Security – Page 43 – a sibilant intake of breath

Impersonate Germany’s interior minister

Wolfgang Schauble, Germany’s interior minister and a big fan of fingerprint-based security, is getting a personal experience with limitations in the technology. A German hacker group called Chaos Computer Club has gotten hold of his fingerprint and distributed 4,000 plastic copies along with issues of Die Datenschleuder magazine.

This highlights several major weaknesses in such technology. These include the fact that the readers can be manipulated: either physically or electronically. They also include the fact that a biometric token can never be revoked. Unlike locks and passwords, which can be replaced once they are known, a person’s fingerprints and retinal scans basically cannot be changed.

I have written about problems with biometric security before.

Green energy ‘war’

A new blog written by a former California energy commissioner chooses to discuss the fight against climate change as a ‘war.’ At one level, this reflects the silly American tendency to discuss non-military problems using military language: the War on Drugs, the War on Poverty, etc. At another, the choice reflects the serious disjoint between what most people have publicly accepted about climate change and what the problem really involves.

The public consensus seems to be: climate change is happening and it will have some bad effects. Technology and consumer choices will probably deal with it. Hybrids and fluorescent lights for all! Some of the big issues missed in this viewpoint are:

Stabilizing greenhouse gas concentrations is a massive undertaking. It requires deep cuts (50-95%) in emissions from all countries, rich and poor alike.
Time is of the essence. Stabilizing at an atmospheric concentration likely to avoid catastrophic impacts probably requires global emissions to peak within the next ten years and fall dramatically within the next forty.
Once concentrations are stabilized, continued effort and restraint will be required to maintain that. Human emissions will need to be kept in balance with natural absorption of carbon dioxide forever.
Abrupt or runaway climate change could completely undermine the basis for the global economy. Potentially, it could even make the planet uninhabitable for human beings for thousands or millions of years.

Referring to the situation as a war does have some potential benefits. People expect sacrifice and the suspension of normal ways of operating during wartime. The lower quality of light from fluorescent bulbs seems less significant when the future of humanity is at stake; the same goes for bans on short-haul flights or inefficient cars. At the same time, there are huge problems with the war analogy. Wars end. While it is possible that we will eventually have such excellent zero-emission technology that the world’s coal reserves and tropical forests will not tempt us, that seems a distant prospect.

What this underscores is the degree to which climate change is a challenge of an altogether new and different type for humanity. It’s one that our previous ideas about collective action, the ethics of an individual in society, and the cooperation of sovereign entities need to grow to accommodate. While the seriousness and focus sometimes applied to warfare will surely be required, the metaphor probably ultimately distorts more than it clarifies.

Rainbow tables

I have previously written about one-way hash functions and their importance for cryptography. Recapping briefly, hash functions take some data (a password, a picture, a file, etc) and pass it through a mathematical algorithm. This produces an output with two special features. First, it should be very difficult to find two pieces of data that produce the same output (collisions). Second, it should be very difficult to work backwards from the hashed version to the original. By ‘very difficult,’ I mean ‘challenging for a government with cryptoanalysts and millions of dollars worth of hardware.

Rainbow tables are a novel way of reversing hash functions. Basically, these consist of massive databases of hash and plaintext data. Rather than trying to calculate back from the hash you have to the password you want, you can use the hash in combination with the latter to get the password quite quickly. Since many applications and operating systems use hashed passwords to increase security, having access to rainbow tables could make them significantly easier to compromise.

This is just another example of how math-based security is constantly challenged by evolving technology and falling prices. Being able to afford enough storage for rainbow tables alters the security of hash functions generally. MC Frontalot definitely had it right when he argued that: “You can’t hide secrets from the future with math.”

PS. As with slugs, the best defence against rainbow tables probably consists of using salt.

Vozrozhdeniya Island

One disturbing consequence of the shrinking Aral Sea is that Vozrozhdeniya Island is now connected to the mainland. Between 1948 and 1991, the island was home to a secret Soviet biological weapons testing ground. Weaponized agents tested include anthrax, tularemia, brucellosis, the black plague, typhus, smallpox, and botulism. Animals on whom tests were conducted include horses, monkeys, sheep, donkeys, and rats.

The Aral Sea has essentially vanished because the Amu and Syr Rivers were redirected by the USSR to irrigate rice and cotton fields. Hopefully, the new connection between the disease island and the Kazakh and Uzbek coasts will not permit organisms to escape on rats or fleas, or criminal or terrorist groups to gain access to infectious materials.

In 2002, a team from the American Defense Threat Reduction Agency eliminated between 100 and 200 tonnes of anthrax, over a three month period.

Two perspectives on air power and insurgency

These two articles provide contrasting views on the use of air power by coalition forces in insurgency situations, such as those in Afghanistan and Iraq:

The first is much more personal, written by a woman who spent months living with soldiers in the Afghan valley where the campaign is ongoing. It does a good job of capturing the chaos and violence being endured by coalition soldiers, as well as the psychological toll of doing so. The second is more removed and – unsurprisingly – more straightforwardly critical.

Both do a good job of setting up questions about how to ethically, legally, and effectively use air power when fighting insurgent wars. At the end, it’s pretty clear that no unproblematically ‘good’ answers to them exist.

Adding Dennis the Menace to the crime bank

Apparently, Scotland Yard wants schools to collect DNA samples from five year old children who “exhibit behaviour indicating they may become criminals in later life.” While there are plenty of reasons for opposing the Orwellian scheme, the more interesting implication is that the police think they can anticipate criminality in adulthood on the basis of the behaviour of five year olds. If so, to what extent can we consider a predisposition towards criminal behaviour to be a manifestation of an individual’s choices? The premise behind our justice system is that people generally commit crimes as an act of will, and it is the wilful disobedience of law that is being punished. If the police believe that crime can largely predicted on the basis of problematic behaviour beginning in childhood, it calls into question the overall validity of our concept of what crime and criminals are.

The Art of Intrusion

I bought Kevin Mitnick‘s book largely out of nostalgia for elementary school days involving 2600 Magazine and a phone system that still used in-band signaling. While it does demonstrate that computer hacking skills don’t translate brilliantly into writing ability, it is a quick and interesting read for security-inclined nerds.

The lesson for the general public is that decent security is very hard to achieve; there are just too many avenues of attack. When dealing with something as complex as a corporate or government network, there will virtually always be some obscure forgotten modem, some employee who can be tricked, some wireless signal that can be intercepted. Faced by opponents with sufficient time, resources, and risk aversion, pretty much any network is likely to fail.

Of course, that doesn’t mean we should throw up our hands and ignore security. It remains possible to stop many breaches, to notice the ones that happen, to limit the damage they do, and to improve our chances of catching those who pulled them off. For those whose business it is to do such things, the Mitnick book may provoke a bit of new thinking. For interested amateurs, it provides a decent glimpse into the real character of computer hacking: an activity apparently more akin to patient, precise occupations like archeology than to fast-paced daredevil stunts like those in Hackers or The Matrix. Overall, Bruce Schneier is more interesting and a better writer, but Mitnick has a lot more focus on (and perhaps more access into) the blackhat community.

Oyster cards cracked

A while ago, I posted on how the Mifare RFID system had been reverse-engineered. Now, it seems that the Oyster Cards used in the London Underground have been cracked. Painstaking microscope work and a weakness in the encryption algorithm employed were enough to compromise the system – allowing cards to be cloned and arbitrarily modified. Given how fares for one-way trips run from £4.80 (C$9.58) for Zone 1 and 2, off peak, to £11.30 (C$22.55) for Zones 2 – 8 + Watford Junction at peak time, you can be sure that there will soon be a lucrative underground market in cloned cards and passes.

It goes to show how when you are deploying such an expensive and extensive system, you cannot trust the vendor to simply provide secure products. Robust external evaluation is necessary. Furthermore, you had better be sure to design the system such that a problem that does emerge can be contained and acceptable cost. Hopefully, that will prove true of the London system.

Helmets and driver psychology

Ian Walker, a researcher at the University of Bath, has uncovered an unfortunate tendency in human psychology. Drivers are more likely to hit cyclists who are wearing helmets. The hypothesis is that they compensate for the sight of a bare head by giving a wider berth when passing. On average, they gave a cyclist with a helmet 8.5cm (3.5″) less space. This was confirmed observationally by Walker himself, who used a sensor to evaluate 2,500 such incidents in Salisbury and Bristol. Motorists were most cautious around him when we wore a female wig and no helmet. Wearing the wig earned another 14cm (5.5″) of clearance, on average.

The study also found that larger vehicles are more likely to cut it close: “The average car passed 1.33 metres (4.4 feet) away from the bicycle, whereas the average truck got 19 centimetres (7.5 inches) closer and the average bus 23 centimetres (9 inches) closer.” That’s especially discouraging, given how the relative masses of a cyclist and a bus affect the dynamics of a possible colission.

A more comprehensive examination of the results (PDF) is available online.

The situation demonstrates the kind of game theory situation so common in safety and security. If you fall by the grace of your own actions, you are better off wearing a helmet. If a car actually does hit you, having a helmet is probably also a good idea. The degree of trade-off between reducing the probability of occurrence and mitigating the probable consequences is rarely easy to set effectively.

The take home lesson: there is a bit more reason to be wary of helmets, but cross-dressing could save your life.

Kosovo and Quebec

A recent (and very unscientific) poll in The Globe and Mail suggests that many Canadians see the Kosovar declaration of independence as a “precedent that could be used in Quebec.” Personally, I found the question ambiguous. If anything, the situation in Kosovo is a demonstration of why Quebecois succession is a poor option.

Since at least the end of the first world war, there has been a profound tension between civic and ethnic nationalism. At best, ethnically defined nationalism has been a means of peacefully dividing empires into groups of states that get along decently; at worst, it has been a significant cause of genocide and ethnic cleansing. Virtually all states have minorities. Many have minorities in border regions, alongside states where those people have a majority. Given the difficulty and bloodiness of adjusting national borders, it is generally preferable to maintain states capable of accommodating members of ethnic minorities as full and equal members of the society – a possibility only likely to be manifest when the society has some philosophical basis other than ethnicity.

Normally, then, we should hope for pluralistic states that base their legitimacy around popular consent. What Kosovo exemplifies is a case where this has not occurred: where a central government has undermined its legitimacy in an entire region (as Russia has done in Chechnya) and has thus made it impossible for that area to be a legitimate portion of the state. The Kosovar case shows just how far such abuse must generally go before it constitutes good cause to break up a civil federation. Quebecois grievances are not on the same level, and thus do not constitute a license for succession.