Dumb pipes and smart crypto

page: 1
1
<<   2 >>

log in

join

posted on Mar, 1 2013 @ 04:06 AM
link   
crypto is a lot more open a field for research, than i had realised,


and there is alot more interest in the study of crypto systems than i had realised.

so i would like to explain the "dumb pipe" and "smart crypto" to a different level.

when designing secure systems it is rare to start at the finish and work backwards,
but IN UCE (user controlled encryption) this is the case, as the security of the system was predicated on a new transport. the transport uses a new method to abstract the three layers of the traditional internet transport into one unified system. this requires redesigning how a different network layers communicate with each other, and allowing all the required information to flow "at one layer"

a complex algorithm was devised to allow network information from different abstract layers to be communicated in a system that compressed all this information into a logical "transport layer"

by providing a forward error correction mechanism into the new transport, the reliable transport of information could be achieved and a second co-efficient effect was available for exploit.

the reliable encode/decode cycles of encryption could also be "accounted" for and "packet order and assembly tracking could be achieved. this meant the data destined for transportation could be "verified" as it was encrypted and as it is transported and as it is delivered and unencrypted, and finally verified as it was written to the disk.

so we now have a system that can encode information and send it and verify what was received at the other end was actually what was sent with high accuracy.

one upside is that the transport is about 50% more efficient when considering the amount of packets sent compared to standard protocols, to transmit the same volume of data, = less packets of data and in a shorter amount of time.

dumb pipe,
i wont go into high level detail how the dump pipes work, but i will explain there part to play in the smart crypto part of this OP.

so we have abstracted the network layers and designed a transport with error correction and data integrity functions and provided for a software defined network, so how does two computers on the network "connect" or network together?

end to end encryption allows for two end points to "agree" on a handshake that will allow secure exchanges of "cryptographic keys" in this case SSL (secure socket layer) so that any communications are encrypted prior to transport.

"dumb pipes" or "software defined networks" was a natural consequence of the abstracted network layers and are used to apply a "routing network" or "pipe" to a destination, (abstract is a transport network layer over the top of the existing internet structure) these pipes can be thought of as a virtual PBX (private branch exchange) where the software defines the path through a virtulised, connection exchange environment.

this is why they are pipes, they allow an end to end connection "pipe" (connection) between to points without relying on the traditional network layer of the internet.

dumb pipes because the end to end nature of the connection "set up" the pipe and not the service providers hardware infrastructure and not the open protocols of the internet. in effect the system running the virtual PBX did not need to know the different protocols that would be required to pass data across the network, as it was compressed into the transport layer, and all routing and path and timing information was decided at "both ends"

smart crypto,
this is where the dump pipe meets the smart crypto.
so we have "dumb pipes" that will "connect" end points thanks to the virtualised PBX (software defined network)
how do we connect "with" the pipes in a way that is secure?
first of all if the pipe is "attacked" it is torn down, second the connection uses HTTPS (hyper text transfer protocol secure) a secure encrypted connection, to protect data.

connecting with the pipes
the HTTPS connection allows for secure "delivery" into the web browser, of the cryptographic program used to encrypt/encode the data for the new transport. the crypto hash (fingerprint) of the program is sent to the web browser and checked against what was downloaded to ensure the program was not tampered with.

this crypto program loads up in the browser, and a file or other data is feed to the crypto program, which encrypts the data and encodes the abstracted layers and compresses them and sends them over the dump pipe to the destination disk, as the encryption is carried out the forward error correction allows data integrity to be verified, as the data is transported the forward error correction allows the data to verified on delivery and on writing to the disk the froward error connection allows the data to be verified as it is written to hard disk.

it is the smart crypto that is extended (into the web browser) to the end user that negotiates the pipe

so why is it smart crypto if it uses a dumb pipe?

the smart part is UCE or user controlled encryption,
by not having the password stored on the server, only the user has access to the encryption keys,
by pushing out the encryption program each time a connection is made, the program can be updated centrally
by having a dumb pipe ONLY the user can find his data.
by having forward error correcting, the data can be transported securely without data loss
because the pipes are dumb, there is no advantage to attacking them, and they break if you do.
because only the user has the keys there is no central store of hashed passwords to be a target,

i dont write code so i cant answer any questions on that side of things,(i dont know)
but can explain the theory (up to a point) as long as specifics are not required

all in all this looks to be a strong design with plenty of room to scale and lots of promise,

so as you can see this is a ground up redesign of the delivery of encryption, from transport to routing to delivery,
except it uses the existing trusted crypto for the encode decode functions.

ie AES RSA ect

there is much i have left out, as im trying to keep it simple.
please ask questions or point out errors if you can spot them


xploder




posted on Mar, 1 2013 @ 05:35 AM
link   
The real problem is securing both ends of the communication from things like keyloggers etc and if you get control of the other end you can just read the decoded data anyway making the whole encryption of the data stream a waste of time

Then i can see the client server nature of the operation as possibly troublesome as the servers will have to instantly have to update to new versions at the same time so as not to get version mismatches where you connect to server A with version 10.1 and do something with server B on 10.2 so there would be a need to support multiple versions



posted on Mar, 1 2013 @ 12:33 PM
link   

Originally posted by Maxatoria
The real problem is securing both ends of the communication from things like keyloggers etc


a simple screen based keyboard, with multiple mouse pointers moving around the keyboard is enough to make logging passwords "problematic"


and if you get control of the other end you can just read the decoded data anyway making the whole encryption of the data stream a waste of time


in classical crypto systems you would have to defend against such problems, in this case its a chicken or egg type problem, you cant "find" the files without the key. so you cant target someone go find their file and attempt decryption without having the key in the first instance,

without having the key in the first instance, you cant access, find or decrypt the files


Then i can see the client server nature of the operation as possibly troublesome as the servers will have to instantly have to update to new versions at the same time so as not to get version mismatches where you connect to server A with version 10.1 and do something with server B on 10.2 so there would be a need to support multiple versions


updates are uniquely handled on this system,
as a centrally managed resource only 1 update is required to go from 10.1 to 10.2, on server A
there is no software on server B that requires updating (other than crypto libraries)

so to push out an update to server B, you retool server A with the update, and reconnect.
its as simple as that


no need to install software or complete compatibility testing for server B
just update A and reconnect B, all done without installs updates or patches

xploder



posted on Mar, 1 2013 @ 01:16 PM
link   
Given that some sort of software will need to be pushed to the browser somehow the protection on this point of failure would be the most important as if i have root access on the server i could recompile the client parts required and give them a new client number so they can be updated and in theory i've got a screen grabber/mouse tracker/key logger piece of code or if i'm really idle i just slap a few lines of code in just to pass the password/private key which are both held in memory at relevant points in the clients memory and slap then down the encrypted path where they'll be decoded and slapped into a text file ready for harvesting as my altered copy of the server code will look for certain code patterns to know the next x bytes are the password and then the next y are the private key

In a perfect world the system would provide a very secure end to end transport mechanism but without absolute control and security of both ends its very open to abuse and even if everything has to be signed off by some organization then what happens should they get hacked and the private keys get released



posted on Mar, 1 2013 @ 01:53 PM
link   

Originally posted by Maxatoria
Given that some sort of software will need to be pushed to the browser somehow the protection on this point of failure would be the most important


correct, but you have to take into account the "time factor" there is a very limited amount of time to attack the delivery method


as if i have root access on the server i could recompile the client parts required and give them a new client number so they can be updated


if you have root access you can break most crypto, if you cant even get root in the first place then this point is moot.


and in theory i've got a screen grabber/mouse tracker/key logger piece of code


what about a security token/reader?


or if i'm really idle i just slap a few lines of code in


you attempt would "break" the connection


just to pass the password/private key which are both held in memory at relevant points in the clients memory and slap then down the encrypted path where they'll be decoded and slapped into a text file ready for harvesting as my altered copy of the server code will look for certain code patterns to know the next x bytes are the password and then the next y are the private key


try this attack on mega.co.nz and tell me how far you get



In a perfect world the system would provide a very secure end to end transport mechanism but without absolute control and security of both ends its very open to abuse


the only failure point is the end user, if they give up the key, it is secure end to end by design.


and even if everything has to be signed off by some organization then what happens should they get hacked and the private keys get released


there is no need to trust third parties past the initial confirmation of server identity.
ie the web sight is not a phinishing web sight.

with a short url it makes it difficult to fool users


xploder
edit on 1/3/13 by XPLodER because: (no reason given)



posted on Mar, 1 2013 @ 02:07 PM
link   
reply to post by Maxatoria
 


the system has been developed so that even "untrusted" servers cannot compromise the internal network.
8 weeks now without any theoretical attacks explained or demonstrated

xploder



posted on Mar, 1 2013 @ 02:56 PM
link   
The truth is that if i was so interested in your data stream i'd probably be a government agent and at that point there would probably be a court order allowing me access to the server side or possibly even allow me to enter a property to slap a key logger onto the system and its game over and for those who are in it for more profitable concerns just inverting the bitstream would probably be enough to put them off never mind 1000's of cpu cycles of encoding/decoding a stream of data that may just be you posting another cat photo onto facebook etc



posted on Mar, 1 2013 @ 03:23 PM
link   

Originally posted by Maxatoria
The truth is that if i was so interested in your data stream i'd probably be a government agent and at that point there would probably be a court order allowing me access to the server side or possibly even allow me to enter a property to slap a key logger onto the system and its game over and for those who are in it for more profitable concerns just inverting the bitstream would probably be enough to put them off never mind 1000's of cpu cycles of encoding/decoding a stream of data that may just be you posting another cat photo onto facebook etc


the idea is a privacy by design system that protects your privacy while complying with the law,
any law enforcement requests would be processed as required by law.
the system is not designed for criminal behaviour it is designed for privacy.
the need for privacy should not be confused for criminal behaviour.
not everyone who has a need for privacy is a criminal.
in my country personally identifying information must be encrypted in flight and in storage.
it is now a commercial reality that privacy in the form of encryption is required when transmitting and storing other peoples information or data.

TO PROTECT FROM EXPENSIVE FINES FOR DATA BREACHES OF PERSONAL INFORMATION

you seem to think this was intended for criminality when the truth is this was designed to remove liability from legislation that makes the cloud storage enterprise liable for losses of personally identifiable information.

to be compliant with legislation and easy to use the system was designed so that it complied with government mandates on privacy and security, otherwise there would be no market for government storage and there would be exposure to liability for data security breaches.

the system must comply with legislation, law enforcement and security minimums.

in effect this is about protecting privacy of individuals, in a manner that complies with law.

the system is simply filling the legislative requirements in a novel manner.

xploder



posted on Mar, 1 2013 @ 03:59 PM
link   
reply to post by Maxatoria
 


with the long list of large public companies being hacked getting longer every day and more and more private data being exposed, the need for this service will continue to grow.

the implementation is to protect people and institutions not criminals.
and as the state of computer security continues to favour hackers,
in a never ending cat and mouse game,

someone needs to level the playing feild in favour of security professionals, and rise the bar for security by recognising that most breaches are from circumventing security and attacking the user.

without privacy for users, they can be data mined and social engineering can allow "crafted attacks" and phinising attacks on individuals that use secure networks.

for any real secure networks, the users MUST have privacy to prevent any usable info from being gleaned from there interaction over the internet.

you dont hack a secure server with code, alone
you use a social engineering hack on the user.

this is only possible when the user has no privacy.

privacy closes the door on the human user attack vector

xploder



posted on Mar, 1 2013 @ 04:22 PM
link   
reply to post by Maxatoria
 


a good example for this is phinishing attacks,
they happen every day BECAUSE of a lack of simple privacy for individuals,

secure the privacy of users and phinising attacks become less effective by orders of magnitude

xploder



posted on Mar, 2 2013 @ 12:35 AM
link   
By storing hashes of the password, this is a form of UCE. As website administrator or hacker it is extremely difficult, highly computational and time expensive to find out what the password is. As administrator, the best that can be done is to reset it if the user forgets it. If you are concerned about the strength of hashing then adding a SALT to it can improve the resilience, which basically expands the password length.

Since most websites contain material that is in the public domain as it is accessible by the public, there is no need for encryption of this data, these posts are one example. The users email address is one general piece of data that is personal, but does require administration access to it to assist with duties and communicate to the user, so UCE does not work in this case.

In trying to implement some form of UCE there are also privacy issues to contend with. What if the user does not want cookies stored on their machine? hacking cookies is also fairly easy as well. As a programmer I have also decided to avoid _javascript as well due to perceived threats of possible security implications and assist with website accessibility, all of which make implementation of a UCE a little tougher.

The internet is very much a communication tool between two or more parties and in such cases UCE does not make a good fit. Banking data is also another example where UCE will not fit as there are multiple parties involved with the transactions and all require at least some access to the information to perform and verify the transaction. SSL works well here because it is based on a shared key between the client and server, certificate authorities also help defend against man in the middle attacks. Even with Bitcoin, it is more of a Community Controlled Encryption than User Controlled.

Where UCE does excel is when using the internet to archive and store personal information. Any information you post or machine connected to the internet does effectively become public domain due to the networking capability of the internet. Programming controls, privacy legislation and corporate responsibilities help in limiting and directing access, but for an elite and well resourced hacker not much is out of reach. For a user to take sole responsibility of the encryption process is not something I would trust my mum with, nor would she want it.

But there is very much an audience that does want to make sure there online backups are secure and accept responsibility for this. To store a back up copy of my business records on line is a great example and use of UCE. It helps fulfill my tax obligations by providing insurance in case my house get taken out by flood or fire and destroys all my onsite equipment and records as well as defending against corporate espionage as there is money in business secrets.

As Mega uses this model and continues off its public reputation, pirates will continue to use the site to share material with sharing keys now another part of the process. As databases of the keys and material become more public then the copyright enforces will start to step in again as the games go on.



posted on Mar, 2 2013 @ 03:06 PM
link   
reply to post by kwakakev
 


UCE is more than just a User Access Control platform,
it is a software defined network that is flexible, fast and secure,

it is faster and cheaper to deploy and faster and cheaper to maintain,
security admin and storage admin costs are reduced,

it transfers data faster at a smaller cost in terms of bandwidth,

you can use private key for private storage (encrypted storage) or public key for public facing web-sights. (decrypted at storage server)

it costs less bandwidth, time and admin.

you have to look at the whole system, to get how it works.


video cuts out at 14mins but this explains the integrated nature of the whole system.

it is a new way to deliver information, (platform) rather than just a bolt on service or tool to manage connections.

it will lower the cost to store and distribute information,
because information is handled more efficiently hardware overhead is also lower.

in large content environments these factors could add up to be a large saving for the provider.

it can be conceptualised as an "end to end" content delivery network that combines management storage and delivery of content in one step under one protocol.

xploder



edit on 2/3/13 by XPLodER because: (no reason given)



posted on Mar, 2 2013 @ 03:50 PM
link   
reply to post by kwakakev
 



But there is very much an audience that does want to make sure there online backups are secure and accept responsibility for this. To store a back up copy of my business records on line is a great example and use of UCE. It helps fulfill my tax obligations by providing insurance in case my house get taken out by flood or fire and destroys all my onsite equipment and records as well as defending against corporate espionage as there is money in business secrets.


back up images, tax forms, insurance forms, company records, medical files, would be commonly stored,
but user generated content would also be popular. photos, video of family and friends,
even cat pictures



As Mega uses this model and continues off its public reputation, pirates will continue to use the site to share material with sharing keys now another part of the process. As databases of the keys and material become more public then the copyright enforces will start to step in again as the games go on.


a simple metric of user generated content would show that the majority of use was for "personal private use",
or another metric would be files uploaded and then never downloaded,

people are prolific content generators, they are constantly taking photos and collecting data they wish to keep.
you cant deny them secure storage because some people post movies for download,

it is my hope that pirates stay away from mega, and that mega can supply secure bulk storage for governmental records in a way with reduced complexity and lower costs. the savings over existing models would be significant.

xploder



posted on Mar, 2 2013 @ 04:25 PM
link   
reply to post by kwakakev
 



By storing hashes of the password, this is a form of UCE. As website administrator or hacker it is extremely difficult, highly computational and time expensive to find out what the password is. As administrator, the best that can be done is to reset it if the user forgets it. If you are concerned about the strength of hashing then adding a SALT to it can improve the resilience, which basically expands the password length.


this should raise your eyebrows,

"Another online company has had its security compromised. Today Evernote posted on their blog that they're issuing a service-wide password reset because of suspicious activity on their network. They say an unknown intruder gained access to usernames, email address, and encrypted passwords. Even though the passwords were hashed and salted, they're doing the password reset as a precautionary measure. Nevertheless, it's a good reminder to keep a close eye on who you keep your data with in the cloud. Nothing is totally secure; it's always a compromise between security and convenience."


it.slashdot.org...

this is really bad PR and there should not be a compromise between security and convenience.

xploder



posted on Mar, 3 2013 @ 05:16 AM
link   
reply to post by XPLodER
 


Absolute security will never be achievable so there is always a compromise and its where those compromises are made that will possibly allow people into the system, having done helldesk support i can tell you that some people couldn't remember their password even if it was their first name so any system like UCE for them would be a waste of time.



posted on Mar, 3 2013 @ 08:19 AM
link   


the crypto hash (fingerprint) of the program is sent to the web browser and checked against what was downloaded to ensure the program was not tampered with.


Many crypto hashes have some kind of relatively infrequent collision, probably not an issue for applications like authenticating internet payments etc. but for serious applications such as NWO league communications you would not want any chance of ambiguity.

Back during WW1 the PTB were using a shared transatlantic cable (dumb pipe) to communicate. Obviously securing their communications would have been of paramount concern. The British end of the cable near Lands end had the capability to eavesdrop, and a cryptographic unit known as "Room 40" of the Admiralty Headquarters attempted to sort the coded messages. Apparently the Germans were using a simple Pseudo Random Number generator to salt some of their messages, EG "code 0075". Looked fairly effective by 1914 standards, as long as the PRNG algorithm was not compromised or reused to salt multiple cables.

The Germans however by necessity reused the same salt algorithms. For example they did not replace codes captured on the cruiser Magdeburg when it ran aground off the Estonian coast in August 1914? Perhaps this was because the lack of a secure channel prevented key distribution, or the large number of intended recipients for coded messages made such a venture complicated.

Now to stay on topic we fast forward to dumb pipes and smart crypto in the age of the internet. We realize any and all content could be intercepted and analyzed by a modern day "room 40". Obviously we should know our limits and not expect much private communication, we are after all just monkeys in the ATS zoo.



posted on Mar, 3 2013 @ 01:39 PM
link   

Originally posted by Maxatoria
reply to post by XPLodER
 


Absolute security will never be achievable

you must match the threat model to the level of security required required by law.
quantum computation removes the possibility of dealing in absolutes.
ubiquitous encryption is a problem to hackers.


so there is always a compromise and its where those compromises are made that will possibly allow people into the system,

you must take into account the "dumb pipe" nature of the connection,
i wont explain in detail but the security model is more "holistic" than just encryption




having done helldesk support i can tell you that some people couldn't remember their password even if it was their first name so any system like UCE for them would be a waste of time.


lol hell desk


there is a trick of the memory that can be used, people can store much more recallable information in metal pictures, than in letters or phrases.
some people use this method to study for tests, a picture can be used to help "recall" password information.

xploder



posted on Mar, 3 2013 @ 02:04 PM
link   
The dumb pipe method can just be recorded and worked on afterwards and as there is no change to the data stream it will be easy to use wireshark or something similar to record the data stream from a mid point should you decide to brute force an attack (some one with a few billion years or a very lucky guess on the keys needed)

and as for using pictures to help people remember stuff in a corporate environment you just probably increased the use of "big boobs" as a password by using some topless model stuck to the side of a monitor in the warehouse



posted on Mar, 3 2013 @ 02:16 PM
link   

Many crypto hashes have some kind of relatively infrequent collision, probably not an issue for applications like authenticating internet payments etc. but for serious applications such as NWO league communications you would not want any chance of ambiguity.


SHA 3 is ready to be implemented if SHA 2 is broken,
you cant prevent collision, but you can reduce its effectiveness.

more study of the design would be required before its use in high level applications


Back during WW1 the PTB were using a shared transatlantic cable (dumb pipe) to communicate. Obviously securing their communications would have been of paramount concern. The British end of the cable near Lands end had the capability to eavesdrop, and a cryptographic unit known as "Room 40" of the Admiralty Headquarters attempted to sort the coded messages. Apparently the Germans were using a simple Pseudo Random Number generator to salt some of their messages, EG "code 0075". Looked fairly effective by 1914 standards, as long as the PRNG algorithm was not compromised or reused to salt multiple cables.


with finite resources, and exponential expansion of use this becomes a problem
any pattern of use provides problems


The Germans however by necessity reused the same salt algorithms. For example they did not replace codes captured on the cruiser Magdeburg when it ran aground off the Estonian coast in August 1914? Perhaps this was because the lack of a secure channel prevented key distribution, or the large number of intended recipients for coded messages made such a venture complicated.


military level encryption has a different function to ubiquitous encryption,
in this use case the key distribution is easy, so different keys can used for each session, this prevents ongoing compromise of shared keys.


Now to stay on topic we fast forward to dumb pipes and smart crypto in the age of the internet. We realize any and all content could be intercepted and analyzed by a modern day "room 40". Obviously we should know our limits and not expect much private communication, we are after all just monkeys in the ATS zoo.



there are indications that deep packet inspection technology is cheep enough now so that most governments if they wanted to can "inspect" huge volumes of traffic, you can even outsource the management of such services to providers with larger compute resources.

it used to be that individuals were targeted with a government run "man in the middle" attack,
you cant get privacy from that,
but now they target everyone with "a man in the middle" of the whole network

but criminal hackers dont have these resources at their disposal,
and individuals who encrypt their data are much more expensive to target.

an ATS mod once said,
anything you do online is not private, i looked into it an they were right,
you cant have a right to privacy if anyone can view your activities online.

this style of encryption gives you "implied" privacy rights, you have a right to privacy in the same manner as a company using encryption, and the legal protection that comes with that use.

weather governments can "crack" the encryption is secondary to the escalated legal protections provided.

the threat model is not governments, its criminals
although strong encryption and good design might prove a help to securing infrastructure FOR governments.

xploder



posted on Mar, 3 2013 @ 02:39 PM
link   

Originally posted by Maxatoria
The dumb pipe method can just be recorded and worked on afterwards and as there is no change to the data stream it will be easy to use wireshark or something similar to record the data stream from a mid point should you decide to brute force an attack (some one with a few billion years or a very lucky guess on the keys needed)


are you suggesting a "mutating" encryption algorithm?
the nature of the dumb pipe network allows for much greater "real time control" of data streams within the infrastructure, externally to the network all you can do is "collect" data that is encrypted,
a man in the middle attack, good luck with decrypting large volumes of data, to cross correlate individual "data streams"

another point is the dumb pipes, are only dumb to the user and not to the admin staff,
attack the pipe and you would alert the security admin staff "in real time"


and as for using pictures to help people remember stuff in a corporate environment you just probably increased the use of "big boobs" as a password by using some topless model stuck to the side of a monitor in the warehouse


mwahahahahahaha.

human nature, i guess some corporate women would use "hot fireman" as there password lol

there would also be problem with
"can i haz chesseburger"

lol

xploder





new topics
top topics
 
1
<<   2 >>

log in

join