Is SSL still secure?

Posted on by
Reply

I know that the title is somewhat provocative. Nevertheless, the current system of certificates and more precisely the way the browsers handle them presents some weaknesses.

In security newsletter N°12, Mohamed Karroumi explained the latest attacks using forged MD5 certificates for mounting a man in the middle attack. The designers of the attack were Alexander SOTIROV and Mike ZUSMAN. At that time, the countermeasure seemed simple: do not use anymore MD5 certificates.

At last Black Hat 2009, the same researchers have disclosed a new attack that bypassed this protection. The Extended Validation (EV)certificates standard has been designed to have more secure certificate attribution (no simple online application…) and also banned RSA1024 and MD5. Thus, we could believe that a site using EV certificate should be safe against the MD5 based man in the middle. They demonstrated that it was wrong. In fact most browsers accept to start a session with an EV certificate and continue with a non EV certificate. Game over. SOTIROV and ZUSMAN showed the actual attack at the conference.

The countermeasure seems not simple if a smooth deployment is expected unless it is possible to ban ALL MD5 certificates. May be some news in our next newsletter.

Of the need to back up root CA

Posted on by
Reply

Germany is planning to roll out a system of electronic health care smart cards, as already deployed in France (Carte Vitale). The deployment is currently in a first phase of tests.

As usual, this type of system is using a PKI (Public Key Infrastructure). And every PKI is based on the use of a root key pair that signs the certificates and the revocation lists. Thus, the private key of the root Certificate Authority (root CA) is one of the most important secret of the system. Generally, this private key is stored in a Hardware Secure Module (HSM) that makes all the operations of certificate signatures, revocation list signature, … A HSM is a enhanced tamper resistant module that will stop to work when it detects an attempt to tamper.

The German system of course used such a HSM. Unfortunately, a voltage drop was interpreted by the HSM as an attack. It thus erased the private key. The normal procedure is to take the back up HSM, duplicate it and start again. HSM have special strict procedure to make back up of the secret keys on another HSM. Unfortunately, there was no such back up. The consequence is that the trial cannot anymore generate a new smart card.

Fortunately, this is only the test phase. For sure, there will be a backup for real deployment phase.

Root CA management, storage , and handling is an extremely complex task. Some companies (such as Entrust, Verisign…) have made a living of this activity. So if ever you use a root CA, either make a backup (and store ii somewhere in high security) or use a proven operator.

For more details, read here.

SF: L’agent des ombres (2)

Posted on by
Reply

Saturday, August 1, 2009

During this holidays, I decided to give a second chance to this saga. The second book is less basic. The hero takes some more roughness. He looks more and more like Elric The Menilbonean. He starts to have some pleasure in killing. He becomes less Manichean.

Funnily, I found in the following books references to another author: Roger Zelazny. One of the 6 free towns has the name of Amber. And even more explicitly, the hero announces that he has a passion for Zelaznian literature. So do I.

Zelazny is of of my favorite SciFi authors. The Amber chronicles are great. I am always surprised that Hollywood did not adapt this saga to screens. My second favorite author is Ursula K Le Guin (Earth Sea cycle, The dispossessed, The left hand of darkness…)

Big Brother is watching you(r Kindle)

Posted on by
Reply

On July 17th, some Kindle’s users had the surprise to see the following message.

We recently discovered a problem with a Kindle book that you have purchased. We have processed a refund to the payment method used to acquire this book. The next time the wireless is activated on your device, the problematic item will be removed. If you are not in a wireless coverage area, please connect your device to a computer using your USB cable and delete the file from the documents folder.

In fact, Amazon removed two George Orwell titles: 1984 and Animal farm. Amazon refunded the customers of the price of the erased eBooks. As expected, this immediately raised the fury of medias.

It is interesting to remind some real facts:

  • – Amazon erased only the versions from publisher Mobile Reference.
  • – Mobile Reference is specialized to distribute eBooks from titles that are in the public domain for the modest price of 1$
  • – Unfortunately, these books are not yet in the public domain (at least not in every countries)
  • -The same titles are available in digital format from other publishers but at higher price (around 10$)

Thus, the action of Amazon was legitimate. A publisher sold illegal content through Amazon. Amazon solved the issue by erasing the illegal books and redeeming the customers. What may be more questionable is the cryptic message. Jeff Bezos, Amazon’s CEO, later issued personal apologies.

This is an apology for the way we previously handled illegally sold copies of 1984 and other novels on Kindle. Our “solution” to the problem was stupid, thoughtless, and painfully out of line with our principles. It is wholly self-inflicted, and we deserve the criticism we’ve received. We will use the scar tissue from this painful mistake to help make better decisions going forward, ones that match our mission.

This is not the first time that Amazon removed a title. Recently, a version of Harry Potter was illegally available for a few hours.

What can we learn?

  • – e-sell through, ie. selling the right to access content for ever, is a complex task
  • – People have the same expectations of usage from digital content than from physical content. I’m still reading paper books I purchased twenty years ago. (I want to soon read again Zelazny’s Chronicles of Amber )
  • – Copyright issue is a complex problem. Not all countries have teh same laws. Thus, we end up with Ubuesque situations like here. 1984 is in public domain in Australia, but other visitors have to apply this notice.

    Under Australian copyright laws, copyright in literary works of authors, who died before 1955, has expired. These works are now within the ‘public domain’ in Australia and this is why the University is able to reproduce such works on this site. HOWEVER, works may remain copyrighted in other countries. If copyright in the work still subsists in the country from which you are accessing this website, it will be illegal for you to download the work. It is your responsibility to check the applicable copyright laws in your country.

  • – When you are a digital store, it is your responsibility to check all copyright/infringement issues. This may be tricky if the store is large.

In any case, it was “funny” that the incriminated book was 1984. By the way, if you have not yet read it, read it

The science of fear

Posted on by
Reply

Daniel GARDNER wrote an excellent book titled “The science of fear”. Based on the latest information about human psychology, he explains the incoherent reactions we have in front of fear.

The problem relies mainly on the fact that our mind is driven by two entities: the “guts brain” and the “rationale brain”. The guts brain is what operates by reflex, by instinct. It is what allowed our ancestors, the cavemen, to survive. It does not think a lot but reacts awfully fast. It is the guts that makes as run when we see a snake. The “rationale brain” is the part that actually thinks. Unfortunately, it is slow and lazy.

Thus, the first reaction comes from the guts and later (if the brain believes it needs) the rationale reaction. It is why people may become havoc. The guts have been tuned to survive in an environment that slowly changed for several million years. And it worked fine. But since several decades, the world is changing extremely fast. the guts are not anymore fine tuned. The rationale brain is fine tuned but it reacts too late.

The book illustrates why this conflicts makes that we do not evaluate correctly the risks, why we have the feeling that the world is going worse, how the media use (consciously or not) this bias, why we have a wrong perception of fear…

An example: would you ask if the world is safer in our days than two centuries ago. Most people would say that it is worse today. But the facts prove the contrary. There were never in History less wars than today. The criminality rate is 20 to 40 times lower than 3 centuries ago!!! But with media showing always murders, wars or disasters, the guts believe that we are in hell! And brain does not take time to analyze the figures (by the way, people are awfully bad at numbers (see section 5))

Once you read this book, you will probably have lost a lot of proud about human: the caveman is really not far.

If you are interested in security and psychology, read the book. And I am definitively convinced that there is a link between both. A good book to read (if only for section 5).

Consumer Strategies for Deterring Illegal File-Sharing Using Digital Serial Numbers

Posted on by
Reply

The Digital Watermark Alliance (DWA) released last month the results of a survey it commissioned. The purpose was to evaluate what the impact of using Digital Serial Number (DSN) would have on piracy. Digital Serial Number embeds through watermark a unique identifier of the device that rendered the content. This allows to trace back the origin of an eventual leakage.

The answer is obviously that it would have an effect. About half of the responders admitted that they would stop file sharing. This is probably not a surprise for anybody.

A more interesting output is the reasons why about half responders would not stop file sharing.

– I don’t download enough to be caught.
– The online community will remove DSNs.
– DSNs will not be enforced strongly enough to make a difference.
– My downloading would remain the same as a statement of principle.
– The BitTorrent community can avoid sharing files with DSNs.
– The risk is worth it.

The document also highlights that DSN is deterrent only if users are aware of it.

The document is available here.

PS: THOMSON is member of DWA.

Should we stop to mask password?

Posted on by
Reply

According to Jakob Nielsen, masking password while dialing it is a bad idea. The arguments are that users may make more errors with blind typing, and that due this complexity, they will choose simpler passwords.

Jakob Nielsen is a highly respected guru of usability. When I was working in User Interfaces research (many years ago), I religiously read all his books. I learn a lot. It was my first contacts with human psychology and brain behavior. I’ll soon come back to that interesting topic. Thus, his comments deserve our interest.

His first argument is definitively true. Who had never got his/her password rejected because the cap key was on? A visual feedback would avoid this type of errors. I must confess that each time I have to enter my long passphrase of PGP, I’m nervous. Especially if you are like me keyboard dyslexic. 🙁

I would tend to disagree on the second argument. People mainly choose a simple password because it is more difficult to remember complex passwords, rather than because it is difficult to dial them.

Sometimes, we have forgotten the initial design purpose. Password masking is mainly to avoid shoulder surfing. Shoulder surfing on a mobile device (such as BlackBerry) is far more difficult than on a notebook in an airport. Thus, is it using to protect against this threat on mobile? If there is nobody present for shoulder surfing, why protect against an non existing threat?

Thus, I would rather agree with Jakob Nielsen to mitigate the orthodoxy of password masking with some rules:

  • When shoulder surfing is not possible, do not mask (unless you fear screen capture, but then you may also fear key logging)
  • Propose a checkbox that would allow to mask/unmask the password. I would suggest that the default state could be masking.

Should we violate this rule?