[Cryptography] From Nicaragua to Snowden - why no national standards should be considered in cryptosec

Stephen Farrell stephen.farrell at cs.tcd.ie
Fri Feb 26 21:18:01 EST 2016



On 26/02/16 22:36, Ian G wrote:
> Long article on why IETF and similar bodies should *not* pander to
> national bodies in adopting encryption algorithms.

Ignoring the pejorative "pander," I'd love if the IETF could ignore
the sets of national algorithms that exist, but we can't. There are
people who are forced to implement them. Fighting for better crypto
by trying to deny the allocation of code points for such algorithms
isn't a good plan IMO as it'd be a losing plan and very expensive in
terms of effort, whilst losing the battle.

I think likely the best we can do is to annotate cipher code points
(e.g. in IANA registries) as being "desirable" or "other" and to
discourage everyone from implementing "other." If we can come up
with an acceptable but disparaging term for "other" that'd be great
("crap" has been suggested but might not be effective).

S.

> 
> 
> 
> http://www.bu.edu/jostl/files/2016/01/21.1_Tobias_Final_web.pdf
> 
> III. CHINESE WIRELESS TRANSMISSION STANDARDS AND THEIR COUNTERPARTS The
> standards with which this Note is concerned show the truth behind
> Smoot’s claim that the information technology industry “uses every kind
> of standardization process imaginable.”93 The three relevant Chinese
> standards are WLAN Authentication and Privacy Infrastructure (“WAPI”),
> Ultra HighThroughput WLAN & its counterpart Enhanced Ultra
> High-Throughput WLAN (“UHT/EUHT”), and ZUC – taken together, the
> Encryption Standards. The table below lays out basic information about
> the standards, their applications, and their foreign competition.
> 
> The first row of standards94 all pertain to WLAN systems, as is evident
> from the formal names of both WAPI and UHT.95 At its most basic, WLAN
> refers to a system of connecting two or more devices96 without the need
> for wires between them.97 As network connectivity has become an integral
> part of using a computer, wireless networks have grown in number and
> popularity.98 A wireless network allows quick and convenient access to a
> network. A common use of WLAN systems is to connect a laptop to an
> access point for the World Wide Web.99 WLAN can also be used to connect
> a small set of devices (such as a smart phone, laptop, tablet, video
> game console, and television set) into a home multi-media entertainment
> system.100 Instead of wires, WLAN uses radio frequencies to transmit
> data between connected devices.101
> 
> 802.11 is a set of internationally recognized standards that facilitate
> WLAN connectivity.102 The Institute of Electrical and Electronics
> Engineers (“IEEE”), a formal standards development organization based in
> New York City,103 created 802.11.104 IEEE continually modifies 802.11,
> incorporating new security and transmission techniques.105 In 1999, when
> 802.11a was approved by the International Organization for
> Standardization as a formal international standard, it had a maximum
> transfer rate of fifty-four megabits per second.106 The upcoming
> revision, 802.11ad, has a maximum transfer rate of seven gigabits per
> second – almost 130 times as fast.107 Users and businesses benefit from
> faster internet connections. Higher speeds make the Internet more
> economically viable as a business transmission medium, a field once
> dominated by man-carried or animal-carried letters.108 The added
> convenience of radio-enabled wireless networks raises significant
> security issues. Interception of or tampering with radio waves is
> “trivial to anyone with a radio.”109 By intercepting radio waves, an
> unauthorized person can effectively eavesdrop on the other parties, and
> for example, uncover a private password or Social Security Number
> transmitted over the network. An unauthorized person could also tamper
> with the signal and trick other devices into thinking his own system has
> authorization it does not actually have – and here, that person could
> enter private networks, such as a restricted intranet upon which a
> company stores its trade secrets or other private and sensitive
> information.110 Identity thieves often target unsecured wireless
> networks to steal identifying information.111 Early versions of 802.11
> used an encryption scheme known as Wired Equivalent Privacy (“WEP”).112
> WEP was intended to bring to wireless transmissions a level of security
> which would compete with more secure wired transmissions, and thus
> prevent eavesdropping on, and tampering with, private signals.113 Every
> transmission subject to WEP underwent a two-stage process of encryption
> at its point of origin, and the receiver would reverse the process to
> decrypt and access the information.114 The communicating parties shared
> a secret key upon which the entire process relied; without the proper
> key, the information could not be decrypted. 115 However, in 2001,
> researchers discovered significant security flaws in WEP’s encryption
> scheme.116 Thieves and other unauthorized persons could easily exploit
> these flaws to gain access to encrypted transmissions.117 After these
> discoveries, the IEEE 802.11 Task Group on Security “began significant
> changes to WEP” to plug the holes in security.118 These changes
> culminated in the Wi-Fi Protected Access scheme (“WPA”).119 In 2004, the
> IEEE integrated WPA into the 802.11 set of standards as 802.11i.120
> 
> The rift between WAPI and 802.11 revolves around the standards’
> respective handling of security. WAPI is an offshoot of the
> WEP-encrypted versions of 802.11, born of Chinese dissatisfaction with
> the security flaws in WEP.121 The Standardization Administration of
> China (“SAC”) “initially approved WAPI in May 2003 to become effective
> later in December of that year.”122 The core of WAPI is a redone
> security scheme. The Chinese claim that WAPI’s encryption rectifies the
> security deficiencies inherent in WEP.123 A “necessary secret encryption
> algorithm” controls WAPI’s security scheme.124 The Chinese state
> provides only a half-dozen Chinese companies with access to the
> algorithm.125 Any company seeking to integrate WAPI into its radio
> designs would thus have to negotiate with one of those six companies.
> Additionally, 802.11 and WAPI are mutually incompatible.126
> 
> During 2003 and 2004, the Chinese government planned to instate WAPI as
> a mandatory standard.127 By June 2004, all WLAN devices would be
> required to support WAPI.128 The United States government formally
> protested the mandatory standard.129 Perhaps more importantly,
> information technology giants Intel, Texas Instruments, and Broadcom
> promised to cease sales of any product affected by WAPI.130 Craig
> Barret, Intel CEO, personally visited Beijing in an attempt to resolve
> the crisis.131 Amid the tension, China agreed to “indefinitely postpone”
> government enforcement of mandatory compliance with WAPI during
> bilateral trade negotiations with the United States.132 However, the
> United States Trade Representative’s 2013 Report on Technical Barriers
> to Trade said that, as of 2011, “China’s Ministry of Industry and
> Information Technology (“MIIT”) remained unwilling to approve any
> Internetenabled mobile handsets or similar hand-held wireless devices
> unless the devices were WAPI-enabled.”133
> 
> The UHT/EUHT standards follow in much of the same vein as WAPI. UHT/
> EUHT are Chinese domestic alternatives to the internationally-accepted
> 802.11n standard.134 The Chinese claim that UHT/EUHT can coexist with
> 802.11.135 However, because UHT/EUHT both operate on the same frequency
> as their 802.11 counterparts, a device operating on one standard may
> cause considerable interference with the transmissions of a device
> operating on the other standard.136 A European information technology
> standards organization concluded that “adequate coexistence between
> UHT/EUHT standards based devices and devices based on standard 802.11 is
> not possible.”137 The United States Trade Representative has also
> expressed concerns about incompatibility between UHT/EUHT and 802.11.138
> 
>  4G LTE differs from the above standards in that it is designed for use
> in mobile smartphones, as opposed to use in laptops or other larger
> devices. 139 The 4G LTE set of standards is developed by the 3rd
> Generation Partnership Project (“3GPP”).140 Although 3GPP is an
> industry-specific standards organization, instead of a general formal
> standards organization like IEEE, 3GPP controls the 4G LTE standards and
> promulgates enhancements to the set, similar to the various iterations
> of 802.11x developed by IEEE.141 3GPP developed 4G LTE in part through
> recommendations from the Next Generation Mobile Networks initiative – of
> which China Mobile Communications Corporation is a member.142 With
> Sprint Corporation’s cessation of support for WiMAX in 2012, all
> American smartphone carriers now support 4G LTE standards
> exclusively.143 The market has thus established 4G LTE as a de facto
> hegemon.144
> 
> ZUC is an additional encryption system operating over the top of 4G
> LTE.145 The Data Assurance and Communication Security Center (“DCS”) of
> the Chinese Academy of Sciences is developing the standard, and held the
> first international workshop on ZUC in December 2010.146 In 2011, 3GPP
> approved ZUC as one of several voluntary encryption standards.147 In
> early 2012, China’s MIIT informally announced that networks and mobile
> devices operating on China’s TD-LTE standard must only use
> domestic-developed encryption algorithms, a set that includes ZUC.148 At
> subsequent bilateral negotiations between the US and China, China agreed
> not to mandate a specific encryption standard.149 The US Trade
> Representative is still closely monitoring ZUC developments.150
> 
> 
> 
> [Long snip on why the WTO is likely to conclude against USA and for
> China, citing US - Nicaragua as precedent, and /national security/ as
> the right of sovereigns to break markets.]
> 
> 
> 
> VII. CONCLUSION A WTO Panel, in a dispute over the Encryption Standards
> invoking Article XXI’s national security exception, is very likely to
> produce a dual ruling akin to the GATT Panel Report in US – Nicaragua:
> that China has breached its obligations, yet that breach is justified
> under Article XXI’s national security exception. Any ruling to the
> contrary would require the Panel to ignore the terms of reference set in
> US — Nicaragua and rule on the validity or motivation of China’s
> invocation of Article XXI. As national security goes to the core of a
> sovereign’s responsibility, the consequences of a new formal
> interpretation of Article XXI would be severe – and beyond the scope of
> this Note.
> 
> 
> 
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3840 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160227/7d50b52f/attachment.bin>


More information about the cryptography mailing list