Re: We're jamming, we're jamming, we hope you like jammin too

[Steve Schear]

At 06:16 AM 5/13/2004 +1000, Ian Farquhar <[EMAIL PROTECTED]> wrote:
I would almost bet money that the commercial interests currently
evaluating RFID tags will push for a legislative ban on RFID jamming.
And I'll bet they get it too.
I really won't matter what they prohibit, it will get out into the market 
anyway if its cheap enough to manufacture and there is sufficient 
demand.  Cellular jammers, which should be much more expensive to make than 
those for RFID, are a good example.  AFAIK they are illegal for the average 
citizen to posses one, yet they are as close as your browser to purchase.

steve 

This Stock is going... UP.. SBWL (Skybridge Wireless Inc)

[Glenn Oakley]

Today is a new day for your residence. With levels
at their headline-making historic lows, our programs
are better now than ever before. Even if you've recently
closed on a property, now is the time to check your
numbers.

Our advisors are here to help you decide your options.
In fact, did you know that a 30 year fixed program may
not always be the best option?

There are other ways to do it, and we would like to tell
you about it.

Find out what all your neighbors are talking about:

http://lendersdeals.com/?partid=egoom




Future reference options:
http://lendersdeals.com/st.html


KWRWDYRQUATBTANYYGBNAVUPOLZIVRJNPJTERBLCKAFOGXKVLOZENFGXUAXEOUMPPUCIXVZJETKPVFNVCDWIKVCKFUQQLUERSZXOBHRUDFAGCJAFINUXJCRHEOLXGXJUSQHCJGYDYBUPSVFMYXMIQZLGQXTFKQBUPLIF

we saavee u $1250 on 3 popular softtwares cyclades xanthoma endogamous nonracial

[Catheryn Emma]

Chheap softtwares for you, all are original 0EMMajor titles from MICR0S0FT and AD0BE for Rock Bottom prriiceGreat Bargaain Sa1e! Variety discoount softtwares at wholesale chaeap pricing!
Microsoft Wind0ws XP PR0fessional - my priice: $50normal priice: $270.99 ; you saavee $220
Microsoft 0ffice XP PR0fessional - my priice: $100normal priice: $579.99 ; you saavee $480
Ad0be photosh0p 7 - my priice: $80normal priice: $609.99 ; you saavee $550

28 More P0PULAR titles >> cliickk here for more titles

Wonder why our priices are unbelievably low?
We are currently clearing our goods at incredibily cheeap sa1e-priice in connection with the shutdown of our shop and the closure of the stockhouse. Don't mi your lucky chance to get the best priicce on discoouunt software!
We are the authorized agent and an established reseller offering OEM Licensing software.
We possesses all the necessary certificates issued to verify the authenticity of genuine OEM products and granting the right for us to resell OEM software products.
Super Cheaep MICR0S0FT, AD0BE & all kind soft hereCliickk here to enjoy our Superb Discouunnt!

hey, long time no see...

[Josh Adair]

Hi, my name is Jennifer, Or just Jen for short!  ;-)

My friend said you were a really cool person and I should get in contact with you!

I looked at your profile and thought I would contact you. 

I love meeting new people, I also love to talk. I just got my videocam working 
so you can see me to! It doesn't cost you anything if you wanna watch/see me! 
You don't even need your own videocam! This is not my screenname, but a friends. 
To contact me you need to go to my personal site (dont worry it's a FREE site like Yahoo!) 
its the only way to contact me! 

Just Goto the Website below to get in touch with me!

My Personal Webpage

Or if the link doesn't work, Just Copy and Paste the URL below into your web browser!

www.FGJENNY.com/chat.html

I hope I get to see you soon ;-)
-Jenny





























lhakwpyhgyxxgojfrkkxwyngbszyi
qhwmdatofspruovyqpezuhrbg
lruxjsuuevzgaoqpieaauvkndgon
umdthzsgdynhlepvyrzgmt
uphtviufgivkxosmbpazswhsyctow
fwbcdemghctiahhlhfbuesuzmxdjq
bbthysrhlzsnowhqikoafevdtqcx
pkglvtugvlcfdowxzpwoj
vtlfgssirvdxbptwnyjcix
cqkfqpdlpsmwkiaetlxfg
kxcvqquipgmxigwnotwrjfer
smxfvyflnpmmeefitxnjuoafsjqb
csnyqdihzwyogtgupkogqova
cydlkntawxzybnecvkuwnjlswwn
chigprgyheozcvkhzsxerthol
2

Warning: E-mail viruses detected

[MailScanner]

Our virus detector has just been triggered by a message you sent:-
  To: [EMAIL PROTECTED]
  Subject: Re: Hello
  Date: Wed May 12 18:22:06 2004

One or more of the attachments (Nervous_illnesses.cpl) are on
the list of unacceptable attachments for this site and will not have
been delivered.

Consider renaming the files to avoid this constraint.

The virus detector said this about the message:
Report: MailScanner: Control panel items are often used to hide viruses 
(Nervous_illnesses.cpl)


-- 
MailScanner
Email Virus Scanner
www.mailscanner.info
MailScanner thanks transtec Computers for their support

Illuminating Blacked-Out Words

[R. A. Hettinga]

The New York Times

May 10, 2004

Illuminating Blacked-Out Words
By JOHN MARKOFF

European researchers at a security conference in Switzerland last week
demonstrated computer-based techniques that can identify blacked-out words
and phrases in confidential documents.

 The researchers showed their software at the conference, the Eurocrypt, by
analyzing a presidential briefing memorandum released in April to the
commission investigating the Sept. 11 attacks. After analyzing the
document, they said they had high confidence the word "Egyptian" had been
blacked out in a passage describing the source of an intelligence report
stating that Osama Bin Ladin was planning an attack in the United States.

The researchers, David Naccache, the director of an information security
lab for Gemplus S.A., a Luxembourg-based maker of banking and security
cards, and Claire Whelan, a computer science graduate student at Dublin
City University in Ireland, also applied the technique to a confidential
Defense Department memorandum on Iraqi military use of Hughes helicopters.

 They said that although the name of a country had been blacked out in that
memorandum, their software showed that it was highly likely the document
named South Korea as having helped the Iraqis.

 The challenge of identifying blacked-out words came to Mr. Naccache as he
watched television news on Easter weekend, he said in a telephone interview
last Friday.

"The pictures of the blacked-out words appeared on my screen, and it piqued
my interest as a cryptographer," he said. He then discussed possible
solutions to the problem with Ms. Whelan, whom he is supervising as a
graduate adviser, and she quickly designed a series of software programs to
use in analyzing the documents.

Although Mr. Naccache is the director of Gemplus, a large information
security laboratory, he said that the research was done independently from
his work there.

The technique he and Ms. Whelan developed involves first using a program to
realign the document, which had been placed on a copying machine at a
slight angle. They determined that the document had been tilted by about
half a degree.

By realigning the document it was possible to use another program Ms.
Whelan had written to determine that it had been formatted in the Arial
font. Next, they found the number of pixels that had been blacked out in
the sentence: "An Egyptian Islamic Jihad (EIJ) operative told an 
service at the same time that Bin Ladin was planning to exploit the
operative's access to the US to mount a terrorist strike." They then used a
computer to determine the pixel length of words in the dictionary when
written in the Arial font.

 The program rejected all of the words that were not within three pixels of
the length of the word that was probably under the blackened-out area in
the document.

The software then reduced the number of possible words to just 7 from 1,530
by using semantic guidelines, including the grammatical context. The
researchers selected the word "Egyptian" from the seven possible words,
rejecting "Ukrainian" and "Ugandan," because those countries would be less
likely to have such information.

After the presentation at Eurocrypt, the researchers discussed possible
measures that government agencies could take to make identifying
blacked-out words more difficult, Mr. Naccache said in the phone interview.
One possibility, he said, would be for agencies to use optical character
recognition technology to rescan documents and alter fonts.

 In January, the State Department required that its documents use a more
modern font, Times New Roman, instead of Courier, Mr. Naccache said.
Because Courier is a monospace font, in which all letters are of the same
width, it is harder to decipher with the computer technique. There is no
indication that the State Department knew that.

 Experts on the Freedom of Information Act said they feared the computer
technique might be used as an excuse by government agencies to release even
more restricted versions of documents.

 "They have exposed a technique that may now become less and less useful as
a result," said Steven Aftergood, a senior research analyst at the
Federation of American Scientists, of the research project. "We care
because there are all kinds of things withheld by government agencies
improperly."


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: We're jamming, we're jamming, we hope you like jammin too

[Thomas Shaddack]

> RFID jamming should be very easy and a quite amusing DoS attack
> on commercial targets.  Easy because its not frequency hopping, low
> power, and relatively low frequency.  Particularly cute would be
> transmitting sex-toy codes intermittently.

Considering the transmitting powers of the tags, an active battery-powered
transmitter with a suitable antenna could have rather long range. A small
circuit with a battery could be magnetically attached to a car of a
selected "victim" and switched on after a delay, resulting in a mobile
jamming platform. Parking lots in front of the stores, where there is
often a direct line of sight between the cash registers and the cars, are
especially suitable for this kind of attack.

> ASK any Elmer you happen to see,
> what's the best jamming, RFID..
> (With apologies to the tuna industry and those too young to
> know the jingle.  Or to know the RF double meanings.)

Interesting cultural reference that goes entirely above my head with a
cute swooshing sound.
Care to explain, please? :)



For personal defense, I came up with a similar, smaller-range and
lower-power idea:

-
Micropower RFID jammer
Very-low power passive/active jammer of passive RFID tags

Radiofrequency tags bring a wide variety of privacy-related concerns. A
semi-passive jammer may be an option to alleviate some of them.

The tags are powered from the electromagnetic field the reader irradiates
them with, then they transmit back on another frequency. The transmission
takes some time, I guess few milliseconds, and is detectable by a nearby
receiver.

The tags are made in two kinds: "plain", and more advanced
collision-resistant ones. The first kind transmits blindly whenever
powered, repeating its signature over and over, which causes two tags
within the field of one reader to jam each other, as their responses get
mixed together. The second, more expensive kind, uses algorithms to avoid
the situation when two tags transmit at the same time, overlapping their
responses and making them difficult to recognize; most often detecting
another tag transmitting, and then going silent for random amount of time.

This behavior makes it possible to design a micropower jammer. The device
shall listen on the frequencies both the readers and the tags transmit on.
When the tag read attempt is detected, the device owner may be alerted -
by a LED, a sound, a vibration. Then when the device detects the tag's
attempt to answer, it broadcasts pulses looking like the answer of another
tag, forcing a collision and a misread into every answer. The tiny power
required for occassional transmitting of few very short pulses makes the
device unlikely to cause other kinds of trouble, while additionaly making
it less easy to be detected if declared illegal than "continuous" jammers.

Re: who goes 1st problem

[Adam Back]

On Tue, May 11, 2004 at 09:10:35PM +, Jason Holt wrote:
> [...] issue [...] would be how you actually get your certs to the
> other guy.  Hidden credentials, as Ninghui pointed out, assume you
> have some means for creating the other guy's cert,
> [...]
> The OSBE paper, OTOH, assumes we're going to exchange our
> certificates, just without the CA signatures.  Then I can send you
> messages you can only read if you really do have a signature on that
> cert.

I think this is ok.  Would suggest you remove the nym field, have
one-use credentials (to avoid linkability across provers), and only
reveal separate nym cert after have satisfied policy.

> But I've always thought that was problematic, since why would honest
> people bother to connect then use fake certs?

Again ok.  You send either fake cert, or real cert for as many
attributes as the CA issues.  You may not even know what some of the
attributes that the CA issues are, all you know is the number of them.

You use and / or connectives between them (using k xor r, k; or r, r
respectively) but using OBSE algorithm (xor refers to improved HC
scheme by HC authors in http://eprint.iacr.org/2004/109/).

> The attacker doesn't need to see the signature - he believes you.
> So honest users would need to regularly give out fake certs so they
> can hide their legit behavior among the fake connects.

Yes, that works, but is defined required part of protocol; that way
optimal cover (within limits of partial policy concealment) is given
for sensitive attributes, policies etc.

> But maybe Robert's improved secret sharing scheme from the new HC paper can 
> give us some ideas:
> 
> 1. Alice sends blinded signatures for each of her relevant certs, not
> revealing which signature goes with each cert, and not revealing the cert
> contents.

Sounds same as above.

> 2. Bob generates the contents of each of Alice's certs relevant to
> his policy, and simply generates each possible combination of
> hash-of-cert-contents and blinded-signature.  One from each row will
> be a match-up between contents and signature, and Alice will have to
> figure out which.  Unfortunately, this requires n^2 multiplies and
> exponentiations.

That's true.  Think there is a trade-off between degree of
concealment, and amount of permutations prover has to try.  

You could perhaps define an ordering of attributes safely, followed by
dealing with unordered undeclared attributes.  


Other thought perhaps a FPGA like layout where all possible
connectives patterns are represented, might allow to specify arbitrary
boolean formulae with and / or connectives with full policy
concealment but less space and time efficient.


(Calling it prover is kind of odd I find when the prover convinces only
himselfhe satisfies policy by default and optionally chooses whether
to disclose that to verifier.  And "the prover" is the passive entity
receiving encrypted comms, which is back-to-front to usual
prover-verifier comms pattern.  Maybe sender and recipient is better.)

Adam

Re: [linux-elitists] Two on RFID from Politech: Hack the tech, & Gilmore's dystopia (fwd from dmarti@zgp.org)

[Eugen Leitl]

- Forwarded message from Don Marti <[EMAIL PROTECTED]> -

From: Don Marti <[EMAIL PROTECTED]>
Date: Mon, 10 May 2004 18:29:00 -0700
To: Linux Elitists <[EMAIL PROTECTED]>
Subject: Re: [linux-elitists] Two on RFID from Politech:  Hack the tech,
& Gilmore's dystopia
User-Agent: Mutt/1.5.5.1+cvs20040105i

begin Donnie Barnes quotation of Mon, May 10, 2004 at 08:24:19PM -0400:

> Of course, we can choose to not buy those tires.  At least until all 
> tires have them.

  In the TREAD Act of November 1, 2000, Congress
  required the National Highway Traffic Safety
  Administration (NHTSA) to develop a rule requiring
  all new motor vehicles to be equipped with a warning
  system to indicate to the operator when a tire is
  significantly underinflated.

  http://www-nrd.nhtsa.dot.gov/vrtc/ca/tpms.htm


  Each sensor had a unique digital identification
  code so that the particular tire with low pressure
  could be identified on the driver's display. The
  digital identification code also prevented signals
  from other vehicles' sensors from being analyzed
  by the TPMS.

  http://www-nrd.nhtsa.dot.gov/vrtc/ca/capubs/tpms.pdf

-- 
Don Marti
http://zgp.org/~dmarti  Learn Linux and free software 
[EMAIL PROTECTED]from the experts in California, USA 
  http://freedomtechnologycenter.org/
___
linux-elitists 
http://zgp.org/mailman/listinfo/linux-elitists

- End forwarded message -
-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgp0.pgp
Description: PGP signature