Schneier on Security

Clive Robinson • August 6, 2020 7:54 PM

@ Bruce, ALL,

Of course, turning off your wireless devices is itself a signal that something is going on. It’s hard to be clandestine in our always connected world.

It’s funny but I’ve posted a couple of time already today about these very issues…

And the two watchwords for dealing with these issues are “Awareness” and “Thoughtfulness”.

That is you need to be aware of any potential adversaries “Methods and Sources” and by thinking adapt your fieldcraft as appropriate.

Due to the use of “Technical Support” “test harnesses” added to mobile phones by phone “Service Suppliers” that first publically came to light with the CarrierIQ debacle –prior to the Ed Snowden trove revelations–, we know that virtually every user action was sent in “plaintext” across the internet to CarrierIQ’s servers. Which means anybody sitting on a router upstream of CarrierIQ could not just see the plaintext going by they could build it into databases of “behaviours”. Whilst doing this “covertly” would be the IC prefered way, the fact that is what CarrierIQ were doing made it a “Third Party Record” that anyone holding a National Security Letter could access which means not just LEO’s but all sorts of “others”.

Thus a thoughtfull person would not “turn off the phone”. Whilst they good drop it into some form of Farady shield, the sudden loss of comms would be noted in the network service providers records which is even more suspicious. They might go into a known “dead spot” or “RF Black hole” but these tend to be unreliable or get filled in unexpectedly. Thus a more thoughtfull person would experiment to find out what would most quickly drain their phone battery flat. One such could be playing a long Utube video, older phones tend to go from full charge to off in less than an hour, newer designs can take longer. The point is a thoughtfull person would find out well in advance, and from time to time establish the “habit”.

However the problem with that NSA advisory for most people is they are not “going in clean/cold” as their places of residence and work are usually known. Which renders,

“Determine a non-sensitive location where devices with wireless capabilities can be secured prior to the start of any activities. Ensure that the mission site cannot be predicted from this location.”

More than a little moot for anything other than off charecter / specified activities planed well in advance supported by an existing “habit” as a “gateway behaviour”.

It means you have to in effect establish a “legand” within your own real identity and this is one of the hardest forms of field craft because of the most dangerous periods “transitions”. Trying to avoid them can mean permanently “living the legand” which is what “deep cover” or “No Official Cover” (NOC) operatives do. For most people it can be stresfull to the point of breakdown if care is not taken.

In the past before we all carried tracking beacons, most often it was only agent/handler meetings where “transitions” would happen. Thus minimising the stress by having “decompression” time etc.

That is the “case officer” / “resident” at a diplomatic mission would assume that they were under continuous surveillance for their day to day activities outside of the mission, but not inside amoungst their “read in” colleagues. Thus their first step for a case officer on going out would be to “put on” their legand and transition into “character”[1] inside the mission. Then second thing to do when outside is “to loose the hounds” as naturally as possible before meeting the agent[2].

As a modern day individual you tend to carry your own “hound” in your pocket/bag etc and this behaviour is pushed on us by social / peer / employment preasure, thus a thoughtfull person needs to establish “habits” against such preasure. One trick is “having a meeting” especially “a meeting with oneself”. That is it’s expected that phones will be turned off or be put in silent mode for a meeting. Leaving them in a locked desk draw in silent mode would thus be quite acceptable for time periods when in “meetings” even setting a VM to that effect. Thus how do you get meetings when you need them, well using “lunchtime” as an excuse to go into “meeting mode” is acceptable to most, but a trend in more recent times has been to put a meeting with yourself in your calander etc so you can get undisturbed time for concentration etc. Thus a thoughtfull person would see advantages in developing such habbits.

But with lunchtime sometimes leave your phone in your locked desk draw in the office and sometimes take it with you, also get another charger and sometimes put the phone on charge when it’s in your desk draw. Likewise don’t always go out for lunch, the habits you develop need to be like a comfort blanket not a noose.

Another habit supporting this is to sometimes pay cash sometimes pay card when you go out. But always make a note of your purchases in your diary often but not always putting the recipts in as well till the end of the week etc when you more formally write up expenditure as personal finances / expenses then sling most but not all personal recipts “in a shoe box”. Obviously expense recipts go off to finance.

The longer you have these habits, the more people will believe them if you are ever challenged in some way, but also the better organised your life will be in general so there is a plus point for them without any clandestine reason.

Those spouses with a lot more than most to loose if they get caught cheating develop such habits. As became clear when it kind of went wrong for a number of them in South Korea recently with COVID Contact Tracing apps. It was unexpected, there was a lot of peer preasure and quite a few did not think it through far enough before enabling such apps on their phones.

This tells you one important fact in life,

You have to expect the unexpected.

Which in turn means you have to know,

How to react both safely and minimally when it happens almost by instinct.

Which requires a certain advanced thinking mindset, the reason it has to be “minimally” is not only is it less obvious, but the closer to the truth it is, the harder it will be for others to challenge or find fault with.

Remember the first rule of lying is to,

Never invent, always tell some truth, just tell “your truth” from a different perspective.

Again even when telling the truth say the minimum and do it in an ambiguous fashion, and where ever possible turn an answer into a question for your interlocutor. Thus preface an acusation with “Why would I…” or “Of what possible benifit…” or “Do you realy think they…” etc etc. Oh and don’t say daft things like “I don’t remember” because that is almost always a lie and can be shown as such, even when it’s not.

There are a whole load more things people should think and plan for. But all I will say is it’s not my place to advise cheating spouses what to do (unless they are cute and cheating with me 😉

[1] Case Officers rarely if ever use their real identity for meetings with agents[2]. Even when the agent knows the Case Officer is the “commercial attache” at the foreign countries embassy that in of it’s self is almost always a “legand” used as an “Official Cover” for the real more clandestine activities.

[2] Agents are in the hierarchy of inteligence gathering the lowest form of animal life. They are after all traitors to the country they are citizens of and in all probability will come to an unfortunate end. The reasons they become traitors are many but most come under one of the “Money, Ideology, Compromise, Ego” (MICE) headings. The next level up are “Contractors” called in to do certain kinds of more specialist technical work they are essentially “guns for hire” and have “No Official Cover”(NOC) and may even be citizens of the country being spied upon such as criminal of certain types. As a rule contractors are told nothing other than relates to a specific technical task that has to be carried out at a location they might not even be aware of (ie they may get “black cabbed” in the back of a fully blacked out van etc to and from the location). Contractors are also frequently “day trippers” or “out of towners” that is they are not local by a long way to the location they are to work in, whilst they may meet an agent or a NOC operative they rarely get to see those who have Official Cover, this is so that “Arms Length Managment with Official Deniability”(ALMOD) can be maintained. Often more regular Contractors will not get payed directly they will get “Pension Advice” that is told certain shall we call it “insider trader” information to make investments with. Or if they have a solid legand as a small company etc indirect purchases will be made for consultation and similar services. However some contractors are actually “saps” that is business owners / travelers who get persuaded to “keep their eyes open or closed” for “patriotic reasons”[3]. Promises may be made to them about their safety but they are mostly worthless, however their business might get government contracts and loans and all sorts of “Business Development” funds etc to in effect keep them going and the Intel flowing back. Which leaves the more interesting “baboons” climbing the IC agency tree, those with Official Cover and those who would normally be under Official Cover but are infact “illegals” Not under Official Cover (NOCs). These people are employed directly by the national security services (IC) of the nation aquiring the intel, Official Cover is effectively “Diplomatic Immunity” NOC is “Pray to the gods with your ear to the ground” and is often “deep cover” established over many years. Those with Official Cover are “Case Officers” and above using such titles and activities as “commercial attache” etc and to many Dipplomatic Mission staff that is exactly what they are, often with only one senior mission officer knowing their real role which is most definitely kept even from the Ambassador etc. Though some “idiots” get known from having failed in basic field craft. One such was “third secretary” Ryan Fogle at the US Embassy in Moscow back in may 2013. Some intelligence or case officers however only find out when all of their agents disapear or get executed in front of others they worked with as examples etc. As happened in China when the CIA lost a number of it’s agents, the problem is to work out if it was a human or technical failing… The FBI assumed “human” but then they would, in the CIA however others point the finger at “technical” failure via the Internet. Either way the agents are dead and “the message sent” by the Chinese Intelligence Services to not just their own people but foreign nations public as well.

[3] In the UK this practice of running saps all got blown out of the water by the fallout of the US “Iraqigate”. It was started by US Customs and clashed with a George W. Bush pet project, almost compleatly ignored by the US MSM Iraqigate which gave Iraq it’s nuclear weapons project tools and parts along with Project Babylon that gave rise to the “Supergun Scandle” resulted in the UK to a number of things one of which was the collapse of the Matrix Churchill court case and likewise Sheffield Forgemasters. This turned into a mess of gargantuan proportions that even Hercules would not have been able to clean up…

Clive Robinson • August 7, 2020 8:42 AM

@ Fred,

Sometimes it helps to leave trails etc, a habit of being somewhat scatty / absent minded can be usefull as it makes predicting your behaviour difficult for observers to do much about you.

Because most of the time if you behave randomly all they gain is noise.

It’s a variation of what “close protection” details tell you about using different routes and times to go to work etc, because being predictable can get you kidnapped and killed.

With regards One Time Pads they have one or two disadvantages one of which I’ve mentioned before is their output is “to random”…

That is if anyone sees the actual OTP output they can identify it as being potentially a One Time Pad thus they will know what they are looking for.

Traditionally you do not use an OTP on it’s own but as “super encryption” that is you would use a lower grade encryption to do message encryption to make the plaintext unrecognisable as such then use the OTP for “link encryption”.

This later became “compress then encrypt” which whilst it saves bandwidth does not actually make the plaintext unrecognisable… The problem with “compression” is that there are two types. Those based on

1, Language letter frequency.
2, Message letter frequency.

As a general rule of thumb “message letter frequency” gives the greatest overall compression. However in most cases it leaves clear artifacts in the message statistics with minimal compression at the begining and greater compression towards the end. The problem with such artifacts is that they can be used as “little cracks to make bigger cracks” or like a hanging strand on the bottom of a knitted jumper give a thread by which the entire jumper can be unraveled…

Thus in certain circumstances those that work on language letter frequency have advantages. One of which is they can decompress what has very flat statistics into something that appears to have natural language statistics.

One such compression system is attributed to Russian Spys and is easy to use with pencil and paper.

In essence it converts a twenty eight charecter alphabet with natural language statistics into a stream of digits usable with a numeric One Time Pad. When used in reverse it takes the digits out of the OTP which have near totaly flat statistics and “decompresses” it back to a good approximation of natural language statistics. This gives the false impression that a simple insecure substitution cipher has been used with a transposition cipher thus misleading those attempting to break the system.

But importantly it does not look like data “encrypted” with modern encryprion algorithms. Such subterfuge has a number of advantages when it is automated systems looking to break an encryption system.

But as a note of warning,

Do not compress plaintext that is to be used with non determanistic stream ciphers like an OTP

The reason a One Time Pad is secure is that there is no determanistic relationship between each character in the pad. That is each character is independent of any previous character and also equiprobable.

This means that any plaintext message of the ciphetext length or less is “equiprobable” and not differentiable from each other.

The flip side of this is “deniability”. If I’m seen sending a message and the ciphertext is recorded, if I’m using a determanistic algorithm to encrypt a message, means that if you obtain the key you can with a very high degree of probability prove I sent the message. Which means I’m vulnerable to a failure in security at the second party I’ve sent the message to, especially if “they get turned or become a traitor”…

However with a One Time Pad, all charecters in a plaintext are equally valid. Thus if the second party suffers a securiry failing or becomes a traitor the only key they can loose / hand over is the OTP used for that message in their possession. Which means that they can not implicate you. Because you can simply provide a diferent OTP which decrypts the ciphertext to an entirely different plain text. In fact therecare tricks you can do that will in a non experts eye make your OTP look more correct or valid than the second parties OTP.

Such considerations can be important, especially when you use an OTP to make “plaintext one time messages” that are sent as apparent plain text. I’ve mentioned these before so I won’t go into them again because the explanation is lengthy but with care such systems are fairly deniable, provided you remember a few critical rules, the most important of which is not to have correlation between a message and any other parties “observable actions” or your “observable actions”.

Clive Robinson • August 8, 2020 1:58 PM

@ Peloton,

Going through 15 years of blog archives to try and piece it all together is …

Somewhat daunting/tedious?

However it’s not just individual comments but whole conversations some longer than the number of comments in other post pages.

Also some of those conversations whilst essentially saying the same basic thing do so from entirely different perspectives. Which helps give people more insight and thus ideas to apply the knowledge in other perspectives.

I guess at some point I will write it up but not sure what I’ll do with it if I do. One thing I do know is it will sure upset some people. But as history for atleast a millennium shows,that is the consequence of any independent thinking.

There is one thing I will avoid though is anything other than very simple maths to see why think of it this way,

You have two independent random streams of characters, and you XOR them together (or add them mode the charecter size). Ask yourself a question is the result any more or less random than the two independent random streams? There is an answer to this but…

Clive Robinson • August 8, 2020 11:13 PM

@ SpaceLifeForm,

You can not create entropy from thin air.

That’s a statment not a proof[1] and secondly you have replaced “random” with “entropy”.

Now try a little “semantics flip” with the original question, that is replace the word “random” with “information”. So,

“You have two independent information streams of characters, and you XOR them together. Ask yourself a question is the result any more or less information than the two independent information streams?”

After a moments thought you will realise that in this question the words random and information have the same meaning. That is the inputs to the logic gate are pertabated from a steady state by a signal that is a stochastic source that may or may not be statisticaly biased. The fact that it may or may not have meaning to an observer should not change anything.

Remember the laws of physics do not alow you to destroy information which is why we have Fredkin and Toffoli gates[2] that are reversible.

Now remember with a two input XOR gate if you take any one of the inputs forwards XORing the two outputs gives you the other original input. That is the two input XOR is in the forward direction a “Controled NOT Gate”.

Thus the output from an XOR gate can be shown to have both information inputs at it’s output as some kind of difference signal. Which most people can see fairly easily with a “graphical proof”.

The implication is thus something happens to the information from the two inputs that does not make it to the output. Effectively some inverse of the difference signal that accounts for the lost energy. The simple argument is that as work has been done the missing energy is part of the heat[3] in the logic gate substrate[4]…

Which brings us back to “entropy” in the thermodynamic sense but what of the information theoretic sense?

It all starts getting a little messy…

You start to realise that there is no such thing as “random” in effect it’s the sum of all previous interactions of information sources. At which point a dark room with a bed and a cool towel for the forehead starts looking good to most people.

Which is one of the reasons we have security problems in the first place. That is nearly all our “security proofs” are in effect superficial and based on the assumprion that underlying proofs exist and are valid

[1] Actually some would disagree with you, and say you can create what they call entropy from “thin air” or atleast the air movment in a restricted space… It’s how you get some of those minute timing differences in hard drives that some people call “entropy”.

[2] https://web.archive.org/web/20061017232512/http://www.digitalphilosophy.org/download_documents/ConservativeLogic.pdf

[3] The problem is that it “becomes heat” is only “eventually true” where eventually could be the better part of the life of the universe. That is we know that the energy is actually a signal and does not become heat untill much later when it is absorbed by a thermal mass, untill then it is a signal that is a side channel carrying the information with it. As we know photons can cross the universe carrying their signal for millions of years…

[4] Yes the words “gate” and “substrate” are “overloaded” and have different meanings depending on what level you are in the computing stack. Logic gates tend to be made of “Field Effect Transistors”(FETs) and –not bipolar junction– these days, and one of the FET’s inputs is a “gate”, the other two are known as the “drain” and the “source” and in a simple FET model they are interchangable. However in most practical implimitations they are not due to some more curious aspects of physics.

Clive Robinson • August 9, 2020 7:51 AM

@ MarkH,

I’ve never thought critically about why the word “entropy” is typically applied to the bit strings used for crypto operations

It’s a doubly borrowed term[1]. First from “Information Theory”, which borrowed it from “statistical mechanics” (Thermodynamics).

It is derived from the Greek word for “transformation” it’s a fairly new idea (about a century and a half old). In thermodynamics it is considered to be a measure of “disorder”. However in information theory it’s actually a measure of “possibility”. But it’s not realy a measure of “randomness” as most people understand “random” in part because the definition of random is usually lacking rigour and is frequently cyclic such as “it’s something that looks random” kind of one of those “you’ll know it when you see it” a definitions that have a habit of usuall being wrong[2]…

To use the lego brick analogy when you have all the bricks stuck together in one block you in effect only have one object thus the number of possibilities you have with it are minimal this is the coherent or organised state and has minimum entropy (and if you’ve done it right minimum volume). As you break the block up the the bricks are nolonger organised in a coherent singular block, not only does the volume go up the bricks have more degrees of freedom thus more “possibilities” to be organised in. When all the bricks are all seperated then you have the maximum number of possibilities.

One thing to think about, a “closed but not issolated system” like a heat sealed glass tube with a liquid like water in it. Provided their is sufficient internal volume the water can be a solid like ice, a liquid, or vapour, depending on the thermal energy crossing into or out of the closed but not issolated system. The freedom of movment is minimum when it is a solid maximum when it is a vapour, and it can cycle through these states as often as you like. However when solid the individual molecules can be in any random order, however from the perspective of entropy that is irrelevant.

[1] But to answer your original question… It’s John von Neumann’s fault 😉

When Claude Shannon derived his equation for signal attenuation effects in telephone lines (he did work for Bell after all). He was stuck for a name to call it. On chatting to John von Neumann about the problem the conversation was later related by Claude Shannon as,

I thought of calling it “information”, but the word was overly used, so I decided to call it “uncertainty”. Von Neumann told me, “You should call it entropy, for two reasons. In the first place your uncertainty function has been used in statistical mechanics under that name, so it already has a name. In the second place, and more important, nobody knows what entropy really is, so in a debate you will always have the advantage.”

Thus there you have it the most important consideration is that,

“nobody knows what entropy really is”

[2] Humans have a lot of problems with random, we like a little but mostly we hate a lot but not as much as we hate it’s absence. Donald Knuth has a discussion about it in one of his books on Tex and Fonts, regular type script as produced by typewriters look harsh and unpleasent when compared to slightly more random ways of presenting type along a line, actually better than early proportional spacing.

Clive Robinson • August 9, 2020 10:25 AM

@ echo,

The comment you are replying to is from @MarkH not me.

Clive Robinson • August 13, 2020 11:04 AM

@ SpaceLifeForm, MarkH,

As has been mentioned one way people judge entropy is by compressability.

In essence if you can find a program that will generate a chosen string with less length than the chosen string then the string is obviously compressable thus contains some measure of “redundancy”.

Well have you ever thought about how you would find such a string generating algorithm?

That is there are very many ways an arbitary string could be shortened but actually very very very few compression algorithms, and it takes very little to show they are far from optimum[1].

Well have you ever thought about how you might come up with an algorithm?

Well it took a little time to find it again but have a look at this paper, it might give food for thought,

https://arxiv.org/abs/1809.02942

[1] As an example take a block of plaintext like the text of 1984 or some such. First run it through algorithm A and make a note of the resulting compression, then do the same with algorithm B. Now try runing it through A and then the result through B, then do it the other way that is B first then A second. I used to do this years ago using a runlength compression algorithm then a dictionary algorithm. In some cases I could compress the likes of 5-15Mbyte of C source code files down enough to get on two or three floppies.