Tag Archives: security

Blog

The half-life of data: bug or feature?

2 Comments

privacyThe great paradox of electronic data must surely be that while the stuff we want to keep is considered frangible and at risk (think of the old programmer’s adage – “if your data doesn’t exist in three separate locations, it might as well not exist at all), the stuff we’d rather have disappear (that inebriated email to your ex-partner or lawyer, or that Facebook picture of you smoking crack on the steps of the town hall) has a tendency of hanging around out in “the cloud” long enough to embarass or incriminate. [image by rpongsaj]

The answer to the first problem is obviously to take multiple geographically-separated back-ups (and make a yearly sacrifice to Cthulhu for peace of mind); the latter is a bit more tricky, but a team at the University of Washington think they may have cracked it with a system named Vanish, which is designed to “give users control over the lifetime of personal data stored on the web or in the cloud. Specifically, all copies of Vanish encrypted data — even archived or cached copies — will become permanently unreadable at a specific time, without any action on the part of the user or any third party or centralized service.”

Sounds intriguing – so how does it work?

We created self-destructing data to try to address this problem. Our prototype system, called Vanish, shares some properties with existing encryption systems like PGP, but there are also some major differences. First, someone using Vanish to “encrypt/encapsulate” information, like an email, never learns the encryption key. Second, there is a pre-specified timeout associated with each encrypted/encapsulated messages. Prior to the timeout, anyone can read the encrypted/encapsulated message. After the timeout, no one can read that message, because the encryption key is lost due to a set of both natural and programmed processes. It is therefore impossible for anyone to decrypt/decapsulate that email after the timer expires.

[…]

we leverage an unusual storage media in a novel way: namely, global-scale peer-to-peer networks. Vanish creates a secret key to encrypt a user’s data item (such as an email), breaks the key into many pieces and then sprinkles the pieces across the P2P network. As machines constantly join and leave the P2P network, the pieces of the key gradually disappear. By the time the hacker or someone with a subpoena actually tries to obtain access to the message, the pieces of the key will have permanently disappeared.

It’s a clever idea, that’s for certain, and its application to sensitive emails makes a great deal of sense (though I’d want the low-down from Bruce Schneier before deploying it on anything that mattered). As far as Facebook messages are concerned, though, anyone stupid enough to post incriminating material about themselves or others on the biggest social network on the planet can be assumed to lack the gumption to avail themselves of encryption technologies like Vanish. Maybe it’s just because I spend a lot more time on the internet than is really healthy, but I can’t understand how it isn’t more widely acknowledged that the best way to keep something secret is to avoid talking about it in public spaces… [via BoingBoing]

Blog

Gaze-tracking software to keep your screen secret

row of computersSick of people shoulder-surfing while you use your computer? A new suite of gaze-tracking software could be just what you’re looking for – it authenticates you by the patterns of motion in your eyes on the screen, and shows garbled text to anyone other than you:

Chameleon uses gaze-tracking software and camera equipment to track an authorized reader’s eyes to show only that one person the correct text. After a 15-second calibration period in which the software essentially “learns” the viewer’s gaze patterns, anyone looking over that user’s shoulder sees dummy text that randomly and constantly changes.

To tap the broader consumer market, Anderson built a more consumer-friendly version called PrivateEye, which can work with a simple Webcam. The software blurs a user’s monitor when he or she turns away. It also detects other faces in the background, and a small video screen pops up to alert the user that someone is looking at the screen.

Crafty. If the system gets cheap enough, we’ll see internet cafes start to offer private browsing as their unique selling point… although if you’re worried about people seeing what you’re looking at, you probably shouldn’t be doing it in an internet cafe to start with. [via Bruce Schneier; image by Kevin Zollman]

Blog

Is there any truly secure personal identifier?

1 Comment

identity theft warning signIf there were any criminal elements unaware of the potential for brute-force guessing of United States Social Security numbers, we can be sure they know about it now, as the news is everywhere. Thankfully, it’s still not particularly easy to do and has a low success rate:

An SSN consists of nine digits, the first five of which are assigned by established criteria based in part on the zip code in which someone was born. Now Alessandro Acquisti and Ralph Gross of Carnegie Mellon University in Pittsburgh have shown that it is possible to predict the remaining four digits from someone’s birth date.

For 8.5 per cent people born between 1989 and 2003, the researchers were able to identify the complete SSN within less than 1000 attempts.

Obviously a rethink is required, as an SSN can be used to apply for credit cards – but what to replace it with? In this specific instance, preventing automated online credit card applications would be a wise move, incorporating the added bonus of making high-interest credit less easy to obtain on a whim. [image by TheTruthAbout]

But the SSN issue is symptomatic of the growing problem of identity theft. Are there any ID systems that can’t be hacked, spoofed, brute-forced or cloned? If not – and I rather suspect not – what do we do in situations where it’s necessary to conclusively confirm a person’s identity, especially in situations where the person isn’t present?

Perhaps some sort of localised bureau network would be of use, with every town having an office that could act as an identity clearing house for a multitude of different high-risk transactions, requiring the applicant or transactee to attend in person to confirm that they are who they claim to be. Sure, it’d add an extra layer of hassle to things like applying for credit cards, but that’s a small price to pay for a lower likelihood of having someone else apply for one in your name.

But then any national bureaucratic system will have the sort of baroque operational architecture that invites colonisation by corruption and good old fashioned human error… perhaps it would end up as a step sideways, or even backwards. Sounds like a problem for Bruce Schneier!

Perhaps it’s time to accept that in any large system where user convenience is increased, the risk of identity theft increases in proportion. But what will it take for us to give up quick credit and one-click ordering?

Blog

Conficker: the new warfare

Remember the quasi-Millennial panic about the Conficker worm back in April? It turned out to be nowhere near as nasty and damaging a threat as it had been painted, but it was still unique in a number of ways – most notably in its own methodologies, and in the way the security and computer industries pulled together to defend against it. New Scientist tells the story:

… frenzied headlines were proclaiming the impending meltdown of the internet. But 1 April passed without event. This was not a total surprise. After all, it was just the first date on which the worm’s URL strategy could change – it was still up to its creators to flick the virtual switch. To the outside, it looked like a gigantic April Fool.

And indeed it may have been. In fact, the whole URL business was probably a red herring: using a centralised URL to release a worm upgrade – even one as painstakingly concealed as Conficker’s – is not a particularly sensible approach. It gives the authorities a specific target to counter-attack. From the second version onwards, Conficker had come with a much more efficient option: peer-to-peer (P2P) communication. This technology, widely used to trade pirated copies of software and films, allows software to reach out and exchange signals with copies of itself.

It’s an interesting story – one with a remarkably movie-like plot, albeit devoid of the vest-wearing tough guy heroes and big CGI explosions that you’d need to script in to sell it to Hollywood…

But what’s worth noting is that this is a new form of warfare, a bloodless and almost entirely computer-based iteration of fourth-generation insurgency that relies on subterfuge and networking to achieve its aims, and demonstrates complex strategic thinking on the part of its instigators. It’s good to see that the expertise exists to combat it, but you have to wonder what would happen if something similar was targetted specifically at a nation-state like the US, whose military brass have demonstrated a poor understanding of the web’s flat battlefield.

You can’t deploy tanks against this sort of threat; the game has changed.

Blog

Smart surveillance doesn’t bother you with trivia

surreal surveillance warning signsWhat could be better than complete panopticon-level surveillance over everything you own? Well, surveillance that only bothers you with issues you really want to know about, and which doesn’t send you an SMS every time the neighbour’s cat rubs itself against the garage door, of course!

The main difference with the Archerfish system is that alerts you by text or video footage only when certain “events” occur, which you define. Alerts can be sent to your cell or similar mobile device, as an email or to a customised web portal.

Unlike more conventional systems, you don’t need to monitor video around-the-clock or trawl through footage or rely on motion alarms.

Using a combination of video cameras, intelligent software (Smartbox) and a custom web portal (SmartPortal), Archerfish watches your premises for “events”. They can be defined as person, vehicle, intelligent object motion or external sensor trigger. This means the system can tell the difference between a human being and inanimate object like a car passing the camera.

At the same time, if the camera is triggered by human movement, you can check to see whether it’s a family member, an intruder or a delivery. You can also check live video through the SmartPortal, as long as you have access to a PC or web-enabled device.

Well, that’s a doozy… provided that you’re willing to trust the software not to goof. And that you’re willing to upgrade the software regularly. And that you’re willing to believe that no one will ever find a way to futz the cameras, or hack the backline hardware via that web portal… but other than that, complete peace of mind! Ain’t technology wonderful? [image by Cory Doctorow]