Security – Page 45 – a sibilant intake of breath

Seed vault opening

A particularly tangible sort of insurance policy is being initiated today, with the opening of the Svalbard Global Seed Vault. The underground facility is intended to protect the genetic diversity of plant species, in recognition of the risk that other seeds could be destroyed by a worldwide disaster. Eventually, the vault is meant to contain 4.5 million seed samples, deposited by governments from around the world.

The vault is buried 120m inside a sandstone mountain selected for remoteness, persistent cold, and lack of tectonic activity. The selection of a site 130m above sea level ensures that, even if all the world’s ice melts, it will not be submerged. The seeds will be kept at a temperature of -20 to -30 degrees Celsius using electrical power. In the event of a failure of refrigeration, several weeks would elapse before temperatures rose to the -3 degree temperature of the surrounding rock. The packaging of the seeds – along with their natural durability – should make at least some viable for long periods of time, even in the absence of refrigeration.

The $9.1 million project was financed by the Global Crop Diversity Trust. While there is no particular reason to believe that the world’s 1400 or so other seed banks would be universally unable to survive something like a nuclear war or a comet or asteroid impact, $9.1 million is probably a sensible expenditure when so many potentially vital species are to be protected. Less sensational disasters are also being insured against: from the destruction of national seedbanks through conflicts or errors to administrative blunders or localized natural disasters.

An interactive tour of the facility is accessible online.

Recovering encryption keys from RAM

Most successful attacks against strong, well-designed encryption take the form of ‘side channel’ attacks: ones that aren’t based on breaking the strong cryptographic algorithm, but which are based or circumventing it or subverting it somehow. Common varieties include timing attacks, which examine the precise amounts of time cryptographic equipment or software takes to perform operations, and power monitoring attacks, which examine which parts of a piece of equipment are using energy when.

Researchers at Princeton have recently uncovered a potentially significant side-channel attack against whole-disk encryption systems like BitLocker (built into Windows Vista), FileVault (same for Mac OS X), and Truecrypt. The attack is based on analyzing the random access memory (RAM) of a computer system once it has been turned off. Despite the common perception that this clears the contents of the RAM, they have demonstrated that it is possible to use simple techniques and equipment to get a copy of what is inside: including the cryptographic keys upon which these programs depend:

We found that information in most computers’ RAMs will persist from several seconds to a minute even at room temperature. We also found a cheap and widely available product — “canned air” spray dusters — can be used to produce temperatures cold enough to make RAM contents last for a long time even when the memory chips are physically removed from the computer. The other components of our attack are easy to automate and require nothing more unusual than a laptop and an Ethernet cable, or a USB Flash drive. With only these supplies, someone could carry out our attacks against a target computer in a matter of minutes.

This is bad news for anyone relying on encryption to protect the contents of their laptop: whether they are a banker, a spy, a human rights campaigner in China, or a criminal. Other technologies exist to help foil whole-disk encryption systems when the attackers are lucky enough to find a computer that is turned on and logged in.

Researchers in the same organization have done some good work on electronic voting machines.

Robert Gates posturing on missile defence

Everybody has probably heard about how the United States shot down a supposedly dangerous satellite with a ship-based kinetic kill interceptor. Now, US Secretary of Defence Robert Gates is saying that this proves missile defence works. Of course, this is absurd. Satellites follow very predictable orbits. As such, it is pretty easy to hit them with missiles. Commanders won’t have that advantage when trying to shoot down the incoming missiles of their enemies: especially since those missiles will often employ physical or electronic countermeasures.

It is also worthwhile to consider what they would be saying if this test had failed: “Of course, downing an ailing satellite is completely different from missile defence! The fact that this test didn’t succeed in no way suggests that America’s $12.8 billion per year missile program is ineffective, nor that missile defence technologies aren’t worthy of billions more taxpayer dollars.”

It’s a good thing Canada never bought into the idea.

Wikileaks and whistleblowers

Wikileaks is a website that allows anonymous whistleblowers to disseminate sensitive or embarrassing documents online. These could be anything from evidence of corruption and bribery in government to corporate wrongdoings to secret military interrogation manuals. While the ability to publish anonymously does have potential for abuse, it is also a valuable public service. There are plenty of barriers that prevent people from becoming whistleblowers, even when there is massive evidence of wrongdoing. Having technological mechanisms to aid the process – and reduce the dangers of retribution – thus serves the public interest. Particularly in places where governments are undermining traditional forms of public and legal oversight, such as in the treatment of terrorist suspects, there is extra value in whatever sources of information remain accessible.

As of today, the site is suffering from a California court decision that required Dynadot – the domain name registry that associates the URL ‘Wikileaks.org’ with an IP address – to “prevent the domain name from resolving to the wikileaks.org Web site or any other Web site or server other than a blank park page until further notice.” This doesn’t make the site inaccessible, since the server can be accessed directly at http://88.80.13.160/, but it will prevent a good number of people from finding it. The ruling arose from proceedings involving Julius Baer – a Swiss bank that leaks have implicated in tax evasion and money laundering in the Cayman Islands. In addition to the DNS restriction, the site is apparently suffering from a denial of service attack, probably orchestrated by one or more organizations the site has embarrassed.

The final result of this will be an interesting development in the ongoing battle to control what kind of information can be distributed online, whether that can be done anonymously or not, and which jurisdictions are most accommodating towards such activities.

Richard Casement internship

The Economist’s Richard Casement internship is seeking applicants once again. The winner will spend three months this coming summer in London, writing about science and technology. They are most keen on people with a scientific background who are inclined to try their hand at journalism. The work environment would probably be incredibly stimulating, and the intern would likely make a lot of useful contacts. Partly because of that, they get a lot of applicants. Despite how the job offers only a “small stipend,” they got 220 applicants for the position last year.

I am not applying this year, though I encourage others to do so. The article I wrote last year, about the importance of hash functions, can be accessed online.

Comprehensive storage

Your average active computer user has more and more data. The first computer I effectively administered had 170 megabytes of hard disk space. Difficult choices had to be made about the relative merits of Doom versus Simcity. Now, just my primary email account has 1500 megabytes of data in it. I have 15 gigabytes worth of photos I have taken (all since 2005) and 20 gigabytes of music.

All this has been made possible by dramatically falling storage prices, combined with the spread of broadband internet. Soon, I expect that this combination will reach its logical conclusion. Right now, people are constrained by the size of their smallest hard drive, as well as by the difficulty of accessing larger remote drives. Eventually, I expect that most people will have a multi-terabyte disk connected to the internet at high speed and securely accessible from virtually any device in the world over the internet. The biggest question is whether this will be an ‘answering machine’ or a ‘voicemail’ solution.

The answering machine option is a big disk purchased by an individual consumer (perhaps a rack of disks, so that cheaper bigger ones can be added to the array as they become available). A company that made three things easy would have a license to print money. The first is integrated ease of use. iTunes music on the big disk should be immediately accessible from a person’s laptop or iPhone, provided they have internet access. The same should be true for saved television shows, photos, etc. The second is effortless backup. It is perfectly feasible to have a disk that is big enough to ensure that the failure of any one component does not lead to any loss of data. The third is security. The big disk should be secure enough against outside attack for use in storing commercially sensitive materials; likewise, the connection between outside devices and the disks should be secure. Probably, this means different levels of access for different sorts of devices, managed through a good user interface.

The voicemail option is to leave all the kit to someone else and just buy a service. Lots of companies are moving towards this model. In many ways, it’s a lot more efficient. Maintaining adequate but not excessive space for a million users is easier than doing the same thing for one; there are also economies of scale, since you can have specialists do all the technical work. The downsides of this model are mostly security related. You need to trust the service provider to keep your data safe. You also need to trust them not to apply arbitrary constraints on how you can use it, as Apple has sometimes done.

I predict that most people will use the second model exclusively, and will pay little or nothing to do so. More technically savvy people will run their own drives, but will probably use external services for (free) unencrypted or (subscription based) encrypted backup. Personally, I can’t wait. External hard drives have the feel of a 1980s solution, rather than one that is aware of the potential of the internet.

Seeking USB stick crypto

A piece of software that does the following would be very helpful to me:

Creates an encrypted archive on a USB key
Does so using a credible open-source algorithm, such as AES
Ideally, is open source and well scrutinized by competent members of the security community
This archive can be read using software on the key, on either a Mac OS X machine or a Windows XP box
The software that does the encryption and decryption does not require administrator priveleges to run.

Do any such utilities exist? TrueCrypt is cool, but requires an admin account. SanDisk’s CruzerLock is Windows only, and has a really awkward interface. The disk encryption feature of PGP cannot be run off a flash drive. The encrypted disk images created by Mac OS cannot be read using a Windows machine.

Responding to the violence in Kenya

Reading about the ongoing strife in Kenya is both worrisome and depressing. This is especially true if the lessons of Paul Collier’s The Bottom Billion are taken to heart. He highlights how a single period of instability can often initiate a pattern of recurring conflict, as well as how problems in one state can plague an entire region. Both risks seem to be acute in the Kenyan case, as democratic institutions and investor confidence are undermined and the trade and security prospects of landlocked neighbouring states like Uganda and Rwanda are threatened. The last thing Africa needs is another unstable neighbourhood, in addition to those around Sudan, Zimbabwe, and the DRC.

All the more reason for the African Union and other bodies to use their influence to convince Mwai Kibaki to change course. Ideally, the election that he rigged should be repeated under fair conditions, as monitored and enforced by representatives of the international community. The AU has been shamefully complacent in the face of abusive and corrupt regional governments, but it has an opportunity here to limit the scope of escalating violence and hopefully prevent the descent of the region into a conflict trap. For the sake of Kenya, the region, and the continent, other influential powers and organizations should support that effort.

Facebook and the expectation of privacy

Another privacy spat has erupted in relation to Facebook, the social networking site. It all began when the site began actively advertising everything you did you all of your friends: every time a photo was updated or a relationship status changed, everyone could see it by default, rather than having to go looking. After that, it emerged that Facebook was selling information to third parties. Now, it seems that the applications people can install are getting access to more of their information than is required for them to operate, allowing the writers of such applications to collect and sell information such as the stated hometown and sexual orientation of anyone using them.

Normally, I am in favour of mechanisms to protect privacy and sympathetic to the fact that technology makes that harder to achieve. Facebook, I think, is different. As with a personal site, everything being posted is being intentionally put into the public domain. Those who think they have privacy on Facebook are being deluded and those who act as though information posted there is private are being foolish. The company should be more open about both facts, but I think they are within their rights to sell the information they are collecting.

The best advice for Facebook users is to keep the information posted trivial, and maintain the awareness that whatever finds its way online is likely to remain in someone’s records forever.

[Update: 12 February 2008] Canada’s Privacy Comissioner has a blog. It might be interesting reading for people concerned with such matters.

Cut cables in the Middle East

Something strange is happening to undersea fiber optic cables in the Middle East: they are being cut. At least four, and possibly five, of the communications links have failed in the last twelve days. The first two were allegedly damaged by a ship’s anchor; subsequent failures are more mysterious. Serious disruptions are being experienced in Egypt and India, along with lesser problems in Bahrain, Bangladesh, Kuwait, the Maldives, Pakistan, Qatar, Saudi Arabia and the United Arab Emirates. The fifth cable cut seems to have disabled internet access in Iran.

It’s tempting to ascribe some nefarious motive to all of this. That said, it is sensible to recall how past hysterias proved unjustified. After much hoopla in the media, it turned out that the ‘cyberwar’ against Estonia was the work of a twenty year old subsequently fined $1,620 for his misdeeds.

The cable problems are being widely discussed:

[Update: 16 February 2008] According to The Economist, all this was just hysteria.