Category: Security

Security is immunity from the will of others.

More security, less freedom

While we can all be very glad this alleged plot was foiled, the new rules on carry-on baggage are going to make travelling long distances by plane truly hellish. Without more information, it is impossible to evaluate how justified they are, but they certainly appear to be quite onerous. No water; no books, magazines, or newspapers; no portable electronics of any kind. Of course, either the restrictions or all duty-free shopping will eventually have to go.

It also seems that all EasyJet flights out of all London airports are cancelled. With my EasyJet flight to Dublin in six days, I wonder what is going to happen. They seem to be offering refunds on tickets. Maybe I should take it, then pay the cancellation fee from the hostel.

Such is the power of terrorism: even when we win, we lose.

[Update: 6:52pm] Both of my current roommates have had to re-schedule flights over this: one to Austria and one to Barcelona. It seems likely that another friend’s trip to Madrid will not be happening, and that yet another friend’s flight to Canada tomorrow will be boring and uncomfortable.

[Update: 11 August] Flights from London to Dublin are back on schedule, according to EasyJet. My friend also made it to Madrid today, after all.

Something to try over the weekend: cryptography by hand

For about three and a half hours tonight, I awaited essays from next month’s tutorial students in the MCR. Having exhausted what scaps of newspaper were available, I fell back to reading a copy of Dan Brown’s Da Vinci Code, abandoned by some departed grad student.

Two hundred and sixty pages in, and unlikely to proceed enormously further, I note somewhat pedantically that there have been no codes presented. At best, there have been a series of riddles. The book would be interesting for its historical asides, if I could consider them credible.

Rather than go on about that, I thought I would write an incredibly brief primer on how to actually encrypt a message:

Crypto by hand

In the next few paragraphs, I will show you how to use a simple cryptographic device called a transposition cipher. If you really want to learn it, follow along with a pen and paper. As ciphers go, it is very weak – but it is easy to understand and learn. For starters, we need a secret message. The following is hardly secret, but it will do for a demonstration:

“DAN BROWN IS A DUBIOUS HISTORIAN”

Next, we need an encryption key. For this type of cipher, we need two or more English words that do not use any letter more than once. It is quicker if they have the same number of letters, but I will use two with different numbers of letters to demonstrate the process:

“DUBLIN PINT”

Write the first word of the key onto a piece of paper, with a bit of space between each letter and plenty of space below:

“D U B L I N”

Now, add numbers above the letters, corresponding to their order in the alphabet:

“2 6 1 4 3 5
D U B L I N”

Now, add your message (hereafter called the plaintext) in a block under. If necessary, fill out the box with garble or the alphabet in order:

“2 6 1 4 3 5
D U B L I N
D A N B R O
W N I S A D
U B I O U S
H I S T O R
I A N A B C”

Note how each word of the first keyword now has a column of text underneath it. Starting with the first column in the alphabetical ordering (B, in this case) copy out the column, starting at the top, as a string of text. Make sure you understand what is happening here before you go on. The first column, read downwards is:

NIISN

Now, add to that string the other columns, read from top to bottom, in alphabetical order. You can leave spaces to make it easier to check:

NIISN DWUHI RAUOB BSOTA ODSRC ANBIA

Clearly, each column section should have the same number of letters in it. Make sure you’ve got the transcription right before going on. Note that the string above is the same letters as are in the original message, just jumbled. As such, this system isn’t smart to use for very short messages. People will realize fairly quickly that “MKLLINAIL” could mean “KILL MILAN.”

Moving right along…

Take the strong you generated a moment ago, and put it into a block just like the one you made with the first keyword, except with the second keyword. This time, if you need letters to fill out the rectangle, make sure to use the alphabet in order. You will need to remove the excess letters when working backwards to decrypt, so you may as well make it easier.

“3 1 2 4
P I N T
N I I S
N D W U
H I R A
U O B B
S O T A
O D S R
C A N B
I A A B”

Now we have the message even more jumbled. The final encryption step is simply to copy each column in that grid out, from top to bottom, in alphabetical order according to the second keyword:

IDIOODAA IWRBTSNA NNHUSOCI SUABARBB

Note: the shorter the key, the longer each column will be. The above string is your encrypted text (called cyphertext). This final version is a jumble of the letters in the original message. Remove the spaces to make it harder to work out how long the last keyword is. If you like, you can use that put that string through a grid with another word. Each time you do that, you make the message somewhat harder to crack, though it obviously takes longer to either encode or decode.

To pass on the message, you need to give someone both the cyphertext and the key. This should be done by separate means, because anyone who has both can work out what kind of cipher you used and break your code. The mechanisms of key exchange and key security are critical parts of designing cryptographic systems – the weakest components of which are rarely the algorithms used to encrypt and decrypt.

To decode it, just make grids based on your keywords and fill them in by reversing the transcription process described above. I am not going to go through it step by step, because it is exactly the same, only backwards.

If anyone finds out about the credibility of Mr. Brown’s historical credentials, it won’t be my fault.

One word of warning: this system will not keep your secrets secure from the CIA, Mossad, or even Audrey Tautou. This cipher is more about teaching the basics of cryptography. If you want something enormously more durable that can still be done by hand, have a look at the Vignere Cipher.

PS. It is rumored that this very blog may contain a tool that automates one form of Vignere encryption and decryption. Not that it is linked in the sidebar or anything…

[Update: 27 July] Those who think they have learned the above ciper can try decrypting the following message:

BNTAFREEHOOI-LTOSIRISOTWD-FTNWAOEYSOXT-ERASEAAAKGVE

The segment breaks should make it a bit easier. The key is:

SCOTLAND HIKE

Good luck, and please don’t post the plaintext as a comment. Let others who want to figure it out do so.

On password security

I was talking with Kelly today about passwords, and how they are a fundamentally weak form of security. Supposedly, we are all meant to have different passwords for every site, so that one database being compromised by an external hacker or malicious insider won’t lead to our email and other sites being at risk. Also, we are supposed to use long and complex passwords with case-changes, numbers, punctuation, etc. (Think ‘e4!Xy59NoI2’) Together, these two requirements far exceed the capability of most human beings.

The real solution is to back up passwords with something else, so that they don’t need to be so strong. This is called two-factor authentication, and it could include something like a smart card that people carry and slot into computers along with a password so as to authenticate themselves. This is already used in cars. Inside the key or newer cars is a little chip with a radio antenna. When you try to use the key to start the car, a radio message is broadcast by the car. The chip detects it, does a bit of thinking to generate a response that authenticates the key, and re-broadcasts it. Using both the physical profile of the key and the radio challenge-response authentication system, attacks based on picking locks or freezing and cracking the cylinder inside them can be circumvented. The system obviously isn’t impossible to foil, but it is substantially more difficult in relation to the additional cost.

In the computer context, such two-factor authentication could take other forms: for instance, a little card that listens to a series of tones from an external source (over the phone, or from a computer), passes them through an algorithm and emits a series of tones in response to authenticate. This is just doing with audio what a smart card does with electricity. Ideally, the second factor would be like a credit card, in that you could have it cancelled and re-issued in the event that it is lost or stolen, immediately disabling the missing unit.

Until such a system emerges, it seems sensible to have tiers of passwords. I have two really weak passwords for things that I sometimes share with close friends. Then, I have a password for low-risk sites where there is no real harm that can come from my account being compromised. Then, I have a cascade of ever-stronger passwords. Something like LiveJournal has a pretty strong password, because it would be a pain if somebody took it over. The general vulnerabilities of passwords are:

  1. Someone could guess it (either manually or with a brute force attack)
  2. Someone could watch you type it in
  3. Someone could install a hardware or software keystroke logger on a machine where you enter it
  4. Someone could break into a database that contains it, then try using it on other sites you use
  5. Someone could extract it from a program on your computer that stores them in an insecure way (like Windows screen-saver passwords, which can be learned using a simple program)

Most of these require physical access to a machine that you use. I would guess that the most common of these is number four. Given that most people use the same password for everything, some underhanded employee at your ISP or webmail provider could probably grab it pretty easily, as well as information on other sites you use. (Hashing algorithms are one way this risk can be mitigated, on the server side, but that’s a discussion for another day).

At the top level, there are things that demand a really strong password: for instance, webmaster control accounts or anything connected to money. For these, I use random alphanumeric strings of the maximum permitted length, never re-using one and changing them every month or so.

Obviously, I cannot remember these for several banks and websites. As such, I write them down and guard them. I am much better at guarding little bits of paper than at remembering random strings of data. I regularly carry around little bits of paper worth tens of Pounds, and little bits of plastic worth thousands of Pounds, if only until disabled. Indeed, I have been guarding bits of paper for well over a decade.

Lecture in the Taylorian

Graffiti near the Oxford CanalThe lecture today on Canada-US security and defence cooperation went well; it could even be a solid demonstration of the preferability of lecturing over research. I did talk overly quickly, burning through my forty-five minute presentation in just over half an hour, but the questions were good and I think I fielded them pretty well. The fear of going overtime can generate unwanted haste. I did manage to avoid a frequent error I’ve made in the past, namely that of getting lost in my own notes. It’s easier to avoid when you really know the material you’re covering, and the notes are for structure, rather than content.

A presentation on a topic like this is always a political act. On that basis, I think I struck the right note. I took the more truthful bits of the ‘staunch and eternal allies’ premise sometimes hammered upon by Canadian politicians under fire from the US and mixed it with some of the more essential elements of the ‘importance of legitimacy and international law’ scolding that with which we tend to fire back. All in all, I think it was reasonably balanced and candid. Wearing my NORAD pin – with Canadian and American flags on it – probably contributed positively to my ability to represent myself as someone who genuinely wants a friendly and constructive relationship between the two countries, and has considerable respect for both.

Lecturing itself was quite enjoyable, despite the associated anxiety. With a bit more practice and confidence, I think that I could get very good at this, indeed.

Privacy and power

Canada’s Privacy Commissioner has released an excellent report, highlighting some of the disturbing trends that he sees as ongoing. Rather than paraphrase, I will quote one of the best sections extensively:

It is my duty, in this Annual Report, to present a solemn and urgent warning to every Member of Parliament and Senator, and indeed to every Canadian:

The fundamental human right of privacy in Canada is under assault as never before. Unless the Government of Canada is quickly dissuaded from its present course by Parliamentary action and public insistence, we are on a path that may well lead to the permanent loss not only of privacy rights that we take for granted but also of important elements of freedom as we now know it.

We face this risk because of the implications, both individual and cumulative, of a series of initiatives that the Government has mounted or is actively moving toward. These initiatives are set against the backdrop of September 11, and anti-terrorism is their purported rationale. But the aspects that present the greatest threat to privacy either have nothing at all to do with anti-terrorism, or they present no credible promise of effectively enhancing security.

The Government is, quite simply, using September 11 as an excuse for new collections and uses of personal information about all of us Canadians that cannot be justified by the requirements of anti-terrorism and that, indeed, have no place in a free and democratic society.

I applaud both the Commissioner’s comments and his willingness to take such a firm and public stance. As I’ve said dozens of times now: terrorists are dangerous, but governments fundamentally much more so. They can cloak themselves in secrecy and are imbued with a level of power that permits them to do enormous harm, whether by accident or by design. Compared with the excesses and abuses committed by governments – Western democratic governments included – terrorism is a minor problem.

I recommend that all Canadians read the report in its entirety. I found the link via Bruce Schneier’s excellent security blog.

Media idiocy

One of the BBC top stories right now: “Mobile phone risk during storms.” I am not going to link it, because they don’t deserve traffic for publishing something so asinine. The crux of the article is that people who get struck by lightning while using a metal mobile phone are more likely to be injured than people just standing there. The article doesn’t indicate that your chances of getting struck by lightning while talking on the phone are any higher. Indeed, I would posit that you would be less likely to be standing around outside in a thunderstorm if you had your expensive and almost certainly non-waterproof mobile phone pressed against your ear. And whose mobile phone is made of metal anyhow?

According to scientist Paul Taylor: “I would treat a mobile phone as yet another piece of metal that people tend to carry on their persons like coins and rings.” Do they advise not wearing rings or carrying change during thunderstorms? Of course not. That would be absurd.

Sometimes, the enthusiasm of the media to scare people on the basis of incredibly improbable events is so frustrating I don’t know what to do. They would have you believe that strangers will poison your child’s Halloween candy (all known cases of poisoning by this route were committed by the parents of the child). Everything from shark attacks to terrorist incidents gets presented as far more common than they really are, in a world of six billion with a media likely to report every incident of each. A really brilliant essay by Jack Gordon on this kind of fear-mongering can be found here. The best paragraph reads:

It is fashionable to remark that America “lost its innocence” on September 11th. This is balderdash. Our innocence is too deep and intractable for that. The thing we’ve really lost doesn’t even deserve the name of bravery. We’ve lost the ability to come to grips with the simple fact that life is not a safe proposition—that life will kill us all by and by, regardless. And as a society, we’ve just about lost the sense that until life does kill us, there are values aside from brute longevity that can shape the way we choose to live.

This essay won a contest by Shell and The Economist on the topic “How much liberty should we trade for security.” It is well worth a look; it’s enormously more deserving, I would say, than the BBC article of comparable length. The basic point: we need to acknowledge the existence of risk and deal with it intelligently. We can never be perfectly safe, and we shouldn’t try to be. We can never do otherwise than balance risks against benefits.

Government and secrecy

With increasingly credible revelations about illegal surveillance within the United States, the general concern I’ve felt for years about the present administration is becoming progressively more acute. To be fiscally reckless and socially crusading is one thing. To authorize actions that blatantly violate international law (in the case of torture, rendition, and the indefinite detention of noncombatants) as well as domestic law (by disregarding constitutional safeguards and checks on power) an administration shifts from being simply unappealing to actually being criminal. You can’t just throw away the presumption of innocence and probable cause while maintaining the fiction that the foundational rules upon which a lawful society is based are not being discarded.

Perhaps the most worrisome of all the recent developments are the actions and statements being made against the press. I don’t know if there is any truth to the claim that the phones of ABC reporters are being tapped in hopes of identifying confidential sources, but the general argument that wide-ranging governmental activities must be kept secret for the sake of security is terrifying. If history and the examination of the contemporary world reveal anything, it is that protection from government is at least as important as protection from outside threats. As I wrote in the NASCA report (PDF):

Protection of the individual from unreasonable or arbitrary power – in the hands of government and its agents – is a crucial part of the individual security of all citizens in democratic states. While terrorists have shown themselves to be capable of causing enormous harm with modest resources, the very enormity state power means that it can do great harm through errors or by failing to create and maintain proper checks on authority.

Harm to citizens needn’t occur as the result of malice; the combination of intense secrecy and the inevitability of mistakes ensure that such harm will result. Anyone who doubts the capability of the American government and administration to make mistakes need only think of their own explanations for the Hurricane Katrina response, Abu Ghraib, weapons of mass destruction in Iraq, and all the rest.

Three of the NASCA report’s recommendations speak to the issue of secrecy and accountability specifically:

  • Security measures that are put in place should, wherever possible, require public justification and debate.
  • The perspective of security as a trade-off should be pro-actively presented to the public through outreach that emphasizes transparency.
  • With regards to domestic defence planning, military practice reliant upon secrecy should always be subsidiary to civil and legal oversight.

People both inside and outside the United States would be safer if such guidelines were followed. When even Fox News is opening articles with statements such as the one that follows, something has gone badly wrong.

The government has abruptly ended an inquiry into the warrantless eavesdropping program because the National Security Agency refused to grant Justice Department lawyers the necessary security clearance to probe the matter.

A legitimate government cannot operate under a general principle of secrecy. While there are certainly cases where secrecy serves a justifiable purpose – such as concealing the identity of the victim of some forms of crime, or the exact location of certain kinds of military facilities – a democratic government cannot retreat from accountability by its citizens by claiming that oversight creates vulnerability. The lack of oversight creates a much more worrisome vulnerability: worrisome for America, and worrisome for everyone who has faith in the fundamental values of democracy and justice upon which it is ostensibly founded.

NASCA and the BPG

As Fernando pointed out to me, the final report of the Bi-National Planning Group (PDF), with whom we met while on the NORAD trip, has specifically endorsed some recommendations from the report (PDF) that I wrote on behalf of our group.

[The fifth] BPG recommendation supports key recommendations identified by the North American Security Cooperation Assessment (NASCA): “The United States and Canada should increase the transparency of the process by which they engage in bi-lateral defence negotiations, policy development, and operations; This process should include a focus on public understanding and involvement; Projects undertaken by academic institutions, and other civilian research organizations should be supported, particularly as means of generating transparency in, and awareness about, the defence planning process.The NASCA report was prepared by members of the University of British Columbia (UBC) International Relations Students Association (IRSA) in 2005, and their observations were compiled by Milan Ilnyckyj-obtained from http://www.irsa.ca. (51)

It’s your classic self-interested academic appeal for more research to be done – especially by people like the person doing the suggesting – but it’s still good to be mentioned. I shall have to read the entirety of their report once we finish cleaning up the flat from the party last night.

Iran, international law, and the bomb

While reading about US Secretary of State Condoleezza Rice explaining why Iranian nuclear enrichment should be referred to the UN Security Council, I immediately began wondering why such enrichment is a breach of international law. The United States has signed the Nuclear Non-Proliferation Treaty (NPT), creating certain legal obligations, as has Iran. India, Pakistan, and Israel are non-signatory nuclear powers. For Iran to actually develop nuclear weapons would be a violation of the NPT, but the process of enrichment – even at an industrial scale that could produce enough uranium-235 for bomb making – does not seem to be, in and of itself. Indeed, the NPT explicitly affirms the right of members to develop civilian nuclear technologies, including uranium enrichment.

The much publicized announcement of Iranian enrichment of uranium was about material enriched to the level of about 3.5% uranium-235: the variety necessary for fission bombs. Such bombs require a much higher concentration of uranium-235, in the vicinity of 90%. Without guessing about the ultimate purpose of the program, the present enrichment activity seems to be in keeping with the requirements of nuclear power, rather than nuclear weapons.

When it comes to the United States and their obligations under the NPT, the present scorecard definitely doesn’t look so hot. The nuclear deal with India that President Bush approved and is now seeking Congressional approval for is one such violation, since it includes the provision of nuclear fuel to a state without appropriate controls in place. Likewise, the push to develop new kinds of nuclear weapons is a definite violation of the spirit – if not the precise letter – of the treaty, which stresses the obligation of states to seek disarmament and the reduction of nuclear arsenals.

Maybe it is in the strategic interests of America to stop Iran from developing nuclear weapons, but they shouldn’t try to cloak that as being an enforcement of international law when it is not. More broadly, the United States should realize that using the United Nations at the times where it seems plausible that it might serve their interests, while ignoring it otherwise, seriously diminishes the credibility of their supposed commitment to multilateralism and international law.

All that said, it is certainly possible that Iran is conducting nuclear research with an aim to developing nuclear weapons. If so, evidence of that breach needs to be presented in an open and verifiable way.

Attempt to spark discussion

Relatively good news this week: The American armed forces have said that they will close the infamous Abu Ghraib prison in Iraq. Of course, with Guantanamo Bay and less well known detention centres in operation, this may be more of an exercise in public relations management than a demonstration of a genuine commitment to human rights.

Relatively bad news: President Bush struck a nuclear deal with India, largely sweeping away the restrictions put in place following its testing of nuclear weapons. The deal is evidence that the period of condemnation following the development of nuclear weapons is relatively short and likely to be truncated for short-term political reasons. Also, like the failure to pursue the reduction of existing weapons stock and experimentation on new designs, the provision of nuclear materials to India violates America’s commitments under the Non-Proliferation Treaty.

South Dakota passed a law criminalizing all forms of abortion in which the life of the mother is not at risk. Through the inevitable series of court challenges, the issue will once again be presented to the Supreme Court, where a danger exists that the legally questionable but highly important precedent of Roe v. Wade will be overturned.

For no particularly good reason, the bid of DP World, a firm from the United Arab Emirates, to buy P&O Ports, owner of six major ports in the United States, has been withdrawn due to political opposition. The Dubai-based company would have been subject to the same security requirements as American firms. This outcome seems to be a reflection of the kind of generalized hostility towards the Muslim world that exists in the Western liberal democracies, despite the efforts of leaders to stress that their objection is to terrorism, not to Islam.