Saturday, August 28, 2010

The Blank Swan

There is  a new book, published in April, called The Blank Swan: The End of Probability. This is a clever title and the front photo is wonderful as well.


The book seems to be saying that financial market processes simply cannot be captured using the conventional notions of probability. The author writes in summary

The current crisis has led us to a conceptual impasse regarding the financial market. No prediction model can apply to the market …

Probability has to be discarded and a new category has to emerge instead, which will mediate contingency …

In fact, the market has nothing to do with Wall Street or with the investment banks. Market-making is a creative activity. The market is a category of thought that is independent of ideology. It replaces probability altogether and discarding the market, like the philosophers of the radical change claim we should do, is like discarding probability!

Not a very positive review from Reading the Markets, who found the book quite hard to read. There is some discussion on a Wilmott mailing list as well.

Searching an Encrypted Cloud

There is a post over at the Enterprise Search blog with some pointers to encrypted search, including my own overview. There is a link to a whitepaper from Seny Kamara and Kristin Lauter of the Microsoft Research Cryptography Group, proposing an architecture for a virtual private storage service which supports the following properties

  • confidentiality
  • integrity
  • non-repudiation
  • availability
  • reliability
  • efficient retrieval
  • data sharing

Cool A5/1 back-clocking graphic

Below is part of a graphic which depicts the A5/1 state space generated when checking if the correct key has been determined from a rainbow table lookup. Once a key candidate has been found using the rainbow tables, the A5/1 cipher needs to be advanced (forward clocked) and undone (back-clocked) to verify that the candidate key is correct.


The grey paths represent states that are not accessible through forward clocking, and the green paths have many ancestor states leading to the same key stream. Red paths have few ancestor states leading to the same key stream. The graphic is from the A5/1 rainbow table generation project led by Karsten Nohl.

Friday, August 27, 2010

GPU Judgement Day for short Passwords

Researchers from the Georgia Tech Research Institute have announced that the power of GPU processors now poses a real threat to password security, and by implication, to the security of critical IT infrastructure. Top of the line GPU devices now process at the rate of 2 Teraflops second, which is around 30% of the computing power the fastest computing cluster could muster 10 years ago for a price tag of over $100 million. Given that the main GPU manufacturers have made their devices programmable through standard C libraries, password cracking has become democratized.

The researchers state that 7 character passwords are now totally insecure against exhaustive attacks and recommend 12 characters, drawn from the full 94 printable keyboard characters. GPU processors can also be used to generate rainbow tables for offline password cracking, which was the approach taken recently by Karsten Knol to building rainbow table using CUDA nodes.

Of course, applying GPU devices to password creaking is not new, and Elcomsoft has made a name for itself using high-end gaming chips to recover and benchmark passwords. I am a little surprised that the researchers did not mention this. In any case, Elcomsoft has a great blog and you can find a good presentation on GPU password cracking here.

From my post The spin on passwords for AES

Adding spin to password-based computations is a workaround to the unpleasant fact that human habits and memory are vastly outmoded in today's IT environment. Everything is getting faster, better and cheaper - except us. Passwords remain the most toxic asset on the security balance sheet, but don't expect a bailout any time soon.

De-obfuscating the RC4 layer of Skype

Sean O'Neil, a security developer (or at least an amateur one), has posted code that is binary-compatible with an obfuscated version of RC4 that is used to protect Skype control traffic (user searches, profiles, contact lists). O’Neil says that the obfuscated version of RC4 is keyless and serves no useful security purpose, but its presence is intended to render Skype incompatible with other messaging clients, effectively making it a proprietary system. Even though Skype was intending to open its APIs to all desktop clients soon enough, O’Neil sees himself as buster of Skype’s 10 year monopoly.

The story is being widely reported in the press (see links below), and it is easy to assume that the general security of Skype has been compromised, especially when O’Neil’s own post carried the title Skype’s Biggest Secret Revealed. But the secret was disentangling the modified version of RC4 from Skype’s operation. User privacy remains protected since full strength versions of AES-256, RSA-1024 and RSA-2048 are used to encrypt session traffic. The code itself is surely obfuscated since the source is over 2800 lines of C, when 50 or so is enough to implement RC4.

The full implications of the discovery are still playing out, and whether losing their biggest secret poses a serious issue for Skype. O’Neil is promising to release more details at the Chaos Communication Conference in Berlin this December.

Enhanced by Zemanta

Thursday, August 26, 2010

Uno, dos, DDoS

Here is a Flash rendering of a FreeMind map I made from the excellent post Surviving Cyber War: A Primer on DDoS by Richard Stiennon, which appeared last November. The post traces the history of DDoS, looks at the people and technologies involved, and tells the story of the unlikely (then) 25-year-old hero Barrett Lyon.

Wednesday, August 25, 2010

IT Security Trends FreeMind map from 2008

I recently uploaded a large FreeMind map that I collected over 2008, in an effort to get a handle on the stream of security articles, reports and incidents taking place back then. In short there was a torrent and it remains much the same today. I think you might find the ad hoc classification of material useful, as well as the groups of sources.


Note that links to items from FIRST (Forum of Incident Response and Security Teams) are now broken since their once excellent news service has been discontinued.

All sources for my security and risk FreeMind maps are available here.

12 bits of default entropy for Speedport WPA routers

The H has reported that the default WPA key settings for the Speedport W 700V ADSL Wi-Fi routers are weak since at most 4096 guesses are required to recover the key. The key is mostly populated with a collection of fixed fields (for example keys always begin with the prefix "SP-") and other public information such as the MAC address of the router. The devices are apparently supported by all major German Telecoms, and presumably popular amongst the 26 million or so German households that have wireless. Of course the owners of the routers can change the default WPA key, but its a safe bet to assume that most people probably need to be reminded of this precaution. Germany's top criminal court recently made it illegal to offer wireless services that are not protected by a password, which is not a good sign that strong passwords are the norm.

How to reason about IT Security Risks

I have been meaning for some time to post a link to this wonderful paper from late 2007 on the top information security risks for the then coming year. The paper was a collaborative work from several groups of security professionals, led by Gary Hinson, keeper of the fantastic NoticeBored site of security awareness material. The paper is excellent in that it clearly separates threats, vulnerabilities and impacts, and then creates risks as scenarios from the interplay of these three collections, with controls coming as final recommendations. The whole approach just seems so clean and sensible, and demonstrates the distinctions amongst risk terms which sometimes get lost in our daily language.

Now added to my IT Risk collection on Scribd, thanks to Gary Hinson for removing the copyright protection.

Tuesday, August 24, 2010

Recent PhD Thesis on IT Risk Management

The 2008 PhD thesis of Domenico Salvati from the Laboratory for Safety Analysis at ETH, Zurich, on the Management of Information System Risks is available online. Salvati presents a structured approach to the IT risk management process which has some novel differences as compared to the more familiar frameworks. The thesis contains a long examples on computing the risk of a brute force password attack, and the risk of phishing attacks. The work has a very practical flavour as Salvati was sponsored by Credit Suisse for the thesis, as part of ZISC.


You can find a short bio on Domenico as part of the upcoming hashdays security and risk conference in Zurich.

Thursday, August 19, 2010

Evidence that the McEliece Cryptosystem is resistant to Quantum Computing Attacks

A paper was posted on the preprint server Physics arXiv showing that the McEliece public key cryptosystem is resistant to efficient quantum algorithms based on the ideas of Shor’s algorithm, which famously yielded an efficient method for factoring integers. From the abstract

Quantum computers can break the RSA and El Gamal public-key cryptosystems, since they can factor integers and extract discrete logarithms. If we believe that quantum computers will someday become a reality, we would like to have post-quantum cryptosystems which can be implemented today with classical computers, but which will remain secure even in the presence of quantum attacks. In this article we show that the McEliece cryptosystem over rational Goppa codes resists precisely the attacks to which the RSA and El Gamal cryptosystems are vulnerable---namely, those based on generating and measuring coset states.

Shor’s algorithm is a general method for computing the period of certain functions, and it can be applied to computing the orders of elements modulo a composite number for example (see my post Quantum Computing: are you Shor? for some details). Shor’s algorithm is not directly applicable to the McEliece cryptosystem since it is based on a hard problem from coding theory, and is not obviously solvable by computing periods of functions. The new paper seems to demonstrate that no connection will be found.

However the authors caution that there may be another quantum approach distinct from the principles of Shor’s algorithm that efficiently breaks the McEliece cryptosystem. On the other hand, there is a growing consensus that NP-complete problems do not have efficient quantum algorithms (see the diagram in this post), and the McEliece cryptosystem is based on an NP-hard problem (which means it is at least as hard as an NP-complete problem).

There is also a nice background post on the physics arXiv blog.

Enhanced by Zemanta

Tuesday, August 17, 2010

Password preferences of Spanish speakers

Imperva recently announced an update to their analysis of the 32 million passwords that were exposed by the RockYou site earlier this year. The update is concerned with a specific analysis of the spanish passwords included in the breach, of which there were just over 2 million. Imperva together with Spanish marketing firm Agua Marketing found the following breakdown of password preferences – note that almost half of the passwords are based on personal names.

imageThe full report in Spanish is here.

Sunday, August 15, 2010

Short cryptography lecture from Scott Aaronson

Here is a short cryptography lecture from Scott Aaronson, delivered as part of his Quantum Computing Since Democritus course given at the University of Waterloo, Fall 2006. The lecture gives a short text-based overview of crypto from mainly a complexity point of view, and discusses some of the implications of the “P = NP?” question for crypto.


Tuesday, August 3, 2010

Recent spike in reads of AES posts

Just a note to say that over the last few days there has been a jump in reads on a few of my AES posts, in particular for Are AES 256-bit keys too large? and AES-256 and Reputational Risk. I can't find any obvious reason why, however these posts do appear amongst the top google search results for "aes 256" or "aes-256".