New Australian Backdoor Law

Last week, Australia passed a law giving the government the ability to demand backdoors in computers and communications systems. Details are still to be defined, but it’s really bad.

Note: Many people e-mailed me to ask why I haven’t blogged this yet. One, I was busy with other things. And two, there’s nothing I can say that I haven’t said many times before.

If there are more good links or commentary, please post them in the comments.

EDITED TO ADD (12/13): The Australian government response is kind of embarrassing.

Tags: , , , ,

Posted on December 12, 2018 at 9:18 AM88 Comments

Comments

Impossibly Stupid December 12, 2018 10:20 AM

I wonder how far all this political stupidity is going to go before the only solution that’s left is a scorched earth policy? Why are laws passed that are not adequately defined? Why are representatives elected when they have no understanding of mathematics and science? Why are universities accredited when they produce graduates with this level of ignorance? Why are jobs given to voters who choose to be lead by those fools?

China and Russia are poised to become the next set of superpowers as the old West implodes on itself. An amazing bloodless (if it continues to play out like this) coup. Historians and comedians are living in a new golden era.

metaschima December 12, 2018 10:22 AM

It will be interesting to see what happens and how they’ll be able to implement this. If successful I’m thinking steganography will be of significant use in the future as well as possibly moving encryption off of regulated systems.

ATN December 12, 2018 10:31 AM

Fortunately I still did not activate the banking through Internet password
(to know that password I would need to unglue something on a paper letter).
I have never accepted the small print saying that any bug in any computer whatsoever would be my fault – if interception/message creation can be classified as bug.

Phaete December 12, 2018 11:05 AM

Quite unenforceable in this age of worldwide internet shopping.
Unless they want to make a total arse of themselves.

Cassandra December 12, 2018 11:14 AM

@Bruce Schneier

Repeating yourself is good when the alternative is people mistaking silence for acquiescence. It is also a feature of the inaccurately* well known dictum that “The price of liberty is eternal vigilance”. Tiring as it may be to repeat things, you are likely to be addressing new members of your readership each time, and sometimes reappraising old arguments helps you to sharpen your position: or indeed change it if the facts have changed**.

If nothing else, the consequences of the Australian governments actions will be interesting to follow, much like the USA’s ‘noble experiment’ with prohibition.

Cassandra

*The phrase is often ascribed to Jefferson. The actual origins, as with so many purported quotations, are obscure, and this article gives some of the background: Conversible Economist 2017-07-05: Notes on “Eternal Vigilance is the Price of Liberty”

**Changing your mind when the facts change is a practice often ascribed to John Maynard Keynes.

Theo December 12, 2018 11:46 AM

@Phaete

It’s not universally enforceable but it is selectively enforceable. Arbitrary and capricious power masquerading as the rule of law.

vas pup December 12, 2018 12:31 PM

@Theo”but it is selectively enforceable”.
I guess @impossible stupid provided good input ‘why’ in comment above.
Legislators think that they could adopt any Law and it is going to be implemented as they intended. Wrong! Any law which targeted particular technology/science required experts panel hearing BEFORE final vote on such Law in order that all (at least most) vogue moments clarified in such way that exclude selective enforcement. Who are legislator’s aids? Could they provide good help having degree in political science or law or humanities in such cases? I doubt.
Legislators will ask such folks like Bruce thereafter when figured out they produced bad product and it is not working as intended, but looks like they never do it before. They are still in reactive mode, but hopefully rivals on the world stage forced them to become proactive.

tfb December 12, 2018 12:54 PM

One result of this is pretty obviously going to be the death of the Australian software industry: who would buy a program from, or use the services of, a company working under legislation like that? Financial services companies will presumably be similarly hit. It’s a kind of slow suicide by stupidity.

Michael Gaul December 12, 2018 1:22 PM

Earlier you wrote about the far reaching effects of local regulations requiring good security, (paraphrasing) that bad security is only profitable if you can get away with it everywhere; once you have to have good security to satisfy one market you might as well do it for everyone. Does this apply in reverse? Absent legislation in some markets explicitly forbidding the ability to install such back doors, will security-conscious companies just sacrifice the Australian market? Or will they have a separate product for Australia? Or will they just decide it is simpler to design their products to make it easier for them to install back doors everywhere? Is there no Australian Martin Niemoeller?

65535 December 12, 2018 1:59 PM

“New Australian Backdoor Law”

That is gonzo logic. Nasty stuff. They don’t call it Ozz for nothing. I will not be vacationing in Australia any time soon.

Rach El December 12, 2018 2:10 PM

doesn’t it just broadcast that people using messaging apps wishing for privacy need to obfuscate with code? as far as work arounds it’s not rocket science?

Doug December 12, 2018 2:17 PM

ponderings:

does this include HTTPS?

will the lawmakers find their own secrets spilled and online shopping affected?

Is FOSS with no owner harder to pin down in terms of fines etc?

encryption implict in hardware?

just for a bit of balance, it will be interesting to see how monlithic billion dollar tech companies renowned for saying ‘up yours’ to human rights and ethical practices may end up suffering. If anyone can’t see it – the impossiblity of the conditions laid down here makes this one HUGE can of worms globally, on a macro level

stine December 12, 2018 2:36 PM

re: seenoevil

If you substitue “Truth” for “Myth”, each of these statements becomes correct:
Truth #1: Your information is no longer safe

David Walsh December 12, 2018 3:46 PM

65535

‘you will not be vacationing in Aus any time soon’

well, if you did no one would know what you were talking about. They have holidays in Aus – not vacations 😉 Seriously, assuming that what you mean is ‘ this law
means I will not wish to take a trip to Australia’

Choosing to boycott Aus as a holiday destination as a protest against these laws is one thing – providing you inform relevant authorities (Aus Gov for example) the reason you are witholding your tourist dollars.
But these laws actually imposing upon your experience as a tourist is a bit irrational – surely no worse than the country you currently already permanently reside in (US as far as I can observe from your comments over time)
Intended respectfully

Clive Robinson December 12, 2018 5:19 PM

@ All,

It will be intetesting to see how they intend to move beyond the “communications end point”…

If you look at a modern smart phone or other consumer communications capable data device, they are not “segregated” in a way that will stop a suitably resourced attacker getting to the Human Computer Interface (HCI) from the communications channel.

Which means that such an attacker has no need to attack the crypro / stego / other security mechanism, they just by pass it with an End Run Attack.

But such a backdoor only works because the security end point is inside the application that the attacker is bypassing, thus they can get to the communications plaintext.

If you have the security end point “Off Device” such that ciphertext only is at the communications device HCI then the attacker is forced to attack the protected communication because they can not reach to the security end point that is now “Off Device”. Thus “backdoor” legislation fails in it’s stated purpose.

Yup read it again, the legislation fails if the security end point is not reachable from the communications end point.

I’ve been through how you can extend the security end point securely for private communications if you plan appropriatly.

What it will not protect you against is “Online Applications” of any type that need or require access to the plaintext. Such applications realy should be either avoided or altetnative security measures adopted (which are way beyond a single post to describe).

The upshot is knowing this, you can now see that criminals and others this legislation is supposadly designed to catch will not be, unless they are realy inept.

Thus you have to question the real reason for this legislation and that is quite simple,

<

ul>It is to spy on the everyday citizen all of whom are seen by certain individuals as a threat or enemy.

These people fear democracy because their whole life is about being undemocratic for their way of life to exist. They purchase their way of life through the representatives you vote for, either directly or through various underhanded methods. Either way they have made themselves “Enemies of Society” and likewise those representatives they have suborned.

The only way you can rid yourselves of bad representativs is with publicity that stops people voting for them. Getting rid of those who see the ordinary citizen as the enemy is somewhat harder but can be done peacefully and legitimately given time, which unfortunatly is running out.

I for one have no wish to see,

    The tree of liberty refreshed by the blood of patriots and tyrants,

Sancho_P December 12, 2018 5:28 PM

@Doug

It seems the Aussies are the first to know of weaknesses in TLS 1.3.
Or is it backdoored already? 😉

Sancho_P December 12, 2018 5:53 PM

@SeeNoEvil

Thanks for the link. Is this an official paper or his private opinion?

Very weak, in point #2 there is a very common “mistake”, the rest seems to be emotionally written:

#1
”But law enforcement and security agencies can only do so in very specific circumstances – with a warrant for example.” (my emph)
+
”Nobody’s personal communications can be accessed under the Act without a warrant, in the same way other legislation has operated for decades.”
– But he said “for example”, are there any other cases / examples …?
Smells badly.

#2
”Agencies can get a warrant to read the mail of criminals. Agencies can get a warrant to listen to the phone calls of criminals.”

— So far so good, but:

”Why shouldn’t these same agencies be able to get assistance to read the encrypted messages of criminals … ?”

A big difference makes the why:
In the good old times (of that particular law) agencies could – after the warrant – read all new messages of the suspect.
The messages that were exchanged before the warrant were gone.
Today they would also access the past.
This is not was the existing law was about.

A suspect is innocent until proven to be guilty.
Innocence to guilt changes over time (from birth to day x), but not without a verdict.
Dozens of likely innocent people would get involved in investigations, because they had contacts to the then not suspect (= innocent) person.

Those people would not even know of investigations. But could the agency let them go if they learned about other crimes?
Explicitly, if the warrant was for “suspect of terror”, but from the past communication they learn about industrial espionage, murder, child porn or drug deals, would they be obliged to dismiss this knowledge?

— Question:
Would lawmakers agree to:
a) Only by warrant (no other way),
authorities (here called agencies? Insurance agency?) will have access to
b) all stored metadata (time, location, endpoints of communication) at the provider,
plus
c) (only theoretically, because there is still no viable solution known)
all communication content from now on
d) but never the probably still at the provider stored communication (voice, chat, SMS, email, in short all content of any form of communication) going back in time before the warrant.
e) If by any chance such older communication is revealed it must be presented to to the parties but details can never have legal consequences.

#3
Void, no specific points here, the analogy is too weak to be discussed.

#4
Pointing at authoritarian regimes doesn’t make arguments.
However, there is a discrepancy between the header and the content here, was that intended?

#5
“There is no way to be sure that the communications of Australians won’t be jeopardized”

Does it mean Australians are screwed anyway, why care if the own authorities do it, too?
Lawmakers must work hard to improve the situation.
Security of the populace is paramount.

#6
I don’t understand that paragraph in this context, sorry.

Conclusion:
That should not be an official paper.

Sancho_P December 12, 2018 5:59 PM

@David Walsh

Not to visit physically is one thing (funny?), but in “visit” there is a point.
We (others) may not even know when our data is crossing Down Under’s legislation. I’m ready to discuss whether it’s a continent or an island, but Australia is part of the world (wide web).

To catch up with China a lot of infrastructure would have to be changed.

Impossibly Stupid December 12, 2018 6:04 PM

@Michael Gaul

Absent legislation in some markets explicitly forbidding the ability to install such back doors, will security-conscious companies just sacrifice the Australian market? Or will they have a separate product for Australia?

I’m thinking along the same lines as what @tfb posted earlier. Any products produced by or for the Australian market that require encryption to keep them secure/profitable will simply cease to exist. Nobody is going to be eager to do business with, say, a bank with a “separate product” that any criminal can use to steal your life savings. It’s so misguided and damaging a move by lawmakers that it should be considered treasonous.

David Walsh December 12, 2018 6:13 PM

someone with technical and other relevant expertise (Nicolas Weaver?) may wish to compile a rough list of all the instances encryption could be legitimately employed for benefit of individuals and society – now weakened – and the potential consequences of this ‘systemic weakness’.
The lawmakers are singularly responsible for those consequences.
It’s a long list!!

Seperately, note The Tor Project is likely to be affected by this

Clive Robinson December 12, 2018 6:24 PM

@ David Walsh, 65535,

Choosing to boycott Aus

Apparently the Israeli Government managed to interfere in the legislative processes in other countries to make it in effect illegal to “boycott Israel” and it’s goods, because the Israeli politicians see it as an existential threat[1].

Do you think Aus has the same “fifth columnists” to do the same for them?

[1] https://www.theguardian.com/news/2018/aug/14/bds-boycott-divestment-sanctions-movement-transformed-israeli-palestinian-debate

David Walsh December 12, 2018 6:25 PM

Sancho

good point and one I had considered. Also remember 5 Eyes and Snowden documents re: US alligator clips

Australia is a country, an island and a continent, and some say continues (legally) to be a vassal state of England.

happy to discuss also but not sure the relevance here 😉

Petre Peter December 12, 2018 7:28 PM

Australia could also add a governor to every car to make sure no one ever speeds regardless of the burden on honest citizens.

David Walsh December 12, 2018 9:37 PM

Anon

what is s. 317C onwards? There is no Section 3 part 17 , and no Section 317

can you define what you mean specifically?

Anura December 12, 2018 11:21 PM

@David Walsh

The section they are referring to is on page 14: “317C Designated communications provider etc.”

Thoth December 13, 2018 12:00 AM

@all

Well, “Good” for the AUS/NZ region in a not so nice way (sarcastic).

I have begun reviewing any affected modules to implement workarounds in my business settings to ensure my clients get unaffected cryptographic modules.

It is only a matter of time that more of such backdoors find their way into sensitive government, military, finance and other industrial, IoT and many other applications via COTS programmes.

recherche December 13, 2018 3:13 AM

The rebuttal is hilarious, for all the wrong reasons.

Two examples:

Myth #6: ASD will be able to spy on Australians

The Australian Signals Directorate is a foreign
intelligence agency. It does not collect the
communications of everyday Australians.

  1. The body says everyday Australians, yet the title
    says “spy on Australians“. The title is misleading.
    Anyway, how is an UnEveryday Australian defined?

  2. If the ASD stumbles upon an entirely-within-Australia
    group of “nasties”, whatever that is, will it remember
    its mandate, named above, as a foreign
    intelligence agency, and properly forget about the
    whole thing, or will it conveniently handball the
    information onto another (domestic) agency? Guess!

The “Conclusion” is a bundle of laughs, from end to end.
The middle paragraph gives one such example:

The true danger is the thing the TOLA Act seeks to prevent:
terrorists, paedophiles and other criminals […]

Uh, guys, isn’t terrorism already criminalised by other laws?
And, uh, guys, isn’t paedophilia already criminalised by other laws?
Also, are many laws in place to make criminal activity criminal?

With the above (admittedly subtle) insights, let’s rework the
excerpt from the middle paragraph:

The true danger is the thing the TOLA Act seeks to prevent:
terrorist criminals, paedophile criminals and other
criminal criminals […]

So, you may ask your self, why were terrorism and paedophilia picked
out in the statement? Was it to Scare The Populace (Sheeple)
into submission?

A person with more stamina could find more material, but my fingers
are tired…

— recherche

Ismar December 13, 2018 3:15 AM

As an Australian I have a higher than usual interest in this and here is my 5 cents worth.
The criminals (and this includes a broad range including what authorities call terrorists) have long been aware of the vulnerability of the digital communications and as such use other means of organising their nefarious activities (at least those with higher than average IQ which are the ones we should be scared of the most).
Those in the government agencies who care about democracy (and I still think there are some left) must be aware of this as well.
By the process of elimination, enacting of these laws can only mean an attempt of weakening of the democracy itself as the healthy democracy depends on the ability of the people to make decisions in private without fear of retribution.
This will, I fear, will be proven in not so distant future when we realise these measures managed to net ZERO criminals while degrading our ability to keep the government honest and accountable for their actions.

Ross Anderson December 13, 2018 3:53 AM

Bruce and I, and a number of crypto and security colleagues, did write a letter to the relevant joint committee of the Australian parliament, but it seems that the Australian government, like the Trump one or the Brexit crowd in Britain, are not interested in listening to experts.

Clive Robinson December 13, 2018 4:20 AM

@ Ismar,

enacting of these laws can only mean an attempt of weakening of the democracy itself as the healthy democracy depends on the ability of the people to make decisions in private without fear of retribution.

Yes that’s the viewpoint have sensibly arived at.

Where there is a little disagreement is who is calling the shots. Many think it’s the politicians, but as you note,

This will, I fear, will be proven in not so distant future when we realise these measures managed to net ZERO criminals while degrading our ability to keep the government honest and accountable for their actions.

The Aus politicians in particular are just jumping about in an unseemly manner because they, just like marionettes are having their strings jerked. The question is by whom and why.

Finding out who is jerking the politicians around will hopefully point out the nature of the threat to Australians and their democratic process. As it is a destabalising force that would favour extremists that are right of center, it would not be to hard to realise it may actually be coming from the US in one way or another.

There is shall we say a certain hallmark to the way things are being done, we see it with the current US executive, it’s still in play with the UK Brexit, anyone with sensible or technical reasoning or knowledge is ignored, sidlined or worse. The arguments used by those alowed to speak are mainly lies or at best half truths.

It’s all just a little to orchistrated, which of course begs the “follow the money” question. That is who’s paying for these show pieces and in what way and why?

Cassandra December 13, 2018 5:51 AM

@Bruce Schneier , @Ross Anderson

Thank-you for writing to the Australian Government Parliamentary Joint Committee on Intelligence and Security (PJCIS) regarding the TELECOMMUNICATIONS AND OTHER LEGISLATION AMENDMENT (ASSISTANCE AND ACCESS) BILL 2018.

While it may seem as though you are talking to people who will not listen, putting your points across as you have done in a clear, polite, and articulate fashion helps the debate. I greatly appreciate the trouble you have taken to do so.

Your letter acts as a good reference for other people, and not just for the members of the committee in question.

Thank-you again,

Cassandra

Sam December 13, 2018 7:25 AM

@Cassandra

The LNP ignored the PJCIS report, recommendations, amendments, and forced the bill through using their numbers and the impending ‘threat’ of terrorist attacks over the next few months.

Forcing the major opposition party to withdraw any recommendations from the PJCIS, Senate, by closing down the Lower House at 4:30 and deciding not to return to Parliament for 10 weeks.

Tony Burke, MP sums up the LNP’s actions just before 4:30 when they shut down the Lower House.

https://www.facebook.com/burke.tony.mp/videos/2186687498022104/

There were over 15,000 recorded pieces of correspondence, with over 100 being read and published as submissions for input into the public hearing process.

metaschima December 13, 2018 7:29 AM

@ Clive Robinson
I totally agree with you. The purpose of the legislation is to spy on the average citizen. It will force more knowledge people to like you said move the security endpoint off of insecure systems. It is good to know this so you can plan ahead. I will be interested to see how exactly they implement and enforce these new rules. I expect that if they somehow pull it off other countries will also adopt these measures.

TRX December 13, 2018 9:19 AM

Why are laws passed that are not adequately defined?

That’s their whole point. A vague law lets the State interpret it in whatever way is most advantageous for them at the time.

Few laws are any more specific than they have to be, by design.

Cassandra December 13, 2018 9:46 AM

@Sam

Having publicly available clear and cogent descriptions of the failings of the intended policies and actions is a benefit, even if they are ignored. People cannot say that they were not told, and have to defend their wilful ignorance. History is a judge with a long memory.

Being ignored is an occupational hazard, but not everyone who hears your message necessarily ignores it.

Cassandra

CallMeLateForSupper December 13, 2018 11:32 AM

Re: “[…] it seems that the Australian government, like the Trump one or THE BREXIT CROWD IN BRITAIN, are not interested in listening to experts.” (emphasis mine)

I would point out that assigning Brexit crowd to own all the Stupid gives undue cover to the geniuses who rammed through the Snoopers’ Charter.

VRK December 13, 2018 11:49 AM

“Aus Backdoor” sounds like Bill C-51:


…to take measures, within or outside Canada, to reduce a threat to the security of Canada… …the judge may issue a warrant authorizing the persons…

(a) to enter any place or open or obtain access to any thing;
(b) to search for, remove or return, or examine, take extracts from or make copies of or record in any other manner the information, record, document or thing;
(c) to install, maintain or remove any thing; or
(d) to do any other thing that is reasonably necessary

Yowza. A tiny excerpt. This empowers regular [psychopathic / (p)tsd] guys with regular biases, regular personal vendettae, substantial testosterone, and nightly vitamin B issues.

This has been true long before any law justified it, it very much seems.

patron December 13, 2018 1:09 PM

https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1669139/connected-desks-arent-what-they-used-to-be/ (NSA)
…National Cybersecurity Awareness Month…
Oct. 19, 2018 —

If someone asked you if your desk was connected, you might think they were asking if it was bolted to a wall or another desk. However, soon that’s going to be a questionhttps://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1669139/connected-desks-arent-what-they-used-to-be/ about Internet connectivity for desks, chairs and other equipment as they are increasingly becoming part of the connected world of Internet of Things (IoT).

So, why would a desk or a chair need to be connected to the Internet? There is a growing business trend that promotes workforce efficiency by managing the work environment to improve the balance of individual vs. collaborative work, owned vs. shared work, and needed rest. There is also interest in the efficient use of space and equipment where worker’s varying resource needs often leave single-purpose resources idle for long periods of time.

Office furniture manufacturers are offering IoT connectivity as the solution by wirelessly trackinhttps://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1669139/connected-desks-arent-what-they-used-to-be/g use of equipment and spaces. The information generated from integrated sensors in this “smart” furniture can help organizations improve worker productivity through an optimized desk layout, personalized lighting, and adjustable desk settings. Organizations can also maximize use of existing resources – for example, an under-utilized executive office could be transformed into a conference room or collaborative space.

Illustration showing different devices connecting to a computer to illustrate connectedness in the Internet of Things (IoT)

However, this connectivity and information gathering raises security and privacy considerations. As connected furniture becomes more common, you’ll…

David Walsh December 13, 2018 2:24 PM

Of relevance for those looking for legal protection

There will be other sources/references but this has a lot in one concise location.

A recent letter by an Australian Senator to the Prime Minister and House of Reps, and the Senate, with all the necessary lawful references, regarding the Commonwealth Constitution 1901 being illegally removed without a referendum and replaced with a surrogate (Australia Act) which is then relied on for things like this ‘Backdoor’ bill.

May be of assistance to someone

http://www.knowyourrightsgroup.com.au/files/Culleton%20Letter.pdf

65535 December 13, 2018 2:53 PM

@ Clive Robinson

“Do you think Aus has the same “fifth columnists” to do the same for them?”

Yes, it is possible. The K-street lobbyist are hired by state spy agencies all the time. It not exclusively a US problem. I would not doubt the “K-street” virus can show up in any nation state. I do take media outlets with a “Grain of Salt” because it’s difficult to say who is telling the truth.

To my point of not supporting any country that tramples privacy laws – why give them more money to create less privacy? Why feed the monster? I say starve the monster to death. Don’t give them a penny.

John Carter December 13, 2018 3:29 PM

The thing missing in all the noise about loss of privacy is the other side of the picture.

You don’t think IT companies provide intercepts for free do you?

It’s a nifty taxpayer funded revenue stream.

There is a hefty charge for each one executed.

Back doors are a premium feature, want one? Pay for it!

I bet IT companies are lobbying for this…. So they can sell out their customers (without telling them) for a nice fat fee from the taxpayer!

ie. The rule of the net is “If it’s free, you’re the commodity being bundled up and sold. It it is not free, you’re still being bundled up and sold.”

Clive Robinson December 13, 2018 3:46 PM

@ patron,

With regards the Motherboard article on “Signal” I think everybody, should read it.

Oh and remember each Mobile Device has two serial numbers it uses on the network[1], the Electronic Serial Number of the Phone, and the serial number of the SIM. Also there is an identifier that becomes your phone number after translation through various databases. Neither serial number, identifier or the resulting phone number are secure[2] in any real way, and you can be tracked by BOTH serial numbers…

[1] Neither serial number is your “phone number” they are supposadly unique to each phone (IMEI = International Mobile Equipment Identity) and SIM (ICCID = Integrated Circuit Card ID). On the SIM is your identifier (IMSI = International Mobile Subscriber Identity), but this can be changed in various ways including an OTA, a feature that will become more prevelant as the likes of e-SIM[2] take off.

[2] Espicially with physical SIM cards being replaced with e-SIM and OTA profile files, https://www.mckinsey.com/industries/telecommunications/our-insights/e-sim-for-consumers-a-game-changer-in-mobile-telecommunications

William Smithers December 13, 2018 3:51 PM

Watching this train wreck unfold I tend to agree with other writers that this is in many ways a test case for other 5-eyes members in what can be achieved in an environment where there is comparatively little debate on legislation (the nature of Australian politics is much abuse but little debate).

Somewhat surprisingly to my mind is the fact no-one here has yet referenced what I think is one of the “jewels in the crown” that will be targeted by this – that jewel being TOR.

For many years now various US/UK/AU goverment agencies have complained about TOR (facilitating terrorist drug-dealing paedophiles, etc.).

As to how this will be achieved is open to speculation – but it’s early days yet.

I’d suggest the current version of TOR may well turn put to be one of the last versions that can be trusted – the key word being “Trust”.

If that trust is destroyed – by whatever means – then that’s a huge achievement for the 5-eyes – and perhaps this legislation will help to achieve that end.

Just my thoughts.

Clive Robinson December 13, 2018 6:42 PM

@ John Carter,

It’s a nifty taxpayer funded revenue stream.

Maybe in a few places, probably not in many jurisdictions (giving evidence is not just a compelable “civic duty” it’s required by “eminent domain”).

Whilst “switch” makers like Ericson charge a fourtune for the software, in many jurisdictions the telco’s are expected to swallow the loss for ever.

In part that was what the FBI/DoJ court case against Apple was, a way to force “something for nothing” against mobile end point manufacturers and OS developers.

It’s why the question of “indentured servitude” which is illegal in the US –except ironically in prisons– came up at the time.

Clive Robinson December 13, 2018 6:51 PM

@ 65535,

why give them more money to create less privacy?

Especially when the 13ast4rd5 are breaching my copyright without consent or compensation.

Clive Robinson December 13, 2018 7:04 PM

@ William Smithers,

Somewhat surprisingly to my mind is the fact no-one here has yet referenced what I think is one of the “jewels in the crown” that will be targeted by this – that jewel being TOR.

I’m sorry but using Tor is painting a cross on your back. The way prosecuters will get you is “Guilt by association” in the juries minds.

Due to the MSM everyone knows “Tor is the ‘dark web’ full of drug dealers, kiddy abusers, terrorists and worse”… The fact it’s not true does not matter it’s what the jury thinks or is lead/directed to think, and some at best circumstantial evidence that will get you a 5-20 spot somewhere. Like it or not that is what justice boils down to these days “Beyond Reasonable Doubt” is never mentioned and usually carved away by judges directions.

David-8 of LV-223 December 13, 2018 7:38 PM

Clive and William Smithers

TOR : ‘prosecution futures’

putting aside all the inherent fundamental issues with the design of TOR as discussed by Nick P, Thoth, Clive Robinson and some others including someone quite smart no one wants to name here anymore –
TOR in terms of backdoors has I’m sure been unsafe for a long time. I think that trust is already long gone. The grugq has some interesting
perspectives on it though.

Clive Robinson December 13, 2018 9:29 PM

@ David-8 of LV-223,

and some others including someone quite smart no one wants to name here anymore –

There have been quite a few that have come and gone, @RobertT, @Mike the Goat, @Figureitout and a certain Belgium with Rock interests @Dirk Praet, to name just a few, who do sometimes listen in and very very occasionally de-cloak.

And there are many others, even @Nick P, is very very seldom seen here, though he does pop up on lobste.rs and did on Hacker News a while ago. Even the redoubtable @Wael is rarely seen but does generally pop up and say hi when mentioned.

The thing is the better “open” security blogs got hit badly during 2016 due to various reasons, but also got hit by the banking crises. People kind of want to keep their heads down now recruiters and simillar “trawl the net” and run analytics. It has kind of “chilled free speach”.

Even @Nicholas Weaver who I sparred with on occasion now lurks rather than comments.

The real problem however is the “lack of qood quality news or research” to talk about. I can not remember the last time a crypto algorithm paper got discussed, I vaguely remember it was some suspect “lite” algorithm some one was trying to push into standards.

I know Brian Krebs talks about “patches” as and when they come out and some “same old same old” of company XXX loosing YYYmillion customer records, but it’s usually atributable to the same or similar mistake some other company made a year or more before. Yes it’s news but it’s like the soccer score of “Accrington Stanley” it happens but “what’s new”…

Just giving a loss number that is bigger than before is not realy interesting, do even a little analysis on the numbers would make it atleast something to think on and talk about.

The only news in security these days appears to be the latest round of lunacy from legislators…

It’s why I was glad to see meltdown and spector, they were long overdue, and I had hoped it would spark up a bit of enthusiasm in those wanting to get in whilst the going is good. I suppose I should not complain as it is the Xmas gift that is still giving a year later. But it’s kind of fallen into the “whats new trap” of new items being only a cigarette paper thickness from earlier exploits…

Any way if you want to see if some one is still around give their handle a rattle, the door just might open.

And it’s about time I reset my personal timezone as I’m running on East Coast time at the moment…

Wael December 13, 2018 10:16 PM

@Clive Robinson, @ David-8 of LV-223,

[…] is rarely seen but does generally pop up and say hi when mentioned.

Howdy! Just busy with work. The eyes hurt too. “redoubtable”, eh? 🙂 Yea, I miss the rest too.

They’re disappearing one by one. Something’s going on here!. TLAs are gobbling them up 😉

David-8 of LV-223 December 14, 2018 1:20 AM

Clive

maybe the Ass Access legislation may require Intel and AMD to install systemic weaknesses in Meltdown and Spectre

we live in hope

Thomas December 14, 2018 3:34 AM

As an Australian I would like to apologise profusely for the insanity my government has unleashed.

I know other (willfully) clueless governments will use this as an excuse to implement similar stupidity.

I am truly sorry.

Sam December 14, 2018 9:22 AM

@David-8 of LV-223 & Clive

Processor level is the obvious choice considering its age and current distribution.

Given the NSA’s ties to AMD & Intel, its probably already been done.

What makes you think its just Oz that wants the access ?

Anyways, the Oz Gov is not going to listen to any of these blog comments.

Sam December 14, 2018 9:42 AM

@Cassandra

Have you got something to hide or are you worried that the Australian Intelligence & Law enforcement communities may be targeting you or other members of this blog with the T.O.L.A. Act by using target encryption back doors ?

The T.O.L.A. Act passed Royal Assent 8 days ago, has anyone here patched since it went live ?

David-8 of LV-223 December 14, 2018 5:44 PM

Apologies for being offtopic but its tangentially related to offer insight into the mindset of the Aus Gov and overseas readers may miss this.
breaking news: The Aus prime minister has decided to recognise Jerusalem as the capital of Israel.

Weather December 14, 2018 5:58 PM

I think they will need to add a hardware equipment within exchange, they don’t nesscarly have to update the switchers and router’s, they can win the race condition and mitm, equipment nearer the target can drop out of order,or incomplete TCP sessions, even so a lot of tools will get around this,
Microsoft has a http file patches transfer so copying file to the target isn’t hard.https for setup,but file transfer http.

Sam December 14, 2018 6:48 PM

@recherche & William Smithers

Might be off topic of back doors.

If you haven’t heard, the Australian media has had a nation wide gag order placed on it in respect to the criminal conviction of Cardinal Pell, in respect to him being found guilty of sexual abuse of 2 alter boys.

Not sure if the head of the Australian Signals Directorate is sending coded messages by differentiating criminals, terrorists & pedophiles ?

The LNP seem to have a history of fueling the fires on racial issues to ensure their right wing policies of late.

Wael December 16, 2018 4:26 AM

The Australian government response is kind of embarrassing.

Yea, that was amusing! The report is actually quite accurate, with one condition: substitute ‘Fact #’ for ‘Myth #1’, and you’d be spot-on…

Many of the claims about the “dangerous” nature of the Act are hyperbolic, inaccurate and influenced by self-interest, rather than the national interest.

And what would that self-interest span?

The true danger is the thing the TOLA Act seeks to prevent: terrorists, paedophiles and other criminals communicating in secret, without law enforcement and security agencies being able to ‘crack their code’.

Of course. I am sure the criminals listed here communicated in the dark… otherwise you would have most certainly stopped them in their tracks, right? Present a more sophisticated argument, supported with some data-points or statistics to backup your claim. Who knows, it could be convincing. Then again, the backdoors existed long time ago. What’s this all about, to give heads-up to evil-doers that we’re watching you? Very clever!

Peadophile 1: Ausies can read our messages now. Let’s use something different.

Peadophile 2: I am all ears (and “eyes”, of course – if you know what I mean)

Peadophile 1: Substitute ‘transistor’ for ‘body’; ‘wire’ for ‘year’; ‘characteristics’ for ‘figure’; and ‘specification’ for ‘picture’

Peadophile 2: You’re a genious! I just downloaded the specifications of a 7-wire old transistor but, boy, it’s got the characteristics of a 3 wire transistor!

Peadophile 2: You idiot! we needed to agree on that out-of-band! I am deadmeat now, and so are you!

meanwhile the communication log sits in a repository with no one looking at it until after the fact, as usual. Guess we’ll have to wait until (the of-shored) AI takes over…

The true danger is the thing the TOLA Act seeks to prevent: terrorists, paedophiles and other criminals communicating in secret, without law enforcement and security agencies being able to ‘crack their code’.

So you claim back-dooring encryption will enable you to crack obseucured communications! Wanna put that hypothesis to test?

Myth #4: Tech companies will be forced offshore

They’re already off-shore, dawg! What Chinese rock have you been living under?

Clive Robinson December 16, 2018 2:58 PM

@ Wael,

in secret, without law enforcement and security agencies being able to ‘crack their code’.

Why do they need to communicate in secret?

Is realy a question people should not only be asking, but attempting to answer. So,

If the code is uncrackable as all non reused one time codes are supposed to be[0], the only need of secrecy is to hide that two communicating parties are actually communicating. Which with most Internet protocols is quite difficult to hide, so you have to look outside the actual network to do that (and no Tor and the like give you no guarantee of anonymity let alone secrecy of communication process, but lets not get into that time wasting argument).

The thing I find interesting is the misunderstanding about message content and message alphabet when it comes to not just One Time Pad ciphers but but One Time Phrase codes.

We are used to thinking in “alphabets made of individual characters” thus we end up with small sets of 2 {0,1} 10 {0..9} 26 {a..z} charecters, that obviously have to be used over and over in as near uniform a way as possible to convey a more complex message.

In the late Victorian era many people knew you could have a much larger alphabet set[1]. That is you can have an alphabet of every possible “five letter word” from {AAAAA..ZZZZ} which is quite a large alphabet of just under 12million (a little under 2^24 bits). If modern code designers are sensible however they will only use a subset to allow for some Forward Error Correction (FEC).

That aside the important thing to remember is that these words have no intrinsic meaning they are just each individually a member (place holder) in a set, that can be manipulated in many ways before they eventually become pointers to individual entries in an array of meanings.

But it can get more interesting. For instance in a Phrase Code you could have an outer wrapper around a code word such as,

    We should meet for {com}.

Where {com} is a set of “comestibles” used as code words, such as,

{tea,coffee,snack,beer,cocktail,breakfast,lunch,dinner,”a drink”}

Where “a drink” is used as a “null” and the other eight give you a three bit binary number.

With a little thought you will realise that there are so many “innocent phrases” such as {Hello,Hi,”whats up”} that you can transfer a large amount of information, with the “nulls” making any analysis difficult.

Importantly though you are just sending a number which can also be made meaningless to analysis. Firstly the number can be a super-encipherment via a One Time Pad of the code number. Secondly the meanings the number points to can likewise be scrambled by a True Random Process on a regular basis.

The first method in theory alows a given phrase to be used repeatedly as long as the OTP is changed for each message, but using the same phrase within the same message or recipient without care makes the phrase less innocent. Reuse of the second method within a given time frame likewise reduces the innocence. It’s also why the “null” needs to be selected to be as generic as possible to avoid a clash, thus “a drink” could stand in OK even if you’ve already used say “coffee” where as “tea” as the null would be contradictory thus potentially suspicious.

Although you could use such a system with “voice”, without training most humans would forget Wrapper:word and miss send/receive a message. Thus it is better to use it for E-Mail or Messaging where the length is not overly restricted, and a computer can generate a draft/final message.

Provided a little care is used the messages in plaintext would appear to most to be innocuous, thus can be sent along any communications path.

Which brings us back to the question of hiding or keeping secret two or more parties are communicating. You and Ratio found that you could use a blog with to the human eye “hidden text”. Your original reason was so that people could “sign posts” without it being annoying to readers.

As you may remember quite a few years ago now, I discussed how to make a BotNet which was headless, thus not susceptible to having the control server being impersonated by authorities etc. The same problem exists with communications nets a control server is not just a single point of failure, it is also a fairly clear “differentiater” between suspect and nonsuspect computers thus users (allegadly this is what went wrong with the CIA system that cost quite a few of their spys their lives).

The idea I had was to use two or more open blogs and a ubiquitous search engine like google. Party A would use a unique handle or expression (@Albert does this in Morse as a Sig) that can be easily searched for using a Google search that they use when posting to anyone of many open blogs. Party B would search for the handle/sig and then read the message from the Google Cache not by actually going to the blog site. The process is reversed by Party B using another open blog and “handle/sig”. With a little thought “handles/sigs” can be changed as can the blogs used. With care trying to tie the two parties together can be very difficult at best.

There are other things that can be done but as I’ve mentioned before, it appears “undesirables” to private communications nets like SigInt / IC agencies read this blog and use the ideas with little understanding themselves[3]. I can not help wondering if the CIA system that got a lot of their spys killed was “stolen without understanding” from a blog or similar post and thus carelessly implemented and the security blown wide open because the implementer just did not have a clue as to what a more switched on IC entity might do…

[0] We’ve talked about the issues of why OTPs can not be “unbounded” etc when it comes to the use of true random number generation. And I still find it realy scary that there are people out there who don’t get why.

[1] There were quite a few “comercial codes” where whole sentences were reduced to four or five letters. That is they were made for “compression” for significant cost reduction as cables were charged “by the word” and nobody had said the words had to have meaning when the rules were made, and this caused much controversy not long after[2].

[2] The cable operators thought they were being cheated by devious men, and the customers thought they were being extorted compared to the flat rate Penny Post. The result was as usual fraught and worked it’s way up through Governments into diplomacy… Eventually it was agreed that “code” would be no more than five letters only per word with numbers not alowed (have a look at Morse code to see why). And that, “As they say boys and girls”, is why when you see cipher output from BID and similar equipment for NATO, US and other Western nations designed for telegraphy it’s in “five letter groups” with a maximum of ten per line (the full format is online under the UN’s ITU-T standards, but did cost the proverbial arm and leg the last time I looked). If however you look up the UK DWS designed Rockex super encipherment machine and how it works it tells you just about every thing you need to know for free.

[3] It’s no secret that Govetnment salaries and benifits are not exactly an attraction to those who are highflying. Worse the risk-reward calculus is now known to be very badly biased against those at the bottom so even those who “plod” who might formally have been attracted to the “benifits” and what was seen as “job security” are now put off. Thus the Gov agencies are seeing a serious “Skills Crisis” and there are stories of “Warm-body-syndrome promotion” where Dunning-Kruger and Peter-Principle are not just rife but essential requirments. Further that ExMil are seen as good candidates because they are used to,

1) turning up early,
2) looking neat,
3) keeping a tidy desk,
4) generaly don’t use drugs,

So ticking the first four essential requirments on the recruiting forms… All of which are known to be turn-offs for the type of staff they allegedly want to get…

Wael December 16, 2018 4:25 PM

@Clive Robinson,

You and @Ratio found that you could use a blog with to the human eye “hidden text”. Your original reason was so that people could “sign posts” without it being annoying to readers.[edited]

There were two reason: Number one: to fulfill a promise I made to @ianf, and number two: to demonstrate a method for signing a post. Thought it would be amusing to gift-wrap the challenge. But in all honesty, it’s a child’s game*, as you very well know. You and I also communicate in an obscured manner that’s not easy for eve to de-poem, right? Forget about math**. Shakespeare is the man (in the western world, that is.)

With care trying to tie the two parties together can be very difficult at best.

One needs to eliminate meta-data or bring it at or below the noise floor. None-tracability (inability to correlate a response to a request, or distinguished a response from a request – not sure that’s a formal definition, but that’s what I mean) is also an important characteristics in the design. In the analog world, short-wave radio has been used for messaging spies. Can’t really prosecute someone for owning a short-wave radio. Similar techniques can be used on the internet.

  • The intent is not to challenge authorities by demonstrating work-arounds to regulations. The intent is to show that the regulation is flawed and does not achieve the advertised intents.

** Trust the math? It’s not a matter of trust; it’s a matter of a rigorous proof. And even if I were to trust the math, why would I trust the mathematicians? Some of them are bought and paid for! And I don’t have the knowledge or the time to look at every formal proof they demonstrate. And there is no proof I saw that demonstrates Asymmetric Cryptography is secure, irrespective of the PQC stuff.

agp December 18, 2018 10:35 AM

Myth #1:

“But if two Australians are using a messaging app to plot a terrorist attack, it is clearly crucial for the relevant authorities to find out what they are saying.”

Myth #6:

“The Australian Signals Directorate is a foreign intelligence agency. It does not collect the communications of everyday Australians.”

Clive Robinson December 18, 2018 9:14 PM

@ Wael,

Hark what light…

One needs to eliminate meta-data or bring it at or below the noise floor.

Currently with the way the network part of the Internet works this is not possible. Because even though it is not “circuit switched” it is “Packet Switched” which are not “broadcast” methods but “point-to-point-reply” methods. That is not only do they have to be routed, in practice they require both ends to broadcast.

The only way to break this low level meta-data is by leaving the network of the Internet into a multi-homed host where individual traffic streams are terminated (so servers not routers).

But there is another issue which is meta-meta-data, which can “show the absence of meta-data”. Which is where,

None-tracability is also an important characteristics in the design.

Take for instance a server that is not “store and forward” or worse is also “low latency”. The fact the original meta-data is gone does not mean that the communications can not be still followed. That is routing meta-data might be removed but a new routing meta-data can be correlated by the meta-meta-data of time and in some cases “packet length” at the simplest level through to the packet cadence be it short term “jitter” through to longerterm packet bursts etc.

But even with long latency there is other meta-meta-data that can reveal meta-data. For instance counting the packets into a non-user host and counting the packets out will by a difference in numbers or “absence of meta-data” show that some data was actually destined for the host or originating from the host. Then by tying it via other meta-data or meta-meta-data such as length or offset time tie it back to a particular set of meta-data.

Therefore as there has, –by the way the network of the Internet works,– to be routing and other related meta-data to every packet communicated host to host, a way to make the meta-data usless beyond saying “an unknown packet was seen on a single host to host network segment” is required.

The easy way to do this is to always send a fixed rate of information from one host to another at a fixed tempo. That is you always send say one thousand packets a second on exactly 1ms time slots. But importantly the host at the other end recipricates at exactly the same rate and tempo. So that to an outside observer the only thing they can tell is two thousand packets per second are being transfered on that link, and because they are exactly balanced there is no indication of information direction or even movement.

At a higher level traffic is always sent to multiple hosts in an individually encrypted form. That way when a host decrypts the packet it will know if it is for it’s self, to be dropped or to be forwarded. The observer if they can see into this level but not into the packets will see traffic heading as a “broadcast” to several other hosts who in turn forward them on to multiple hosts for several steps and not know which if any of the hosts it was destined for.

But also at this level you add a degree of “store and forward” or more correctly “indeterminate buffering” which has the downside of increasing latency at each server. However doing this helps increase anonymity but at the price of some increased latency which means it is not suitable for some types of “interactive traffic”, which in many cases is only annoying to a user not actually in anyway disruptive and slight redesigns such as local buffering can alleviate[1] quite extensively. For even “voice traffic” where low latency and “full break in” is assumed for “telephone” style full duplex operating, a change to “two way radio” half duplex operating is usually quite acceptable. Humans are more flexible than many system designers think they are and will quite happily trade away “niceties” when they see the need to do so[2].

Store and forward is used at other levels as well, as it can be used to “even out traffic” load. That is when you analyze most data communication networks they tend to be bursty in nature. It’s why the Internet is packet switched unlike the telephone network that used to be circuit switched[4]. Bursty traffic is undesirable because you have to design for “peak load” rather than “mean load” which is not just expensive but inefficient. Store and forward can be used to bring the mean load close to the peak load thus making the system more efficient[5].

Whilst still inside the overlay network large data files that would “time out” on a regular TCP transfer can be themselves packetised at the input server and reasembled at the output server to help with maintaining the mean load at the circuit peak load. It also enables the packets not just to be sent on different routes but out of sequence as well, making an observers task that much harder.

With regards,

The intent is not to challenge authorities by demonstrating work-arounds to regulations. The intent is to show that the regulation is flawed and does not achieve the advertised intents.

My prefrence is to show not that the “regulation is flawed” but “entirely useless for it’s stated intent” thus others can see that “It’s stated intent” is in actuality a very deliberate lie to mislead or provide cover for malintent by the regulations drafters. I view legislation obtained dishonestly in the same way I view goods or money obtained dishonestly ie “Criminal Behaviour” where the perpetrators should be removed from any place they can do further harm to society (it’s why we have “malfeasance in public office” legislation but is insufficient to be effective). Put simply by definition a process can not be democratic if one party is wilfully lying about their intent.

Finally with regards,

And there is no proof I saw that demonstrates Asymmetric Cryptography is secure

Both block and stream ciphers are “bounded” so can not be “unconditionaly secure”. Thus any proof would rely on a complexity/time/resource argument. Whilst I’m happy to believe that at our current technological point in time you could say it would take X years with Y machines etc I know darn well you can not “project into the future” very far with technology points. Because at the end of the day technology changes quite dramaticaly within a decade any way and there is no way to predict outside of any human meaningful time –two decade generation– when the next big technology jump will occure.

[1] The simplest example of this is found in the *nix and similar “line discipline” buffering where what a user types in is kept local to them untill they hit the enter key then the whole buffer is transmitted. Not only is it much more efficient editing and similar can be done localy to the user where low latency is important.

[2] Back late last century there was some research done about personality types and behaviour. Part of which looked at communications. Without going into details it was found that those who had important things to communicate were more than happy to give up niceties and drop into single sentance conversations that got the information across reliably and effectively. Conversly those who could not or would not give up the niceties rarely had anything of importance to say, nor did they expect replys etc. As an older colleague at the time observed “The sort that talks like a shaper to a plant, or just ‘talks to the trees'”[3].

[3] They had worked at Henly and had indirectly worked with Meredith Belbin and was I think not exactly overwhelmed by the experience in any way. For those not British and of a certain age “I talk to the trees / That’s why they put me away…” was a catchphrase of “The Goons” radio show charecter called “Eccles” played by comedian Spike Milligan. Oh for those antipodeans that disdain “Belbin for “Margerison-McCann” an insenitive “Thruster-organiser” would be an archetypal “Shaper”. As for those in the US do you have any “Team Invinotory” types that would be equivalent? 😉

[4] The reality today is that the technology behind the high capacity networks of the Intetnet have to alow for low latency critically paced traffic, which circuit switching is considerably better at than packet switching. The result is that the modern switches and routers have moved towards supporting circuit switching very effectively via traffic managment. Thus building telephone networks on such switches and routers is now just as effective but a lot cheaper than traditional packetised circuit switching trunk switch equipment.

[5] A mechanical equivalent of “store and forward” would be a “fly wheel” in a transmission system that smooths out the “thumps” of low stroke engines or provides inertia compensation with switched or abruptly changing “snatch” loads.

Wael December 18, 2018 10:55 PM

@Clive Robinson,

Part Uno. Act dos. Sc. Quattro! (we need a stanza facelift)

Currently with the way the network part of the Internet works this is not possible.

“Necessity is the mother of invention”. I go to a blog and read a perfectly normal paragraph that says something completely different (no ZWJ and its friends, either.) And there are other ways, I’m sure. We are bound by TCP/IP protocols, so we can’t easily change the transport layer behavior without breaking ‘things’. But we can do other things.

in practice they require both ends to broadcast.

UDP?

Currently with the way the network part of the Internet works this is not possible.

Then raise the noise floor. The methods you suggest below effectively do that

None-tracability is also an important…

None-traceability of the packets as I defined it (cannot distinguish a request from a response or correlate a request to a response, which is partially satisfied by the constant packet sizes at constant intervals (although I don’t see the ‘constant’ part as a necessity) you suggest.

It’s stated intent” is in actuality a very deliberate lie…

Slight of hand

The deeper problem with the nothing to hide argument is that it myopically views privacy as a form of concealment or secrecy. But understanding privacy as a plurality of related problems demonstrates that concealment of bad things is just one among many problems caused by government programs such as the NSA surveillance and data mining. In the categories in my taxonomy, several problems are implicated.

I haven’t read the whole thing, though.

Both block and stream ciphers are “bounded” so can not be “unconditionaly secure”.

Name one thing that’s unconditionally secure! We use that as an approximation. We say if the cost of attack is much higher than the value of the asset, then the system is unconditionally secure (paraphrasing from applied cryptography.) I’m implying it could be a lot worse than cannot be “unconditionally secure”.

drop into single sentance conversations that got the information across reliably and effectively. Conversly…

That had been my observation as well!

Clive Robinson December 19, 2018 11:58 AM

@ Wael,

And there are other ways, I’m sure

Oh there are. You might remember I occasionally point out that you need a certain minimum of components that are not secure to build a secure system.

I regard the DOD TCP/IP protocols upto version 4 as being “to simple a component to be secure” but OK to build secure systems from “If you know what you are doing”. As we know there are overlays on TCP or IP that are not sufficiently secure for various reasons. Thus at design time either the designers did not know what they were doing, or they actually knew exactly what they were doing when they designed an insecure system. As for later “vulnerability discoveries” not taking timely steps to fix them is shall we say something that is more wide spread than just secure network designs.

With regards “UDP?” at some level the host has to get information to work in the network for traffic to get to it, in that respect it’s more like a mobile phone than a Shortwave Receiver, that can just be turned on. Thus there is a finger pointing towards the host somewhere which the transmitter has to be able to find to route a UDP packet to it. So if the sending host can find that pointing finger so can others unless they are somehow prevented by mechanisms at a higher level. Which was what I was effectively discussing as you noted.

With regards,

although I don’t see the ‘constant’ part as a necessity

It’s not just “passive” attacks that can be used to reveal information via side channels, active attacks can induce them to appear. The most obvious of which would be to somehow “modulate” the timing/phase of the data packets and look for correlation elsewhere even though the meta-data has been changed through a host. As I’ve mentioned before systems especially those used as hosts tend to be very transparent in nature. Whilst it’s easy to see that an attacker corrupting a packet can see it’s down stream meta-mete-data by holes in timing, less easy to see and way harder to fix is the upstream effects caused by the error/exception signalling meta-meta-data propergating back through upstream hosts to the source for a re-transmission etc. Those meta-meta-data “ripples” go in both directions even on what to most appears a one way channel. They even work backwards through “Data Diodes” “Data,Pumps” and “Data Sluices”.

Think of the ripples if you like as “Standing waves” in a transmission line some one has deliberatly made a dent in etc, a lot can be learned from time delays (TDR) etc. Such tricks were first used on active EmSec attacks that came out of TEMPEST techniques and have comfortably moved over to the digital domain of network systems.

With regards,

We say if the cost of attack is much higher than the value of the asset, then the system is unconditionally secure (paraphrasing from applied cryptography.)

That is “wrong wrong wrong” in the same way as an economists free market…

Look at it this way an asset has a real value and a perceived value, black tulip bulbs being an extream example, or the modern day equivalent of Bitcoins. The real value of the bulb or bitcoin is very very small, though the cost of making it might be high, cost of making can as seen with art result in something worth less than the equivalent weight of fire wood or something people will pay tens of millions of dollars for. In either case the real value is the same but the perceived value can be beyond belief.

The cost of securing fire wood is minimal usually just inside an unlocked shed/outhouse, the cost of securing a “work of art” so much that you need a lot of paintings to make it worth while to do in anything other than a bank vault.

You thus drop directly into the “Defence spending” issue, if the owner over values the asset then way to much will be spent on securing the asset. If however the owner under values the asset then it will get stolen. As the owner has no way to know what value a potential attacker will perceive the asset at they can never know what value of spend will secure the asset, thus there never can be an “unconditional” about it.

The view I use of “unconditional” is the more common “not subject to any conditions”. Which is the likes of the One Time Phrase selected by what we would regard as a True Random Number Generator from a set of unrelated phrases to be matched via an independent True Random Number Generator selected meaning from the set of meanings.

It’s close but not quite the same as “Information-theoretic security” the main point to remember is that it’s security is independent of attackers resources. Or to put it another way, the chance of decrypting with paper pencil and a pair of dice is the same as all the computing power available. That is random chance that can not be verified as correct or incorrect. Whilst this might sound counter intuative it’s bassed on the premise that “all messages of the same length are equiprobable”. Lets assume you get a three charecter message that you know must mean “yes or no”. It’s clear to see that at the very least your guessing or compleate mapping out by brut force will yeild {y,e,s},{ ,n,o},{n,o, } all with the same probability, so you’ve gained nothing. Further as an attacker you have no idea if the messaging parties agree that the yes or no get pre-coded/enciphered thus {o,u,i} or {n,o,n} could likewise be valid as could {a,b,c} or {x,y,z}.

Wael December 20, 2018 12:29 AM

@Clive Robinson,

You might remember I occasionally point out that you need a certain minimum of components that are not secure to build a secure system.

Kinda: Warden, Probabilistic Security, Voting, …

Thus there is a finger pointing towards the host somewhere which the transmitter has to be able to find to route a UDP packet to it.

Of course. But there is a difference between two parties that exchange encrypted or steganographized messages, and you and I communicating here. That sort of meta-data isn’t attention-drawing.

Think of the ripples if you like as “Standing waves” in a transmission line some one has deliberatly made a dent in etc

I understand transmission line theory and TDR (Time-Domain Reflectometry, but I don’t see that analogy applicable here.

That is “wrong wrong wrong” in the same way as an economists free market…

You’re preaching to the choir 😉

Wael December 20, 2018 2:42 AM

@Rach El,

I think it’s about time for a song!

On the first day of witness my coup gov gave to me,
A cartridge sum mer plea.

Meh, the brain isn’t in the mood, but tell you what. I’ll share the procedure.

1: Find a song you like
2: Locate it’s lyrics
3: Prepare a list of ‘Security’ words befitting the thread
4: Go to Rhyme Zone
5: Select song words that rhyme with your list
6: Repeat until something looks / sounds good

Words on the list: Camera, Microphone, Tor, Subvert, Spy, Privacy, Concealment, Hear something say something, TSA, Bear, Panda and the Bamboo curtain, Data center, Spooks, Meta-data, …

Imposible to fit them in Nao Koyasu’s song – three languages…

PS: Step 5 is the hard one, unless you’re in the mood, then everything just fits in.

AtAStore December 23, 2018 4:11 PM

@Clive Robinson

“With regards the Motherboard article on “Signal” I think everybody, should read it.

Oh and remember each Mobile Device has two serial numbers it uses on the network[1], the Electronic Serial Number of the Phone, and the serial number of the SIM. Also there is an identifier that becomes your phone number after translation through various databases. Neither serial number, identifier or the resulting phone number are secure[2] in any real way, and you can be tracked by BOTH serial numbers…”

The long link about e-sims from McKinsey looks interesting. Found this link about probably another McKinsey Division https://www.nytimes.com/2018/12/15/world/asia/mckinsey-china-russia.html titled How McKinsey Has Helped Raise the Stature of Authoritarian Governments

Clive Robinson December 24, 2018 5:57 AM

@ AtAstore,

From the article,

    McKinsey defends its work around the world, saying that it will not accept jobs at odds with the company’s values.

Sounds positive, untill you ask the question,

    What are McKinsey’s REAL values?

Then you start seeing the old “where’s the exit two step shuffle” from the seniors whilst some Spin Dr eulogizes a nothing burger of sound bytes.

The reality is “Rape pillage and plunder” with that weapon mightier than the sword, the pen on dubiously legal contracts.

I’ve seen McKinsey at work for over a third of a century, and my advise is stear well clear, as there is no spoon long enough to sup with that cabal of satanic vampires. Their record with less prominent organisations is a trail of trashed and bankrupt entities. Make no mistake their aim is to sell nonsense at the most premium of premium prices, strip you naked and disapear over the horizon just when the buzzards start to circle. Which of course leaves other suppliers unpaid so a veritable avalanche of debt smashes through communities destroying them in it’s path.

In short if you are an honest person with honest aims and morals the message about McKinsey is “Not nice people, avoid”. If however you have no morals dishonest intent and care not a jot about behaving legaly then their record speaks for it’s self, for 20-50% of the proceeds “McKinsey are your get to guys”…

nunya January 7, 2019 10:38 PM

thanks for the backdoor laws now we can hack them against the government for gettingits hands dirty

anon January 7, 2019 11:31 PM

like all government spies they can watch all they want we are watching them with their own technologies. Dear Australians your own government wants you to pay for not trusting you. Its time to wake up australian vpn and even tor exit nodes are being borked by the authorities whats worse, they cannot protect themselves. I call anons to mine the federal government for resisting ICAC they are certainly hiding a big secret and being a democratically free transparent society they are behaving like north korean hermits and should be reported to wikileaks.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.