November 2, 2009 • 6:40 am 0
I have a few new reviews of papers on cryptography in my updated page. For those interested in the security of NMAC and HMAC or affiliation hiding key exchanges, I recommend reading the reviews. They include links to relevant papers.
Filed under: AMS, Authentication, Cryptanalysis, Cryptography, Encryption, Information Theory, Security , Security, Authentication, Cryptography, Mathematics, crypt
August 22, 2009 • 6:01 am 0
An article stating the need to protect biometric data appeared in the IEEE spectrum magazine. Not a lot of new information, a good summary of the threats as biometrics are being used more and more as authenticators.
Filed under: Authentication, Encryption, Security, biometrics, in the News , Authentication, biometrics, Encryption, Security
June 1, 2009 • 2:22 am 0
Many years ago I was involved in a research project looking to use tiny differences in processing time inside a computer as a way to fingerprint the device. The idea was not unique, I guess that at the same time many were busy looking for similar things.
The reason was that in the framework of Internet security protocols such as SSL, if each party can fingerprint the other party’s computer, that will add another dimension to the development of a strong authentication scheme. Eventually the company supporting the research run out of interest and money and I forgot all about the idea until I recently read the news.
Enter the Fingerprint Extraction and Random Numers in SRAM (FERNS) method developed by Holcomb, Burleson and Fu of the University of California Berkeley. They analyzed the initial state of the cells of a 512 kb Static Random Access Memory (SRAM) after power up and discovered that the stable states of some cells representing the bits were random, that is they have equal probability to be 1 or 0, while others cells were skewed to start as a 1 or as a 0. This property of the cells is due to imperfections of the fabrication process and are impossible to control.
A paper describing Burleson’s group work is going to appears in the IEEE Transactions on Computers.
From the Abstract
….. We use experimental data from high performance SRAM, and the WISP UHF RFID tag to validate the principles behind FERNS. We demonstrate that 8 byte fingerprints from an SRAM chip are sufficient for uniquely identifying circuits among a population of 5,120 and extrapolate that 16 to 24 bytes of SRAM would be sufficient for uniquely identifying every instance of the SRAM ever produced. Using a smaller population, we demonstrate similar identifying ability from the embedded SRAM microcontroller memory of the WISP. In addition to identification, we show that SRAM fingerprints capture noise, enabling true random number generation. We demonstrate that the initial states of a 256 byte SRAM can produce 128 bit true random numbers capable of passing the NIST approximate entropy test.
The possibilities for the application of this technology to authentication and key generation schemes are enormous, specially in the field of portable devices. To have an entropy generator “in a chip” is great, if you get that together with a fingerprint of the chip is wonderful news. Certainly we’ll hear more about it.
Related reading: Quirks of RFID Memory Make for Cheap Security Scheme
Filed under: Authentication, Entropy, Fingerprint, RAM, RFID, Random Numbers, SRAM, Security, Technology , Authentication, Entropy, Fingerprint, Random Numbers, SRAM, Technology
March 19, 2009 • 5:30 am 0
I recently discussed the problems associated with weak passwords here. Since then, there have been a few cases of hackers publishing stolen passwords form popular sites such as phpbb or the passwords that the conficker worm uses to spread across shares. Some researches report that people often use the same password on many websites making themselves vulnerable to serious attack if the password for a low value website is the same as the one used in a high value target
Password selection tips abound and as long as your password has enough entropy, users data is somewhat out of reach of most hackers.
Despite the advice of security gurus, the manifest limitations of the average human brain for generating and remembering more than a few passwords is a physical barrier to a widespread adoption secure practices. Password managers may help to keep your passwords organized. They have functions to generate strong passwords and can connect directly with browsers or e-mail programs.
Another way around is the OpenID network that allow users to have one identity for multiple on-line services. The OpenID protocol is inclusive enough that can work as an Authenticator using biometrics or smart-tokens. Open ID is still in the adoption phase, not all online services accept it.
Filed under: Authentication, Security, biometrics, in the News, passwords , Authentication, Cryptography, passwords, Security
February 21, 2009 • 2:44 am 0
The trouble with the use of MD5 in digital signatures recently uncovered by Sotirov et al. is common to other hash functions.
NIST has been discouraging people to use MD5 and even SHA 1 since many years ago. A good account of this was posted by Dustin Trammell here.
Because the output of a hash function is of a fixed length, usually smaller that the input, there will necessarily be collisions. The collision-free property for hash is thus defined by:
A function 
1. It is a one-way hash function.
2. It is hard to find two distinct messages 
Cryptographers talk about “relatively collision free” hash functions. A good hash function should be designed with the Avalanche Criterion in mind.
The Avalanche Criterion (AC) is used in the analysis of S-boxes or substitution boxes. S-boxes take a string as input and produce an encoded string as output.
The avalanche criterion requires that if any one bit of the input to an S-box is changed, about half of the bits that are output by the S-box should change their values. Therefore, even if collisions are unavoidable, there is no way to generate two strings with the same hash value other than brute force.
Filed under: Authentication, Cryptography, Encryption, Hash Functions , Authentication, Cryptography, Encryption, Hash Functions, MD5, SHA1
January 28, 2009 • 6:24 am 0
To be useful, passwords need to be transmitted or negotiated between the server and the client.
Transmission of the password in the clear is subjected to eavesdropping and therefore very insecure. The password storage on the servers side must also be protected from the possibility that the file falls on the wrong hands, compromising the security of the system.
There are several constraints to the design of password protections protocols, one of the most important being the limited amount of entropy that user memorized passwords necessarily have. Computation time is another big constraint. Even small delays in the response time can make the difference between a system the user is happy to interact with, and a system in which security features will be disabled for the sake of interactivity.
The key features of a password protection protocol are described below:
Some protocols encrypt the exchange of information to avoid the plain-text equivalence. Others used a form of asymmetric key exchange (a la Diffie-Helmann) that are generated based on the password but do not leak any information about it.
The following is a list of the some of the commonly used password schemes, classified by its strength:
(adapted from SRP competitive analysis)
SSH Public Key Authentication or “Secure Shell”,
Kerberos V5 – To fix the password security weaknesses in Kerberos V4, version 5 added preauthentication, (the client needs to prove knowledge of the password before the server starts authentication).
See also: Authentication – Part I, Part II and Part III.
Filed under: Authentication, Security, passwords , Authentication, passwords, Security, SSL
January 3, 2009 • 2:33 am 0
X.509 certificates signed by Certificate Authorities that use MD5 function are certainly going to disappear form the Internet as flaws on the MD5 were successfully exploited to generate a rogue certificate that would be considered as valid by all browsers.
The proof of concept was recently published by A. Sotirov et al. , although the basis for the hack has been know for a few years know. The researchers exploited collisions (two different strings that hash to the same value) in the MD5 and the fact that CAs use a sequential numbering of certificates upon issuance.
News that SSL is broken are exaggerated as many CA are already using SHA-1 (a stronger hash function) and the ones that were using MD5 are switching quickly after publication of the flaw.
See also:
Filed under: Authentication, Hash Functions, InSecurity, SSL, e-commerce , Authentication, Cryptography, e-commerce, InSecurity, SSL
December 26, 2008 • 10:10 pm 0
The popularity of networking sites such as facebook (and others of the same kind) is certainly a magnet for people with not-so-kind intentions. For starters, the place can be considered as a gold mine of personal information and ID thieves would love to work overtime to put their stakes on the ground, like in any good old day’s gold-rush.
I do not necessarily oppose the idea of networking sites, moreover I think they can provide a lot of value for most users. However I was intrigued by a comment my wife made about being able to look at pictures of somebody that is not in her list of friends. It looks like the security settings used by most people will allow a friend of a friend to look at your pictures or profile by just sharing a collection of pictures.
I setup my own account to see first hand how it works. I went through the security setups and found the BIG problem with the security in facebook. That is, by default, facebook leaves everything open, you are supposed to go and explicitly forbade the system to share information about you with third parties. This goes against the common-sense approach in security, that is, forbade sharing by default and let the user explicitly share (in an item by item fashion). Although this approach has the disadvantage of being annoying to most people, there is the only way to make sure you don’t end up sharing your dearest secrets with a stranger or maybe even an enemy.
A little bit of Googling around turn out a lot of references of bad thing that can happen: for example, many applications ask you permission to override certain security settings and it looks like the system allow third party companies to write applications. I do not know the process that facebook uses to vet these applications. I will not comment on that.
Below, a scary short video form the BBC, facebook’s answer to it and a bunch of links to keep you aware of the issues.
Here is the answer form facebook
Related and highly recommended
Safety Tips
The danger of facebook identity theft
facebook ignores huge security hole for four months
3 ways to protect yourself from social networking malware
For a Change Spammers get Whacked
The perils of sharing
Filed under: Authentication, ID Theft, InSecurity, Software, in the News , Authentication, FaceBook, ID Theft, InSecurity, Social Networking
December 21, 2008 • 5:37 am 3
Passwords have been the main tool for verifying identity and granting access to computer resources.In general, as FIPS 112 defines it, a password is a sequence of characters that can be used for several authentication purposes.
There are two security problems with a password; 1) somebody other than the legitimate user can guess it; or 2) it can be intercepted (sniffed) during transmission by a third party. Over the years, many different kinds of password generation methods and password protection protocols were designed to address hese two weaknesses.
Password Strength
The security (strength) of a password is determined by its Shannon entropy , which is a measure of the difficulty in guessing the password. This entropy is measured in Shannon bits. For example, a random 10-letter English text would have an estimated entropy of around 15 Shannon bits, meaning that on average we might have to try 
It is well-known to hackers that users commonly select passwords that include variations of the user name, make of the car they drive, name of some family member, etc. Social engineering is one of the most powerful tools being used by hackers.
Because of limitations in the underlying infrastructure, some authentication systems (notably banks) limit the number of characters and the alphabet from which the characters can be chosen. These kind of limitations are susceptible to dictionary-type attacks. In a dictionary or brute force attack, the hacker will attempt to gain access using words from a list or dictionary. If the actual password is in the list, it can be obtained (in average) when about half of the total number of possibilities have been tried. Even with systems that limit the number of trials for a user this is a potential security risk, because the hacker has good chances at gaining access by randomly trying names and passwords until a valid combination is found.
It is commonly accepted that with current tools, up to 30% of the passwords in a system can be recovered within hours. Moreover it is predicted that even random (perfect) passwords of 8 characters will be routinely cracked with technology available to most users by the year 2016.
There are many documents that give rules and policies for good password selection such as NIST Special Publication 800-63 and SANS security Project.
CrypTool (ver 1.4) has a very good tool to check the strength of a password against several criteria such as the amount of entropy and the resistance to dictionary attacks.
Related Posts:
Look for more on password protection schemes in Authentication Part IV….
Filed under: Authentication, Infomation Theory, Security , Authentication, passwords, Security
November 13, 2008 • 6:08 am 1
A total stranger, talking from behind a screen, promises you that he/she/it (you don’t have ways to know) will perform some service after you reveal sensitive private information about yourself and your financial situation by shouting it in a public place.
Strangely enough, you do as he/she/it says because there is the underlying promise that everything will be perfectly fine, as demonstrated by the millions of daily similar transactions being done by millions of people all over the world. Moreover, everybody agrees that transaction as the one described are the minimum standard of performance required from any protocol for authentication and encryption over public channels such as the internet that pretend to have any chance at success.
When we look at the problem from this angle, we should ask not why there are security breaches, instead how is possible that there are any successful (meaning secure) transactions at all.
The problem of exchanging secure messages over a public channel is relatively easy to solve, since the 1960’s we count with encryption algorithms that gives us a relatively comfortable advantage in the race between coders and hackers. These algorithms are the result of interesting mathematical discoveries. However mathematics discoveries alone cannot prevent people from seeking some advantages through cheating and lying. The Internet was born as a very naive environment in which everybody was trusting and trustworthy, but as soon as valuable information started to be exchanged, mechanisms to avoid misrepresentation needed to be put in place.
This is well known, absolutely secure communications can be had over a public channel provided that there was at some point in time a secure exchange between the parties over a private channel. Thus if I want to communicate with my lawyer with absolute security, I will meet him at his office and exchange a set of encryption keys that we will keep confidential (is in both parties best interest). Next time we need to communicate, we will encrypt the messages using this set of keys, which also ensures the identity of the other party.
Enter W. Diffie and M. Hellman, who develop a secure and very elegant way to exchange a piece of secret information (say an encryption key) over a public channel in which the resident evil eavesdropper (Eve) cannot guess the secret number unless she knows how to solve the discrete logarithm problem (an open problem in mathematics ).
Without a strong authentication however, Eve can succeed by intercepting the communications and impersonate my lawyer to me and myself to my lawyer. This way Eve will end up with two secret keys, one to communicate with me and the other to communicate with my lawyer, and the power to snoop in the conversation or even tamper with it, without raising suspicions (the famous man in the middle attack).
The man in the middle has an upside though, in the case in which Eve is a benign entity that is trusted by the participants in the communication (which do not need to know nor trust each other) she can serve as the Trusted Server and provide authentication and encryption keys to both parties. This exchange can be done in such a way as to keep the Trusted Server powerless to snoop or tamper with the communication (see the Kerberos system)
The infrastructure of authentication most commonly used in the internet (often referred as PKI) is based on certificates, special files that carry public encryption keys and data that identifies and authenticates the owner. These certificates are issued by a Certificate Authority (CA) that (in theory) check the identity of the owner and, though a digital signature scheme embeds its own encryption keys in the certificate.
Certificates are akin to a token in the sense that anybody that has control of the certificate (a computer file) can impersonate the owner. Also certificates are as trustworthy as the CA is. If the procedures used by the CA to authenticate and identify the user are sloppy, the certificate itself is of little value.
Filed under: Authentication, Security , Authentication, Encryption, Security
Data Security and Information Theory are essential to modern life. Far from being the exclusive domain of academics and geeks, the fundamentals and its application are easy to understand for most people. Here, my modest attempt to bring some of the issues to the public discourse and spread the knowledge to make the internet a safer place for your virtual self.
Click below to find out more
ScienceDaily: Computer Security News Wired: Commentary
