Monday, 3 October 2016

Is Quantum Computing The End of Public Key Encryption

I recently published a paper with Prof Bill Buchanan at Napier Edinburgh University on the treat posed by quantum computers to public key encryption.  We've tried to put the threat in context - whilst it might pose a threat to currently popular schemes there are solutions.

I also did a talk open to the public where we introduced the subject of quantum computing and Shor's algorithm, followed by a demonstration from Prof Buchanan of some of the post quantum schemes we feel are most likely to succeed.

There is a great of misunderstanding about quantum computing, not least that it is somehow a universal speed up (a "quantum leap") in computing in general.  As we explain in the paper, there is an inconvenient truth about quantum computing which means that it is spectacular at solving some problems, but it most assuredly is not a universally faster way of processing.

The subject is going to be of significant interest in coming years, and it was even addressed in this years Internet Organised Crime Threat Assessment from Europol (Appendix A).  If you are involved in cyber security (and likely to remain so over the next few years) it is a subject worth developing an understanding of.

Wednesday, 13 July 2016

A New Form Of Anonymity

I've talked before about how Tor can protect your anonymity on the Internet only if you use it in the right way. However, how users interact with Tor is not the only possible source of a loss of anonymity.  As far back as 2014 the Tor project was looking for "Bad Onions".

As Tor is a system run by volunteers it is possible for people to set up malicious relays.  It has been used by researchers trawling for hidden services but it has become clear that the numbers of "spoiled onions" is rather higher than might be explained by purely academic research.  Whether it's criminals or governments is irrelevant: what it shows is that Tor is potentially susceptible to people setting up malicious relays (including exit nodes) to unmask users.

Whilst the Tor project is taking steps to root out these spoilers it is also become apparent recently that Tor is vulnerable to attacks such as Sybil attack.  The Tor project are obviously aware and so not surprisingly they are looking into how all of these potential vulnerabilities can be countered to protect users anonymity.

Monday, 11 July 2016

Post Quantum Crypto Goes Mainstream?

Although people such as me have been talking about the threat to public key cryptography from quantum computers for years, and the alternatives that could be used, it seems that when Google announced that they were experimenting with a post quantum crypto scheme in Chrome it caught people's imagination.  Perhaps this marks the beginning of post quantum crypto entering the mainstream?

The scheme chosen by Google is the New Hope scheme.  It was proposed in a research paper relatively recently, although there have been two other papers that have appeared in conferences such as Crypto 2016 are also worth reading as they support the original work:
both of which I've covered before in this blog as I did for another paper which is important in this work Frodo: Take off the ring! Practical, Quantum-Secure Key Exchange from LWE

Friday, 8 July 2016

Is Malware Changing How It Hides Its Comms?

It might sound a bit obvious, but in order for malware to capitalise on its ill-gotten gains it has to communicate with its criminal masters. That very act of phoning home can give away the presence of the malware, and once you know its there you can trace where "home" is.  Not surprising then that malware developers began using encryption (often simple SSL) to obscure their communications amongst the mass of other data that flows on and off any networked system.

Encrypting malware communications has never been entirely successful as the data still presents patterns that can be singled out (more on this in some upcoming research we are due to publish).  We have seen attempts to determine how TLS is being used by malware already.  Plus organisation like SANS have provided advice for some time on how to spot subverted SSL/TLS traffic.  However, it does make it a great deal more difficult to spot and thence locate malware based on network traffic analysis.

Wednesday, 8 June 2016

Bulk Key Recovery on the Cloud

Cloud computing has many advantages so it's not surprising that it has become so popular with the even the biggest online services using cloud providers for their infrastructure.  However, many in security have pointed out that the "cloud" could perhaps also be termed "somebody else's computer", which immediately rings alarm bells from a security perspective.  Hidden in there is a fact that has been troubling researchers for some years: cloud computing means shared computing so you are using the same hardware as others running their systems.

Back in 2009 researchers began publishing work that seemed to show that it was possible for data to "leak" from one system to another when using shared hardware.  Papers such as these particularly highlighted the dangers of shared cache memory.  Side channel attacks were described in papers such as "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds" that showed just how data could be exfiltrated  from a system by an attacking systems that was co-resident on the same hardware. 

Monday, 23 May 2016

Physical Access To A System Matters For Security

At Christmas I wrote a piece for the BBC based upon Scott Culp's 10 immutable laws of computer security.  My assertion was that the laws are as valid today as they were all those years ago.  However, many have commented to me that  rule 3, which reads " If a bad guy has unrestricted physical access to your computer, it's not your computer anymore", is no longer true due to the use of encryption on disks.  I think recent research suggests my assertion is true.

I wrote recently about work that had been published showing how encryption keys could be recovered from laptops using relatively cheap antenna and standard equipment.  The technique works through walls no less. Then in the last week I've seen two other papers which are focussing down even further on side channel attacks based on various forms of differential analysis of physical characteristics one can measure in the circuitry of otherwise secure devices.

Monday, 16 May 2016

Preventing Selfish Mining In The Blockchain

The principle of the blockchain is that a "miner" is rewarded for being the first to solve a mathematical problem.  If you're new to Bitcoin I suggest you spend some time watching this video. One of problems with the principle is that it assumes everyone who solves the problem first, actually provides the block that they have in order to continue to build the blockchain.  If a node in the network acts "selfishly" (ie it withholds the block) it can delay transactions and/or waste computing power elsewhere in the network.  It has been an open question as to how one prevents this.

Simply delaying a transaction or making the network work harder wouldn't seem to be much of an attack but it matters for several reasons:

  1. The blockchain already has a relatively slow update frequency and so if it is to compete with other transaction systems it has to be sure of being as fast as it can be, and free from possible malicious slowing effects.
  2. The problem in the protocol is designed to become progressively harder to solve as time progresses so anything that adds to the computational power required in the network can only make it less economically for people to act as miners.
  3. If someone can disrupt your financial transaction engine, albeit just a delay, it will erode trust in the robustness of the system.

Wednesday, 11 May 2016

Is Bitcoin Vulnerable On Asynchornous Networks?

Forget all the hubbub about who Satoshi Nakamoto is in person(s), something much more interesting has come up this week: a possible attack on the principle behind the technology underlying Bitcoin.

Nakamoto's blockchain is intended to enable consensus to be reached in a permissionless setting.
Although anyone can join or leave the protocol, the protocol should prevent “sybil attacks”.  To do this it relies upon solving a computational puzzles: the so called proof of work.  However, the assumption behind proving that this is sufficient to prevent attacks has always been that the network on which it operates is synchronous, something that is not quite true in the real world.  Likewise possible attacks have typically made the same assumption, such as those analysed by Yonatan Sompolinsky and Aviv Zohar.

Not surprising then that I was interested when a paper was published entitled Analysis of the Blockchain Protocol in Asynchronous Network.  Thankfully for all the Bitcoin fans it shows a degree of robustness in networks with limited delays, but outside of certain bounds it also demonstrates a simple attack which shows that the proof of work needs to be made harder.

Monday, 9 May 2016

Post Quantum Crypto Scheme Demo Online

Following on from a number of post apocalyptic articles I'd read as to how quantum computers would spell the end of security on the web, I wrote back in March about how there are many candidates for public key encryption systems that appear to be resistant to quantum attacks, specifically Shor's algorithm.  One of the candidates I listed was from McEliece.

The original paper in 1978 was only two pages long:

Friday, 6 May 2016

Tor Hidden Services - A Minor Situation Update

This is a bit of a non-post but people have been asking so here goes.

I wrote a month ago about how the number of Tor's .onion sites seemed to have settled down following the extraordinary variations we saw in the previous month.  The point I made then was that although the number of .onion sites had stabilised, it was still 50% higher than just before the period of dramatic variations. I also made the point that the volume of traffic to these hidden sites had effectively halved despite the 50% increase in the number of sites.

 As expected when I wrote that previous blog, these figures have continued and the situation is indeed currently stable.  Here are the figures to prove it:

Thursday, 5 May 2016

Is Quantum Encryption Provably Secure

Much research is required on how you "prove" that quantum encryption schemes are secure.  Cryptographers have developed many ways of proving that new schemes are secure.  If you attend a cryptography course it won't be long before you are introduced to the concept of semantic security and the ubiquitous "game" where you an attack attempts to use plain text and cipher text to break the scheme.

Before proceeding it worth a very brief detour to clear up a common misunderstanding: the threat from quantum computers to public key encryption is not the same as quantum encryption.  For an introduction to early quantum encryption (quantum key distribution) you can start here.  Also "post quantum encryption" is simply those schemes being developed that are resistant to the threat posed by quantum computers.

The concept of semantic security first emerged in 1982.  It is a bit cumbersome which is why it was shown only two years later (by the same researchers) that semantic security was essentially the same as another concept called "ciphertext indistinguishability".  It is a simple but powerful concept where an attacker cannot distinguish between two separate ciphertexts to determine which contains each of two messages.  This is a much more intuitive means by which the adversary game can be run and it is considered a fundamental requirement if an encryption scheme is to be considered provably secure.

Friday, 22 April 2016

Cost Of Attacking Elliptic Curves Is Dropping

Field Programmable Gate Arrays (FPGA) are proving to be very useful in mounting attacks against modern cryptographic schemes. By allowing fast computation of discrete logarithms researchers have shown that elliptic curves are coming into range of vulnerability.

A paper now out in the public domain, has demonstrated how to accelerate these computations.  Entitled "Faster discrete logarithms on FPGAs" the acceleration was sufficient to be used in an attack against the SECG standard curve sect113r2.  But before you panic this was removed from the standard in 2010 although it was not disabled in OpenSSL until June 2015.  Although you shouldn't panic, neither should you relax, and you certainly shouldn't ignore this research.

Whilst this latest implementation has set a new record for various parts of the computation it is not necessarily that which will draw attention. What is important is the way they have been able to use fewer Look Up Tables (LUT).  This reduces the cost not just of this attack but also holds the promise of significantly reduced cost for mounting attacks against larger curves.

Wednesday, 20 April 2016

Is Artificial Intelligence The Answer Security Data Overload?

At last week's IEEE Conference on Big Data Security a paper was presented which may herald a new direction in dealing with the ever more complex cyber security landscape.  It shows how Artificial Intelligence could be used to spot cyber attacks.

The paper was entitled "AI2 : Training a big data machine to defend"

It starts from a position of recognising that you do need a human analyst in the loop.  However, it attempts to show how those charged with defending against the ever increasing volumes of attacks can avoid suffering information overload by using machine learning to spot those activities which need further investigation.

For those who don't want to read the paper there is a nice video to go with it:

Wednesday, 13 April 2016

OpenSSL Has A Chink To Be Aware Of

The accurate generation of random numbers (or more particularly pseudo random numbers) is central to much in computer security.  Problems with random number generation are often found to be the cause of vulnerabilities, usually because someone has taken a short cut or used a source that they consider to be random when it's not.  I was a little surprised to then see a paper that documents some problems with the random number generator (RNG) in OpenSSL.

OpenSSL is one of the most widely used libraries in computer security.  It has had some problems in the past (such as Heartbleed) which were not only major concerns because of the nature of the problem but also because OpenSSL is used in many systems, particularly embedded systems that are hard to update. It's free software and open source so people have used it because they felt it was great if you were building a system to a low price whilst offering apparent security through the visibility of the code.  Heartbleed taught everyone that open source does not equal scrutinised code.

The paper I read this week was entitled "An Analysis of OpenSSL’s Random Number Generator".  The analysis revealed some issues.

Tuesday, 12 April 2016

Who Is Tor Really For?

I have been trying to rationalise several apparently contradictory surveys of the "Dark Web" that have been published recently.  Some suggest the vast majority of Tor is being used for illicit purposes, others suggest a much smaller figure.  So what is the truth?

I wrote several weeks ago on research done by Kings College, London, which appeared to show that just over 50% of hidden services were being used for illicit purposes.  I wasn't surprised then to read a report from Intelliagg using the facilities from Darksum, which suggests that slightly less than 50% of such sites were involved in activities that would be considered illegal in the UK or US. Such a small variation in results could easily be a result of differences in definitions of illicit behaviour, those sites that were available during each survey, and so on.

The search engine used by Darksum does appear to be highly credible. I haven't had a chance to use it but it claims to use the same technology that DARPA used in their MEMEX programme, which was probably the best such search two years ago. I'm minded to take the results produced by this search as accurate.  However, there are a couple of caveats one needs to apply to the results, exactly as with the results from Kings College.

Saturday, 9 April 2016

No Honour Among Thieves (or Assassins)

The use of blockchain technology has increasingly focussed on uses other than cryptocurrencies.  One challenge being addressed is how do you deal with someone who you don't know, may never have met, and yet with whom you wish to exchange cryptocurrency for goods and services, especially as the transaction is ostensibly anonymous on both sides.  Well, the answer, many feel, is in the form of Smart Contracts, which can be supported by the blockchain itself.

However, as with so much in technology, smart contracts have a darker side.  A paper that popped up this week gives a very good summary and analysis of various scenarios in which smart contracts could be used between criminals.  The scenarios include everything up to an including hiring an assassin: how can you be sure that the assassin will do the job if you pay him or vice versa how can the assassin be sure of being paid if he kills the poor victim.

The paper, entitled "The Ring of Gyges: Investigating the Future of Criminal Smart Contracts" explores some ideas I had never thought of, but which are quite fascinating.  The types of criminal contract demonstrated in the paper are:

Friday, 8 April 2016

Tor Continues To Confound

Tor is, yet again, producing some data that seems to defy explanation.  Having talked a lot about how the number of unique .onion addresses has varied in recent weeks (and was apparently settling down) another metric has suddenly shown a dramatic change.  The amount of data being reported as using the hidden services has plummeted (and I use that word deliberately).




The immediate thought was that there had been another sudden drop in the number of unique .onion addresses and hence the "dark web" had contracted for some reason.  However, the data shows that the number of unique .onion sites remains stable as I was expecting when I wrote about the "new normal":

Friday, 1 April 2016

Even Old Assumptions Need Challenging

At the heart of modern cyber security is mathematics, and mathematics is a subject where formal proofs matter.  Many aspects of cyber security are asserted and find their way into common usage, but often formal proofs follow a long way behind, or are never actually produced.  Now, a formal proof of some security scheme does not guarantee that it is secure, but it does go along way towards doing so. 

One area in which I am particularly interested is anonymity based systems.  Most people think of Tor when the subject is raised.  However, anonymity is vital in a number of schemes.  One example is electronic voting where your vote must be cast in secret but, ideally, be verifiable.  A classic example is the Pret A Voter system.

Tor uses a method called “decryption mixes”, since layers of cipher text are shed as the onion makes its way to the receiver - just like a Russian Doll..  These (and how they apply to e-voting systems) have been studied a lot in recent years. However, there is another form called "re-encryption mixes" which has been incorporated in various systems but is less well studied.

Wednesday, 30 March 2016

Reports Of The Death Of CAPTCHAs May Be Premature

Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHAs) are not quite as dead as I'd thought.  In order to be immune to bots CAPTCHAs have become so difficult that I find it difficult to prove I'm a human with some of the images they ask me to identify.  I'd assumed that they were becoming so user unfriendly that they had effectively lost the battle in their fight with the bot armies.

However, a paper I've just been reading might have the answer. With the great title "No Bot Expects the Deep CAPTCHA!" it presents a new technique called DeepCAPTCHA which abandons the ever increasing amount of general adversarial noise being added to CAPTCHA images to introduce a concept called "immutable adversarial noise" (IAN).

We've known for some time the CAPTCHAs are vulnerable to automated systems.  I wrote about some work my colleagues had done on just this problem in various banking systems back in 2012.

Saturday, 26 March 2016

Was Met Police Chief Right?

Sir Bernard Hogan Howe, the current Commissioner of the Metropolitan Police in London, recently set the cat among the pigeons by putting more onus on the public to protect themselves from online bank fraud.  He said:

"If you are continually rewarded for bad behaviour you will probably continue to do it but if the obverse is true you might consider changing behaviour.

"The system is not incentivising you to protect yourself. If someone said to you, 'If you've not updated your software I will give you half
[of your money] back', you would do it."

Almost immediately he was rounded upon by various consumer groups, who typically branded his remarks as "spectacularly misjudged".

I might have put the point slightly differently (something more like "One is not necessarily incentivised to protect oneself against online bank fraud at present") but essentially I think he had a point.  I've written for several years on this subject, and at the risk of making myself deeply unpopular, I believe very strongly that everyone has a part to play: it is a joint effort.