Blog: How Revolutionary Tools Cracked a 1700s Code

How Revolutionary Tools Cracked a 1700s Code
New York Times (10/25/11) John Markoff

A cipher dating back to the 18th century that was considered uncrackable was finally decrypted by a team of Swedish and U.S. linguists by using statistics-based translation methods. After a false start, the team determined that the Copiale Cipher was a homophonic cipher and attempted to decode all the symbols in German, as the manuscript was originally discovered in Germany. Their first step was finding regularly occurring symbols that might stand for the common German pair "ch." Once a potential "c" and "h" were found, the researchers used patterns in German to decode the cipher one step at a time. Language translation techniques such as expected word frequency were used to guess a symbol's equivalent in German. However, there are other, more impenetrable ciphers that have thwarted even the translators of the Copiale Cipher. The Voynich manuscript has been categorized as the most frustrating of such ciphers, but one member of the team that cracked the Copiale manuscript, the University of Southern California's Kevin Knight, co-published an analysis of the Voynich document pointing to evidence that it contains patterns that match the structure of natural language.

View Full Article

Blog: DARPA Will Spend $20 Million to Search for Crypto's Holy Grail

DARPA Will Spend $20 Million to Search for Crypto's Holy Grail
Forbes (04/06/11) Andy Greenberg

The U.S. Defense Advanced Research Projects Agency (DARPA) plans to spend $20 million over five years to find a way to both encrypt data and let it be used and manipulated. The Programming Computation on Encrypted Data (PROCEED) project would build upon the work of IBM researcher Craig Gentry, who has solved the theoretical problem of performing complex computations on encrypted data without decrypting it. Such full homomorphic encryption would enable someone to query a database without it ever knowing the content of the request. Gentry's method takes immense computational power, so DARPA wants the participating contractors and academic research teams to reduce the computing time for full homomorphic encryption by a factor of 10 million compared to its current state, or alternatively reduce it to 100,000 times the computation required for unencrypted computing. Meanwhile, Gentry says he recently discovered a less efficient version that could offer more computational shortcuts. Gentry recently received ACM's Grace Murray Hopper Award, which is awarded to the outstanding young computer professional of the year.

View Full Article

Blog: Rivest Unlocks Cryptography's Past, Looks Toward Future

Rivest Unlocks Cryptography's Past, Looks Toward Future
MIT News (02/15/11) David L. Chandler

Massachusetts Institute of Technology professor Ronald Rivest recently gave a speech discussing the history of the RSA cryptographic system, which is currently used to secure most financial transactions and communications over the Internet. The system, which Rivest helped develop with colleagues Adi Shamir and Len Adleman in 1977, relies on the fact that it is very hard to determine the prime factors of a large number. However, Rivest notes that it has not been shown mathematically that such factorization is necessarily difficult. "Factoring could turn out to be easy, maybe someone here will find the method," he says. If that happens, Rivest says several other current methods for secure encryption could be quickly adopted. He notes that RSA has led to spinoff technologies, such as the use of digital signatures to authenticate the identify of Web sites. Rivest says future cryptographic technologies could lead to applications in secure micropayment and voting systems. He believes the study of cryptography is fascinating because it unites a wide variety of disciplines. "It's like the Middle East of research, because everything goes through it," Rivest says.

View Full Article

Blog: Cryptographers Chosen to Duke It Out in Final Fight [SHA-3]

Cryptographers Chosen to Duke It Out in Final Fight
New Scientist (12/13/10) Celeste Biever

The U.S. National Institute of Standards and Technology (NIST) has selected five Secure Hash Algorithm (SHA-3) entrants as finalists for its competition to find a replacement for the gold-standard security algorithm. The finalists include BLAKE, devised by a team led by Jean-Philippe Aumasson of the Swiss company Nagravision, and Skein, which is the work of computer security expert and blogger Bruce Schneier. "We picked five finalists that seemed to have the best combination of confidence in the security of the algorithm and their performance on a wide range of platforms" such as desktop computers and servers, says NIST's William Burr. "We wanted a set of finalists that were different internally, so that a new attack would be less likely to damage all of them, just as biological diversity makes it less likely that a single disease can wipe out all the members of a species." The finalists incorporate new design ideas that have arisen in recent years. The Keccak algorithm from a team led by STMicroelectronics' Guido Bertoni uses a novel idea called sponge hash construction to produce a final string of 1s and 0s. The teams have until Jan. 16, 2011, to tweak their algorithms, then an international community of cryptanalysts will spend a year looking for weaknesses. NIST willl pick a winner in 2012.

View Full Article

Blog: NIST Is Nearly Ready to Pick the Next Hash Algorithm

NIST Is Nearly Ready to Pick the Next Hash Algorithm
Government Computer News (08/18/10) Jackson, William

Developers of the 14 semifinalist algorithms for the new SHA-3 Secure Hash Algorithm standard will defend their work at the second U.S. National Institute of Standards and Technology (NIST) candidate conference. The final selection for a new standard hashing algorithm for the federal government is expected by early 2012, says NIST's Bill Burr. "All in all we've got quite a bit of performance data," Burr says. "At this point, we have a surprising amount of data on hardware implementation on all 14 candidates." SHA-3 will augment the algorithms specified in Federal Information Processing Standard 180-2, which includes SHA-1 as well as SHA-224, SHA-256, SHA-384, and SHA-512, collectively known as SHA-2. The conference will give the entrants an opportunity to address the results of the analysis and testing over the past year. The field of 14 will eventually be narrowed down to a final five algorithms, which will be analyzed and tested again before the final choice is made in the winter of 2012.

View Full Article

Blog: More Accurate Than Heisenberg Allows?

More Accurate Than Heisenberg Allows?
Ludwig-Maximilians-Universitat Munchen (07/27/10)

Quantum cryptography is the safest data encryption method, and takes advantage of the fact that transmitted information can only be quantified with a strictly limited degree of precision. Scientists at ETH Zurich and Ludwig-Maximilians-Universitat (LMU) in Munich have made a discovery in how the use of a quantum memory impacts this uncertainty. "The result not only enhances our understanding of quantum memories, it also provides us with a method for determining the degree of correlation between two quantum particles," says ETH Zurich professor Matthias Christandl. "Moreover, the effect we have observed could yield a means of testing the security of quantum cryptographic systems." Quantum mechanics dictates that the measurement of a parameter can itself disturb a particle's state, and this effect is harnessed by quantum cryptography to encrypt data and thwart eavesdropping. The LMU and ETH Zurich teams have demonstrated that the result of a measurement on a quantum particle can be predicted with greater accuracy if data about the particle is contained in a quantum memory, which can consist of atoms or ions.

View Full Article

Blog: Researchers Find Weakness in Common Digital Security System

Researchers Find Weakness in Common Digital Security System
University of Michigan News Service (03/03/10) Moore, Nicole Casal

University of Michigan (UM) researchers have found weaknesses in the RSA authentication encryption method, which is used to protect both media copyright and Internet communications. The scientists discovered they could breach the system by varying the voltage supply to the holder of the "private key," which would be the consumer's device in the case of copy protection and the retailer or bank in the case of Internet communications. Private keys contain more than 1,000 digits of binary code and would take longer than the age of the universe to guess, says UM doctoral student Andrea Pellegrini. However, using the voltage disrupting method, the UM researchers were able to obtain the private key in about 100 hours. Changing the electric current confuses the computer and causes it to make small mistakes in its communications with other clients. These faults reveal small pieces of the private key. After enough faults were created, the researchers were able to reconstruct the key offline without damaging the device.

View Full Article

Blog: Is AES Encryption Crackable?

Is AES Encryption Crackable?
TechNewsWorld (11/03/09) Germain, Jack M.

The Advanced Encryption Standard (AES) system was long believed to be invulnerable to attack, but a group of researchers recently demonstrated that there may be an inherent flaw in AES, at least theoretically. The study was conducted by the University of Luxembourg's Alex Biryukov and Dmitry Khovratovich, France's Orr Dunkelman, Hebrew University's Nathan Keller, and the Weizmann Institute's Adi Shamir. In their report, "Key Recovery Attacks of Practical Complexity on AES Variants With Up to 10 Rounds," the researchers challenged the structural integrity of the AES protocol. The researchers suggest that AES may not be invulnerable and raise the question of how far is AES from becoming insecure. "The findings discussed in [in the report] are academic in nature and do not threaten the security of systems today," says AppRiver's Fred Touchette. "But because most people depend on the encryption standard to keep sensitive information secure, the findings are nonetheless significant." AirPatrol CEO Ozzie Diaz believes that wireless systems will be the most vulnerable because many investments in network media are wireless, and there is no physical barrier to entry. Diaz says that exposing the vulnerability of the AES system could lead to innovations for filling those gaps. Touchette says that AES cryptography is not broken, and notes that the latest attack techniques on AES-192 and AES-256 are impractical outside of a theoretical setting.

View Full Article

Blog: MD5 Hash Algorithm Flaw Allows Fraudulent Certificates

MD5 Hash Algorithm Flaw Allows Fraudulent Certificates (December 30 & 31, 2008 & January 5, 2009)

SANS NewsBites Vol. 11 Num. 1; 1/6/2009

A vulnerability in the MD5 hash algorithm used to generate digital certificates could allow cyber criminals to generate fraudulent certificates. The phony certificates could be used to create phishing sites that would appear to browsers to be legitimate. The problem was the subject of a presentation at the chaos Communications Conference in Berlin last month. Certificate authorities that use MD5 hashes should change to SHA1 hashes to protect their certificates' integrity. A number of certificate authorities are still are using MD5, and some estimates say that 14 percent of all websites are using certificates generated with MD5.

http://isc.sans.org/diary.html?storyid=5590&rss

http://gcn.com/Articles/2008/12/31/SSL-certs-busted.aspx?p=1

http://www.securityfocus.com/news/11541

http://www.heise-online.co.uk/security/25C3-MD5-collisions-crack-CA-certificate--/news/112327

http://www.securityfocus.com/brief/880

[Editor's Note (Honan): This attack should not come as a major surprise as weaknesses in the MD5 hash algorithm have been known since 2004. The SANS Internet Storm Center has a good write up of the issue with a list of vendor statements regarding the status of their certificates at

http://isc.sans.org/diary.html?storyid=5590.

You can also use this site http://www.networking4all.com/nl/helpdesk/tools/site+check/ to check what SSL certificates are being used by a site you are visiting.]

Blog: Experts Uncover Weakness in Internet Security

Experts Uncover Weakness in Internet Security
Ecole Polytechnique Federale de Lausanne (12/30/08) Luy, Florence

Security researchers in Europe and California have discovered a vulnerability in the Internet digital certificate infrastructure that could allow attackers to forge certificates that are trusted by all common Web browsers. The weakness makes it possible to impersonate secure Web sites and email servers to perform undetectable phishing attacks. Whenever a small padlock appears in a browser window, the Web site being visited is secured using a digital certificate from a Certification Authority (CA). To ensure the certificate is authentic, the browser verifies the signature using cryptographic algorithms. The researchers discovered that one of these algorithms, known as MD5, can be misused. The first known flaw in the MD5 algorithm was presented in 2004 at the annual Crypto cryptography conference by Chinese researchers, who performed a collision attack and created two different messages with the same digital signature. The initial attack was severely limited, but a much stronger collision attack has been found by the European and California researchers. The new method proves it is possible to create a rogue CA that is trusted by all major Web browsers. A rogue CA, combined with a known vulnerability in the Domain Name System protocol, could allow attackers to launch virtually undetectable phishing attacks. The researchers say MD5 can no longer be trusted as a secure cryptographic algorithm for use in digital signatures and certificates. Arjen Lenstra, head of EPFL's Laboratory for Cryptologic Algorithms, says the developers of the major Internet browsers have been informed of the vulnerability.

View Full Article

Blog: Researchers Show How to Crack Popular Smart Cards

Researchers Show How to Crack Popular Smart Cards
InfoWorld (10/07/08) de Winter, Brenno
Researchers at the Dutch Radboud University Nijmegen have published a cryptographic algorithm and source code that could be used to duplicate smart cards used by several major transit systems. The scientists presented their findings at the Esorics security conference in Malaga, Spain, and also published an article with cryptographic details. The research demonstrated how to circumvent the security mechanism of NXP Semiconductor's Mifare Classic RFID cards, which are widely used to provide access control to buildings and public transportation. The researchers exposed the workings of the chip by analyzing communication between the chip and the reader. A RFID-compatible device, the Ghost, was designed to work independently from a computer, which allowed the researchers to obtain the cryptographic protocol. Part of the vulnerability comes from the fact that the RFID reader has to communicate in a predictable way. Once the mechanism was exposed, the scientists were able to crack keys in less than a second using an industry standard computer with only 8MB of memory. The researchers also examined another chip, the Hitag2, to crack Mifare. Information on a Hitag2 hack is freely available online, which helped the researchers crack Mifare. Another effort by German researcher Henryk Plotz cracked the Mifare Classic by removing a Mifare chip from a card and removing layers, photographing each layer under a microscope and analyzing all the connections.

View Full Article

Blog: Data Can Leak from Partially Encrypted Disks

Data Can Leak from Partially Encrypted Disks
IDG News Service (07/16/08) McMillan, Robert

Encrypted data can spill over into unencrypted parts of a computer, exposing it to hackers and viruses, according to researchers from the University of Washington and British Telecommunication. Essentially, a computer is not fully protected unless it is 100 percent encrypted, says study co-author Tadayoshi Kohno. "I suspect that this is a potentially huge issue. We've basically cracked the surface," says Kohno, an assistant professor at the University of Washington's Seattle campus. When a user opens an encrypted file with Word, Google Desktop, or even an encrypted USB drive, the information can still be stored in unencrypted areas of the hard drive. During their experiments, researchers viewed encrypted Word documents by opening the auto-recovery folder and read encrypted files over Google Desktop when the Enhanced Search option was on. Even encryption software platforms like TrueCrypt 5.1a contain the same vulnerabilities, researchers found, and the software version 6.0 addresses some problems but still does not fully protect encrypted data on an unencrypted computer.
Click Here to View Full Article

Security: PGP Responds to Cold Boot Attack Paper (February 2008)

PGP Responds to Cold Boot Attack Paper (February 2008)
SANS NewsBites Vol. 10 Num. 16, 02/26/08

PGP has posted a response to the recently published paper about the Cold Boot Attack, which describes how attackers with physical access to computers can take advantage of the fact that some encryption products store their keys in DRAM. PGP stresses the fact that attackers require physical access to the machines to conduct this sort of attack, and also points out that "all security tools techniques ... are designed to address specific threat models. Achieving comprehensive security in any given environment requires using a combination of security measures."

http://www.pgp.com/newsroom/cold_boot_attack_response.html

[Editor's Note (Northcutt): Good for PGP, calling all crypto vendors, we would love to highlight your cold boot responses as well, if you have posted a white paper on the subject, please send the link to stephen@sans.edu and copy isc@sans.org.

(Internet Storm Center: Frantzen) Excellent information from PGP is included in their answer, and it should be used to construct guidance for users of their tools. All vendors should release similar information needed to create such guidance.

- - For PGP WDE: the guidance is that if you "sleep" your laptop and it get's stolen the keys are still in RAM. They claim hibernating removes the keys from RAM.

- - For PGP Virtual Disk, the disk images need to be unmounted in order to remove the key from RAM.

At the Internet Storm Center were are collecting this guidance in an article. Vendors and users are invited to contribute.]

Security: 'Half-Quantum' Cryptography Promises Total Security; quantum-encrypted key only

'Half-Quantum' Cryptography Promises Total Security
New Scientist (10/21/07) Marks, Paul

Many cryptographers believed that the only way to achieve complete security when transmitting information was to use quantum cryptography to share the key used for encryption. However, researchers say they can achieve the same level of security even if one party stays in the world of classical physics. In conventional quantum cryptography, a sender, dubbed Alice, generates a string of 0s and 1s and encodes them using a photon polarized in either the computational "basis" in which 0 and 1 are represented by vertical and horizontal polarizations, or in diagonal bases in which 1 and 0 are represented by 45 degree and negative 45 degree polarizations. When the photons arrive at their destination, the receiver, dubbed Bob, chooses either the computational or diagonal bases to measure each one, telling Alice which he has chosen. If the chosen basis is wrong, Alice tells Bob to discard that bit. The bits that are guessed correctly form the secret key. If an eavesdropper intercepts any photons, the stream is interrupted and Bob's ability to read a number of the photons he might have read correctly is destroyed. The increase in unreadable photons tells Bob the communication channel has been compromised. Researchers at the Israel Institute of Technology in Haifa and the University of Montreal have demonstrated that only Alice needs to be quantum-equipped. Alice encodes the bits as usual, though Bob can only use the computational basis. Bob randomly measures some of the received photons and returns the rest to Alice untouched. The bits read in the computational basis form the key. The system is still secure because anyone eavesdropping does not know which photons will be returned to Alice unmeasured.
Click Here to View Full Article