Category: Security

Security is immunity from the will of others.

In Mortal Hands

Backhoe machinery detail

Stephanie Cooke’s In Mortal Hands: A Cautionary History of the Nuclear Age is a four hundred page account of the major problems with the global nuclear industry, both civilian and military. It argues that the costs associated with both nuclear weapons and nuclear energy have been hidden by self-interested governments and organizations, and that nuclear energy should not be part of our future energy mix, despite concerns about climate change and energy security. The book’s unceasingly critical position leaves one longing for a more comprehensive account, where arguments in favour of nuclear energy would at least be more comprehensively rebutted. Nonetheless, Cooke’s book does a good job of reminding the reader of the many special dangers associated with nuclear energy, and the risks associated with re-embracing it, due to our concerns about fossil fuels.

In Mortal Hands argues convincingly that most of the costs associated with nuclear energy are hidden, and not borne by the utilities that provide it or the people that use it. These costs include wastes, contaminated sites, decommissioning of plants and related facilities, risks of accident, nuclear proliferation, providing targets to enemies and terrorists, routine radioactive emissions, the redirection of capital and expertise from potentially more positive uses, and the further entrenching of secrecy and self-serving pro-nuclear entities within government and industry. Certainly, the issue of secrecy is an important one. Along with concealing costs and subsidies, it is demonstrated that the nuclear industry has misled policy-makers and the public about the risks associated with the technologies, timelines and costs associated with the emergence of new technologies like reprocessing and ‘breeder’ reactors, and the number and severity of nuclear accidents. The industry knows that another Chernobyl or Three Mile Island could undue their anticipated ‘renaissance,’ so they are arguably less likely than ever to disclose accurate information on dangers, or on incidents which do occur. Governments that authorize, encourage, and fund new nuclear facilities will be in a similar situation, in terms of the harm awareness of risks and accidents could do to them politically.

Cooke raises a number of important points about regulation, both nationally and internationally, and the conflicts that exist between commercial pressures to get reactors sold and keep them running and concerns about safety and proliferation. None of the big nuclear states has a good record on preventing sales to states secretly working on nuclear weapons. Lack of toughness on the part of international and national regulators is a major reason why countries like Israel, South Africa, and North Korea have been able to use the cover of civilian nuclear programs to get themselves nuclear weapons. Lack of rigour is also clearly evident in nuclear programs, in terms of making sure facilities have been built and operated properly, bombs are secure, and the massive contamination is avoided.

The book is arguably weakest in its discussion of technical matters, which are not discussed at great length or in a way that seems entirely credible and convincing. Opportunities to elaborate and justify claims made about technical matters are often missed, and the book includes at least a few claims that seem likely to be erroneous. For instance, Cooke misrepresents where most of the energy in a thermonuclear explosion comes from, and fails to point out that the START-II agreement never went into effect. More than a discussion about the physics and engineering of nuclear technology, this book focuses more on the regulatory, political, and economic aspects. While that might annoy those with more technical inclinations, it is probably the right approach for a volume with the ultimate intention of informing public policy choices about whether to use nuclear energy for electricity production.

Cooke’s response to the question of how the energy currently being provided by nuclear plants could be replaced is especially unsatisfying. Essentially, it is: “Wind energy is growing very quickly, and perhaps distributed microgeneration could be the solution.” Some consideration of scale, such as that provided by David MacKay, is essential here. Small wind turbines on the roofs of houses as not a viable alternative to gigawatts worth of reactors. At the very least, those who advocate using renewables in place of nuclear need to recognize the enormous scale of deployment that would require, and the various associated costs. While Cooke’s book does not provide a sufficiently broad-minded basis for reaching a final judgment on nuclear energy, it is a convenient antidote to some of the current industry messaging that new plants will be safe and cheap, proliferation isn’t much of a concern, and even Chernobyl wasn’t so bad.

Weak-willed non-proliferation

Raw Sugar Cafe, Ottawa

Stephanie Cooke’s book In Mortal Hands: A Cautionary History of the Nuclear Age make some interesting points about the proliferation of nuclear weapons. Among them, that short-term political and commercial calculations have often overridden concerns about providing dangerous technologies to states that might aspire to developing weapons. In many cases, the examples are not hypothetical; for instance, there was Canadian and American assistance in building the CIRUS reactor that fueled India’s first atomic bombs, and America apparently played an important role in encouraging uranium mining in North Korea.

Lest people think that such shenanigans are a matter for history only, Cooke suggests that up until very recently, India faced a squeeze between being able to use uranium for plutonium production and bomb manufacture, and decided to put bombs above energy needs. The recent American decision to provide fuel to India, despite their weapons tests and rejection of safeguards against future weapons production, seems to show that we are still living in a world where civilian nuclear energy can be effectively used as a cover to advance military programs.

[Update: 8 July 2009] One correction to the above, it was apparently the International Atomic Energy Agency (IAEA) that helped North Korea develop its uranium mining program, not the United States as I indicated above. Cooke’s book does a good job of explaining how the dual role of the IAEA as both a promoter of nuclear technology and an enforcer of safeguards reduces how effectively it plays the latter role.

Effective attack against Total Position Progression (TPP) master keys

A lot of businesses and institutions rely upon master key systems, in which most keys can only open one lock, but one key can open all of them. The latter sort of keys are usually held by security personnel, superintendents, etc. One common approach to achieving this with pin tumbler locks is to put two cuts in each pin stack, instead of the usual one. That allows several different possible keys to align the cuts along a shear line, allowing the lock to be opened.

A paper by Matt Blaze, from AT&T Labs – Research, describes a relatively simple attack that foils such master key systems, allowing anyone with an ordinary key, some blanks, and a file to copy the master key without ever seeing it. Basically, the approach is to start with the non-master key, then test each pin for another value that still produces a working key. Working through pin-by-pin, you can identify where the second break lies for each pin. From that, you can file or cut yourself a key that will open all the locks in the system. Using a bit of basic math, this process can be optimized and the number of blanks and key modifications required reduced.

It’s a neat attack for a number of reasons. It doesn’t require any exotic equipment or exceptional technical skill. Nor does it require breaking into anywhere, or compromising or tricking anyone. What it does do is provide a skilled attacker with a cheap means to render a much more expensive security system ineffective, requiring the replacement of all the master locks to correct for the failure (and not just with new master locks of the same kind, which would be vulnerable again). It is also neat insofar as it demonstrates what is effectively a mathematical attack against a physical system.

It is quite possible that this attack could allow somebody with legitimate access to one unit in a group (an office, a self-storage locker, a university residence room, etc) to gain access to all others, in a way that would be hard to detect and expensive to counteract.

Weaknesses in Wiegand

Mica Prazak under an umbrella

In the past, I have identified some problems with biometrics as an element in security systems. On the Wired website, there is a relatively old article describing an attack against electronic physical access control systems, developed by Zac Franken. It exploits the fact that the commonly used Wiegand protocol – used for communication between readers and access control databases – does not perform proper authentication between the access token, reader, and database system. As a consequence, if it is possible to gain physical access to the communication wires, an attacker can record a valid exchange between a real token and the database, then replicate it to grant themselves access. It doesn’t matter if the token is a keycard, a key, or a retinal scan.

The hardware required apparently costs around $10. In addition to allowing an unauthorized user to gain access, the system can also lock out all legitimate users once the attacker is inside.

What this exploit really demonstrates is how successful security requires that every element of a system be robust against exploitation. You could spend thousands of dollars on the best biometric scanners available, only to be foiled by a simple workaround of this type.

Contributing to Project Honeypot

Spammers are one of the most annoying natural enemies of the blogging community. They waste the time of site administrators who must install anti-spam systems and dig through suspicious comments to pick out real ones. They waste the time of users who are forced to jump through hoops like site registration and CAPCHAs.

One way to help fight spam is to participate in Project Honeypot. If you run a website, they will give you a script to add somewhere. Then, you add links to the script that robots will follow, but not people. This allows the project to catalogue the IP addresses of robots, as well as track the general spam problem globally. People who run websites but don’t control the hosting (for instance, people with blogs on Blogger.com or WordPress.com) can add ‘QuickLinks’ which serve a similar function.

Stop Spam Harvesters, Join Project Honey Pot

People running WordPress blogs can also use the http:BL WordPress Plugin to take advantage of Project Honeypot’s data and block spammers and harvesters of email addresses.

Setting up a honeypot only takes a couple of minutes, and gives the satisfaction of knowing you are helping to make the internet a slightly more civil place. In addition to running a honeypot and using the http:BL plugin, this site has a wiki protected with Bad Behaviour, a blog protected with Akismet, and spam defences built into .htaccess.

Obama’s speech in Cairo

President Obama’s speech on the United States and the Muslim world, delivered in Cairo, is worth watching:

It covers the history of Islam, the United States, and the Muslim world. It also covers Afghanistan, Iraq, the Israeli-Palestinian conflict, Iran, nuclear proliferation, democracy, religious freedom, the rights of women, and economic development. Many translations are available. Climate change was not directly mentioned, despite its considerable importance for both Muslims and Americans.

At the very least, the speech demonstrates the change in tone between this administration and the last one. Whether it is the start of something more meaningful, time will tell. Slate has some commentary: relatively positive and more negative.

Hashing with Wolfram Alpha

Separately, I have discussed both the Wolfram Alpha computational knowledge engine and the practice of hashing information. The fact that WA allows anyone to do so easily has relevance for things like making bets online, in situations where players want to conceal their guesses until everyone else has put theirs up.

Here is an example. Say you want to place bets on who will win the next Republican presidential primary. You don’t want those who post later to have the advantage of knowing what others have already posted, so you do the following:

  1. Choose a hash algorithm (MD5 should be fine, but SHA is more secure)
  2. Have each participant put their guess into WA. Say I think it will be Sarah Palin. I would enter: “SHA “I think the primary winner will be Sarah Palin, though I fear what she will do with the country” into Wolfram Alpha, and it would spit out something like “f7ca 4adf 11c7 5b56 f355 1635 5b50 2eca 5950 5349”
  3. Note that the supplementary text, in addition to the name, is vital. Otherwise, it would be trivially easy for the other players to check the hashes for likely guesses and learn what people have chosen. Incorporating a salt into the hashing algorithm would be ideal, but WA doesn’t seem to have that capability.
  4. Have each participant post the hash of their response, saving the exact text somewhere secure to them.
  5. When the outcome is known, those who guessed correctly can confirm that fact, by providing text that hashes into their original post.

A somewhat roundabout and nerdy solution to a relatively unimportant problem, perhaps, but it illustrates some of the ways hashes can be used to prove what you said earlier, without having the content of your earlier message immediately accessible – a general ability with many applications.

One more fact about salts: they are the most straightforward way to foil attacks using rainbow tables.

Deep packet inspection in Canada

The Office of the Privacy Commissioner has created a new website. In addition to the commissioner’s blog, there is now a website devoted to deep packet inspection, announced here.

Deep packet inspection is quite a profound modification of how the internet works. All information passed across the web goes through a number of machines. In the classic version of this arrangement, they just forward the information to the next link without giving it any consideration. With packet inspection, the datastream can be monitored by those intermediate machines, including the ones at a user’s internet service provider (ISP) between their computer and the rest of the internet. Given that the computers of your ISP see all your traffic, having them implement deep packet inspection raises some especially serious questions. That is especially true given that they may be vulnerable to attack by malicious actors, and may be willing to cooperate with requests from governments, even if those requests are illegal.

The technology could have good uses, like stopping viruses and worms. It could also have many malicious ones. Companies could use it to block competition, by making the internet discriminate against their existing rivals and new startups. It could also be used for data mining, eavesdropping, and censorship. Personally, I would prefer an internet without it, and I am glad to see that it’s something Canada’s official privacy official has been devoting a fair bit of attention towards.

Dark Sun

Government offices in Gatineau

The whole technical and chilling history of atomic weapons is reviewed in Richard Rhodes’ Dark Sun: The Making of the Hydrogen Bomb. Released in 1995, it is based substantially on documents that became available after the end of the Cold War, documenting the development of nuclear and thermonuclear bombs in the United States and Soviet Union, as well as delving into issues of international politics, espionage, and delivery systems.

Most people are likely to find some aspects of the book tedious, while others are fascinating. For instance, I noted all the descriptions of design details of nuclear and thermonuclear issues with interest, but found a lot of the minute descriptions of espionage activities tedious (especially descriptions of nearly every meeting between the atomic spies and their contacts). That said, the book will certainly offer good rewards to anyone with an interest in some aspect of nuclear weapons or the Cold War.

The last few pages really ought to be read by everyone. They document the shocking behaviour of Curtis LeMay and the Strategic Air Command (SAC) in the period prior to the Cuban Missile Crisis, as well as during it. At the time, LeMay and some of his commanders could use nuclear weapons without presidential authority; they were also obsessed with striking first, and generally convinced that war with Russia was inevitable. Perhaps the most shocking actions detailed are LeMay’s strategy of flying nuclear-capable bombers over targets like Vladivostok, in the Soviet Union. They were running drills and taking photos, but it looked to the Russians exactly like an atomic attack. I don’t think Rhodes is wrong to suggest that, had the Soviets done something similar in America, the SAC would have launched an all-out attack against them. Rhodes marshals compelling evidence that LeMay did, at times, seek to provoke a nuclear war through initiatives like these flights and the provocative American ballistic missile test undertaken during the Cuban Missile Crisis.

The book’s closing also laments the enormous amounts of sacrifice made to build up these massive, threatening stocks of weapons. The Oak Ridge and Hanford complexes, producing fissile materials, used more energy than the Tennessee Valley Authority, Hoover, Grand Coulee, and Bonneville dams could produce together. One year of expanding the facilities required 11% of US nickel production and 34% of the output of stainless steel. All told, Rhodes estimates that the arms race cost America over $4 trillion, which could have otherwise been put to productive uses. On the Soviet side, the story is far more appalling: with thousands of slaves being terrorized and irradiated in the drive to match the American weapons complex. The irony is that, while generals and arms manufacturers clamoured for ever-more warheads, politicians on both sides of the Iron Curtain had already come to understand that the weapons could never be used. Indeed, Rhodes’ account provides a nice counter-argument to the view that all politicians are short-sighted and lacking in wisdom.

All told, Rhodes’ account is an excellent one: historically rigorous, but alive to the human issues raised inevitably by the subject matter. It’s a book that is deeply relevant in a world where US-Russian tensions are growing, weapons are proliferating, and a terrifying number of bombs are still deployed on 15-minute hair-trigger alerts.

Building fission bombs

Octopus graffiti, with mustache and glasses

As recommended by a fellow attendee at the unofficial summer ‘grill thrill’ barbecues, I am currently reading Richard Rhodes’ Dark Sun: The Making of the Hydrogen Bomb. While the book can be detailed to the point of exhaustion sometimes, it does contain a lot of interesting information, on everything from atomic bomb design to the differences in governmental structure and operation in the United States and Soviet Union.

One thing the book has definitely done is diminish my concerns about terrorists building nuclear weapons. Even the ‘simple’ gun-type configuration uranium bomb is a lot more complicated that many of the diagrams and descriptions I have seen would make you believe. A plutonium implosion device is far more complex still. Getting from a sufficient quantity of fissile material to a working bomb is an extremely complex undertaking, requiring a lot of equipment and expertise. It also requires a lot of exotic materials and manufacturing processes. It is certainly easier now than it was for the Russians in 1949 (largely because more information is available), but the degree may not be as great as most people think. Because of espionnage, the Russians actually had the plans for the American bombs while they were building their own. Even under intense pressure from Stalin and Beria and with considerable resources (including access to industrial facilities and thousands of forced labourers), it took the Soviets four years to copy them. That makes it seem unlikely that terrorists without significant support from a state, access to industrial facilities, and high degrees of technical knowledge could emulate them.

Another interesting topic covered in the book is the hasty abandonment of Los Alamos at the end of the war. It would make interesting reading for those who saw the advent of atomic weapons as an immediate sea change in warfare. As it happened, there was apparently a long period after the war where no usable weapons were assembled and available, and the teams of people who would be required to make them so were dispersed around the United States, doing other things. The first bombs definitely weren’t designed with simplicity or shelf-life as a top priority. As a consequence, most of the deterrent effect of the bombs in the immediate post-war period was based around faulty information.

I will write a full review of the book when I have finished it.

[Update: 12 April 2010] My full review was online quite a while ago: Dark Sun: The Making of the Hydrogen Bomb.