Cryptography-Digest Digest #444, Volume #13 Tue, 9 Jan 01 06:13:01 EST
Contents:
Re: Bluetooth security? (Panu =?iso-8859-1?Q?H=E4m=E4l=E4inen?=)
Re: Genomes (Terry Ritter)
Re: Idiots guide to Montgomery multiplication ("Paul Pires")
Q: Recommended reading about digital watermarking (math-oriented) (Jyrki Lahtonen)
Re: Need of very simple algorithms? (SMS end-to-end encryption) (Yamaneko)
Re: Bluetooth security? ("Michael Schmidt")
Re: Need of very simple algorithms? (SMS end-to-end encryption) (Paul Rubin)
Re: Bluetooth security? (Arthur Dent)
Re: Need of very simple algorithms? ("Brian Gladman")
Re: Bluetooth security? ("Ingmar Grahn")
Re: Book buying decision (Stinson vs Konheim) (Bo Lin)
RSA recoverable signature trick (Mark Currie)
Re: Comparison of ECDLP vs. DLP (Nicol So)
Re: NSA and Linux Security (Casper H.S. Dik - Network Security Engineer)
Re: Bluetooth security? ("Michael Schmidt")
----------------------------------------------------------------------------
From: Panu =?iso-8859-1?Q?H=E4m=E4l=E4inen?= <[EMAIL PROTECTED]>
Subject: Re: Bluetooth security?
Date: Tue, 09 Jan 2001 08:20:15 +0200
Ingmar Grahn wrote:
> Are there any scientific papers that have been written about Bluetooth
> security? What I'm looking for is a security/crypto analysis like the ones
> that have been done for SSL/TSL or WTLS(WAP security layer)? Any hints of
> where I can find this kind of info, preferably on the Internet...?
At least the encryption is based on SAFER+, which was one of the AES candidates.
There should be some analysis about the cipher on the AES web site...
--
Panu Hämäläinen | e-mail : [EMAIL PROTECTED]
Digital and Computer Systems Lab | phone : +358 (0)3 365 4565
Tampere University of Technology | GSM : +358 (0)50 546 2787
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Genomes
Date: Tue, 09 Jan 2001 06:29:52 GMT
On Mon, 08 Jan 2001 18:32:41 +0100, in
<[EMAIL PROTECTED]>, in sci.crypt Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>[...]
>Could you or someone else kindly give a good reference of
>Allan variance or a tiny summary of it? I failed to find
>pointers from a couple of well-known and very comprehensive
>reference materials of statistical sciences in the library.
VARIANCE
We recall from descriptive statistics that a "variance" statistic
attempts to capture (or "model") -- in one value -- the extent to
which data vary from some basis. The square root of variance is
"deviation," which is the expected difference each sample has from the
base value.
Common (or "classic") variance is based on the mean, the arithmetic
average of sampled values (here please pardon my pseudocode):
| mean := SUM(x[i]) / n;
| var := SUM( SQR(x[i] - mean) ) / (n - 1);
| sdev := SQRT( var );
for an array of n sample values x[].
In contrast, Allan variance is based on the value of the previous
sample:
| allanvar := SUM( SQR(x[i] - x[i-1]) ) / (2*(n-1));
| allandev := SQRT( allanvar );
The value "2" in the denominator is apparently intended to produce the
same result as classical variance over white noise. Note that an
n-element array implies only n-1 difference values.
There is also a "mean deviation" or "absolute deviation" which uses
the absolute value of the difference, which thus avoids the squaring
operation and is also supposedly "more robust":
| adev := SUM( ABS(x[i] - mean) ) / n;
Other types of variance include "Hadamard variance," a related form
called "SIGMA-Z," and probably many other types as well. Each of
these presumably provides a unique view of the differences in sampled
data, and none is likely to be ideal for every application.
ADVANTAGE
The first role of Allan variance is fairly conventional: to provide a
measure of variation. In frequency measurement work, measured
frequency may be sampled at some rate. The resulting Allan deviation
over the sample values is a general measure of frequency stability at
the sampling rate. And by averaging each m adjacent samples, we can
get an Allan variance for (synthetic) slower sampling rates.
It is also possible to measure time differences between two sources
and then compute the Allan deviation from a slightly more complex
formula.
The more interesting role of Allan variance is to assist in the
analysis of residual noise. In frequency measurement work, five
different types of noise are defined: white noise phase modulation,
flicker noise phase modulation, white noise frequency modulation,
flicker noise frequency modulation, and random walk frequency
modulation. A log-log plot of Allan variance versus sample period
produces approximate straight line values of different slopes in four
of the five possible cases. A different (more complex) form called
"modified Allan deviation" can distinguish between the remaining two
cases. The result is a powerful basis for identifying problems and
engineering improved designs.
SOURCES
If you go to www.google.com and type in "Allan variance" or "Allan
deviation" you should get several pages of links to web pages. Some
of those are just a use in a particular project, some purport to be
definitions and are confusing, but overall one can develop an
understanding of the concept.
There is a lot of mention of Allan variance in the literature
surrounding precision frequency measurement, e.g., in the yearly
proceedings of the annual IEEE International Frequency Control
Symposium.
EXAMPLE REFERENCES
Allan, D. and J. Barnes. 1981. A Modified "Allan Variance" with
Increased Oscillator Characterization Ability. Proceedings of the
35th Annual Frequency Control Symposium. 470-475.
Greenhall, C. 1992. A Shortcut for Computing the Modified Allan
Variance. 1992 IEEE Frequency Control Symposium. 262-264.
Ferre-Pikal, E., et. al. 1997. Draft Revision of IEEE Std 1139-1988
Standard Definitions of Physical Quantities for Fundamental Frequency
and Time Metrology -- Random Instabilities. 1997 IEEE International
Frequency Control Symposium. 338-357.
Respero. 1999. Allan variance: variations and application to
metrology gauge data. http://huey.jpl.nasa.gov/~respero/allan-var/
Riley, W. 2001. The Calculation of Time Domain Frequency Stability.
http://www.ieee-uffc.org/freqcontrol/paper1ht.html
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Idiots guide to Montgomery multiplication
Date: Mon, 8 Jan 2001 22:24:27 -0800
Simon Johnson <[EMAIL PROTECTED]> wrote in message
news:93disp$got$[EMAIL PROTECTED]...
> In article <93c8qf$ar7$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Hi,
> >
> > I need an idiots guide to montgomery multiplication, i have read
> > numerous paper,thesis and web pages and i'm still no closer to sorting
> > it out. I have a degree in electronics so i need something that
> > doesn't go too deep into the maths...in fact i'm not that bothered
> > abount the math i just need to know how to implemement one. I need a
> > step by step guide on where each parameter comes from, how to calc
> > them. I have noticed that the "mod" operator is used in many of the
> > desciptions but i am tring to find a "mod" so..arrragggg..i don't
> > know...please someone put me out of my misery...
> >
> > Thanks
> >
> > Jonathan
> >
> > Sent via Deja.com
> > http://www.deja.com/
> >
>
> Yeah, x Mod y, means find the remainder when x is divided by y.
>
> example:
>
> 7 mod 3 = 1
> 4 mod 2 = 0
> 5 mod 7 = 5
Beware the rath of Bob Silverman :-)
He will lead you to knowledge.
Paul
>
> As for a paper, and idiots guide
>
> Yours,
>
> Simon
> --
> Hi, i'm the signuture virus,
> help me spread by copying me into Signiture File
>
>
> Sent via Deja.com
> http://www.deja.com/
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
Date: Tue, 09 Jan 2001 09:17:00 +0200
From: Jyrki Lahtonen <[EMAIL PROTECTED]>
Subject: Q: Recommended reading about digital watermarking (math-oriented)
Hi y'all,
I would like to know a little bit about digital watermarking techniques
and am looking for books/survey articles on the topic. Most of the stuff
you find with Alta Vista seem to simply advertise their particular point
and are rather lacking in their description of the mathematical concepts
being used (guess they dare not describe their algorithm in detail due
to
some legal issue).
So more specifically I am looking for texts written to mathematicians
with
experience in related fields (crypto, coding theory, you name it). Say,
if you write a few bits into an image/audio data/whatever, will you seek
to
spread the bits by using a bent function sequence, or some other
pseudorandom
sequence or what???? Is spreading used at all??
--
Jyrki Lahtonen, Ph.D.
Department of Mathematics,
University of Turku,
FIN-20014 Turku, Finland
http://users.utu.fi/lahtonen
------------------------------
From: Yamaneko <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms? (SMS end-to-end encryption)
Date: Tue, 09 Jan 2001 15:44:30 +0800
Reply-To: [EMAIL PROTECTED]
I think you, Mok-Kong Shen, got a very good point. In my opinion,
there's a need for an easily portable encryption device. Since there
are no AES-calculators and easily programmable cellphones available,
I would also prefer a simple external device such as a programmable
calculator. And since there's not always such a device available, I
also favor the idea of simple mechanical devices and pencil-and-paper.
I remember that Bruce Schneier invented a simple algorithm based on
trump cards. (It might be similar to RC4. I haven't studied it yet.
Look at his pages at www.counterpane.com for details.) Unfortunately
encryption can take up many minutes or even an hour.
What do you think about the one-time-pad? You can pre-calculate a
cryptographically secure list of random numbers with a dice or a Cray.
The actual encryption (XORing or addition) can be done in your head.
To summarize some candidates mentioned before:
* RC4
* (Bruce Schneier's algorithm)
* Jefferson roll
* One-time-pad
Any others?
Regards ...
--
======================================================================
Many receive advice, only the wise profit by it.
(from a fortune cookie, found in some Chinese restaurant)
======================================================================
------------------------------
From: "Michael Schmidt" <[EMAIL PROTECTED]>
Subject: Re: Bluetooth security?
Date: Tue, 9 Jan 2001 09:33:11 +0100
Hi,
There are the following 2 references:
1. •"Security Weaknesses in Bluetooth", Markus Jakobsson, Susanne Wetzel,
Bell Labs, Murray Hill, New Jersey,
www.bell-labs.com/user/{markusj,sgwetzel}
This paper addresses several shortcomings of BT in the areas of
authentication and location tracing. Unfortunately, it has been
withdrawn, and is currently not available. It is supposed to be
re-presented at the 2001 RSA conference.
2. "Bluetooth Security", Juha T. Vainio, Helsinki University of Technology,
www.niksula.cs.hut.fi/~jiitv/bluesec.html
gives an over view of several BT security topics.
--
===================================================
Michael Schmidt
===================================================
Institute for Data Communications Systems
University of Siegen, Germany
www.nue.et-inf.uni-siegen.de
===================================================
http: www.nue.et-inf.uni-siegen.de/~schmidt
e-mail: [EMAIL PROTECTED]
phone: +49 271 740-2332 fax: +49 271 740-2536
mobile: +49 173 3789349
===================================================
### Siegen - The Arctic Rain Forest ###
===================================================
•
"Ingmar Grahn" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
news:93denq$9pv$[EMAIL PROTECTED]...
> Hi!
>
> Are there any scientific papers that have been written about Bluetooth
> security? What I'm looking for is a security/crypto analysis like the ones
> that have been done for SSL/TSL or WTLS(WAP security layer)? Any hints of
> where I can find this kind of info, preferably on the Internet...?
>
> Thanks in advance!
>
> /Ingmar Grahn
>
>
>
>
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms? (SMS end-to-end encryption)
Date: 09 Jan 2001 00:39:03 -0800
Yamaneko <[EMAIL PROTECTED]> writes:
> I think you, Mok-Kong Shen, got a very good point. In my opinion,
> there's a need for an easily portable encryption device. Since there
> are no AES-calculators and easily programmable cellphones available,
> I would also prefer a simple external device such as a programmable
> calculator. And since there's not always such a device available, I
> also favor the idea of simple mechanical devices and pencil-and-paper.
The best-suited cipher for small microprocessors seems to be Skipjack.
Devices like Palm Pilots--which are less nerdy and therefore less
suspicious to be found with than programmable calculators--can easily
run just about any widely used crypto algorithm including public key
algorithms, though public key operations would be slow.
> I remember that Bruce Schneier invented a simple algorithm based on
> trump cards. (It might be similar to RC4. I haven't studied it yet.
> Look at his pages at www.counterpane.com for details.) Unfortunately
> encryption can take up many minutes or even an hour.
It's called Solitaire and of course it can be implemented on a computer.
> What do you think about the one-time-pad? You can pre-calculate a
> cryptographically secure list of random numbers with a dice or a Cray.
> The actual encryption (XORing or addition) can be done in your head.
There's the traditional problem of how to get the pad to the other person.
You might like to look at http://ciphersaber.gurus.com.
------------------------------
From: Arthur Dent <[EMAIL PROTECTED]>
Subject: Re: Bluetooth security?
Date: Tue, 09 Jan 2001 09:03:51 +0100
On Mon, 8 Jan 2001 23:25:01 +0100, "Ingmar Grahn" <[EMAIL PROTECTED]>
wrote:
>Hi!
>
>Are there any scientific papers that have been written about Bluetooth
>security? What I'm looking for is a security/crypto analysis like the ones
>that have been done for SSL/TSL or WTLS(WAP security layer)? Any hints of
>where I can find this kind of info, preferably on the Internet...?
>
>Thanks in advance!
>
>/Ingmar Grahn
>
>
>
when i recall correctly, the SAFER algorithm was in the first round of
the AES/NIST competition. there you should be able to find some
details. from what i hear there are some discussions about extending
security. but cannot go into detail here.
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms?
Date: Tue, 9 Jan 2001 09:18:59 -0000
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Robert Scott wrote:
> >
> > "Brian Gladman"<[EMAIL PROTECTED]> wrote:
> > >
> > >What does your 'handy user' have to do encryption with? If he or she
has
> > >anything more than their brain it may well be good enough to run AES.
> > >
> > >AES is simple enough to implement in mobile phones, in hand held
devices
> > >like the Palm Pilot (where it is already available) and in a number of
> > >scientific calculators (e.g. TI86).
> >
> > If you want an application that could benefit from the best security
> > but still may not have the resources to run AES, consider remote
> > keyless entry. A generalized crack in a widely-used cipher could
> > be of great interest to a car theft ring. But the market dictates
> > that the keyfobs that implement this technology have to cost under
> > $1 and generally have severe RAM and ROM limitations. Can you
> > implement AES is a Microchip 12C508?
>
> Sorry that I have knowledge neither in the technical nor in
> the business aspect of the application you mentioned. But
> I am extremely surprised to learn that there are applications
> at all that demand on the one side the level of security
> offered by AES, which implies that the value/secret to be
> protected is farily non-trivial, and on the other side needs
> the cost of protection to be as little as less than $1.
Although this is a sad state of affairs, you should not be surprised by it.
The history of information (in)security is that of people/organisations who
profess to want good security but evidently do not since they are not
prepared to pay for it. Given the choice between performance or security
improvements, the former always wins in the market.
In consequence we all get what we (don't) pay for - systems that leak like
sieves.
Brian Gladman
------------------------------
From: "Ingmar Grahn" <[EMAIL PROTECTED]>
Subject: Re: Bluetooth security?
Date: Tue, 9 Jan 2001 10:23:26 +0100
Thanks for all the answeres!
> 1. ."Security Weaknesses in Bluetooth", Markus Jakobsson, Susanne Wetzel,
> Bell Labs, Murray Hill, New Jersey,
> www.bell-labs.com/user/{markusj,sgwetzel}
>
> This paper addresses several shortcomings of BT in the areas of
> authentication and location tracing. Unfortunately, it has been
> withdrawn, and is currently not available. It is supposed to be
> re-presented at the 2001 RSA conference.
Well I just downloaded a copy of it today 2001/01/09, and I've got a printed
copy of it in my hand right now. Strange..?
------------------------------
From: Bo Lin <[EMAIL PROTECTED]>
Subject: Re: Book buying decision (Stinson vs Konheim)
Date: Tue, 09 Jan 2001 09:15:57 +0000
I have had Konheim's book for very long time. Actually, it is a very
useful book since some analysis methods are not so detailed in other
books. It gives you many step-by-step analysis examples and a set of
problems for each chapter. By reading this book, you can see how to
apply mathematics, especially probability theory, to cryptanalysis. The
book looks very mathematical at first sight but it is not very difficult
to read. Those math symbols in the book are necessary to present an
accurate explanation and you can get used to them very quickly.
I hope the above helps.
Bo Lin
Don Baldwin wrote:
>
> I'm looking at buying either Alan Konheim's "Cryptography, a primer"
> or Douglas Stinson's "Cryptography :theory and practice" (I'm
> sure I'll own both eventualy, though).
>
> What I'm looking for are mathematic approaches to cryptanalyzing
> some classical cyphers through modern cyphers. That sounds
> more like Konheim to me but I thought I'd ask more experienced
> people what they thought.
>
> Does Stinson cover classical cryptography or just modern block
> cyphers?
>
> Other impressions regarding either book would be GREATLY
> appreciated.
>
> Thanks!
>
> Don
------------------------------
Subject: RSA recoverable signature trick
From: [EMAIL PROTECTED] (Mark Currie)
Date: 09 Jan 2001 10:13:33 GMT
Hi,
Years ago someone told be about a trick that you can pull when you want to sign
a public key of the same bit order. If you want to perform an RSA private key
operation on another RSA public key modulus where both modulii have the same
bit order you have a problem in that the to-be-signed value is one bit too
large. The only methods that I can think of are:
1. Send 1024th bit in the clear or,
2. Clear the 1024th bit always and let the recipient perform at most two trial
public key operations using the decrypted modulus.
The first method is theoretically less secure and requires additional
transmission space to send the troublesome bit with the encrypted modulus. The
second method is a bit tedious for the recipient.
Can anyone think of any other methods ?
PS: Please don't recommend signing a hash of the public key, I specifically
need a recoverable signature and I don't have too much additional transmission
space.
Thanks in advance
Mark
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Comparison of ECDLP vs. DLP
Date: Tue, 09 Jan 2001 05:18:50 -0500
Reply-To: see.signature
DJohn37050 wrote:
>
> Any security proof relies on assumptions.
If, by "assumptions", you're referring to the common intractability
assumptions and the likes, the above statement is not true--there's no
reason why a security proof must always involve unproven assumptions.
The perfect secrecy of one-time pad against passive adversaries, for
example, can be demonstrated mathematically without resorting to any
unproven assumptions.
--
Nicol So, CISSP // paranoid 'at' engineer 'dot' com
Disclaimer: Views expressed here are casual comments and should
not be relied upon as the basis for decisions of consequence.
------------------------------
From: [EMAIL PROTECTED] (Casper H.S. Dik - Network Security Engineer)
Subject: Re: NSA and Linux Security
Date: 9 Jan 2001 10:18:48 GMT
[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]
digiboy | marcus <[EMAIL PROTECTED]> writes:
>I have very little doubt in my mind though that things like this would
>occur. It makes sense under quite a few situations if you think about
>it.
Really? If NSA and others agency do this sort of stuff, the chances
of embarrasment are real and big. The NSA is very secretive about what
it does and what it can do. Selling information to companies that have
no security practices that come even close (i.e., all companies), is
an extremely dangerous proposition. Good cover stories will be hard to
maintain.
Of course, this stuff does happen, e.g., the French spying on
Euro Disney to find out what Disney would be prepared to pay its
contractors and in Air France business class.
Short time goals are met; the long time embarrassment remains.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
------------------------------
From: "Michael Schmidt" <[EMAIL PROTECTED]>
Subject: Re: Bluetooth security?
Date: Tue, 9 Jan 2001 12:03:02 +0100
"Ingmar Grahn" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
news:93elac$ijr$[EMAIL PROTECTED]...
> Thanks for all the answeres!
>
> > 1. ."Security Weaknesses in Bluetooth", Markus Jakobsson, Susanne
Wetzel,
> > Bell Labs, Murray Hill, New Jersey,
> > www.bell-labs.com/user/{markusj,sgwetzel}
> >
> > This paper addresses several shortcomings of BT in the areas of
> > authentication and location tracing. Unfortunately, it has been
> > withdrawn, and is currently not available. It is supposed to be
> > re-presented at the 2001 RSA conference.
>
> Well I just downloaded a copy of it today 2001/01/09, and I've got a
printed
> copy of it in my hand right now. Strange..?
Interesting.
It's even a little more comprehensive than before now... The former version
was definitely off-line for some months.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
