precedence: bulk Subject: RISKS DIGEST 19.80 RISKS-LIST: Risks-Forum Digest Wednesday 10 June 1998 Volume 19 : Issue 80 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at http://catless.ncl.ac.uk/Risks/19.80.html Contents: Ill-Litt-er-ate comment on U.S. cryptography policy? (Steve Crocker) 1998 "Risks of Key Recovery" report now available (Matt Blaze) Differential Power Analysis (Paul Kocher) SLAC hack attack (PGN) Pioneer is calling for the ROM upgrade of their old GPS systems (Chiaki Ishikawa) NJ motor vehicle department computer crash (David Wittenberg) Burglars foiled by cordless phone interception (Matthew Delaney) German high-speed train disaster (Martin Virtel) Update on German risks ... (Debora Weber-Wulff) Re: Local Geophysical Resonance (Geoff Speare) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 09 Jun 1998 09:29:52 -0400 From: Steve Crocker Subject: Ill-Litt-er-ate comment on U.S. cryptography policy? The 1998 Electronic Privacy Information Center (EPIC) Cryptography and Privacy Conference took place on 8 Jun 1998 in Washington D.C. It was an excellent program, but unfortunately the most memorable moment was a response from Principal Associate Deputy Attorney General Robert Litt. Litt appeared on a panel about US Encryption Policy. During the Q&A, he was asked about the National Research Council's report last year on cryptography policy, Cryptography's Role In Securing the Information Society ("CRISIS"). For those unfamiliar with the report, it's a monumental and thorough work. The committee included a former deputy Secretary of State (Kenneth W. Dam), a former deputy commander in chief of the European command in Germany (W.Y. Smith), a former deputy director of NSA (Ann Caracristi), a former Attorney General (Benjamin Civiletti). 13 of the 16 committee members had full security clearances and received the much touted behind the scenes briefings from the intelligence community. They concluded "debate over the national cryptographic policy can be carried out in a reasonable manner on an unclassified basis." Nonetheless, Litt responded that it was written before he came on board and therefore he didn't feel obliged to read it. The audience gasped. Undersecretary of Commerce for Export Administration, William Reinsch, sitting with him on the panel looked disgusted. Jim Bidzos, president of RSA, later quipped it was "a gaff of EPIC proportions." The hallway talk the rest of the day reflected shock at the combination of naivete and arrogance that continues to pervade the Administration. Steve Crocker, CyberCash, Inc., 2100 Reston Parkway, Reston, VA 20191 +1 703 716 5214 (Main number +1 703 620 4200) crocker@cybercash.com [Note: There was no Subject: line on Steve's message as received. The one above was added by the moderator, after checking with Webster. PGN] ------------------------------ Date: Wed, 10 Jun 1998 08:28:56 -0400 From: Matt Blaze Subject: 1998 "Risks of Key Recovery" report now available In May of last year, a group of 11 cryptographers and computer security researchers released a technical study of the risks, costs, and complexities of deploying so-called "key-recovery" systems proposed by the U.S. and other governments. The report, entitled "The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption", concluded that building a secure, economical key-recovery infrastructure of the kind required would be "beyond the current competency of the field." In the year since the report was first issued, there has been a great deal of government, industry, and research activity toward designing, prototyping, and building key-recovery systems to meet government or commercial requirements. We have revisited our study to take into account the latest work on key recovery and have issued an updated study. The report, published by the Center for Democracy and Technology, was released at the 1998 EPIC Cryptography Conference in Washington DC on June 8th. The 1998 edition of "The Risks of Key Recovery" report is now available on the web at: From the report's preface: One year after the 1997 publication of the first edition of this report, its essential finding remains unchanged and substantively unchallenged: The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs. These risks and costs may not be appropriate for many applications of encryption, and they must be more fully addressed as governments consider policies that would encourage ubiquitous key recovery. The reports authors include Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, and Bruce Schneier. ------------------------------ Date: Tue, 09 Jun 1998 20:33:25 -0700 From: Paul Kocher Subject: Differential Power Analysis Information is now available online about three related attacks we have developed at Cryptography Research: Simple Power Analysis, Differential Power Analysis, and High-Order Differential Power Analysis. The basic idea of the attacks is that the power consumption of a device (such as a smartcard) is statistically correlated to the operations it performs. By monitoring the power usage (or electromagnetic radiation, etc.) during cryptographic operations, it is possible to obtain information correlated to the keys. The collected data is then analyzed to actually find the keys. The three attacks use increasingly sophisticated analysis methods. We have implemented these attacks against a large number of smartcards, and at this point do not believe that any cryptographic smartcards on the market are immune to these analysis techniques. There is now an initial summary on Differential Power Analysis on our web page at http://www.cryptography.com/dpa, and more information will be put on the website as it becomes available. A condensed text version is also attached below. Paul Kocher INTRODUCTION TO DIFFERENTIAL POWER ANALYSIS Paul Kocher, Joshua Jaffe, Ben Jun, Cryptography Research Introduction: Power Variation Integrated circuits are built out of individual transistors, which act as voltage-controlled switches. Current flows across the transistor substrate when charge is applied to (or removed from) the gate. This current then delivers charge to the gates of other transistors, interconnect wires, and other circuit loads. The motion of electric charge consumes power and produces electromagnetic radiation, both of which are externally detectable. Therefore, individual transistors produce externally observable electrical behavior. Because microprocessor logic units exhibit regular transistor switching patterns, it is possible to easily identify macro-characteristics (such as microprocessor activity) by the simple monitoring of power consumption. DPA type attacks perform more sophisticated interpretations of this data. Simple Power Analysis (SPA) In SPA attacks, an attacker directly observes a system's power consumption. The amount of power consumed varies depending on the microprocessor instruction performed. Large features such as DES rounds, RSA operations, etc. may be identified, since the operations performed by the microprocessor vary significantly during different parts of these operations. At higher magnification, individual instructions can be differentiated. SPA analysis can, for example, be used to break RSA implementations by revealing differences between multiplication and squaring operations. Similarly, many DES implementations have visible differences within permutations and shifts (e.g., the PC1 permutation or rotates of the C and D registers), and can thus be broken using SPA. While Cryptography Research found many smartcards to be vulnerable to SPA analysis, it is not particularly difficult to build SPA-resistant devices. The figure [see web site] shows SPA monitoring from a single DES operation performed by a typical smartcard. The upper trace shows the entire encryption operation, including the initial permutation, the 16 DES rounds, and the final permutation. The lower trace is a detailed view of the second and third rounds. Differential Power Analysis (DPA) DPA is a much more powerful attack than SPA, and is much more difficult to prevent. While SPA attacks use primarily visual inspection to identify relevant power fluctuations, DPA attacks use statistical analysis and error correction techniques to extract information correlated to secret keys. Implementation of a DPA attack involves two phases: Data collection and data analysis. Data collection for DPA may be performed as described previously by sampling a device's power consumption during cryptographic operations as a function of time. For DPA, a number of cryptographic operations using the target key are observed. The following steps provide an example of a DPA attack process for technical readers. (More detailed information will follow in the near future.) The following explanation presumes a detailed knowledge of the DES algorithm. 1. Make power consumption measurements of the last few rounds of 1000 DES operations. Each sample set consists of 100000 data points. The data collected can be represented as a two- dimensional array S[0...999][0...99999], where the first index is the operation number and the second index is the sample. For this example, the attacker is also assumed to have the encrypted ciphertexts, C[0...999]. 2. The attacker next chooses a key-dependent selection function D. In this case, the selection function would have the form D(Ki,C), where Ki is some key information and C is a ciphertext. For the example, the attacker's goal will be to find the 6 bits of the DES key that are provided as the input to the DES S box 4, so Ki is a 6-bit input. The result of D(Ki,C) would be obtained by performing the DES initial permutation (IP) on C to obtain R and L, performing the E expansion on R, extracting the 6-bit input to S4, XORing with Ki, and using the XOR result as the input to the standard DES S4 lookup operation. A target bit (for example, the most significant bit) of the S result is selected. The P permutation is applied to the bit. The result of the D(Ki,C) function is set to 0 if the single-bit P permutation result and the corresponding bit in L are equal, and otherwise D(Ki,C) yields 1. 3. A differential average trace T[0...63][0...99999] is constructed from the data set S using the results of the function D. In particular: [See web site for formula] 4. The attacker knows that there is one correct value for Ki; other values are incorrect. The attack goal is to identify the correct value. In the trace T[i][0...99999] where i=Ki, D(i,C[k]) for any k will equal the value of the target bit in L of the DES operation before the DES F function result was XORed. When the target device performed the DES operations, this bit value was stored in registers, manipulated in logic units, etc. -- yielding detectable power consumption differences. Thus, for the portions of the trace T[i=Ki] where that bit was present and/or manipulated, the sample set T[i] will show power consumption biases. However, for samples T[i != Ki], the value of D(i,C[k]) will not correspond to any operation actually computed by the target device. As a result, the trace T[i] will not be correlated to anything actually performed, and will average to zero. (Actually, T[i != Ki] will show small fluctuations due to noise and error that is not statistically filtered out, and due to biases resulting from statistical properties of the S tables. However, the largest biases will correspond to the correct value of Ki.) 5. The steps above are then repeated for the remaining S boxes to find the 48 key bits for the last round. The attack can then be repeated to find the previous round's subkey (or the remaining 8 bits can be found using a quick search.) While the effects of a single transistor switching would be normally be impossible to identify from direct observations of a device's power consumption, the statistical operations used in DPA are able to reliably identify extraordinarily small differences in power consumption. The figure below [see Web site] is a DPA trace from a typical smartcard, showing the power consumption differences from selecting one input bit to a DES encryption function used as a random number generator. (The function of D was chosen to equal the value of plaintext bit 5.) The input initial permutation places this bit as part of the R register, affecting the first-round F function computation and results. Round 2 effects (due to the use of counter mode) are also strong. The trace was produced using 1000 measurements, although the signals would be discernible with far fewer. High-Order Differential Power Analysis (HO-DPA) While the DPA techniques described above analyze information across a single event between samples, high-order DPA may be used to correlate information between multiple cryptographic suboperations. Naive attempts to address DPA attacks can introduce or miss vulnerabilities to HO-DPA attacks. In a high-order DPA attack, signals collected from multiple sources, signals collected using different measuring techniques, and signals with different temporal offsets are combined during application of DPA techniques. Additionally, more general differential functions (D) may be applied. More advanced signal processing functions may also be applied. The basic HO-DPA processing function is thus a more general form of the of the standard DPA function. Today HO-DPA are primarily of interest to system implementers and researchers, since no actual systems are known that are vulnerable to HO-DPA that are not also vulnerable to DPA. However, DPA countermeasures must also address HO-DPA attacks to be effective. Solving the Problems Cryptography Research has undertaken a substantial development effort to understand hardware security issues and their countermeasures. Cryptography Research has pending patents directed to the technologies and techniques below. DPA and related attacks span the traditional engineering levels of abstraction. While many previously-known cryptanalytic attacks (such as brute force) can be analyzed by studying cryptographic algorithms, DPA vulnerabilities result from transistor and circuit electrical behaviors which propagate to expose logic gates, microprocessor operation, and software implementations. This ultimately compromises the cryptography. Techniques for addressing DPA and related attacks can be incorporated at a variety of levels: Transistor: No feasible alternatives to semiconductors are available today, but alternate computation technologies (such as pure optical computing) may exist in the future. Cryptography Research has developed gate-level logic designs that leak substantially less information. Circuit, Logic, Microprocessor, and Software: In physically large systems, well-filtered power supplies and physical shielding can make attacks infeasible. For systems with physical or cost constraints, Cryptography Research has developed hardware and software techniques that include ways of reducing the amount of information leaked, introducing noise into measurements, decorrelating internal variables from secret parameters, and temporally decorrelating cryptographic operations. In applications where attackers do not have physical possession of the device performing cryptographic operations, such techniques can be effective. However, because externally-monitorable characteristics remain fundamentally correlated to cryptographic operations, we do not recommend these approaches as a complete solution for applications where attackers might gain physical possession of devices. Software and Algorithms: The most effective solution is to design and implementing cryptosystems with the assumption that information will leak. Cryptography Research has developed approaches for securing existing cryptographic algorithms (including RSA, DES, DSA, Diffie-Hellman, ElGamal, and Elliptic Curve systems) to make systems remain secure even though the underlying circuits may leak information. In cases where the physical hardware leaks excessively, the leak reduction and masking techniques are also required. Paul Kocher, President, Cryptography Research, 870 Market St., Suite 1088 San Francisco, CA 94102 415-397-0123 (FAX: -0127) paul@cryptography.com [This work has enormous potential as one more technique for breaking weakly designed and badly implemented systems, and consequently represents one more forcing function that must be recognized in trying to achieve better systemic security. Unfortunately, it also can break some good good systems. The most important lesson is that computer-communication security is a weak-link problem, and at present, computer-based systems are riddled with weak links. There will always be some weak links, but today there are far too many. PGN] ------------------------------ Date: Wed, 10 Jun 98 13:55:41 PDT From: "Peter G. Neumann" Subject: SLAC hack attack The Stanford Linear Accelerator Center (SLAC) computer system was the victim of an intrusion on 2 Jun 1998 that touched about 50 files. The intruder logged in with a password (guessed? sniffed? borrowed?), and left as evidence only a new zero-length file (perhaps set up with write privileges?). In response, SLAC cut its computers off the Internet until yesterday while they tried to figure out what had happened, with 30 people working overtime. [Abstracted from *Palo Alto Daily News*, 10 Jun 1998, p. 3] ------------------------------ Date: Wed, 10 Jun 1998 18:45:30 +0900 (JST) From: Chiaki Ishikawa Subject: Pioneer is calling for the ROM upgrade of their old GPS systems Recently, I noticed that the Japanese maker of audio and other electronics goods, Pioneer, have begun magazine ads campaign (in Japan) notifying the users of their old GPS-based automobile navigation aids of the problem of their old ROM firmware. (I am sure there are similar systems in USA. The automobile navigation system essentially shows the map on a small display and indicates where you are and where your target is, etc..) The one page black and white ads states that certain old models of their GPS-based systems won't show correct positions beginning on 22 Aug 1999, and urge the users of such systems to contact Pioneer office for upgrading the ROM. It does not bother to explain the reason for the problem, i.e., rollover of the week count, etc.. I think it is all right since the ads page is meant for general public. My father has a similar system in his car, but I doubt if he cares about the integer overflow, etc.. I submit this to RISKS because I feel Pioneer is doing the right thing and should be commended. That it uses black and white subdued layout seems to me that they are trying to place the ads in as many magazines as possible within their budget. I just wonder if there are other old models used widely from other companies which will begin malfunctioning, i.e. posting incorrect positions after that date. Ishikawa, Chiaki, Personal Media Corp, Shinagawa, Tokyo, Japan 142 ishikawa@personal-media.co.jp.NoSpam Chiaki.Ishikawa@personal-media.co.jp.NoSpam [The GPS bit-overflow problem in certain receivers was noted in RISKS-18.24, whereby the date will reset to 6 Jan 1980 at the end of 21 Aug 1999. PGN] ------------------------------ Date: Tue, 9 Jun 1998 12:50:10 -0400 (EDT) From: David Wittenberg Subject: NJ motor vehicle department computer crash The New Jersey Department of Motor Vehicles installed a system upgrade to improve performance over the weekend. After one hour of use Monday morning it crashed, preventing field offices from processing new licenses, registrations and titles. A spokesman was unable to provide any details. The state extended a June 30 deadline to July 7 for anyone affected. Apparently no data was lost, and the system did function properly during weekend tests. [New York Times electronic edition, "Bureau's Computer Crash Strands Thousands of Car Owners" June 9, 1998. dkw stark abstracting.] --David Wittenberg dkw@cs.brandeis.edu ------------------------------ Date: Sat, 06 Jun 1998 17:15:58 -0400 From: Matthew Delaney Subject: Burglars foiled by cordless phone interception The June 6th edition of the Albany (NY) Times Union reports that 3 men from Saratoga County, NY were charged with conspiracy after a woman intercepted the cordless phone conversation of 2 of them planning to rob and beat an elderly woman in her home. After hearing the first names of the men on her scanner, she called police who believed they knew the identity of the men and followed one of the suspects to a neighborhood where they circled around several times and left. Police investigators found an elderly lady living alone in that neighborhood who identified one of the suspects as someone who did work on her deck previously. The woman who reported the conversation wished to remain anonymous. Which is interesting, because as I understand FCC law, she could also be charged with a crime because she was monitoring a cordless phone conversation (made illegal a few years) and she disclosed the content of that conversation to someone else (which I believe has been illegal for even longer). The risks? When you are using that cordless phone, someone else may be listening, even if it's illegal. --Matthew Delaney ------------------------------ Date: Sun, 7 Jun 1998 16:48:12 +0200 (MEST) From: Martin Virtel Subject: German high-speed train disaster Tabloid magazine *Neue Revue* quotes a survivor, Wolf-RĂ¼diger Schliebener, confirming earlier news that passengers heard strange noises about two minutes before the disaster, while the train started rocking and shaking. As the broken wheel (thought to be the cause of the disaster) was located somewhere in the second unit, the driver up in front didn't notice anything. After the wheel broke, the train continued going on for two minutes at its cruise speed of 200 km/h, until the broken wheel destabilized the whole train and the last part of it went off the rail and hit a bridge. The point Schliebener made was that passengers noticed something was wrong, but the train lacked appropriate emergency brakes or any other means of telling the driver that there was something wrong. Which is true? AFAIK: there are two emergency brakes located at the doors, but none within the cabin (which, for non-Germans, looks pretty much like a airplanes cabin, whith two rows of seats on each side). Schliebener told *Neue Revue* he wondered why the driver did not start to brake. In effect, he never did: the train was stopped automatically after all but the first unit went off the rails. The driver seemed surprised - he hadn't noticed anything until the train stopped automatically. Frank Drieschner, our reporter who went to cover the disaster, was told by railway staff that the train's steering electronics prevent the driver from doing anything meaningful (letting the computer do everything instead) at speeds over 160 km/h, so if there had been emergency brakes near, they'd probably have been disabled automatically at high speeds. Another thing Frank told me was that the cable on the rails used by the train control system was completely destroyed between the point where the wheel broke and the point where the train hit the bridge. An interruption of the cable should make the train brake automatically, railway staff told him. So far, there have not been any definitive conclusions on the accident. [Added comment:] Whatever resonance one can imagine interferes with the operation of trains, the presence of proper "something is going wrong" feedback systems (either from the passengers via an emergency break, as I suggested, or a automatic one, as the next issue of Der Spiegel claims is installed in British high-speed trains and was dropped by the German railway authorities because it was too expensive) would have been of help in this case. Only imagine the passengers in the train having to remain passive as the train went on shaking and rattling at 200 km/h for two minutes before the crash. On the other hand, there can be a "too much flashing warning lights in the cockpit" problem, as several reconstructions of airplane crashes have shown. Martin Virtel, DIE ZEIT im Internet (http://www.zeit.de) +49 (0)40-3280-562 [The German train disaster toll is now up to 102 people killed.] ------------------------------ Date: 10 Jun 1998 09:57:13 GMT From: weberwu@tfh-berlin.de (Debora Weber-Wulff) Subject: Update on German risks ... ICE crash: Seems the Bahn had not actually been inspecting the rim wheels by ultrasound, but by "laying on of hands". If they did not feel good, then they would be tested. A few years ago an engineer made the suggestion to use ultrasound for every inspection. It was not implemented because of the high cost. *Now* it will be standardized. Rail service is not expected to stabilize until June 21, as all of the Type 1 ICE trainsets have to be inspected. Berlin S-Bahn: They were down to just 10-minute delays on the regional and ICE trains traveling over the S-Bahn tracks and proudly gave a press conference to that respect... on the same day that the new computer system for controlling the switches crashed again and needed 45 minutes to begin functioning again. Berlin election software: Turns out, the software is not exactly for counting votes, but for printing the election registers and the announcements. The statistics office had been implying that the elections were endangered in the hopes of finally getting a much needed equipment update.... Prof. Dr. Debora Weber-Wulff, Technische Fachhochschule Berlin, FB Informatik, Luxemburger Str. 10, 13353 Berlin, Germany http://www.tfh-berlin.de/~weberwu/ ------------------------------ Date: Mon, 08 Jun 1998 12:41:00 -0400 From: Geoff Speare Subject: Re: Local Geophysical Resonance (Sinyakov, RISKS-19.79) This is the second Local Geophysical Resonance article I've seen in RISKS. The first one (http://catless.ncl.ac.uk/Risks/19.58.html#subj8) aroused my curiosity. I found the following interesting facts: 1) Alexandre N. Sinyakov seems to be the only name attached to this phenomenon. He is the researcher who discovered it, the person who wrote the computer models, the person who posts all the notices and letters, and the person who heads the "Independent Catastrophes Investigation Center" (see http://www.aanet.ru/nauka/siniakov/siniakov.html) whose sole purpose seems to be to attach LGR as a cause to various catastrophes. 2) No news media (other than RISKS) seems to have carried any stories on LGR. 3) Nowhere could I find anything approximating a comprehensible and/or scientific description of what causes LGR, or what LGR is. From these facts, I conclude that the "LGR phenomenon" is more of a publicity stunt than a valid scientific phenomenon. Such apparently unsubstantiated and bizarre material seems out of place in RISKS. I would be curious to hear from Professor Sinyakov or anyone else more familiar with LGR, or from anyone with an interest in debunking and a little more spare time than myself. :) Geoff Speare IGCN ------------------------------ Date: 31 Mar 1998 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 18" for volume 18] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 19.80 ************************