From: schneier@counterpane.com (Bruce Schneier)
To: crypto-gram@chaparraltree.com
Subject: CRYPTO-GRAM, November 15, 2002
Date: Thu, 14 Nov 2002 22:01:47 -0600
CRYPTO-GRAM
November 15, 2002
by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
schneier@counterpane.com
< http://www.counterpane.com >
A free monthly newsletter providing summaries, analyses, insights, and
commentaries on computer security and cryptography.
Back issues are available at
< http://www.counterpane.com/crypto-gram.html >. To subscribe, visit
< http://www.counterpane.com/crypto-gram.html > or send a blank message
to crypto-gram-subscribe@chaparraltree.com.
Copyright (c) 2002 by Counterpane Internet Security, Inc.
** *** ***** ******* *********** *************
In this issue:
New Book
Crypto-Gram Reprints
News
Counterpane News
Security Notes from All Over: Japanese Honeybees
The Doghouse
Comments from Readers
** *** ***** ******* *********** *************
New Book
This is a short issue of Crypto-Gram, because I'm finishing up a new book.
We are being told that we are in graver danger than ever, and that we
must change our lives in drastic and inconvenient ways in order to be
secure. We are being told that we must give up privacy or anonymity,
or accept restrictions on our actions. We are being told that the
police need new investigative powers, that domestic spying capabilities
need to be instituted, and that our militaries must be brought to bear
on countries that support terrorism. What we're being told is mostly
untrue. Most of the changes we're being asked to endure don't result
in good security. They don't make us safer. Some of the changes
actually make things worse.
My new book, still untitled, is a book about security. Not computer
security, but security in general. Its goal is to teach readers how to
think differently, how to tell good security from bad security, and to
be able to explain why. Its goal is to instill in readers a healthy
skepticism about security, especially the technologies surrounding
security. Its goal is to convince readers that good security is about
people.
The book walks the reader, step by step, through security: what works,
what doesn't, and why. It gives general principles that the reader can
use to understand and evaluate security. It illustrates those
principles with anecdotes from all over: crime, war, history, sports,
natural science, myth, literature, and movies. And it gives the reader
a simple process that he can use to understand the difference between
good security and bad security.
Real-world security looks a whole lot like computer security. It's not
just that computers are everywhere; the same concepts and methodologies
that allow us to make sense of computer security also apply to the real
world. In my previous book, "Secrets and Lies," I used real-world
metaphors to explain computer and network security. In this book I am
going to explain real-world security using the techniques, processes,
and formalism from the computer world, without assuming any computer
knowledge.
Book publishing is second only to furniture delivery in slowness. My
deadline for the book is the end of the month, but it's not going to be
available in stores until next September.
** *** ***** ******* *********** *************
Crypto-Gram Reprints
Crypto-Gram is currently in its fifth year of publication. Back issues
cover a variety of security-related topics, and can all be found on
< http://www.counterpane.com/crypto-gram.html >. These are a selection
of articles that appeared in this calendar month in other years.
Full Disclosure:
< http://www.counterpane.com/crypto-gram-0111.html#1 >
Why Digital Signatures are Not Signatures
< http://www.counterpane.com/crypto-gram-0011.html#1 >
Programming Satan's Computer: Why Computers Are Insecure
< http://www.counterpane.com/crypto-gram-9911.html#WhyComputersareInsecure >
Elliptic Curve Public-Key Cryptography
<http://www.counterpane.com/crypto-gram-9911.html#EllipticCurvePublic-Ke
yCryptography>
The Future of Fraud: Three reasons why electronic commerce is different
< http://www.counterpane.com/crypto-gram-9811.html#commerce >
Software Copy Protection: Why copy protection does not work
< http://www.counterpane.com/crypto-gram-9811.html#copy >
** *** ***** ******* *********** *************
News
Red Hat vs. the DMCA. Red Hat publishes information about a security
patch ONLY to people outside the United States, because of fear of the
DMCA. It seems that a description of a fix to a vulnerability also
contains information about the vulnerability itself, which could be a
violation of the DMCA. Ridiculous? Of course it is. But that's the
law for you.
< http://www.theregus.com/content/4/26656.html >
And while we're on the subject of ridiculous, here are some of the
"digital media devices" that would be required to incorporate
government-approved copy-protection technology under the Hollings
CBDTPA Bill: hearing aids, talking picture frames, scrolling signs, and
baby monitors.
< http://www.freedom-to-tinker.com/archives/cat_fritzs_hit_list.html >
The previous two items are examples of the kinds of things that happen
when laws are written to protect the revenue stream of an industry with
no regard to its effects on society as a whole. Another example is the
extensions to the copyright laws, currently being debated in the
Supreme Court. Here's Larry Lessig's thoughts on arguing at the
Supreme Court:
< http://cyberlaw.stanford.edu/lessig/blog/archives/2002_10.shtml#000531 >
A clever Reuters reporter guesses URL of Swedish company's 3rd quarter
results (before they were "officially" posted). The company claims it
will file criminal charges. It's an interesting question: is guessing
a URL an "intrusion"? I don't think so.
< http://www.theregister.co.uk/content/6/27816.html >
< http://salon.com/tech/wire/2002/10/28/reuters/index.html >
The Security Business Quarterly is a magazine worth reading. Issues
are available online.
< http://www.sbq.com >
Windows 2000 receives a Common Criteria security rating. Does this
mean anything? Not really. Jonathan Shapiro did such a good job
explaining this that I'm just going to post a link to his essay.
< http://eros.cs.jhu.edu/~shap/NT-EAL4.html >
Microsoft users may have to pay for security. Actually, I think this
is a good idea. If users explicitly pay for security, then there's a
greater chance that Microsoft will be liable for that security. And
honestly, most users don't want security and don't want to pay for it.
< http://news.zdnet.co.uk/story/0,,t269-s2123526,00.html >
< http://zdnet.com.com/2100-1104-961173.html >
This article says: "The al-Qaeda terror network has begun using hackers
who break into websites to create secret pages that send messages to
its followers, Internet specialists say." This makes absolutely no
sense, and is a sad example of the mindless anti-terrorist
computer-security hype we're hearing these days.
< http://cooltech.iafrica.com/technews/179588.htm >
A well-written analysis of the major security/privacy/stability
concerns of Windows XP.
< http://www.hevanet.com/peace/microsoft.htm >
"Fortune 1000 companies lost $45 billion to theft of proprietary
information last year." How do they know?
< http://www.infoworld.com/suppsad/ISS/t_issprt1.html >
"Assessing Internet Security Risk," a five-part series:
< http://online.securityfocus.com/infocus/1591 >
< http://online.securityfocus.com/infocus/1607 >
< http://online.securityfocus.com/infocus/1612 >
< http://online.securityfocus.com/infocus/1631 >
< http://online.securityfocus.com/infocus/1632 >
Root DNS servers attacked. It's a credit to the good guys that the
effects of the attack were minimal. Lots of commentary about it, though.
< http://www.washingtonpost.com/wp-dyn/articles/A828-2002Oct22.html >
< http://www.newsfactor.com/perl/story/19756.html >
< http://www.cnn.com/2002/TECH/internet/10/23/net.attack/index.html >
< http://news.com.com/2100-1001-963095.html >
< http://news.com.com/2010-1071-963205.html >
< http://computerworld.com/newsletter/0%2C4902%2C75350%2C0.html?nlid=SEC >
< http://www.esj.com/news/article.asp?EditorialsID=317 >
< http://zdnet.com.com/2100-1107-963337.html >
< http://www.eweek.com/article2/0,3959,651686,00.asp >
Nice security success story: NASA.
< http://www.infoworld.com/articles/op/xml/02/10/28/021028opsecurity.xml >
< http://www.fcw.com/fcw/articles/2002/1014/mgt-nasa-10-14-02.asp >
The United States Copyright Office is inviting public comment on the DMCA:
< http://news.com.com/2100-1023-961783.html >
< http://www.copyright.gov/1201/ >
Fascinating Congressional testimony by NSA Director Michael Hayden. He
explains how NSA worked on terrorism pre- and post-9/11, and then tells
Congress that they can best help him by going back to their
constituents and finding out where the public wants to draw the line
between liberty and safety. Required reading.
< http://intelligence.senate.gov/0210hrg/021017/hayden.pdf >
Excellent paper by Carl Ellison on the myths and realities of PKI:
< http://www.cs.dartmouth.edu/~pki02/Ellison/ >
** *** ***** ******* *********** *************
Counterpane News
I'm sitting on some big news that I can't really talk about
yet. Hopefully next month.
In the meantime, I will be speaking at COMDEX in Las Vegas on 11/18, at
the IETF meeting in Atlanta on 11/22, and at InfoSecurity in New York
on 12/11.
** *** ***** ******* *********** *************
Security Notes from All Over: Japanese Honeybees
Giant hornets regularly attack beehives. Typically, an attack begins
when a single hornet captures a lone bee nearby the hive. After
several of these perimeter skirmishes, one hornet leaves a marking
pheromone at the hive's entrance. This pheromone attracts the other
hornets, who arrive en masse and attack the beehive. The bees'
stingers can't penetrate the hornets' armor, so it's a one-sided
slaughter; something like 30,000 bees can be killed in a few hours by
30-40 hornets.
Japanese honeybees, however, have evolved an interesting defensive
strategy. When a hornet marks the hive's entrance, the bees guarding
the entrance return to the hive and wait for the attacking
hornets. This has the effect of luring the first attacking hornets
into the hive, rather than allowing them to start their attack
outside. Simultaneously, over 1000 worker bees in the hive leave the
combs and mass just inside the hive's entrance. When a hornet tries to
enter the hive, the workers surround it, forming a ball of bodies, and
cook it to death with their body heat. The bees also release a
pheromone that draws ever more bees from the hive's interior to come to
the entrance and defend the nest.
This strategy must be perfect in order to be successful. If the bees
fail in killing the first hornet attackers, then the hornet pheromone
gets stronger, and more hornets arrive to reinforce their attack. By
sheer numbers, the hornets can overpower the bees.
Source: Bernd Heinrich, "The Thermal Warriors: Strategies of Insect
Survival," Harvard University Press, 1996.
** *** ***** ******* *********** *************
The Doghouse
I'm busy, so you'll have to do the work this time. Here are my current
doghouse candidates. Decide for yourself which is the funniest.
Is it CryptDefence, which offers "information's absolute protection"
via their "entirely new original symmetric cryptographic algorithm
MCD," which "disproves the Vernam theory...."
< http://www.cryptdefence.com/ >
Is it Asier Technology, which "has made a breakthrough in such
[cryptography] research and is now offering revolutionary products,"
with keys "ranging in key sizes from 5,000 to over 136,000 bits"?
http://www.asiertech.com/
Is it TransPlace, "only security program without hacks/ cracks/patches
on Internet"? "Unhackable!!! It's IMPOSSIBLE to hack
TransPlace-files!" "The internal structure of TransPlace is TOP
SECRET!" "We believe it's impossible to make successful cracks for
TransPlace or 'TransPlace protected files'!"
< http://www.orontesprojects.com/ >
Is it ForeScout, an intrusion prevention technology that "pre-emptively
neutralize[s] known and unknown attacks with no false positives
ensuring zero time to protection," while at the same time requiring "no
signature updates nor manual intervention"?
< http://www.forescout.com/ >
Or is it EuroTech, with their "double cipher, keyless transmission
system, with no transmitted key subject to compromise"?
< http://www.eurotechltd.com/products/ss/crypto.html >
So many to choose from.... And thank you to everyone who e-mails me
with Doghouse suggestions. I always enjoy reading these Web sites.
** *** ***** ******* *********** *************
Comments from Readers
From: Frank Prince <fwp3@grumpybear.com>
Subject: National Strategy to Secure Cyberspace
I disagree that the strategy doesn't make a difference. I feel your
comments were too dismissive of it.
Something in the discussion about the relationship between consensus
and security didn't ring true for me. Relative to security, consensus
-- in a community, in the board room, formalized in law, or honed by
legal precedent -- is a kind of community threat estimate and resource
allocation decision. We can certainly argue that it is flawed -- but
not that it is irrelevant.
Moreover, I take issue with the idea that security is a commons. The
new community resources we are trying to protect aren't fully
defined. And consensus regarding the threat to them will remain
evanescent until they are. Beyond that, the metrics that will allow us
to assess liability are even less appreciable. Security, like
availability, is a characteristic that can be used to judge if the
commons is in crisis. But cultural accommodation to profoundly
changing technological realities is the underlying issue -- not security.
That being said, in any time of change there are criminals that take
advantage of upheaval. We can't stand by and let them hurt us. Still,
we have to remember that we are engaged in a battle that is playing out
in two different time scales -- the first with our day-to-day decisions
about security and the second with our long-term understanding of the
effects of technology change on security. The day-to-day interacts
with the long-term. A new technique for mitigating the impact of
denial-of-service attacks changes people's perception of how serious
they are. But so does a government test balloon on cyber-security,
affecting things like research funding and public awareness. Both make
a difference. Neither is irrelevant.
From: "Odom, Joel" <Joel.Odom@BellSouth.com>
Subject: RE: National Strategy to Secure Cyberspace
In the same way that the "National Strategy to Secure Cyberspace" is
going to do no good to improve computer security, passing laws
requiring certain security behavior will do no good either. As a
matter of fact, laws requiring companies and individuals to practice
certain security behavior would likely do more harm than good.
As you pointed out, the government is all about politics and not about
what will actually work. Computer security laws would require behavior
that would make systems more complicated. As a system becomes more
complicated, it generally becomes less secure and not more secure.
Laws would not be able to mandate the detection and response necessary
for true security. Instead, laws would mandate certain products that
would be trusted and would choke out bona fide efforts to improve
security. Even worse, they would lull users into a false sense of
security.
The best way to wreck computer security is to let the government meddle
with it. All of the security laws that have passed in recent years
have only made matters worse. Why do we expect that the government
could ever actually make it better?
To: Bruce Schneier <schneier@counterpane.com>
Subject: National Strategy to Secure Cyberspace
> Security is a commons. Like air and water and radio spectrum, any
> individual's use of it affects us all. The way to prevent people from
> abusing a commons is to regulate it. Companies didn't stop dumping
> toxic wastes into rivers because the government asked them
> nicely. Companies stopped because the government made it illegal to
> do so.
No. The way to prevent people from abusing a commons is to establish
and enforce property rights. A public bathroom will be filthy no
matter how many laws you pass. Most companies obey the laws against
dumping wastes rivers, but there are still plenty who just got a bit
more creative about where and when they do their polluting. Laws don't
work. You need people with an interest in protecting _their_ property,
not bureaucrats who will protect the commons as long as no one bribes
them to look the other way, and not governments that pass laws but make
themselves exempt.
The tricky bit is dividing the commons up into the proper chunks of
property to insure that the greatest number of people can still use it
at a fair price.
From: Marc de Piolenc <piolenc@mozcom.com>
Subject: National Strategy to Secure Cyberspace
While I agree with your comments about the ineffectiveness of a plan
without teeth, I am equally doubtful of the efficacy of
legislation. Your analogy to pollution regulations is a good one,
because it points up the fundamental fallacy of a "commons."
That which belongs to everybody belongs to nobody, in the sense that
nobody has any incentive to preserve it. The answer is not empowering
bureaucrats to protect the commons (which they will do poorly or not at
all), but to privatize the resources currently treated as common property.
In the case of the infrastructure that we are talking about, it is
already in private hands, and considering it a "commons" is just a
fancy way of letting the people who control its various components
escape responsibility for their management.
To use a simple example, the owners of distribution networks are, in
the USA at least, civilly liable for failure to follow established good
practice in their respective technical fields. This is not a matter of
regulation, but of tort law. The problem with our sector is the
absence of generally recognized good practices. Any advance in that
area is worth any number of tons of output from the Federal Register.
From: Jim Reid <jim@rfc1035.com>
Subject: National Strategy to Secure Cyberspace
I think your comments about consensus with regard to security matters
could have been more carefully worded. Security is ultimately about
consensus. It has to be a trade-off between what the end users will
tolerate, what the security guys will tolerate, what providers are
prepared to offer in the way of services, and what the bean counters
will accept both in costs and risks/rewards. Provided these
conflicting interests can be balanced properly, the resulting system
should be secure enough for the purpose it was intended. It's a bit
unfair of you to say that consensus security mostly results in bad
decisions. In a free society I think it's impossible to deploy
workable security systems unless those systems are built around
consensus. For some fluffy definition of "consensus."
Where I do agree with you wholeheartedly is that security -- or
anything else we try to do -- becomes flawed when the participants come
with their own axes to grind or have a not-so-hidden agenda to protect
their vested interests. And then distort the decision making process
to reflect their position.
From: Anonymous
Subject: National Strategy to Secure Cyberspace
Your response to the CyberSecurity Strategy is an impassioned plea, but
I can't believe you came to your conclusion. What possible law should
the government pass? After the example of the DMCA, they'll pass a law
against hacking or anything that looks like it, and that law will make
all network management (especially managed security such as Counterpane
produces) illegal by side effect.
The people you describe, driven by special interests into confusion and
feebleness in spite of tons of good advice, would pull the trigger --
but what would they hit?
So -- what law would you want them to pass? It sounds like you want
one law: that makes companies liable for successful attacks. Would
Counterpane be liable?
I suspect that it's Microsoft you want to be made liable -- as
punishment for their creation of exploitable holes. But, you don't say
that. Why do you expect the government to use the same logic you and I
use? If you want them to make someone liable, they might make a
homeowner liable if his home computer is used as a DDoS launch point --
and leave Microsoft untouched.
From: Stefan Lucks <lucks@weisskugel.informatik.uni-mannheim.de>
Subject: XSL Attacks Against AES
I have studied the equation-solving technique for the cryptanalysis of
secret-key ciphers, such as the AES, myself. As a scientist, I find
the technique exciting. However, I think it is too early to draw any
conclusions.
As I mentioned, the paper from Courtois and Pieprzyk is exciting for
me. Their technique may turn out to be a relevant attack for some
secret-key ciphers, possibly including the AES. BUT: Currently, the
study of these ciphers is research in progress, no more, no less. It
is much too early to consider the AES broken. People should wait for
more results. (I don't write this to blame the authors. The have done
great work. But good research needs time, and researchers have to
publish their "work in progress" to get feedback from their peers.)
In general, the technique works like this:
1. Find a special "trick" to describe the cipher as a largely
overdefined system of quadratic (or low-degree) equations (for
secret-key cryptosystems typically in GF(2)).
2. Check if there are any obvious reasons why XL won't be able to solve
the system (e.g., extremely many linear dependencies).
3. Use XL (some variant of XL) to solve the system and cross your
fingers. That is, artificially increase the number of equations by
multiplying some of the equations with some of the terms to get a
system of non-linear (higher-degree) equations. If the number of
equations exceeds the number of terms, linearise the system; i.e.,
treat each term as an independent linear variable.
4. Solve this (huge) system of linear equations.
The problem is going from step 2 to step 3. Courtois and Pieprzyk
describe some necessary conditions for XL to work in their paper. We
can check for these conditions in step 2. But these conditions are
unlikely to be sufficient. Especially in the case of the AES, there
are some doubts.
There are some experimental indications that XL works at least
sometimes. Unfortunately, the "real" attacks are by far too expensive
be implemented today. So we can't directly verify the attack
experimentally.
Good ciphers are like good wine; both need much time to mature. AES is
still young, only five years old, and I wouldn't mind if people
considered three-key triple DES as a possible alternative to the AES,
for the next five years or so.
From: Ulrich Kunitz <ulrich.kunitz@freenet.de>
Subject: One-Time Pads: Real-World Examples
I've seen one-time pads used in the East German army, I even did some
encryption personally, not exactly in line with the rule book. I
served as a private in a surface-air-missile base with old SA-2 Voichov
missiles from 1987 to 1989. Short messages about the frequency plan
for friend-detection, encoding of the coordinate system and troop
movements were encrypted with one-time pads. Encryption and decryption
had to be done by officers, one of them explained it to me. Blocks
were numerated and stored in special sealed boxes fixed in the concrete
walls of the command bunker. Key exchange was the task of armed
couriers (two men) with a sealed transport case. Everybody using the
system knew that code blocks must not be reused. But this was still a
German army with Prussian traditions, which double-counted every
bullet. That the Russians in the Soviet embassy didn't do the right
thing, might be caused by their mentality to always cut corners to meet
ends.
Here in Germany banks are using one-time pads for the authentication of
financial orders. This system is used by millions of bank customers,
even my mother. It's called the PIN/TAN-system. The TAN blocks are
sent by the postal service, some banks even require the customer to
acknowledge the receipt by a signed letter. For every order you enter
into your browser or home banking application, you have to use one
transaction number (TAN) from the block. The bank system checks the
TAN and enforces the single use. The scheme doesn't prevent attackers
from changing the message before sending it over the encrypted
connection, but limits effectively the number of orders an attacker can
send, as long as the customer doesn't store his TANs on the
computer. By limiting the amount of money per order on the bank side,
risks are reduced by the system.
I've implemented here in Germany online-banking-systems using several
cryptographic methods with keys in a file, tokens, and
smartcards. Standard algorithms, no snake oil, we know our limits. It
still strikes me how easy to understand, easy to apply (no drivers or
additional devices), and relatively secure the PIN/TAN method
is. Limiting the number of orders an attacker could do is far more
difficult with available smartcard technology or even keys in a
file. And customers have no problems to develop the right model about
PIN/TAN, but smartcards aren't doing what most people think they do.
By the way, please remind your readers that even one-time pads are
insecure, if somebody uses a "random" generator like C-library's rand()
to generate the pads. Murphy's law says it will happen---and it did.
Home banking fraud here in Germany is a popular media theme, but in
reality it isn't a problem. This is caused by the checks built in the
classic banking system and its capability to handle errors and
fraud. That we never use the PIN alone in Germany does contribute, but
how much, I really don't know.
"Secret & Lies" helped a me a lot to understand what is going
on. Technology will never solve the security problem alone: you need
organization, infrastructure, people, processes and a legal system to
produce security.
From: John Gateley <gateley@jriver.com>
Subject: GreatEncryption
"Software with a key strength of 109^4000 + 109^3999 + ... 109^1."
It gets worse. I found the following on the Web site: "Users can
choose keys that are as short or as long as they wish. But, only the
first 4,000 valid characters submitted as a key are used in the
program. There are 109 valid key characters."
So, instead of 109^4000 different keys, they somehow come up with
109^4000 + 109^3999 + ... +109^1.
Makes me wonder about the rest of their math.
** *** ***** ******* *********** *************
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on computer security and cryptography. Back
issues are available on < http://www.counterpane.com/crypto-gram.html >.
To subscribe, visit < http://www.counterpane.com/crypto-gram.html > or
send a blank message to crypto-gram-subscribe@chaparraltree.com. To
unsubscribe, visit < http://www.counterpane.com/unsubform.html >.
Please feel free to forward CRYPTO-GRAM to colleagues and friends who
will find it valuable. Permission is granted to reprint CRYPTO-GRAM,
as long as it is reprinted in its entirety.
CRYPTO-GRAM is written by Bruce Schneier. Schneier is founder and CTO
of Counterpane Internet Security Inc., the author of "Secrets and Lies"
and "Applied Cryptography," and an inventor of the Blowfish, Twofish,
and Yarrow algorithms. He is a member of the Advisory Board of the
Electronic Privacy Information Center (EPIC). He is a frequent writer
and lecturer on computer security and cryptography.
Counterpane Internet Security, Inc. is the world leader in Managed
Security Monitoring. Counterpane's expert security analysts protect
networks for Fortune 1000 companies world-wide.
< http://www.counterpane.com/ >
Copyright (c) 2002 by Counterpane Internet Security, Inc.
Visit the Crazy Atheist Libertarian
Check out "David Dorn" - Hate Monger
Check out Atheists United - Arizona
Visit my atheist friends at Heritics, Atheists, Skeptics, Humanists, Infidels, and Secular Humanists - Arizona
Arizona Secular Humanists
Paul Putz Cooks the Arizona Secular Humanist's Check Book
News about crimes commited by the police and government
News about crimes commited by religious leaders and beleivers
Some strange but true news about the government
Some strange but real news about religion
Interesting, funny but otherwise useless news!
Libertarians talk about freedom
Cool Useless Photos, Cool gif files, Cool jpg files
Legal Library
Gif, JPG, and other images you can use on your web pages
David Dorn Insuranse