[Cryptography] What do we know? (Was 'We cannot trust' ...)

ianG iang at iang.org
Fri Dec 20 03:48:15 EST 2013 

What do we know?

The most solid crypto fact I have seen is this:

     The CCP expects this Project to accomplish the following in FY 2013:

        ...
         (TS//SI//NF) Shape the worldwide commercial cryptography 
marketplace to make it more tractable to advanced cryptanalytic 
capabilities being developed by NSA/CSS. [CCP_00090]

more here: http://financialcryptography.com/mt/archives/001455.html


On 20/12/13 01:39 AM, Phillip Hallam-Baker wrote:
> On Wed, Dec 18, 2013 at 2:46 AM, ianG <iang at iang.org
> <mailto:iang at iang.org>> wrote:
>
>
>     Yep.  I think mine was grad level but I did it as undergrad.  And,
>     yes, we built a computer, and wrote a microcoded instruction set.  A
>     lot of fun.  I'll admit my knowledge is way out of date tho, this
>     was back in '83, the sophistication of what is now done in microcode
>     has way eclipsed my understanding.
>
>
> Some chips have microcode on microcode. The DEC Alpha even let the
> operating system write instructions into the microcode (this allowed the
> chip to emulate the VAX four ring security system).
>
> It would be difficult to smuggle code to bork the RNG into the
> microcode. But getting a backdoor in there that could allow the O/S to
> do the borking might be rather easier. In fact that is the only way that
> a mass manufactured chip could credibly bork a RNG whose design might be
> changed after the chip went to fab.
>
> It is a long time since I read an instruction set for a CPU and I
> suspect I am not alone in that. Auditing a system down to the bare metal
> would be a big challenge.

Yes, that, and...


>     As to whether the secret can be held, consider the story of DUAL_EC.
>     That was a secret that Snowden knew, a contractor.
>
>
> Do we know this?


this.  The combination of complexity (too much for audit) and secrecy 
makes for the perfect environment for intervention.  We don't know and 
we can't tell.

Do we know the intervened?  No.

We don't 'know' it ... but what does it mean to 'know' anything ???

There is the court definition of knowing something -- a witness can 
state (her) knowledge, and a court can declare its fact in a ruling. 
But plenty of people have gone to death row and been found exonerated on 
DNA evidence, so that standard of knowledge, whilst totally certain 
legally, is not what us scientists would accept as the truth.  Nor does 
the court handle 'knowledge' well when the state secrets card is played.

There is the scientific sense of knowing something -- easily repeatable 
experiments confirm a hypothesis which then becomes a 'law of science.' 
  But scientific method is a rather weakened tool in the face of 
byzantine behaviour.

There is the libel sense of knowledge.  And integrity.  When criticising 
someone, we are taught to stick to the truth, because that is a position 
of integrity.  Do unto others how you would have them do unto you, etc.

Nice, win-win, biblical even, but a person lacking integrity can use our 
own integrity against us, by forcing us to stick to our own standards.



The NSA has long left our standards -- it/they lied to everyone from 
congress down, under oath.

As they have done that -- left the standards of integrity that we would 
hold for ourselves -- then they have also defied our 'court' or fought 
our jurisdiction.  They can no longer be reliably held to our standards. 
  It's not a civilian disagreement any more, but a criminal prosecution, 
and we expect the perp to lie.



The upshot of this is not that we know more, but we have to develop new 
ways of determining "what we know."

Ironically, our best source of this is the intelligence community itself 
-- how do they "know" stuff about their spying victims?  They analyse, 
they cross-reference, they circulate position papers, etc.

We can also analyse, cross-reference, circulate ideas etc.

And it is that process that tells me that DUAL_EC was corrupted.  That's 
how I 'know.'

I'd love to know more, better, but I can only do what I can with the 
evidence available.  And I'm long since past the point where people who 
lie under oath can play the old trick of "you don't know that..."



> I thought that the evidence we had was an elliptic comment in a
> powerpoint slide that we have interpreted as being a smoking gun for the
> already suspect DUAL_EC_NRRNG (Not Really Random Number Generator)


We know more than that.  They stated they were the sole editor.  They 
claim the mission to subvert, as laid out very clearly in their goals 
(snippet above).  They have the capability, beyond ours.  There is 
sufficient information to show that there was a programme of convincing 
suppliers to prioritise in that direction.

In criminal conviction terms, they have the means, the motive and the 
opportunity.  They were placed on the scene, at the right time.

We might not get them on the full crime for lack of the smoking gun, but 
they'd likely go down for every lesser degree.


>     I draw from that, that a lot of people knew about the project.  I
>     also think that a certain amount of hubris affected the secrets
>     sharing of the NSA over the last decade, they have done things that
>     they promised would never come to light, and have been found out.
>       E.g., somewhere it was reported that they got authorisation from
>     Obama for Stuxnet on the promise that the secret would never come out.
>
>
> The code word is NOBUS 'Nobody But US'.
>
> But I have it on authority that Snowden has changed the calculation. The
> insider risk means that the risk of disclosure is now very high,
> possibly as high as 1.0. That means far fewer NOBUS plans can be approved.


So, their risk analysis has brought the likelihood of the threat of 
insider leakage from around 0.0 to around 1.0 ...

Now, it seems they have gone the wrong way.  Look at the numbers -- 
there are a million in the 'secret' programme, and under 10 
whistleblowers.  If they compartmentalised a bit better, they'd not have 
so much of an issue.  OK, long debate, and their debate not ours.


>     Consider also Olympic Games.  That secret must have been shared by
>     many hundreds, perhaps thousands, across multiple agencies &
>     countries.  Yet, the only way we found out was when the darn
>     furriners found the samples and decided to ask around what they were.
>
>
> And might not have found out at all if the Israelis had not relaunched
> STUXNET with their own payload, or at least that is one story that NSA
> sources have tried to push.


Masters at disinformation :)


> Talking of which, one of the more surprising disclosures is that the NSA
> handed raw intercept traffic to Israel. So does this mean that US
> political organizations that are opposed to the Likud party policies
> have been spied on by their own government and the intelligence passed
> to their political enemies?
>
> It certainly seems that the NSA didn't consider that possibility when
> they handed over the data.


Yes, it's interesting.  They have a formal alliance with 5-eyes.  They 
don't have that with other players, but they share with the major 
European agencies as well the Israelis.  So I wonder under what basis 
that is?

However I don't really wonder that much about foreign intel because it 
is controlled by their own suspicion.  Whereas they crossed the line 
that should never be crossed:

they shared the intel with domestic agencies, which means they are now 
into politics, policy, industrial espionage, the whole nightmare.

(And, yes we know that, and we know they taught the agencies to lie 
about it under oath.  Can we see the rot of corruption spreading?)


> It seems very likely to me that the NSA has been effectively intervening
> in domestic US politics and sabotaging the efforts of the Boycott,
> Sanctions and Disinvestment movement.
>
> What other political causes are they using their powers to tip the
> scales? Mexico is pretty unhappy with the lack of US gun control laws,
> is the NSA sharing raw intelligence with Mexico to help fight the war on
> drugs? Which other countries are in the 'swapsies' club.
>
>
> During the Reagan administration the CIA handed Saddam Hussein a list of
> the major opposition leaders who were promptly murdered. Handing over
> raw intelligence seems to me to be a way to achieve the same effect with
> more plausible deniability.


He was their man.  Until he wasn't.  With friends like that ...



iang

More information about the cryptography mailing list