My latest Math Review on Quantum Keys

Click MR2921421 to download my review of Skobelev’s article On the Computational Security of Quantum Algorithms. Hint: Eve wins if she can control the classical channel and have good stats on the pseudo-random number generator.

GSM encryption really broken

GSM (Global System for Mobile communications) is an open, digital cellular technology used for voice and data services.

GSM supports voice calls and data transfer as well as the transmission of SMS. It operates in the 900MHz and 1.8GHz bands in Europe and the 1.9GHz and 850MHz bands in the US.

Australia, Canada and many South American countries use the 850MHz band for GSM and 3G. There are an estimated 4 billion users in more than 218 countries and its encryption scheme is irreversible broken by now.

At the 26th Chaos Communication Congress Nohl and Paget presented their plan to work out a code book for the A5/1 cipher used by GSM. Karsten Hohl, has recently announce that the full GSM codebook had been produced and the result is a 2TB file that can be used to decrypt and hear the audio in a matter of hours. This represents a turning point, because the big expense and time spent on the creation of the tables does not need to be repeated. The tables are available to hackers that need only to sniff the GSM traffic and spend only a few hours of searching through the tables to be able to hear the conversation.

The GSM spec includes a stronger cipher, A5/3, but both, the phone and the base station have to be able to handle it, otherwise the exchange will reverse back to the weaker cipher.  Carriers are very slow to make the necessary changes and A5/3 does not seem to have a very long life anyways.

 

Related links:

 

Cracking GSM phone crypto via distributed computing

The A5/1 code table site

 

Ontario privacy commissioner orders ‘strong encryption’ of health records

My prediction is that we are going to see more and more of these privacy commissioner orders as the guys in charge get more serious about not being sued.

The ‘Enigma’ of the broken GSM phones Encryption

Although it has been known for a few years, the weakness of encryption schemes for GSM phones is in the spotlight again. This time thanks to a group of hackers that made the whole business of listening in, easy and cheap.

GSM has been known to be hackable for years, but the problem is not being fixed as proactively as it should.

Could be drawn with the situation of the Enigma machines being sold around the world after WWII?

 

 

SSL 3.0 / TLS subjected to Man in the Middle Attack

An “Authentication Gap” was discovered in the latest version of SSL/TLS protocol.This could potentially be a huge problem. The gap is not due to some erroneous implementation, it is a property of the protocol.

Here is a list of links to websites where the issue is being followed:

http://www.phonefactor.com/sslgap/

IETF resources

Red Hat

SANS.org

More reviews for the AMS

I have a few new reviews of papers on cryptography in my updated page. For those interested in the security of NMAC and HMAC or affiliation hiding key exchanges, I recommend reading the reviews. They include links to relevant papers.

Dark Fiber and White Space

Two underused resources, “Dark Fiber” and “White Space” are to be taken advantage of to increase the power of the network.

 

One application seeks to use optic fiber that has being laid but not being used to enable the establishment of secure keys using quantum technology http://www.technologyreview.com/computing/23317/page1/

The other is a wireless network in which the information is carried in the unused interstices of the TV spectrum. http://www.technologyreview.com/communications/23781/

Alan Turing


He deserved much better

National Post
14 Sep 2009

In the very distant future, the name of Alan Turing (1912-1954) will be among the very few for which the 20th century is remembered, long after most of the politicians, artists and celebrities have receded into confusion and oblivion. His stature is…read more…

About the need to protect Biometric Data

An article stating the need to protect biometric data appeared in the IEEE spectrum magazine. Not a lot of new information, a good summary of the threats as biometrics are being used more and more as authenticators.

 

Secure Processors, the ultimate battlefield

Continuing with the main theme my last two posts, hacking, I am going to wrap up with this post about Secure Processors.

A secure processor is meant to protect the information and the communications, validate the communications channel and be tamper-resistant, should it falls into the adversary’s hands.  

Successful hacking of secrets has the duality of being a happy/sad event, depending on which team are you playing for. The design of secure processors makes this duality patent as, in practice, the most important evaluation criterion is that the resulting product should resist the designer’s best attempts at hacking it.

The current research and development efforts are guided by U.S. DoD Anti-Tamper specifications. To prevent reverse engineering, architectures of secure processors are based on a combination of hardware and encrypted software in such a way that if the hardware is captured, its exact functions cannot be guessed without knowing the encryption keys. During WWII, the capture of an ENIGMA machine paved the way for the breaking of the enciphering by the allied forces. These historical lessons are incorporated into today’s design criteria. Some design even incorporate sensors that will detect attempts at using physical means to force the hardware and destroy the critical information upon detection (often called zeroization).

A new dimension to the problem is added by procurement system. Electronic chips are nowadays a commodity and absolute control over the manufacturing of  chips is not possible. Therefore it is essential to ensure that the critical parts, that is the processors, are designed and made in controlled facilities.

The lessons learned in military applications are now being applied to commercial system. This is where the lines blurred because in the interconnected world the enemy can wreak havoc on the infrastructure without firing a shot. Communication and control networks associated with utilities will become more resistant to attacks by using computers fitted with secure processors.

Related:

New Chip Brings Military Security to Commercial Processors

The Hunt for the Kill Switch

Secure Processors – IBM

Acalis White Paper