uncompiled.com

Quantum cryptography only works if Alice and Bob share their relative positions in advance. Now physicists have worked out how to do it without this information.

The world of cryptography is currently undergoing a quantum revolution. The weird laws of quantum mechanics allow cryptographers to create codes that guarantee perfect secrecy. Until recently, the best cryptographers could aim for was just pretty good secrecy with codes that were always compromised in some way or another. Quantum cryptography, on the other hand, is perfect: theoretically and practically secure.

A few companies have even sprung up to sell the gear that can send perfectly secure messages, mainly to banks and governments (although the gear itself creates some loopholes that eavesdroppers can attack).

But it’s still early days for this technology and naturally it suffers from several drawbacks. For example, one well known limitation is that quantum cryptography can only be used over point-to-point connections and not through networks where data has to be routed. That’s because the routing process destroys the quantum properties of the photons used to secure messages.

A lesser known limitation is that the sender and receiver of quantum encrypted messages–the famous Alice and Bob–must be perfectly aligned so that they can carry out well-defined polarisation measurements on the photons as they arrive. Physicists say that Alice and Bob must share the same reference frame.

That’s not so hard to do when Alice and Bob are both based in labs on the ground. But it’s much harder when one or the other is moving, in a satellite, for example, which would be both spinning and orbiting the Earth.

Today, Anthony Laing from the University of Bristol and a few pals show how to get round this. The trick is to use entangled triplets of photons, so-called qutrits, rather than entangled pairs.

This solves the problem by embedding it in an extra abstract dimension, which is independent of space. So as long as both Alice and Bob know the way in which all these abstract dimensions are related, the third provides a reference against which measurements of the other two can be made.

That allows Alice and Bob to make any measurements they need without having to agree ahead of time on a frame of reference. There is one proviso: Alice and Bob cannot move too quickly during the measurements since this changes their relative orientation and a new qutrit will be needed to establish a reference.

That’ll be useful for quantum encryption over satellite links, the kind of thing that government agencies and the military might want to do. But there’s another, more valuable application.

If quantum encryption is ever to be widely used, it’ll need to work between one microchip and another without the need to share a frame of reference in advance. That’s always been a problem because the chips inside computers are constantly on the move (relative the the wavelength of light) and because photon polarisations drift as they move through optical fibres, introducing another source of error.

That’s why quantum cryptography that is reference frame independent is an enabling technology and so potentially hugely valuable. It means that Laing and co may have made one of the key breakthroughs that will bring quantum cryptography to the masses.

Ref: arxiv.org/abs/1003.1050: Reference Frame Independent Quantum Key Distribution

Source

The most common digital security technique used to protect both media copyright and Internet communications has a major weakness, University of Michigan computer scientists have discovered.

RSA authentication is a popular encryption method used in media players, laptop computers, smartphones, servers and other devices. Retailers and banks also depend on it to ensure the safety of their customers’ information online.

The scientists found they could foil the security system by varying the voltage supply to the holder of the “private key,” which would be the consumer’s device in the case of copy protection and the retailer or bank in the case of Internet communication. It is highly unlikely that a hacker could use this approach on a large institution, the researchers say. These findings would be more likely to concern media companies and mobile device manufacturers, as well as those who use them.

Andrea Pellegrini, a doctoral student in the Department of Electrical Engineering and Computer Science, will present a paper on the research at the upcoming Design, Automation and Test in Europe (DATE) conference in Dresden on March 10.

“The RSA algorithm gives security under the assumption that as long as the private key is private, you can’t break in unless you guess it. We’ve shown that that’s not true,” said Valeria Bertacco, an associate professor in the Department of Electrical Engineering and Computer Science.

These private keys contain more than 1,000 digits of binary code. To guess a number that large would take longer than the age of the universe, Pellegrini said. Using their voltage tweaking scheme, the U-M researchers were able to extract the private key in approximately 100 hours.

They carefully manipulated the voltage with an inexpensive device built for this purpose. Varying the electric current essentially stresses out the computer and causes it to make small mistakes in its communications with other clients. These faults reveal small pieces of the private key. Once the researchers caused enough faults, they were able to reconstruct the key offline.

This type of attack doesn’t damage the device, so no tamper evidence is left.

“RSA authentication is so popular because it was thought to be so secure,” said Todd Austin, a professor in the Department of Electrical Engineering and Computer Science. “Our work redefines the level of security it offers. It lowers the safety assurance by a significant amount.”

Although this paper only discusses the problem, the professors say they’ve identified a solution. It’s a common cryptographic technique called “salting” that changes the order of the digits in a random way every time the key is requested.

“We’ve demonstrated that a fault-based attack on the RSA algorithm is possible,” Austin said. “Hopefully, this will cause manufacturers to make a few small changes to their implementation of the algorithm. RSA is a good algorithm and I think, ultimately, it will survive this type of attack.”

Source

Cryptographers are expecting several of the major cryptographic systems in use today to be broken in the near future.

In the Cryptographers Panel session at the RSA Conference Tuesday, Adi Shamir said that he is working with a team of researchers who have put together a paper that describes an attack that will break AES 128 within 10 rounds.

“And if you go to AES 256, we can break the entire cryptosystem,” Shamir said.

Shamir, one of the inventors of the RSA algorithm, was speaking on the panel with Ron Rivest, Brian Snow of the National Security Agency, Martin Hellman of Stanford University, Whit Diffie, and Ari Juels of RSA Security. The panel, which is an annual event at the RSA Conference, usually provides some of the more interesting anecdotes of the conference, and this year’s was no exception.

In addition to the work against AES, which is the encryption standard used in many cryptosystems today, Rivest said that he expects 1024-bit RSA encryption to be broken relatively soon.

“I expect that RSA 1024 will be broken within a decade,” Rivest said. “People should start moving to 2048 soon.”

Rivest, a professor at MIT who worked with Shamir and Len Adleman to design the original RSA algorithm, also said that he still gets email and calls from people wanting to use the MD5 hash function, which he designed in 1991. MD5 was widely used, but has been shown to have several weaknesses in recent years.

“I always say to them, ‘Don’t you understand that MD5 is an extinct hash function? It’s dead,’” Rivest said.

Juels, chief scientist at RSA Labs, moderated the panel and asked all of the speakers whether they had ever done anything foolish.

“I’ve rarely done anything else,” Diffie said, which got a nice laugh from the crowd.

Hellman took the question a bit more seriously, but essentially echoed Diffie’s answer, saying that his original research with Diffie in the 1970s that led to the invention of public-key cryptography was looked at as a black hole when they started it.

“I was told by all of my colleagues that cryptography was a waste of time. The NSA had a massive budget, we didn’t know how big at the time, and they had been working on the problem for decades. We were told there’s no way we’d discover anything that they hadn’t already found, and if we did, they’d classify it,” Hellman said.

Source

Encryption is an essential element of any data protection plan. It applies from the employee desktop to the data center and the cloud, and all points in between. IT organizations are adding cryptographic measures to maintain consumer privacy, preserve data integrity, avoid data loss, prevent intrusions, and address compliance demands. Each new data protection technology contributes to a growing volume of keys that need to be managed, and fractures the hope of maintaining control.

PGP® Key Management Server provides organizations with the infrastructure and tools to manage large scale deployments of encryption keys and certificates. Instead of using proprietary standalone key repositories or custom single purpose tools, PGP Key Management Server delivers a better approach to managing encryption keys by starting with a design core around supporting different types of keys, trust models and applications.

* Pare down operational cost and complexity – Maintaining multiple key repositories requires extensive labor, resources, and expertise. PGP Key Management Server simplifies the environment with a consistent administrative interface.
* Reduce risk of unrecoverable data – Ensure that dependable key recovery methods are in place before the need arises.
* Prevent unexpected downtime – Unanticipated certificate expirations can bring business to a standstill. Automate certification updates and eliminate certificate accidents that lead to system outages.
* Stay in control – IT leaders need to know if their security policy matches reality. Key management helps organizations account for encryption keys throughout their environment and demonstrate proof of compliance.

PGP Key Management Server provides a versatile foundation to centralize management of encryption throughout the enterprise to help organizations take control over their encryption keys, strengthen security, and reduce operational cost.

Source

Cryptographers have broken the proprietary encryption used to prevent eavesdropping on more than 800 million cordless phones worldwide, demonstrating once again the risks of relying on obscure technologies to remain secure.

The attack is the first to crack the cipher at the heart of the DECT, or Digital Enhanced Cordless Telecommunications, standard, which encrypts radio signals as they travel between cordless phones in homes and businesses and corresponding base stations. A previous hack, by contrast, merely exploited weaknesses in the way the algorithm was implemented.

The fatal flaw in the DECT Standard Cipher is its insufficient amount of “pre-ciphering,” which is the encryption equivalent of shaking a cup of dice to make sure they generate unpredictable results. Because the algorithm discards only the first 40 or 80 bits during the encryption process, it’s possible to deduce the secret key after collecting and analyzing enough of the protected conversation.

“This standard, as with everything else we have broken, has been designed some 20 years ago, and it is proprietary encryption,” said Karsten Nohl, one of the cryptographers who helped devise the attack. “It relied on the fact that the encryption was unknown and hence could not be broken. This is a case where something that has some potential for being strong is broken by just this one design decision that in any public review would have been spotted immediately.”

Nohl, 28, is the same University of Virginia microscope-wielding reverse engineer to crack the encryption in the world’s most widely used smartcard. In December, he struck again after devising a practical attack for eavesdropping on cellphone calls.

He and fellow researchers Erik Tews of the Darmstadt University of Technology and Ralf-Philipp Weinmann of the University of Luxembourg, plan to present their findings Monday at the 2010 Fast Software Encryption workshop in Korea.

Like several of Nohl’s previous hacks, it began with nitric acid and an electron microscope. After dissolving away the epoxy on the silicon chip and then shaving down and magnifying the section dedicated to the DECT encryption, he was able to glean key insights into the underlying algorithm. He then compared the findings against details selectively laid out in a patent and exposed during a debug process.

The results of all three probe methods revealed the fatally insufficient amount of pre-ciphering in the DECT Standard Cipher.

In practical terms, the attack works by collecting bits of the encrypted data stream with known unencrypted contents. In cordless phones, this often comes from a device’s control channel, which broadcasts a variety of predictable data, including call duration and button responses. Sniffing an encrypted conversation with a USRP antenna and the average PC, an attacker would need to collect about four hours of data to break the key in typical scenarios.

In others – such as where DECT is used in restaurants and bars to wirelessly zap payment card details – the time needed to crack the key could be dramatically shorter, Nohl said. The time can also be sped up in a variety of other ways, including by adding certain types of graphics cards to beef up the power of the attacking PC. In some cases, the attack can retrieve the secret key in 10 minutes.

“We expect that some smarter cryptographers than ourselves will find better attacks, of course,” Nohl told El Reg. “We found the algorithm and then implemented the first attack. It’s almost guaranteed that this is not the best attack.”

The DECT Forum, the international body that oversees the standard, said it takes the attack scenarios laid out in the paper seriously and “continues to investigate their applicability.”

The crack of DECT is only the latest time Nohl has defeated the proprietary encryption of a device with critical mass. His 2008 attack on the Mifare Classic smartcard used similar techniques of filing down a silicon chip and then tracing the connections between transistors. His proposed attack of GSM encryption affects cellphones used by more than 800 carriers in 219 countries. ®

Source

Researchers have decomposed a 768-bit number with 232 decimal places into its two prime factors and published a paper with their results. The number is the string released as “RSA-768″ under the now defunct RSA Challenge. As a result, RSA encryptions with 768-bit keys must, from now on, be considered cracked.

It took the team of researchers from Switzerland, Japan, Germany, France, the US and the Netherlands about two and a half years to perform the factorisation. The first step of the calculation, polynomial selection, required half a year on a cluster consisting of 80 PCs, while the second and considerably more labour-intensive sieving step took about two years on a cluster of several hundred computers. According to the researchers, a single Opteron processor with 2 Gbytes of RAM would have needed about 1,500 years to complete the sieving step.

As RSA-512 was cracked about a decade ago, the researchers assume that the computing power required to master RSA-1024 is likely to become available in about ten years. They therefore recommend that all 1024-bit RSA keys be decommissioned by 2014 at the latest.

Source

There are lots of good reasons for IT leaders to pay attention to even the finest details of encryption policies. One of the more practical is that encryption’s a board-level concept. As in, the board of directors will feel no hesitation in second guessing decisions not to encrypt data that ends up exposed.Which makes the findings in this week’s cover story on encryption all the more surprising.

Based on exclusive InformationWeek Analytics research, it finds nearly all companies use some encryption, but only 14% says it’s pervasive at their companies. A fourth have database table-level encryption. And about 3 out of 5 companies don’t encrypt mobile devices, despite their habit of disappearing loaded with confidential data.

Source

Crypto pioneer and Sun Microsystems’ veteran chief security officer Whitfield Diffie has left the company, with database-giant Oracle’s acquisition still in the air.

According to Technology Review, Diffie is slated to be a visiting professor at Royal Holloway, University of London, after 18 years at Sun, latterly in the high-profile security role as chief security officer.

It’s unclear why Diffie left Sun and whether his exit was related to Oracle’s pending take over or recent layoffs. Oracle, as ever, declined to comment. Diffie, if you’re reading, drop us an email.

Diffie is famous for his ground-breaking invention of public key cryptography – PKI – in 1975. PKI today is taken for granted because it’s used so widely to protect emails, documents, and commerce in every-day online communications and business.

It’s worth remembering that it was Diffie who helped make this a reality. He sparred with spooks and US politicians, as the government attempted to limit who could use crypto in the interests of “national security.”

Diffie joined Sun in 1991 and in 2002 was named chief security officer, with the mission of leading a global initiative to evangelize Sun’s security offerings. He was also tasked with talking about major issues in relation to technology security.

Source

A team of researchers has discovered what they think could be a flaw that leaves AES encryption open to attack. The technique has only been shown in a theoretical setting; in practice, such a hack would be very difficult to pull off. Still, such a finding could bring into question the faith that’s been placed in AES — and spur new innovation to make encryption even better.

In the field of computer technology, some topics are so frequently and fiercely disputed that they almost resemble religious feuds — Mac vs. PC, for instance, or open source vs. proprietary software.

Other topics, though, don’t see nearly the same level of high-profile debate. Take the invulnerability of AES (the Advanced Encryption Standard) encryption, for example. Governments and businesses place a great deal of faith in the belief that AES is so secure that its security key can never be broken. However, a team of researchers from Germany, France and Israel has recently demonstrated what may be an inherent flaw in AES — theoretically, at least.

So how secure is AES really? Is AES now vulnerable to a new attack, as the researchers claim?

Maybe yes, and maybe no. The research is mainly theoretical. Still, as technology evolves, successful attacks against AES may turn up, and they may be difficult to ignore.

“Can somebody repurpose and weaken the strength of the AES algorithm? Yes. That’s what cryptographers do. But we don’t have to worry about AES being weakened anytime soon. Still, AES in theory has flaws. The bottom line is that AES isn’t broken,” Ozzie Diaz, president and CEO of wireless security firm AirPatrol, told TeckNewsWorld.

Source

Forget what you’ve learned about password security. A simple pass code with nothing more than lower-case letters may be all you need – provided you use 12 characters.

That’s the conclusion of security consultant David Campbell, who calculated the cost of waging a brute-force attack on various types of passwords using cloud computing services offered by Amazon.

Based on hourly fees Amazon charges for its EC2 web service, it would cost more than $1.5m to brute force a 12-character password containing nothing more than lower-case letters a through z. But user beware, an 11-character code costs less than $60,000 to crack, and a 10-letter phrase costs less than $2,300.

Source