CRYPTO-GRAM, September 15, 2010
Bruce Schneier
schneier at SCHNEIER.COM
Tue Sep 14 21:58:08 PDT 2010
CRYPTO-GRAM
September 15, 2010
by Bruce Schneier
Chief Security Technology Officer, BT
schneier at schneier.com
http://www.schneier.com
A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit
<http://www.schneier.com/crypto-gram.html>.
You can read this issue on the web at
<http://www.schneier.com/crypto-gram-1009.html>. These same essays and
news items appear in the "Schneier on Security" blog at
<http://www.schneier.com/blog>, along with a lively comment section. An
RSS feed is available.
** *** ***** ******* *********** *************
In this issue:
Consumerization and Corporate IT Security
News
Schneier News
More Skein News
Wanted: Skein Hardware Help
** *** ***** ******* *********** *************
Consumerization and Corporate IT Security
If you're a typical wired American, you've got a bunch of tech tools you
like and a bunch more you covet. You have a cell phone that can easily
text. You've got a laptop configured just the way you want it. Maybe you
have a Kindle for reading, or an iPad. And when the next new thing comes
along, some of you will line up on the first day it's available.
So why can't work keep up? Why are you forced to use an unfamiliar, and
sometimes outdated, operating system? Why do you need a second laptop,
maybe an older and clunkier one? Why do you need a second cell phone
with a new interface, or a BlackBerry, when your phone already does
e-mail? Or a second BlackBerry tied to corporate e-mail? Why can't you
use the cool stuff you already have?
More and more companies are letting you. They're giving you an allowance
and allowing you to buy whatever laptop you want, and to connect into
the corporate network with whatever device you choose. They're allowing
you to use whatever cell phone you have, whatever portable e-mail device
you have, whatever you personally need to get your job done. And the
security office is freaking.
You can't blame them, really. Security is hard enough when you have
control of the hardware, operating system and software. Lose control of
any of those things, and the difficulty goes through the roof. How do
you ensure that the employee devices are secure, and have up-to-date
security patches? How do you control what goes on them? How do you deal
with the tech support issues when they fail? How do you even begin to
manage this logistical nightmare? Better to dig your heels in and say "no."
But security is on the losing end of this argument, and the sooner it
realizes that, the better.
The meta-trend here is consumerization: cool technologies show up for
the consumer market before they're available to the business market.
Every corporation is under pressure from its employees to allow them to
use these new technologies at work, and that pressure is only getting
stronger. Younger employees simply aren't going to stand for using last
year's stuff, and they're not going to carry around a second laptop.
They're either going to figure out ways around the corporate security
rules, or they're going to take another job with a more trendy company.
Either way, senior management is going to tell security to get out of
the way. It might even be the CEO, who wants to get to the company's
databases from his brand new iPad, driving the change. Either way, it's
going to be harder and harder to say no.
At the same time, cloud computing makes this easier. More and more,
employee computing devices are nothing more than dumb terminals with a
browser interface. When corporate e-mail is all webmail, corporate
documents are all on GoogleDocs, and when all the specialized
applications have a web interface, it's easier to allow employees to use
any up-to-date browser. It's what companies are already doing with their
partners, suppliers, and customers.
Also on the plus side, technology companies have woken up to this trend
and -- from Microsoft and Cisco on down to the startups -- are trying to
offer security solutions. Like everything else, it's a mixed bag: some
of them will work and some of them won't, most of them will need careful
configuration to work well, and few of them will get it right. The
result is that we'll muddle through, as usual.
Security is always a tradeoff, and security decisions are often made for
non-security reasons. In this case, the right decision is to sacrifice
security for convenience and flexibility. Corporations want their
employees to be able to work from anywhere, and they're going to have
loosened control over the tools they allow in order to get it.
This essay first appeared as the second half of a point/counterpoint
with Marcus Ranum in Information Security Magazine. You can read
Marcus's half there.
http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1519679,00.html
or http://tinyurl.com/22qhrem
** *** ***** ******* *********** *************
News
Breaking into a garage in seconds. Garage doors with automatic openers
have always seemed like a lot of security theater to me: people
regularly treat their garage door as if it had the same security as
their front door.
http://www.youtube.com/watch?v=CMz1tXBVT1s
Hacking cars through wireless tire-pressure sensors. It's minor, but
this kind of thing is only going to get worse.
http://www.technologyreview.com/communications/25962/
http://arstechnica.com/security/news/2010/08/cars-hacked-through-wireless-tyre-sensors.ars
or http://tinyurl.com/29tdys8
http://www.h-online.com/security/news/item/Known-by-their-wheels-1058068.html
or http://tinyurl.com/3yqbdlf
http://www.winlab.rutgers.edu/~Gruteser/papers/xu_tpms10.pdf
Earlier paper on automobile computer security:
http://www.autosec.org/pubs/cars-oakland2010.pdf
Good essay by Seth Godin on the "Fear Tax":
http://sethgodin.typepad.com/seths_blog/2010/08/the-fear-tax.html
Intel buying McAfee is another example of a large non-security company
buying a security company. I've been talking about this sort of thing
for two and a half years.
http://www.schneier.com/blog/archives/2010/08/intel_buys_mcaf.html
Malware might have been a contributory cause of an air crash. I say
"might" because it's hard to get reliable information.
http://www.schneier.com/blog/archives/2010/08/malware_contrib.html
Skeletal identification:
http://www.physorg.com/news201454875.html
And you thought fingerprints were intrusive.
danah boyd on social steganography:
http://www.zephoria.org/thoughts/archives/2010/08/23/social-steganography-learning-to-hide-in-plain-sight.html
or http://tinyurl.com/33zrwyz
Detecting deception in conference calls:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1572705
Their detection system is only slightly better than random, but this
kind of thing will only get better.
Full-body scanners in roving vans:
http://www.schneier.com/blog/archives/2010/08/is_the_whole_co.html
Since a fatal crash a few years ago, Boston T (their subway) operators
have been forbidden from using -- or even having -- cell phones while on
the job. Passengers are encouraged to report violators. But sometimes
T operators need to use their official radios on the job, and passengers
can't tell the difference. The solution: mark their official radios
with orange tape. Of course, no T operator would ever think of putting
bright orange tape on his cell phone. Because if he did that, the
passengers would immediately know not to report him.
http://www.boston.com/news/local/massachusetts/articles/2010/08/26/orange_tape_clears_sticky_mbta_situation/
or http://tinyurl.com/32kzqqf
Chilling interview about misidentification and the court system.
http://www.schneier.com/blog/archives/2010/08/misidentificati.html
In Australia, a high school teacher assigned a movie-plot threat contest
problem to his students, and everyone went crazy. He sounds like me,
really.
http://www.schneier.com/blog/archives/2010/08/high_school_tea.html
Australian police are claiming the assignment was illegal, so
Australians who enter my movie-plot threat contests should think twice.
Also anyone writing a thriller novel about terrorism, perhaps.
Interesting research: eavesdropping on smart homes with distributed
wireless sensors.
http://www.cs.virginia.edu/~stankovic/psfiles/UbiComp192-srinivasan-1-1.pdf
or http://tinyurl.com/295j586
This, about the Pentagon and cyber-offense, is beyond stupid.
http://www.schneier.com/blog/archives/2010/09/cyber-offence_i.html
Very clever attack against a quantum cryptography system.
http://www.nature.com/news/2010/100829/full/news.2010.436.html
http://dx.doi.org/10.1038/nphoton.2010.214
UAE man-in-the-middle attack against SSL.
http://www.slate.com/id/2265204
http://www.eff.org/deeplinks/2010/08/open-letter-verizon
Great article on terrorism entrapment:
http://www.salon.com/news/opinion/feature/2010/07/06/fbi_foiled_terrorism_plots
or http://tinyurl.com/23nhkcy
Parental fears vs. realities:
http://www.npr.org/blogs/health/2010/08/30/129531631/5-worries-parents-should-drop-and-5-they-should?sc=fb&cc=fp
or http://tinyurl.com/372dyj9
The new German ID card is hackable. No surprise there.
http://www.thelocal.de/sci-tech/20100824-29359.html
In Japan, paint-filled orange balls are an anti-robbery device.
http://www.schneier.com/blog/archives/2010/09/orange_balls_as.html
Problems with Twitter's OAuth authentication system.
http://arstechnica.com/security/guides/2010/09/twitter-a-case-study-on-how-to-do-oauth-wrong.ars
or http://tinyurl.com/2u8ofep
http://hueniverse.com/2010/09/all-this-twitter-oauth-security-nonsense/
or http://tinyurl.com/2cmgju9
http://blog.nelhage.com/2010/09/dear-twitter/
The Onion on national security: "Smart, Qualified People Behind the
Scenes Keeping America Safe: 'We Don't Exist.'"
http://www.theonion.com/articles/smart-qualified-people-behind-the-scenes-keeping-a,17954/
or http://tinyurl.com/26jx93v
Kenzero is a Japanese Trojan that collects and publishes users' porn
surfing habits, and then blackmails them to remove the information.
http://www.schneier.com/blog/archives/2010/09/kenzero.html
Vulnerabilities in US-CERT network:
http://www.wired.com/threatlevel/2010/09/us-cert/
http://www.nextgov.com/nextgov/ng_20100909_5549.php?oref=topnews
http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_10-111_Aug10.pdf
http://gcn.com/articles/2010/09/09/us-cert-riddled-with-security-holes.aspx?s=gcndaily_100910
or http://tinyurl.com/3a4xz56
Not answering questions at U.S. customs.
http://knifetricks.blogspot.com/2010/04/i-am-detained-by-feds-for-not-answering.html
or http://tinyurl.com/264resf
Police set up a highway sign warning motorists that there are random
stops for narcotics checks ahead, but actually search people who take
the next exit.
http://420tribune.com/2010/03/narcotics-checkpoint/
Popular usernames and passwords, in graphical form.
http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html
** *** ***** ******* *********** *************
Schneier News
Back in May, I attended the EastWest Institute's First Worldwide
Cybersecurity Summit in Dallas. I only had eight minutes to speak, and
tried to turn the dialog to security, privacy, and the individual.
http://www.youtube.com/watch?v=I6ZkU2fUM5w
The conference:
http://www.ewi.info/worldwide-cybersecurity-summit
Commentary on my short talk:
http://www.insidehighered.com/blogs/law_policy_and_it/watch_this_video
On September 16, I'll be a keynote speaker at IDC's IT Security
Conference 2010 in London.
http://guest.cvent.com/EVENTS/Info/Summary.aspx?e=4cc6aaee-f08f-493b-8090-d62003ef5bf5
or http://tinyurl.com/2aok7d2
On September 18, I'll be a keynote speaker at Hacktivity in Budapest.
http://hacktivity.hu/
On October 1, I'll be a keynote speaker at CELAES 2010: XXV FELABAN
Conference on Bank Security in Miami.
http://www.felaban-seguridadbancaria.com/index.php
On October 8, I'll be giving a luncheon keynote speech at the Minnesota
Library Association Conference in Rochester, MN.
http://mnlibraryassociation.org/mlaconference10/
On October 12, I'll be a keynote speaker at RSA Europe in London.
http://www.emc.com/microsites/rsa-conference/2010/europe/index.htm
** *** ***** ******* *********** *************
More Skein News
Skein is my new hash function. Well, "my" is an overstatement; I'm one
of the eight designers. It was submitted to NIST for their SHA-3
competition, and one of the 14 algorithms selected to advance to the
second round.
Last week was the Second SHA-3 Candidate Conference. Lots of people
presented papers on the candidates: cryptanalysis papers, implementation
papers, performance comparisons, etc. There were two cryptanalysis
papers on Skein. The first was by Kerry McKay and Poorvi L. Vora. They
tried to extend linear cryptanalysis to groups of bits to attack
Threefish (the block cipher inside Skein). It was a nice analysis, but
it didn't get very far at all.
The second was a fantastic piece of cryptanalysis by Dmitry
Khovratovich, Ivica Nikolie, and Christian Rechberger. They used a
rotational rebound attack to mount a "known-key distinguisher attack" on
57 out of 72 Threefish rounds faster than brute force. It's a new type
of attack -- some go so far as to call it an "observation" -- and the
community is still trying to figure out what it means. It only works if
the attacker can manipulate both the plaintexts and the keys in a
structured way. Against 57-round Threefish, it requires 2**503 work --
barely better than brute force. And it only distinguishes reduced-round
Threefish from a random permutation; it doesn't actually recover any key
bits.
Even with the attack, Threefish has a good security margin. Also, the
attack doesn't affect Skein. But changing one constant in the
algorithm's key schedule makes the attack impossible. NIST has said
they're allowing second-round tweaks, so we're going to make the change.
It won't affect any performance numbers or obviate any other
cryptanalytic results -- but the best attack would be 33 out of 72 rounds.
The second-round algorithms are: BLAKE, Blue Midnight Wish, CubeHash,
ECHO, Fugue, Grostl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD,
and Skein. You can find details on all of them, as well as the current
state of their cryptanalysis, at the SHA-2 Zoo site. NIST will select
approximately five algorithms to go on to the third round by the end of
the year.
In other news, we're once again making Skein polo shirts available to
the public. Those of you who attended either of the two SHA-3
conferences might have noticed the stylish black Skein polo shirts worn
by the Skein team. Anyone who wants one is welcome to buy it, at cost.
All orders must be received before October 1, and we'll have all the
shirts made in one batch.
http://www.schneier.com/skein-shirts.html
The Second SHA-3 Candidate Conference:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/index.html
Conference program:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/Program_SHA3_Aug2010.pdf
or http://tinyurl.com/2g24ybz
Kerry McKay and Poorvi L. Vora's presentation and paper:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/presentations/MCKAY_Pseudolinear_SHA3.pdf
or http://tinyurl.com/2cj5swk
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/MCKAY_PseudolinearApprox.pdf
or http://tinyurl.com/282kv6h
Dmitry Khovratovich, Ivica Nikolie, and Christian Rechberger's
presentation and paper:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/presentations/RECHBERGER_Rotational_Rebound_Attacks_on_Reduced_Skein_v09.pdf
or http://tinyurl.com/28uulbg
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/RECHBERGER_rot-rebound.pdf
or http://tinyurl.com/2b2ltnu
Known-key distinguisher:
http://www.springerlink.com/content/y2437717g1630plp/
https://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=31551
or http://tinyurl.com/2fvjare
Our Skein update from the SHA-3 conference:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/presentations/CALLAS_Skein_Presentation_2Version_10.pdf
or http://tinyurl.com/242x77w
Skein website:
http://www.skein-hash.info/
Skein paper:
http://www.schneier.com/skein.pdf
Skein source code:
http://www.schneier.com/code/skein.zip
My previous essays on Skein:
http://www.schneier.com/essay-249.html
http://www.schneier.com/blog/archives/2009/09/skein_news.html
SHA-3 website:
http://csrc.nist.gov/groups/ST/hash/sha-3/index.html
SHA-3 Zoo:
http://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo
** *** ***** ******* *********** *************
Wanted: Skein Hardware Help
As part of NIST's SHA-3 selection process, people have been implementing
the candidate hash functions on a variety of hardware and software
platforms. Our team has implemented Skein in Intel's 32 nm ASIC
process, and got some impressive performance results. Several other
groups have implemented Skein in FPGA and ASIC, and have seen
significantly poorer performance. We need help understanding why.
For example, a group led by Brian Baldwin at the Claude Shannon
Institute for Discrete Mathematics, Coding and Cryptography implemented
all the second-round candidates in FPGA. Skein performance was
terrible, but when they checked their code, they found an error. Their
corrected performance comparison has Skein performing much better and in
the top ten.
We suspect that the adders in all the designs may not be properly
optimized, although there may be other performance issues. If we can at
least identify (or possibly even fix) the slowdowns in the design, it
would be very helpful, both for our understanding and for Skein's
hardware profile. Even if we find that the designs are properly
optimized, that would also be good to know.
A group at George Mason University led by Kris Gaj implemented all the
second-round candidates in FPGA. Skein had the worst performance of any
of the implementations. We're looking for someone who can help us
understand the design, and determine if it can be improved.
Another group, led by Stefan Tillich at University of Bristol,
implemented all the candidates in 180 nm custom ASIC. Here, Skein is one
of the worst performers. We're looking for someone who can help us
understand what this group did.
Three other groups -- one led by Patrick Schaumont of Virginia Tech,
another led by Shin'ichiro Matsuo at National Institute of Information
and Communications Technology in Japan, and a third led by Luca Henzen
at ETH Zurich -- implemented the SHA-3 candidates. Again, we need help
understanding how their Skein performance numbers are so different from
ours.
We're looking for people with FPGA and ASIC skills to work with the
Skein team. We don't have money to pay anyone; co-authorship on a paper
-- and an Erdos number of 4 -- is our primary reward. (Also, a Skein
polo shirt.) Please send me e-mail if you're interested.
Our presentation and paper on Skein in a custom ASIC:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/presentations/WALKER_skein-intel-hwd-slides.pdf
or http://tinyurl.com/25keymm
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/WALKER_skein-intel-hwd.pdf
or http://tinyurl.com/2bddhn7
Brian Baldwin's original presentation and paper:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/presentations/BALDWIN_FPGA_SHA3.pdf
or http://tinyurl.com/2dz4q2l
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/BALDWIN_FPGA_SHA3.pdf
or http://tinyurl.com/2653k99
Brian Baldwin's corrected presentation and paper:
http://www.ucc.ie/en/crypto/SHA-3Hardware/NISTSHA-3/Baldwin-SHA-3-Presentation-Aug-2010.pdf
or http://tinyurl.com/2c55hb2
http://www.ucc.ie/en/crypto/SHA-3Hardware/NISTSHA-3/Baldwin-SHA-3-Paper-Aug-2010.pdf
or http://tinyurl.com/29qbrud
Kris Gaj's presentation and papers:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/presentations/GAJ_SHA3_GMU.pdf
or http://tinyurl.com/26qatdx
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/GAJ_SHA3_512.pdf
or http://tinyurl.com/27lkjhw
http://eprint.iacr.org/2010/445.pdf
Stefan Tillich's presentation and paper:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/presentations/TILLICH_WEB_Uniform_SHA-3.pdf
or http://tinyurl.com/27cpqom
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/TILLICH_sha3hw.pdf
or http://tinyurl.com/2d5p9p7
Patrick Schaumont's presentation and paper:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/presentations/SCHAUMONT_VT_presentation.pdf
or http://tinyurl.com/28t9qxc
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/SCHAUMONT_SHA3.pdf
or http://tinyurl.com/2dju4rn
Shin'ichiro Matsuo's presentation and paper:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/presentations/MATSUO_SHA3_Presentation.pdf
or http://tinyurl.com/2byyycq
http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/MATSUO_SHA-3_Criteria_Hardware_revised.pdf
or http://tinyurl.com/24qxhdo
Luca Henzen's papers:
http://www.vlsi.uwaterloo.ca/~ahasan/web_papers/technical_reports/web_five_SHA_3.pdf
or http://tinyurl.com/2be9nj8
http://www.vlsi.uwaterloo.ca/~ahasan/web_papers/technical_reports/web_five_SHA_3_appendix_B.pdf
or http://tinyurl.com/2g4u2dj
http://www.springerlink.com/content/g0115v3272156r06/
** *** ***** ******* *********** *************
Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing
summaries, analyses, insights, and commentaries on security: computer
and otherwise. You can subscribe, unsubscribe, or change your address
on the Web at <http://www.schneier.com/crypto-gram.html>. Back issues
are also available at that URL.
Please feel free to forward CRYPTO-GRAM, in whole or in part, to
colleagues and friends who will find it valuable. Permission is also
granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.
CRYPTO-GRAM is written by Bruce Schneier. Schneier is the author of the
best sellers "Schneier on Security," "Beyond Fear," "Secrets and Lies,"
and "Applied Cryptography," and an inventor of the Blowfish, Twofish,
Threefish, Helix, Phelix, and Skein algorithms. He is the Chief
Security Technology Officer of BT BCSG, and is on the Board of Directors
of the Electronic Privacy Information Center (EPIC). He is a frequent
writer and lecturer on security topics. See <http://www.schneier.com>.
Crypto-Gram is a personal newsletter. Opinions expressed are not
necessarily those of BT.
Copyright (c) 2010 by Bruce Schneier.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list