fyi: Storm Worm botnet numbers, via Microsoft

[Jeff . Hodges]

food for consideration. yes, #s are from MSFT as he notes, but are the only 
ones we have presently wrt actual Storm extent, yes? If not, pls post 
pointers...

=JeffH
--
Storm Worm botnet numbers, via Microsoft
http://blogs.zdnet.com/security/?p=533

Posted by Ryan Naraine @ 7:40 am Categories: Patch Watch, Hackers, Microsoft, 
Browsers, Rootkits, Vulnerability research, Spam and Phishing, Spyware and 
Adware, Botnets, Exploit code, Viruses and Worms, Data theft, Pen testing, 
Passwords Tags: Microsoft Corp., Worm, Machine, MSRT, Productivity, Microsoft 
Windows, Cyberthreats, Spyware, Adware & Malware, Viruses And Worms, Security, 
Operating Systems, Software, Ryan Naraine
icn_balloon_154x48
+14
16 votes Worthwhile?

If the statistics from Microsoft\u2019s MSRT (malicious software removal tool) 
are anything to go by, the Storm Worm botnet is not quite the world\u2019s 
most powerful supercomputer.

The tool \u2014 which is updated and shipped once a month on Patch Tuesday 
\u2014 removed malware associated with Storm Worm from 274,372 machines in the 
first week after September 11. In all the tool scanned more about 2.6 million 
Windows machines.

These numbers, released by Microsoft anti-virus guru Jimmy Kuo, puts the size 
of the botnet on the low end of speculation that Storm Worm has commandeered 
between 1 million and 10 million Windows machines around the world.

[ SEE: Storm Worm botnet could be world\u2019s most powerful supercomputer ]

The MSRT numbers, though helpful, shouldn\u2019t be relied on as gospel. For 
starters, the tool targets a very specific known malware (it only finds 
exactly what it\u2019s looking for) and attackers constantly tweak malware 
files to get around detection. In addition, it is only delivered to Windows 
machines that have automatic updates turned on, which means there are liely 
tons and tons of hijacked machines that never gets a copy of the MSRT.

Still, Kuo claims that the September version of MSRT made a dent in the botnet.

Another antimalware researcher who has been tracking these recent attacks 
has presented us with data that shows we knocked out approximately one-fifth 
of Storm\u2019s Denial of Service (DoS) capability on September 11th. 
Unfortunately, that data does not show a continued decrease since the first 
day. We know that immediately following the release of MSRT, the criminals 
behind the deployment of the Storm botnet immediately released a newer version 
to update their software. To compare, one day from the release of MSRT, we 
cleaned approximately 91,000 machines that had been infected with any of the 
number of Nuwar components. Thus, the 180,000+ additional machines that have 
been cleaned by MSRT since the first day are likely to be home user machines 
that were not notably incorporated into the daily operation of the Storm 
botnet. Machines that will be cleaned by MSRT in the subsequent days will be 
of similar nature.

The September release of the MSRT probably cleaned up approximately one 
hundred thousand machines from the active Storm botnet. Such numbers might 
project that the strength of that botnet possibly stood at almost half a 
million machines with an additional few hundred thousand infected machines 
that the Storm botnet perhaps were not actively incorporating.

Kuo also confirmed fears that the botnet will slowly regain its strength once 
those cleaned machines become reinfected because those machines are likely 
unpatched and not equipped with any security software.

---
end



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: debunking snake oil

[Jeff . Hodges]

to some degree, Schneier is already doing this with his "doghouse" section of 
the Crypto-gram newsletter. Although it sounds like you're being more 
ambitious in terms of desiring to publish cracks/hacks or whatever.

Perhaps thumbing through the various Doghouses would provide some reasonable 
targets for a more thorough inspection than what Bruce has often done? They 
are typically companies and that would certainly fit with the view of some of 
the other comentors on this thread.


=JeffH


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Neal Koblitz critiques modern cryptography.

[Jeff . Hodges]

[fwiw, Pascal Junod had sent this to this list under the subject "provable 
security" on 9-Aug]

> A critique of modern cryptography

well, in my reading it's not a "critique of modern cryptography" -- rather, 
it's (1) a comparison of the cultural differences between mathematical 
research and crypto research, and (2) a critique of the crypto research 
subfield known as "provable security", done using examples culled from Mr. 
Koblitz's personal experience.

and yes, it's worth reading. 

=JeffH


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: World's most powerful supercomputer goes online

[Jeff . Hodges]

http://en.wikipedia.org/wiki/Storm_Worm


Dark Reading Keywords : Attacks / Exploits / Threats : Botnets 
http://www.darkreading.com/topics.asp?node_id=1801


Dark Reading News Analysis: Storm Hits Blogger
August 30, 2007 : The ubiquitous Storm Trojan has found a new home
  on spam blog sites in Google's Blogger network
http://www.darkreading.com/document.asp?doc_id=132793


Storm Botnet sends spoofed YouTube spam
Author: Phil Cogar
Published: 29th Aug 2007
http://www.bit-tech.net/news/2007/08/29/storm_botnet_sends_spoofed_botnet_spam/
1


 Storm Botnet Is Behind Two New Attacks
 Posted by kdawson on Sunday August 26, @12:51PM
from the do-not-click-here dept. 
http://it.slashdot.org/article.pl?sid=07/08/26/1558245


Storm Botnet Puts Up Defenses And Starts Attacking Back
Researchers are warning universities that they're at risk of being hit with 
massive distributed denial-of-service attacks when they scan their own 
networks.
By Sharon Gaudin
InformationWeek
August 16, 2007 04:23 PM 
http://www.informationweek.com/story/showArticle.jhtml?articleID=201800635


lots more...

http://www.google.com/search?hl=en&q=storm+botnet&btnG=Google+Search


---
end


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Enigma for sale on eBay

[Jeff . Hodges]

[EMAIL PROTECTED] said:
> http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=270146164488


ebay now says (as of when this messge is sent):


>   This Listing Is Unavailable 
> This listing (270146164488) has been removed or is no longer available.
> Please make sure you entered the right item number. If the listing was
> removed by eBay, consider it canceled. Note: Listings that have ended more
> than 90 days ago will no longer appear on eBay.



=JeffH


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: UK National Information Assurance Strategy Launched

[Jeff . Hodges]

From: Peter Tomlinson <[EMAIL PROTECTED]>
Subject: National IA Strategy
To: [EMAIL PROTECTED]
Date: Mon, 02 Jul 2007 16:00:16 +0100


>From http://www.cabinetoffice.gov.uk/csia/ :


  "News

National Information Assurance Strategy launched 

On 27th June, a National Information Assurance Strategy was launched at 
the IA07 event in Brighton. The annual event is hosted by CESG and 
brings together key players in industry and government to work in 
partnership to address the UK’s needs in safeguarding information and ICT."


The document is available at: 
http://www.cabinetoffice.gov.uk/csia/national_ia_strategy/index.asp . I 
haven't read it yet, and so cannot comment, but in a related area I'm 
puzzled: having heard that Cabinet Office will be supporting Cabinet, I 
wonder what will happen to all the technical stuff such as Govt Gateway 
and even CSIA.

Peter

--

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Free Rootkit with Every New Intel Machine (aka TPM, AMT)

[Jeff . Hodges]

i'd also scrawled:
> my understanding from a person active in the NEA working group [1] (IETF) 
> is that TPMs these days "come along for free" because they're included on-die
> in at least one of said chips.


[EMAIL PROTECTED] said:
> Check again.  A few months ago I was chatting with someone who works for a
> large US computer hardware distributor and he located one single motherboard
> (an Intel one, based on an old, possibly discontinued chipset) in their
> entire inventory that contained a TPM (they also had all the ex-IBM/Lenovo
> laptops, and a handful of HP laptops, that were reported as having TPMs).  He
> also said that there were a handful of others (e.g. a few Dell laptops, which
> they don't carry) with TPMs.

my bad. I'd neglected to add "on enterprise-class systems" after "come along 
for free" (a qualification he did indeed express). WRT to Dell notebooks, 
that'd be the Latitude models.

In fact, with a little searching, i found the Dell pages below [2] that 
indicate TPM is installed on Dell's D-series enterprise class notebooks.


[EMAIL PROTECTED] said:
> One of the driving forces for TPM adoption going forward will be enterprise
> remote or "distributed" management.

Of course. And that's the driving force behind the IETF NEA ("Network Endpoint 
Assessment") working group AFAIK [1].


=JeffH
--

[1] 


[2]


"...
Trusted Platform Module (TPM 1.1)
The TPM, or Trusted Platform Module ships standard on D410, D610 & D810. TPM 
is a security hardware device on the system board that will hold computer 
generated keys for encryption. It is a hardware-based solution that can help 
avoid attacks by hackers looking to capture passwords and encryption keys to 
sensitive data.
..."



"What is TPM?

The TPM, or Trusted Platform Module, is a security hardware device on 
the 
system board that will hold computer generated keys for encryption. It is a 
hardware based solution that can help avoid attacks by hackers looking to 
capture passwords and encryption keys to sensitive data.

When deploying advanced security features like TPM in your environment, the 
archive and recovery of keys protected by the TPM is critical to avoiding the 
risk of data loss or inaccessibility in the event of a system failure.

The security features provided by the TPM are internally supported by the 
following cryptographic capabilities of each TPM: hashing, random number 
generation, asymmetric key generation, and asymmetric encryption/decryption. 
Each individual TPM on each individual computer system has a unique signature 
initialized during the silicon manufacturing process that further enhances its 
trust/security effectiveness. Each individual TPM must have an Owner before it 
is useful as a security device.

TPM Applications

TPM is useful for any customer that is interested in providing an 
addition 
layer of security to the computer system. The TPM, when bundled with an 
optional security software package, can provide overall system security, file 
protection capabilities and protect against email /privacy concerns. TPM helps 
provide security that can be stronger than that contained in the system BIOS, 
operating system, or any non-TPM application.

Which Dell systems support TPM? 

The TPM 1.2 security hardware device comes standard on the following 
LatitudeTM  notebook systems: Latitude D420, D620, D820, OptiPlexTM  desktop 
systems: Optiplex 745, 740 and Dell PrecisionTM  Mobile Workstations M65, M90. 
Dell recommends the use of Microsoft® Windows®  XP Professional XP 
Professional operating system with TPM which includes advanced security, 
mobility and networking features. TPM is currently not supported by Dell on 
Red Hat® Linux®  operating systems. Customers who deploy TPM should also 
purchase Wave Systems Embassy Trust Suite from Dell Software & Peripherals to 
enable full TPM features including key archival and migration."


---
end




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: SHA-2 patent status

[Jeff . Hodges]

of possible interest...

 Original Message 
Subject: [saag] SHA-2 patent status
Date: Mon, 25 Jun 2007 09:55:46 -0700
From: Paul Hoffman <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]

Of possible interest (but hopefully no concern) to this list: a new 
IPR statement from the NSA to the IETF. 


--Paul Hoffman, Director
--VPN Consortium
___
saag mailing list
[EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/saag

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Free Rootkit with Every New Intel Machine

[Jeff . Hodges]

[EMAIL PROTECTED] said:
> With TPMs it's a bit different, they're absent from the hardware by default

in case you're referring to the TCPA (trusted computing platform alliance) 
TPM..

my understanding from a person active in the NEA working group (IETF) is that 
TPMs these days "come along for free" because they're included on-die in at 
least one of said chips. I don't recall whether he said it was the network 
interface (NIC) and/or one of the others. So anyway, he said 
"...enterprise-class systems (eg Dell Latitudes) mostly all already contain, 
TPMs and various network gear manufacturers have boxes that speak to them 
already, and NEA is just trying to standardize the protocols..."

I've noticed my latitude systems do in fact have a bios option for 
enabling/disabling their TPMs. (mine are disabled)

the way in that IT depts ensure that vic...er...employees don't turn 'em off 
(as I understand it) is they set the BIOS admin password on their "assets" 
(computers) before their give them out.

=JeffH


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

wrt "Network Endpoint Assessment" (was: Re: Free Rootkit with Every New Intel Machine)

[Jeff . Hodges]

of potential related interest is..

Network Endpoint Assessment (NEA): Overview and Requirements 


note term "remediate/remediation".

relevant snippage below. see also..

http://www.ietf.org/html.charters/nea-charter.html


=JeffH



1. Introduction 

Today, most network providers can leverage existing standards-
based technologies to restrict access to their network based 
upon criteria such as the requesting system's user or host-based 
identity, source IP address or physical access point.  However 
these approaches still leave the network resident systems 
vulnerable to malware-based attack, when an authorized but 
infected system is admitted and the malware is able to spread 
throughout the internal network. 
 
As a result, network operators need a proactive mechanism to 
assess the state of systems joining or present on the network to 
determine their status relative to network compliance policies.  
For example, if a system is determined to be out of compliance 
because it is lacking proper defensive mechanisms such as 
firewalls, anti-virus software or the absence of critical 
security patches, there needs to be a way to safely repair 
(remediate) the system so that it can be subsequently trusted to 
join and operate on the network.  The NEA technology strives to 
provide a mechanism to report the configuration of an endpoint 
for evaluation against network compliance policy.  Such a 
mechanism could offer a useful tool for the network operators'
arsenal but should be recognized as not being a complete 
endpoint compliance solution in and of itself.  
 
NEA typically involves the use of special client software 
running on the requesting system that observes and reports on 
the configuration of the system to the network infrastructure.  
The infrastructure has corresponding validation software that is 
capable of comparing the system configuration information with 
network compliance policy and providing the result to 
appropriate authorization entities that make decisions about 
network and application access.  Some systems may be incapable 
of running the NEA client software (e.g. printer) or be 
unwilling to share information about its configuration.  In 
these cases the network infrastructure might decide to disallow 
or limit access to the network. 
 
In many cases, the admission decision is provisioned to the 
enforcement mechanisms on the network and/or system requesting 
access.  The decision might allow for no access, limited or 
quarantined access (possibly to allow for remediation), or full 
access to the network.  While the NEA Working Group recognizes 
there is a link between an assessment and the enforcement of the 
assessment decision, the mechanisms and protocols for 
enforcement are not in scope for this specification. 
 
Architectures, similar to NEA, have existed in the industry for 
some time and are present in shipping products, but do not offer 
interoperability.  Some examples of such architectures include: 
Trusted Computing Group's Trusted Network Connect [TNC], 
Microsoft's Network Access Protection [NAP], Cisco's Network 
Admission Control [CNAC]).  These technologies assess the 
software or hardware configuration of endpoint devices for the 
purposes of monitoring or enforcing compliance to an 
organization's policy.  These architectures are not 
interoperable because they are implemented using primarily non-
standards based technologies. 
 
The NEA working group is working on defining standard protocols 
so as to enable interoperability between devices from different 
vendors allowing network owners to deploy truly heterogeneous 
solutions. This document describes the requirements for NEA 
candidate technologies and protocols.  
 


 4. Problem Statement 
 
NEA technology may be used for several purposes.  One use is to 
facilitate endpoint compliance checking against an 
organization's security policy when an endpoint connects to the 
network.  Organizations often require endpoints to run an IT-
specified OS configuration and have certain security 
applications enabled, e.g. anti-virus software, host intrusion 
detection/prevention systems, personal firewalls, and patch 
management software.  An endpoint that is not compliant with IT 
policy may be vulnerable to a number of known threats that might 
exist on the network. 
 
Without NEA technology, ensuring compliance of endpoints to 
corporate policy is a time-consuming and difficult task.  Not 
all endpoints are managed by a corporation's IT organization, 
e.g. lab assets and guest machines.  Even for assets that are 
manage

fyi: Ross Anderson on UK ATM fraud

[Jeff . Hodges]

see also: "Reliability of security systems"
   http://www.cl.cam.ac.uk/~rja14/#Reliability


=JeffH

From: Ross Anderson <[EMAIL PROTECTED]>
Subject: Newsnight tonight
To: [EMAIL PROTECTED]
Date: Wed, 20 Jun 2007 19:19:24 +0100


We helped make a piece on ATM fraud a few weeks ago for Newsnight, pointing
out that law enforcement on bank fraud is now deeply corrupt. The Home Office 
did a deal with the banks so that fraud victims must report the crime to the
bank, not the police; the City force's card squad is a tied cottage (as Nick
put it) as the banks pays its bills; ditto the Met's e-crime squad; ditto 
the Financial services ombudsman. This is jolly nice for the banks when the
fraud is done by a bent insider they don't want exposed, and jolly nasty for
the poor customer. It's also jolly nice for terrorists such as the Tamil   
Tigers who use ATM fraud to raise money to finance murder and mayhem. It's
really wonderful for government spin doctors as fraud figures have fallen to
near zero.

I'm now told that the programme will run tonight. Unfortunately a lot of its
teeth have been drawn (below)

Ross

**

Date:Wed, 20 Jun 2007 19:09:10 BST
To:  <[EMAIL PROTECTED]>
From:*** @bbc.co.uk>
Subject: newsnight

Just to let you know. The piece will run tonight. Sadly  we could only
include a small part of your magnificent contribution, so the angle
about the tamil tigers was dropped,  against my wishes. 
The banks spokesman is coming on afterwards. The Home Office  and ACPO
both refused to appear. 
  
Regards

***


--

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: A5 Cracking Project

[Jeff . Hodges]

From: steve <[EMAIL PROTECTED]>
Subject: A5 Cracking Project
To: [EMAIL PROTECTED]
Date: Sun, 6 May 2007 16:54:58 +


Hi,

we are inviting people to design and build a A5/1 cracking machine.

We are security enthusiasts. We started in January 2007 and built a
GSM Receiver for 700 USD (http://www.thc.org/gsm). The first alpha
version of the GSM receiver is available from our webpage.

We are now looking for the next challenge: Cracking A5/1 for real.

We put up a public wiki at http://wiki.thc.org/cracking_a5 for anyone
to edit and to add information.

If you are interested please also subscribe to our mailinglist by sending
an email to [EMAIL PROTECTED]

Spread the word & happy hacking,

steve



--

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Cryptome cut off by NTT/Verio

[Jeff . Hodges]

Note that JohnY offers a DVD of the entire site's current state, plus bonus 
extra DVD, for a mere $25 donation. I've got mine, get yers now.


=JeffH


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Public key encrypt-then-sign or sign-then-encrypt?

[Jeff . Hodges]

There's also this paper..

Donald T. Davis, "Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, 
and XML.", Proc. Usenix Tech. Conf. 2001 (Boston, Mass., June 25-30, 2001), 
pp. 65-78
http://world.std.com/~dtd/#sign_encrypt


..which addresses some of the questions, in a certain context, that Travis 
raised.


=JeffH


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: NSA Releases UK Crypto Docs

[Jeff . Hodges]

From: [EMAIL PROTECTED]
Subject: NSA Releases UK Crypto Docs
To: [EMAIL PROTECTED]
Date: Fri, 02 Mar 2007 06:11:39 -0800


NSA has released under FOIA nine crypto docs in response to a request
for information on "Non-Secret Encryption" and JH Ellis. One is a formerly
secret paper by Ellis written in 1977. Another is a formerly confidential
paper by Clifford Cocks written in 1998. Ellis and Cocks were long
associated with CESG.

Three of the nine papers were formerly classified as Top Secret Codeword.


http://cryptome.org/nsa-nse/nsa-nse-01.htm



--

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Skype reverse-engineering details]

[Jeff . Hodges]

Yes, that's a very interesting slide deck. 

An alternative URL to the talk is in this blog posting..

 Skype.exe innards revealed...
 http://identitymeme.org/archives/2006/04/06/skypeexe-innards-revealed/


=JeffH


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: On-card displays

[Jeff . Hodges]

From: Ian Brown <[EMAIL PROTECTED]>
Subject: On-card displays
To: [EMAIL PROTECTED]
Date: Wed, 20 Sep 2006 07:29:13 +0100


Via Bruce Schneier's blog, flexible displays that can sit on smartcards.
So we finally have an output mechanism that means you don't have to
trust smartcard terminal displays:
http://www.cr80news.com/library/2006/09/16/on-card-displays-become-reality-maki
ng-cards-more-secure/

So, when do we see the combined chip/fingerprint reader/display on a
payment card :) Doesn't of course address the requirement that we want
evidence (such as a signed paper receipt) that can later be adjudicated
by a court with higher evidential standards than a bank statement that
their systems work perfectly...
- -- 
Blogzilla --> http://dooom.blogspot.com/


--

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: Ross' Book now online

[Jeff . Hodges]

From: Ross Anderson <[EMAIL PROTECTED]>
Subject: Ross' Book now online
To: [EMAIL PROTECTED]
Date: Fri, 25 Aug 2006 18:17:30 +0100


I finally managed to persuade Wiley to let me put "Security Engineering"
online for free download:

  http://www.cl.cam.ac.uk/~rja14/book.html

Some of the chapters in it are on-topic for this list, such as ch 6 
(naming), ch 8 (medical privacy), 13 (biometrics), 20 (copyright)
and 21 (crypto policy).

Enjoy ...

Ross


--

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: mailer certificate retrieval via LDAP?

[Jeff . Hodges]

You should consider also posting your query to ldap@umich.edu


JeffH



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: Workshop on the Economics of Information Security ("WEIS" June 2006)

[Jeff . Hodges]

From: Ross Anderson <[EMAIL PROTECTED]>
Subject: Workshop on the Economics of Information Security
To: [EMAIL PROTECTED]
Date: Fri, 12 May 2006 12:06:41 +0100


We now have online the program for next month's WEIS 2006 workshop in
Cambridge:

   http://weis2006.econinfosec.org/prog.html

There are many papers of interest to habitues of this list, with
topics ranging from liability and the economics of trust, through the
interaction of networks with crime and conflict; the dependability of
open source and free software; reputation, privacy and risk
perception; the economics of DRM and trusted computing; the return on
security investment; and economic perspectives on spam. WEIS is
co-located with the Sixth Workshop on Privacy Enhancing Technologies -
see http://www.petworkshop.org/ for more on that event.

Register by the end of the week for an early registration discount -
at http://weis2006.econinfosec.org/registration.html.

Ross


--

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: Deniable File System - Rubberhose

[Jeff . Hodges]

From: Owen Blacker <[EMAIL PROTECTED]>
Subject: Deniable File System
To: UK Crypto list <[EMAIL PROTECTED]>
Date: Wed, 19 Apr 2006 11:43:18 +0100 (BST)
Reply-To: [EMAIL PROTECTED]

http://www.schneier.com/blog/archives/2006/04/deniable_file_s.html

Some years ago I did some design work on something I called a Deniable 
File System. The basic idea was the fact that the existence of 
ciphertext can in itself be incriminating, regardless of whether or not 
anyone can decrypt it. I wanted to create a file system that was 
deniable: where encrypted files looked like random noise, and where it 
was impossible to prove either the existence or non-existence of 
encrypted files.

This turns out to be a very hard problem for a whole lot of reasons, and 
I never pursued the project. But I just discovered a file system that 
seems to meet all of my design criteria -- Rubberhose 
 :

Rubberhose transparently and deniably encrypts disk data, minimising
the effectiveness of warrants, coersive interrogations and other
compulsive mechanims, such as U.K RIP legislation. Rubberhose differs
from conventional disk encryption systems in that it has an advanced
modular architecture, self-test suite, is more secure, portable,
utilises information hiding (steganography / deniable cryptography),
works with any file system and has source freely available.

The devil really is in the details with something like this, and I would 
hesitate to use this in places where it really matters without some 
extensive review. But I'm pleased to see that someone is working on this 
problem.

Next request: A deniable file system that fits on a USB token, and 
leaves no trace on the machine it's plugged into.


- -- 
Owen Blacker, London GB
Say no to ID cards: www.no2id.net
- --
They that can give up essential liberty to obtain a little temporary
  safety deserve neither liberty nor safety --Benjamin Franklin, 1759


--

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: talk: Reflective side-channel cryptanalysis

[Jeff . Hodges]

From: Eu-Jin Goh <[EMAIL PROTECTED]>
Subject: FRI 15 JULY 1630 HRS : Reflective side-channel cryptanalysis
To: [EMAIL PROTECTED]
Date: Mon, 11 Jul 2005 08:46:19 -0700


- ---
When -  FRI 15th July
1630 hrs at Gates 4-B (opposite 490)

Who  -  Eran Tromer, Weizmann Institute of Science

What -  Reflective side-channel cryptanalysis
- ---

Abstract:

Side-channel cryptanalysis exploits physical information leakage from
cryptographic devices to undermine their security. Most side-channel
attacks require special measurement equipment and are thus limited in
applicability.

This talk will present two side channels that can be exploited in many
settings without special equipment. First, CPU cache contention leaks
information on memory access patterns in several ways. Second,
acoustic emanations from electronic circuit components can be
information-bearing and are often detectable by a plain
microphone. Applications of these side channels to RSA and AES will be
shown.

In some common cases these attacks can be carried out by software
within the target computer, allowing an unprivileged process to glean
secret information from privileged ones without any explicit
interaction. This raises new challenges for multiuser, partitioned and
sandboxed environments.

Joint work with Dag Arne Osvik and Adi Shamir. 

- ---

Map to Gates Computer Science Building

http://campus-map.stanford.edu/campus_map/results.jsp?bldg=gates&dept=&addr=
- -++**==--++**==--++**==--++**==--++**==--++**==--++**==

--

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: fyi: Fingerprinting CPUs

[Jeff . Hodges]

[EMAIL PROTECTED] said:
> This subject came up before.
> http://citeseer.ist.psu.edu/shankar04side.html 

ah, yes, in various forms. 

The refs in that paper lead to this, fwiw..

http://dynamo.ecn.purdue.edu/~kennell/genuinity/publications.html




JeffH



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: Fingerprinting CPUs

[Jeff . Hodges]

of possible interest to denizens hereabouts...

JeffH

From: David Farber <[EMAIL PROTECTED]>
Subject: [IP] Fingerprinting CPUs
To: Ip 
Date: Thu, 10 Feb 2005 12:30:12 -0500


Maybe a software manufacturer could lock software (say an OS :-) ) to a
spefic machine djf


- -- Forwarded Message
From: "Barrett, Randy" <[EMAIL PROTECTED]>
Date: Thu, 10 Feb 2005 10:28:05 -0500
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Fingerprinting CPUs

Hi Dave. I thought you might find this story of interest.
Regards,
Randy Barrett

Senior Editor
Communications Daily/Washington Internet Daily
202-872-9202 x371
Fax:202-318-8984

>From Washington Internet Daily 2/10/05

MIT Authenticates Individual Computers

 MIT researchers are using natural variations in integrated circuits
to authenticate individual computers.  The technology could be used for
security, but also for intellectual property protection, said lead
investigator Srini Devadas, who's spent the last 2 years developing the
technology under a grant from the National Science Foundation.

 "There are different grades of Pentium chips," said Devadas.  "Some
turn out to be faster than others."  These differences can be mapped to
create a unique fingerprint for every computer.   Devadas calls the new
identifier the "physical unclonable function" (PUF).  The approach has
several advantages:  It's extremely hard to forge, he said, and it doesn't
require separate authentication technology such as a smart chip to function.
"The chip itself is the key," he said.

 With computer CPUs acting as authentication keys, sensitive
information can be passed between trusted machines, said Devadas.  Making it
work requires a special program circuit be added to each CPU to make the
challenge and response possible.  Devadas has talked with several commercial
suppliers about marketing the technology:  "I need to convince the hardware
manufacturers that this is something that will fly," he said.

 The system also could be used for intellectual property protection,
Devadas said.  Copyrighted software could be programmed to run on only one
CPU and effectively blocked from further distribution.  Another possible
application is the ability to remotely authenticate the execution of
programming on specific chips.  "I'm talking to a bunch of people about it,"
he said. -- Randy Barrett



- -- End of Forwarded Message

Archives at: http://www.interesting-people.org/archives/interesting-people/

--

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: cryptograph(y|er) jokes? (Superpolynomial subexponential runtimes, or, How to Give a Math Lecture at a Party, by Eric Hughes)

[Jeff . Hodges]

it's kinda long, but I was at the Cryptorights party (as were many others on 
this list) where Eric did this and it was really very funny.

JeffH

available at..

  http://www.xent.com/FoRK-archive/oct00/0429.html
  http://www.cryptorights.org/events/2000/superpolynomial.html


> Subject: How to Give a Math Lecture at a Party.
> Date: Tue, 17 Oct 2000 20:32:09 -0700
> From: Eric Hughes <[EMAIL PROTECTED]>
> To: Dan Haney <[EMAIL PROTECTED]>

How to Give a Math Lecture at a Party.

1. Pick the right party. I would suggest the RSA patent expiration
party
to benefit the CryptoRights Foundation, but that party has already
happened. (See http://cryptorights.org/events/patent-benefit.html )

  1a. Ensure that there are a bunch of people at the party who've had
   to learn more about modular rings than they ever thought they 
  would.
  1b. Ensure that these people have also had to think about
  analysis of runtimes.
  1c. In short, ensure that there are a bunch of cypherpunks and their
   fellow-travellers hanging around.

2. Have the MC give away the punch line by announcing that you're going to
sing a funny song.

3. Begin by insisting that the MC was mistaken. Announce that you're
going to give a math lecture instead, and turn on the overhead
projector. (Props are important signals of intent here.)

4. Put up, in sequence, the following four slides. Prepare the slides to
be unnecessarily notational.

4-1. A description of the RSA algorithm. Include the statement N=pq and
  make sure to include the notation for the Euler totient function.

4-2. A description of the algorithmic runtime of the Number Field
  Sieve. It's really messy. Write it all out and go through it
  in loving detail. Talk about the best known constants. Be sure
  to drop Don Copperfield's name, because many good mathematical
  cryptography lectures do so. Point out that the logarithm of a
  logarithm is uncommon.

4-3. The assertion that the runtime of the NFS is slower than every
  polynomial function in the limit of large inputs. Use first
  order logic notation to avoid as many understandable words as
  possible.

4-4. The assertion that the runtime of the NFS is faster than every
  exponential function with arbitrary constant base in the limit
  of large inputs. Again, use first order logic notation.

5. Say the words, "So the NFS has ..." and proceed without pause to the
next step.

6. Break into song. Sing the following lyrics to the obvious Mary Poppins
tune.

> Superpolynomial subexponential runtimes.
> Even though in practice it would take you several lifetimes,
> If you ran it long enough you'd always find those two primes.
> Superpolynomial subexponential runtimes
>
> E to the root-log root-log-log [4x]
>
> When I was but a naive lad first coding two's and three's
> I thought the only "orders of" were trivialities.
> But when I saw this function something opened up to me
> The elegance of computational complexity.
>
> [Chorus]
>
> I was at a meeting when up came a man in black
> Who told me that his agency had mounted an attack.
> Convincing him was fruitless that his budget would collapse
> All I know his trumpeter will soon be playing Taps.
>
> [Chorus]
>
> In virtual environments has grown up a debate
> Of whether strong cryptography can overthrow the state.
> But several such technologies including public key
> Shall herald in the coming age of crypto-anarchy.
>
> Superpolynomial subexponential runtimes
> Superpolynomial subexponential runtimes
> Superpolynomial subexponential runtimes
> Superpolynomial subexponential runtimes

6a. Pause during each round of applause so the audience can hear all
the words.

Eric



--

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]