed about the precautions say. -- http://www.nytimes.com/2009/02/01/us/politics/01obama.html -- Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Obama's secure PDA
Multiple responses inline: On Jan 26, 2009, at 11:26 AM, Paul Hoffman wrote: I too would like to hear more information on this, particularly the crypto that is known to be used on the Edge. See sections 'Secure Speech Processing' and 'Interoperability' of http://www.gdc4s.com/documents/GD-Sectera_Edge-w.pdf . The standard suites are used, as one would expect. On Jan 26, 2009, at 4:56 PM, Jerry Leichter wrote: The FAQ, indirectly, answers the your previous question of why only Secret for email: Data-at-rest is encrypted using AES, which is only approved for Secret, not Top Secret, data. This isn't the case; AES is approved for Top Secret with 192- or 256- bit keys, per http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf. On Jan 26, 2009, at 9:26 PM, Steven M. Bellovin wrote: Quite simply, voice offers one service -- voice. Data offers many services, and hence many venues for data-driven attacks: email (which includes many MIME types) and probably clicking on URLs, web (which includes HMTL, gif, jpeg, perhaps png, and almost certainly Javascript), and perhaps data files including pdf, Word, Powerpoint, and Excel. Any one of those data formats is far more complex than even compressed voice; the union of them makes me surprised it can handle even Secret data... Note especially that HTML involves IFRAMEs and third-party images, which means inherent cross-domain issues. I've thought about this, but I don't buy it. I'm a heavy user of wireless e-mail, but I use it as nothing more than a SMTP-addressable SMS service without a length limit. In other words, people can send me messages from a computer and not just from a mobile handset (true in the other direction, too), and I can read and write more than 160 characters at a time. I'd find mobile e-mail just as useful if it went through a proxy that stripped out _everything_ that's not plaintext. I open attachments on my phone about once in a blue moon, and wouldn't miss the ability if it were gone. Cheers, -- Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
RE: Obama's secure PDA
Perry wrote: pgut...@cs.auckland.ac.nz (Peter Gutmann) writes: I wonder what a classified USB cable is. Perhaps it's an unclassified USB cable with the little three-prong USB logo blacked out by the censors. I would imagine it is a tempest shielded cable, and appropriately altered connectors. It would definitely be shielded, but I doubt it's TEMPEST qualified at that price point. I suspect it's just a USB cable with a keyed connector, to enforce red/black sep in this somewhat atypical environment (eg. section 5.4.6.1.1.2 of MIL-HDBK-232A) Ian. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Obama's secure PDA
Jerry Leichter wrote: I commented earlier that $3200 seemed surprisingly cheap. One of the articles on this claimed this was absurdly expensive - typical DoD gold plating. Well ... the real price of a standard Blackberry is a couple of hundred dollars, and put one in a room with a speaker phone and listen to the famous Blackberry buzz. Shielding these things, even to avoid obvious interference, is *not* easy. Getting it to Tempest specs must take some impressive engineering. For a non-mass-market device with that kind of engineering, $3200 seems pretty cheap. Quite a few TEMPEST approved devices are rather innocuous looking these days, the PDA a case in point. Having been present during the big TEMPEST adoption in the military (early 70's) and the introduction of FCC Part 15 (late 70's) I'd think that shielding requirements for compromising emanations are at least extremely closely related to EMI prevention. There's also Red/Black separation, electrical and physical isolation between circuitry carrying classified signals and those not. If I were to hazard a guess TEMPEST requirements are close to those found for VDE/CE approval today (a bit more stringent than FCC). I would expect that the reason for 'approved' cables has to do with insuring construction to an approved standard perhaps with some actual testing thrown in. The amount of shielding required in cabling is on par with the use of shielded twisted pairs. The additional cost of TEMPEST approved equipment primarily comes from design testing and certification. The engineering is otherwise on par with COTS best practices (today). I used to work on a non HY-11 CVSD secure voice link utilizing a KG-13/TSEC Key Generator, used in support of what we publicly know now as the National Reconnaissance Office. Got a late night call from the security officer complaining about picking up an AM radio station on the secure phone handset. The installation had a plan, nice Red/Black separation, ferrous conduits enclosing cabling, physical distance separations, power line filtering and separate power circuits, the whole nine yards. To make a long story short it was picking up the radio station because of a ground loop in the shield for the receive phone pair and a cold solder joint. Re-flowing the solder joint was sufficient to stop the impromptu crystal radio, and I broke the ground loop as well and sent off an annotated copy of the installation wiring diagram to the engineer who did the installation plan. The ground loop mixed inside and outside grounds exposing the shield for the receive pair to broadcast signals, this particularly strong local AM station in point. The cold solder joint acted as a rectifier. Working a few years later for a local video game company, one late night I had occasion to listen to the same AM station on the speaker of an arcade video game we were prototyping. That was cured by twisting a pair in the wiring harness. The next year FCC Part 15 was slated to go into effect and was causing all sorts of industry panic. A year or two later we were still seeing significant EMI from computer equipment. My upstairs neighbor's Apple II used to cause some serious interference with my TV reception using a pair of rabbit ears, some of the biggest EMI culprits for the longest time were power supplies. Today your desktop or laptop PC is generating a significant amount of power across various portions of the spectrum including up into the Giga Hertz range. The amount of EMI produced is closely on par with TEMPEST approved equipment, and the greatest threat to producing EMI or compromising emanations (following the demise of CRT displays) is cabled peripherals. The difference is that it isn't TEMPEST certified, nor has it necessarily been design with Red/Black separation in mind. There'd be strong motivation to use tested and approved cables in classified data handling equipment. While the reduction in EMI for any equipment is largely due to management of signal and power return paths, reduction in power by using smaller signal amplitudes, lower edge rates (rise and fall times as opposed to data rate) filtering and where necessary shielding. Connect one little cheap cable and the next thing you know someone is complaining about receiving AM broadcasts on their fancy (and expensive) secure voice system, or worse, being surveilled without knowing it. I'm not surprised you can hear a Blackberry with a speaker phone. It's got a radio transmitter, and more than likely the speaker phone has an RJ-11 connector on a long straight conductor cable. As a guess we'd be talking about a Blackberry within a couple of meters, and that phone wire strung across a conference table before reaching the floor. http://www.blackberry.com/solutions/pdfs/Healthcare/Wireless_EMI_in_Healthcare_Facilities_White_Paper.pdf You could note a preponderance of phone sensitivity due to proximity (Page 10). A secure handset will do the same thing.
Re: Obama's secure PDA
Jerry Leichter leich...@lrw.com writes: There's a Classified USB Cable for file transfer with Classified PC I wonder what a classified USB cable is. Perhaps it's an unclassified USB cable with the little three-prong USB logo blacked out by the censors. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Obama's secure PDA
pgut...@cs.auckland.ac.nz (Peter Gutmann) writes: Jerry Leichter leich...@lrw.com writes: There's a Classified USB Cable for file transfer with Classified PC I wonder what a classified USB cable is. Perhaps it's an unclassified USB cable with the little three-prong USB logo blacked out by the censors. I would imagine it is a tempest shielded cable, and appropriately altered connectors. Perry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Obama's secure PDA
On Jan 28, 2009, at 2:03 PM, Perry E. Metzger wrote: There's a Classified USB Cable for file transfer with Classified PC I wonder what a classified USB cable is. Perhaps it's an unclassified USB cable with the little three-prong USB logo blacked out by the censors. I would imagine it is a tempest shielded cable, and appropriately altered connectors. That's probably a big part of it. I commented earlier that $3200 seemed surprisingly cheap. One of the articles on this claimed this was absurdly expensive - typical DoD gold plating. Well ... the real price of a standard Blackberry is a couple of hundred dollars, and put one in a room with a speaker phone and listen to the famous Blackberry buzz. Shielding these things, even to avoid obvious interference, is *not* easy. Getting it to Tempest specs must take some impressive engineering. For a non-mass- market device with that kind of engineering, $3200 seems pretty cheap. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Obama's secure PDA
I know next to nothing about the state of the art of secure cell devices; do list members have any (public) knowledge or informed speculation about the mechanism behind the unclassified/classified switches? Are we talking two entire separate CPUs with a mutex- shared screen/keyboard? Or just offload of classified processing to a separate on-chip security domain (ala ARM TrustZone)? Similarly, the manufacturer lists separate class/unclass memory chips and separate class/unclass USB ports. Are these sitting on two physically separate buses? The page you mention contains a link to a price list. The thing is surprisingly inexpensive: $3150. (Curiously, you have a choice of a 1 or 2 year warrantee. The second year adds $200 to the price. You can omit the wireless module and save $500 - presumably of interest if you already have one - they are also available separately - in Sprint, Verizon, GSM, and WiFi versions, for $700.) There are versions for the UK, Canada, NATO, and some other allies. There's a Classified USB Cable for file transfer with Classified PC which is required for installing Classified Enclave Certificates. (Considering the obscene prices we pay for HDMI cables, this is a steal at only $75.) There is a similar Unclassified USB Cable for file transfer with Unclass PC which is required for installing Unclassified Enclave Certificates. From the sound of it, this probably means the USB ports are set up to authenticate connections and, almost certainly, to encrypt everything that leaves the device. Any conversion to Unclassified form probably occurs on the receiving Unclass PC. There are also both Classified and Unclassified keyboard/mouse USB cables. (These are marked as delivery 6 months ARO - everything else is available in 60 days. The obvious guess is that these don't really exist, but will be built if anyone wants them. For $100, there's a 2GB Micro SD card for Unclassified memory extension; the Classified memory apparently can't be extended. There's a mail server named Apriva that seems to go with this. Oh, and just to make everyone feel good about these things: They run Windows (mentioned in the FAQs). The FAQ, indirectly, answers the your previous question of why only Secret for email: Data-at-rest is encrypted using AES, which is only approved for Secret, not Top Secret, data. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Obama's secure PDA
On Mon, Jan 26, 2009 at 04:18:39PM -0500, Jerry Leichter wrote: An email system for the White House has the additional complication of the Presidential Records Act: Phone conversations don't have to be recorded, but mail messages do (and have to remain accessible). [OT for this list, I know.] It seems that the President's lawyers believe that IM is covered by the Presidential Records Act and shouldn't be used in the White House: http://www.newser.com/tag/31542/1/presidential-records-act.html http://www.newser.com/story/48239/team-obama-told-to-ditch-instant-messaging.html One possible workaround might be to allow WH staff to _receive_ IMs, and follow twitting from outside the WH, but not respond to any of it except by phone. (Even phone calls, though not recorded, are dangerous to the WH since there is a record of calls made and taken.) Of course, if there's nothing to hide, then, why not just use IM and be done? The legal advice seems sounds, but it's just advice. Obama and his staff could easily use and archive IMs and avoid embarrassment by, well, keeping discussions above board. Nico -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Obama's secure PDA
On Mon, 26 Jan 2009 02:49:31 -0500 Ivan Krstić krs...@solarsail.hcs.harvard.edu wrote: Finally, any idea why the Sectéra is certified up to Top Secret for voice but only up to Secret for e-mail? (That is, what are the differing requirements?) I actually explained (my take on) that question to my class last week. Quite simply, voice offers one service -- voice. Data offers many services, and hence many venues for data-driven attacks: email (which includes many MIME types) and probably clicking on URLs, web (which includes HMTL, gif, jpeg, perhaps png, and almost certainly Javascript), and perhaps data files including pdf, Word, Powerpoint, and Excel. Any one of those data formats is far more complex than even compressed voice; the union of them makes me surprised it can handle even Secret data... Note especially that HTML involves IFRAMEs and third-party images, which means inherent cross-domain issues. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Obama's secure PDA
At 2:49 AM -0500 1/26/09, Ivan Krstiç wrote: There are still conflicting reports about whether the hardware is an altered RIM BlackBerry or a different device, though the most likely contender for the latter option appears to be the General Dynamics Sectéra Edge, which features a trusted [secondary] display and two buttons used to switch between classified and unclassified operation. Government Computer News says it is definitely not a BlackBerry. However, GCN's reporters aren't always as good as they should be (or even as good as the regular IT press) on getting their facts straight on security issues. http://gcn.com/articles/2009/01/23/obama-gets-super-secure-smartphone.aspx I too would like to hear more information on this, particularly the crypto that is known to be used on the Edge. --Paul Hoffman, Director --VPN Consortium - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Obama's secure PDA
On Mon, Jan 26, 2009 at 02:49:31AM -0500, Ivan Krsti? wrote: Finally, any idea why the Sect?ra is certified up to Top Secret for voice but only up to Secret for e-mail? (That is, what are the differing requirements?) I know no specific details but strongly suspect the difference in requirements, and thus certifications, stems from the likelyhood that the device stores (even very briefly) email and cached web objects, but does not store voice communications. Thor - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Obama's secure PDA
On Jan 26, 2009, at 2:49 AM, Ivan Krstić wrote: [A]ny idea why the Sectéra is certified up to Top Secret for voice but only up to Secret for e-mail? (That is, what are the differing requirements?) I have no information, but a guess: Phone conversation encryption, at all levels, has been around for many years. Email is a relative newcomer. Further, the problem for voice is inherently simpler: A conversation is transient. It's not expected to be recorded, and I'm sure the devices are designed to make recording a conversation difficult even for someone with full access to the phone. So you're dealing with establishing a secure session, with nothing left after the fact. If you're talking email, on the other hand, you're inherently dealing with information at rest. That changes the whole game, introducing issues of key management, maintenance of security level of time - a conversation once completed is gone, so the question of how to declassify it or move it to another compartment or whatever cannot arise - how to deal with forwarding, and so on. All of this is inherent in a usable email system. An email system for the White House has the additional complication of the Presidential Records Act: Phone conversations don't have to be recorded, but mail messages do (and have to remain accessible). It makes one wonder if this is a Sectéra limitation, a Sectéra-for- the-President limitation, or whether there is no Top Secret email infrastructure at all -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com