Juniper RSA and who else

We are not going to meet tonight, but we have some serious thinking to do for the new year. Have a great holiday. Wait, let the NSA spoil it for you.

Hey Wired, Stop it!

“Even if the NSA did not plant the backdoor,” and “culprits repurposed an encryption backdoor previously believed to have been engineered by the NSA”- Wired Magazine

I am by no means a grammarian. But even I can see these sentences make your mind jump to a crappy conclusion. Wired magazine’s unclaim that the NSA planted the back door is a silly misleading shortening of the facts.

There are no “culprits”. This is a serious cascading problem. It is up to us to make our own decisions about this. Don’t think that this is an isolated incident. We are going to need to do some deep digging because of the tools each vendor uses in cryptography.  Let’s trace this from the NSA down to everyone who buys a product without reading.

Juniper

Juniper didn’t do anything that anybody else hasn’t done before them. They got caught trying to fix the problem. Security researchers reverse engineer patches all the time to figure out exactly what the flaw was after-the-fact. Yes, this does present some problems for the future of their code, but they are fixable.

Let’s trace this back to where it begins

  • NSA/RSA – compromised cryptographers
  • NIST – Government standards have choices
  • FIPS compliance – only in the interest of a select few
  • Security vendors – wanting to sell

NSA/RSA – compromised cryptographers

$10,000,000 to create a little flaw that no one will ever find. Well it turns out we found it. One of the key requirements for security professionals should be a high degree of ethics. What could be the rationale for giving up your ethics? If somebody came to you and said: “You can help your country by adjusting something so that your country can listen? Oh and we will pay you to do it.”  State-sponsored hacking is a regular thing.

“RSA allegedly accepted NSA cash to make the NSA-influenced flawed random bit generator the default in their popular encryption products back in 2004. In 2007 researchers from Microsoft demonstrated how dangerously easy it is to break Dual_EC_DRBG. But even after that demonstration, RSA never made a move to change the default generator in BSAFE.”- EFF

RSA said: “RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own.” – RSA

RSA’s biggest customer is the the one who pays the most. – Dean

Bottom line: the cryptographers created weak encryption on purpose.

NIST – Government standards have choices

“NIST is responsible for developing information security standards and guidelines, including minimum requirements for Federal information systems” – from NIST

In the NIST special publication 800 – 90 the implementer has choices.  Dual_EC is one of 4 options programmers must choose from in their implementation. 800-90 REV 1 :”The previous Appendix A was removed; this appendix contained application-specific constants for the Dual_EC_DRBG.” But once the cat is out of the bag, it is too late. So that is not a solution. It is worse because we trust their process and their ethics.

What is supposed to happen is NIST puts the documents out for public comment. The public comment period needs to be reasonably long, especially when it comes to cryptography and cryptographic analysis. 800-90’s  period for public comment was too short.

NIST is not responsible for commercial entities and the advice that they give is up to us to verify.

FIPS compliance – only in the interest of a select few

NSA and RSA  give NIST options, FIPS says if we want to be compliant, we have to use this algorithm. NIST publishes the list of compliant vendors. The incestuousness continues. Designers of products will follow and agree blindly.

Security vendors – wanting to sell

If vendors want to sell products to government agencies, they must be FIPS compliant. The easy way to achieve this compliance is to use the open libraries that are approved by FIPS. One of those libraries is OpenSSL-FIPS. This particular library uses Dual_EC_DRBG. The FIPS 140-2 standards require using a DRBG.

The security vendors could be influenced directly or indirectly. Directly  – “if you want your product approved, we expect you to use FIPS-approved libraries.” Indirectly –  conferences, papers, advertisements, and free educational facilities all brainwash vendors and the public. Please insert your paranoid delusions here.

What could the security vendors do differently?

  1. They could follow the Waiver Procedure. I think this instance of Dual_EC use qualifies for exception? BUT this Waiver Procedure is too cumbersome. No vendor wants to fight, they want to make money!
  2. The security vendors do have a choice in the implementation. Use decent hardware generators for random numbers and ignore the standard. (I think this will be very difficult and costly.) Quick question: Hey Vendor, are you just saying you are secure or do you really mean it?

How far does this problem extend?

See you January 13, 2016

 

https://www.eff.org/deeplinks/2014/01/after-nsa-backdoors-security-experts-leave-rsa-conference-they-can-trust

http://blogs.rsa.com/rsa-response/

http://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/

http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html

Really geeky versions for crypto junkies

https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html

PainPi!! #37 Crypto SHA3 will increase our integrity of message

What is “The Pain Pill” ? Every Tuesday I talk about a security topic in simple terms to reduce our security load, increase our efficiency, and make our security work better. There is a free class on the topic so you can have a deep dive. If you need continuing education credits, this counts.

Commercial – Sign up for classes now and take them in the new year. CISSP, CEH, ISSMP or ISSAP.

This post  and the video is here.

By the end of this year we will have a winner of the Secure Hash Algorithm contest if NIST keeps their promise. This has a direct impact on your business and on the tools we buy in the future. NIST has selected five SHA-3 finalists – BLAKE, Grøstl, JH, Keccak, and Skein to advance to the third (and final) round of the SHA-3 competition.

Why do we care? – Bent not Broken.

About 5 years ago a paper (below) was published on the weakness in the current cryptography integrity algorithms that we use. Not that MD-5 or SHA-1 was broken, but they are weak. Weak is bad because it leads to broken.

What is weak in terms of integrity and hashing? Definitions please:

  • Collision is when two messages compute to the same hash value.
  • Birthday paradox describes the increased likelihood of a collision occurrence.
  • Birthday attack is searching and achieving the collision.

What is the goal with the new SHA-3?

It is our desire to ensure that a message has not changed from the original sender to the intended recipient. Testing for change is critical.  We can even go as far as expecting that every message that has ever been sent compared to every other message that has or will be sent should NEVER collide. Think about that. Every message.  Every email ever sent. That is a lot of hashing.

So this same paper (below) proved the likelihood of collision is greater than we first thought for MD-5 and SHA-1. Currently we can compute hashes of certain messages so that they collide under certain conditions. In the future we will be able to make those conditions occur much more often. Eventually it will be easy. This means you need to find a new hashing algorithm if you want to maintain that integrity.  Why? Because integrity of communication is about all messages, past, present, and future.

How the heck do we choose the best new thing for a generation of message integrity?

In the United States, we have a way to all agree on the best new algorithm to use. How? NIST collects all the submissions and convinces mathematicians and scientists to fight over which one is the best and why. Once the fighting is done it  becomes a standard. The U.S. military demand that current standards be followed in all the products they use. Since the U.S. military is a really big purchaser of crypto-related software and hardware, all the vendors will comply. Vendors will switch to the new secure hash algorithm SHA-3. Commercial entities buy from the same vendors as the military. A forced upgrade occurs for you and I.

What is the business problem?

Any process that you have that requires integrity will change. Incompatibility will occur.  I think that email, software signing, updates and patches will all change. If you download software you will be affected. If you build software, you must change to the new ways. Change is not so bad, but unforeseen change is bad. Vendors are going to whip out the Fear, Uncertainty, and Doubt (FUD). These vendors are going to say not only do you need to buy the SHA-3, but you need to buy a whole new whatever-I-am-selling. No!

What can we do to make it better for us, for you?

In a word prepare. Tell the vendors they need to give you a solution for the future. Put the monkey on their back.

Policy:

  • Identify policy and compliance with U.S. military standards. (FISMA)
  • Prepare an integrity policy update for the end of this year.

Action items:

  • Find all the scripts and tools that use MD-5 and SHA-1
  • Keep watch on the links below for the exact date

Don’t know how to do these activities? Come to our free class!

November 2, 2011 – Wednesday 12:30 Central time

Click here

Or

bit.ly/painpill37

Details-

  • http://people.csail.mit.edu/yiqun/SHA1AttackProceedingVersion.pdf
  • http://csrc.nist.gov/groups/ST/hash/sha-3/Round3/submissions_rnd3.html
  • http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf

Painpi!! 23 let go my Stego

Most of the time I pose a problem and then give you my answer. Let’s do a change up. Mostly because I don’t have an answer that I am willing to support this week.

Come to our CISSP/CEH class for free this week on Saturday May 28 at 12:30 Central. Click this link 5 minutes before class, type your name, email and the site will put you in the class with our regular students.

Steganography is a covert channel of communication, hiding one communication inside another.

In this example, two people want to talk about something that they don’t want YOU to know they are talking about. In your country it might be illegal to discuss a revolt against the government. You could still talk about mundane topics like how much you like the latest movie. What you decide to do is use the whitespace in an online posting about movies to communicate covertly. For every extra space at the end of a word that means bit 0 and every two extras spaces means bit 1. If I did a long enough post with extra line breaks I could communicate my intensions… some  inane   drivel  like   this  sentence   about  nothing   that  goes   on  for   too  long   could  hide   plenty  of   extra bits  . That is steganography. The only rule is the carrier file must be larger than the carried file.

What does this have to do with business? Revolts are one thing, but business is something else. What about:

Hanjuan Jin of Schaumburg, Ill., a naturalized U.S. citizen who was born in China. She was stopped at Chicago’s O’Hare International Airport on Feb. 28, 2007, in a random search. She got busted with Motorola’s intellectual property trying to leave the U.S. on a one way ticket to Beijing. If she would have stepped up her game and used steganography, she could have uploaded pictures of her Siamese cat to a KATLovers blog and never left the country. Or left with no laptop, no drives, no DVDs, just left and transmitted all the data she wanted.

How many Jins are out there that don’t get caught? Now that is a business problem!

Let’s take this one step further- You are pissed because the free coffee has been stopped, the break has been cut from 20 minutes to 10, your bonus did not happen this year. Instead of leaving the company you decide to make some side cash. Posting your own company’s IP inside cat pictures. Your company would never know.

Now switch roles: You are in charge of protecting and securing the company’s assets. What do you do?

Policy & Action Items:

  • The best thing I can come up with to protect us is: better employee screening?

This week it is all about YOU and your answer because I don’t really know if there is answer. This week tell me what you think about the technical topic, the business problem, and you come up with an answer that fits your business. If you don’t know, say “I don’t know.”

We are going to meet on Saturday May 28 12:30 Central. If you cannot make it, send me your email comments. I will post them and talk about them.

Oh and by the way- If you have something better to do with your Saturday?  The spies, the cheats, the international jerks who want to rip you off don’t have any plans so you can relax. <G>

Hope you like this, tell me if you do or don’t.

If you need the link to class you can get it from this page. Remember 5 minutes before 12:30 Central May 28.

http://www.expandingsecurity.com/?p=2169

Dean

Preventing deer-in-headlights look.

P.S. Below is some great data on the technical details of steganography without the typical drinking from a fire hydrant.

http://www.garykessler.net/library/fsc_stego.html

Stop Crying over Cryptography and get a PainPi!!

Everyone always whines and complains about cryptography. I say we need even more than we have, but it doesn’t need to be heavy or difficult.

  • What about that one-way cryptography? Message integrity controls – the simple claim that this message has not changed.
  • What about asymmetric for signing messages? Digital signatures – the claim that this message came from who sent it.


Eliminate phishing attacks in one fell swoop. How?

I say if we get our own certificates and then teach end-users a little bit about how to use them, end users could turn it around and be our allies in the war on phishing.

Each one of us should go out and get a certificate and use it for our email. Get your mom, your dad, everyone used to seeing that little red ribbon. That indication that the mail is certified,  no wait, it’s bonified.  (He’s bona fied, what are you?)  Sorry, I got stuck in a movie…

If they all started seeing this red ribbon they would know it was a sign of quality and… they would come to expect it from important communications. They would eventually start to demand it from vendors. They would suspect anything that did not have it.

And now comes the part where you say, “but Dean, the spammers and the phishers would start signing their messages also.”  I reply, But at what cost? Encryption takes time and computing resources, the one thing that spammers don’t want to spend.

Policy Action Items

  • Identify your company’s Public Key Infrastructure policy. ( Do you use digital signatures?)
  • Migrate to signed mail for important communications.

Personal Action Items

  • Get a certificate here – http://www.sslshopper.com/email-certificates-smime-certificates.html (10 minutes)
  • Set the expectation that important communications should be signed.

If you need to learn a little about certificates and cryptology come to class on Thursday 12:30 – 1:30 Central.

Click this link 5 minutes before class, turn up your speakers and smile.

Commercial!
CEH Starts April 30, 2 nights per week, 1 hour each, 10 Weeks!
CISSP Starts April 23, 10 weeks!
[wpcoproduct id=”2″]
[wpcoproduct id=”4″]

Cryptology study guides

This page is designed to help support the CISSP Cryptology video application for the Iphone.

It will contain:

The study guides for our current CISSP modules that match the video application.

Errata information on the videos.

The ability to give feed back for future videos.

Cryptology quiz overview

Cryptology domain for the CISSP quiz overview

These are the sub-domains within the domain.

  • Symmetric and Asymmetric
  • Message Integrity Controls
  • Digital Signatures
  • PKI and PGP
  • Cryptanalysis and Stego

There is too much information on each one of these topics for you to be technically adept in every sub-domain and domain of the CISSP. Your ultimate goal is to know the executive summary level of detail on the core knowledge. You should know this information in enough detail to be able to ask questions of the technical people on your staff. These questions should relate to the security aspects and not the implementation details. It is necessary to know enough technical details to be able to make management decisions about security and technology. The questions in this section should reveal your lack of security knowledge. These questions or answers are not detailed enough to solve a real world problem. You should not study the question; it will not be on your exam. You SHOULD study the core concept discussed in the question and be able to apply generic security measures. You  should know the threats and controls to each technology.

Your main open source study tool is cryptool. It is free, has great visualization, and just the pdf help file is a great explanation.

If you have full-program access click this link.

For a course in Cryptology Click Here.

Study Guide for Symmetric and Asymmetric

Study Guide for Symmetric and Asymmetric  as a part of the Cryptology Domain for the CISSP.

There are many interactive learning opportunities on this site. Navigate to Certification and dig down into the topics for anything from one-hour to ten weeks worth of learning.

PodCasts for Listening (Hear): Crispytopics.com you must register with a real email address, but there are hours of downloads.

Quizzing: Expanding Security offers over 900 practice exam questions. See what Gwen Bettwy says about quizzing. See what Dean Bushmiller says about quizzing.

Glossaries for Flash carding (Touch):

Best Practices & Short Guides (Look): Your main open source study tool is cryptool. It is free, has great visualization, and just the pdf help file is a great explanation.

  • _

Study Guide for PKI and PGP

Study Guide for PKI and PGP as a part of the Cryptology Domain for the CISSP.

There are many interactive learning opportunities on this site. Navigate to Certification and dig down into the topics for anything from one-hour to ten weeks worth of learning.

PodCasts for Listening (Hear): Crispytopics.com you must register with a real email address, but there are hours of downloads.

Quizzing: Expanding Security offers over 900 practice exam questions. See what Gwen Bettwy says about quizzing. See what Dean Bushmiller says about quizzing.

Glossaries for Flash carding (Touch):

  • Bulk terms – key escrow
  • Phil Zimmerman’s orginal forward you should read the reason for PGP.

Best Practices & Short Guides (Look): Your main open source study tool is cryptool. It is free, has great visualization, and just the pdf help file is a great explanation.

Books for reading (Look):

  • _

Study Guide for Cryptanalysis

Study Guide for Cryptanalysis and Stego as a part of the Cryptology Domain for the CISSP.

There are many interactive learning opportunities on this site. Navigate to Certification and dig down into the topics for anything from one-hour to ten weeks worth of learning.

PodCasts for Listening (Hear): Crispytopics.com you must register with a real email address, but there are hours of downloads.

Quizzing: Expanding Security offers over 900 practice exam questions. See what Gwen Bettwy says about quizzing. See what Dean Bushmiller says about quizzing.

Glossaries for Flash carding (Touch):

Best Practices & Short Guides (Look): Your main open source study tool is cryptool. It is free, has great visualization, and just the pdf help file is a great explanation.

The hardest course you will could take on crypto from Washington U… oh it is free, so are the books and the videos. If you make it past the second lecture you are a better person than me.

Study Guide for Digital Signatures

Study Guide for Digital Signatures as a part of the Cryptology Domain for the CISSP.

There are many interactive learning opportunities on this site. Navigate to Certification and dig down into the topics for anything from one-hour to ten weeks worth of learning.

PodCasts for Listening (Hear): Crispytopics.com you must register with a real email address, but there are hours of downloads.

Quizzing: Expanding Security offers over 900 practice exam questions. See what Gwen Bettwy says about quizzing. See what Dean Bushmiller says about quizzing.

Glossaries for Flash carding (Touch):

Best Practices & Short Guides (Look): Your main open source study tool is cryptool. It is free, has great visualization, and just the pdf help file is a great explanation.

Books for reading (Look):

  • _