Cryptocracy

I've been hard to get in touch with for the past 6 months for all kinds of reasons.

As of today I have made it back to inbox zero which means I'll actually answer my email again.

Hey, I might actually start blogging a bit again too.

Song about my upcoming Digital Identity Management presentation

Fri, 10 Oct 2008 15:23:55 GMT

I wrote a geek ambient rendition of my new cryptographic protocol: the Time Capsule.

Listen to it. Leave a comment.

Time Capsule by cryptocrat

Patent evaluations take energy

Tue, 02 Sep 2008 09:24:39 GMT

Whew,

I just finished my second patent evaluation in two weeks. I am exhausted.

Two geeky tunes

Wed, 27 Aug 2008 14:09:35 GMT

It's been a while since I last posted any of my music.

Today I put up a couple of new ones on my music page.

I have finally decided to embrace my nerd, and both pieces are quite geeky. The first one "commitment" is about components of the identity mixer cryptosystem with which I work. The extra secret geek factor is that many of the samples are transmissions from RFID credit cards that I captured with an oscilloscope and then used matlab to convert into audible frequencies. Other instrumentation includes Juno 106 analog synth and shortwave radio.

The other new piece "Atmospheric Robots" is the second in a planned trillogy of songs about terreforming robots that get infected with extraterrestrial malcode, destroy our space colonies and then head for earth. In this second piece humanity starts fighting back by debugging some captured robots. These robots were created to build an earth-like atmosphere for the moons of Jupiter, and have a semi-autonomous flocking behavior that make them our best hope for regaining some control and defending earth.

If you have any feedback, please share it. Just like an evolving draft of a paper, I like an external perspective on my tunes.

I've posted some new tunes

Tue, 20 May 2008 13:52:07 GMT

Hey folks! I've uploaded some of my new tunes. Give them a listen at http://cryptocracy.net/tshb/music.html

Please let me know what you think.

Anyone going to be in Munich on May 16th?

Mon, 14 Apr 2008 10:38:34 GMT

Hey folks!

I'm planning to see the Notwist play in Munich next month. Anyone else going to be in Germany around that date?

Also, following the example of a couple of friends I have started using Dopplr when I have a trip scheduled. If you want to know where and when I am traveling consider adding me as a Dopplr contact.

My blog is moving, please update your links

Wed, 20 Feb 2008 13:52:27 GMT

Hey folks!

My blog is undergoing a significant upgrade, and is moving to http://cryptocracy.net If you are a podcast subscriber, don't worry, the feed will continue to operate as before. If you currently get me on your friends page, please subscribe to the new blog via this link: Subscribe to cryptocracy blog

What is this upgrade you ask? I am opening up my blog to a set of excellent contributers in the field of security and privacy research. The new members of the cryptocracy will post their own blog entries, contribute to the podcast, and otherwise conspire in the ongoing plans for global domination.

See you over at the new site!

Cryptocracy Podcast: Interview with Ian Goldberg

Sun, 17 Feb 2008 14:56:02 GMT

Listen to this episode

Subscribe to the cryptocracy podcast

This week’s guest is Ian Goldberg with whom we discuss his observations on the evolution of the field of Privacy Enhancing Technologies and his recent work in the sub-field of Private Information Retrieval.

I also narrate this week's Anonymity Bibliography paper of the week: Compact E-Cash, by Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya. (BibTeX) (PDF)

Acknowledgements

Musical segue: Nightcrawler	CJACKS via Podsafe Audio
Album photograph by	Jacob Appelbaum

Please let me know if you are having trouble downloading the podcast

Thu, 14 Feb 2008 07:41:32 GMT

Dear listeners,

Please let me know in a comment here or an email to anonadversary@gmail.com if you are having trouble downloading episodes.

I am hosting my media files on archive.org because I respect their mission, but in the last week I have had a lot of trouble reaching their servers from Zürich, but not from my servers in the U.S. and I don't know whether this is a problem local to Zürich or to Europe in general.

Cryptocracy Podcast Episode 2

Mon, 11 Feb 2008 18:00:06 GMT

This week on the Cryptocracy podcast we interview Karsten Nohl about his joint work with Henryk Plötz on their recent break of the Mifare proprietary cipher known as “Crypto 1”. We also perform a narration of The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval by Len Sassaman, Bram Cohen, and Nick Mathewson.

Download Episode 2 (VBR mp3)

Episode Details and other formats

The program

Announcements
This week’s guest: Karsten Nohl on the Mifare Crypto 1 break
Anonymity Bibliography Paper of the week: The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval

This Week’s Guest

This week’s guest is Karsten Nohl, a Ph. D. candidate in the computer science department of the University of Virginia. Karsten was kind enough to speak with us about joint work with Henryk Plötz regarding their analysis of the Mifare Crypto 1 cipher.

More information about the Mifare Crypto 1 (“Mifare classic crypto”) analysis including video footage of the 24c3 presentation is available on Hack A Day.

This Week’s Announcements

W2SP 2008: Web 2.0 Security and Privacy 2008
When: May 22, 2008
Submission Deadline: March 7, 2008
Where: Co-located with IEEE S&P, Oakland, CA, USA
What: “The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas.”

Fourth International Summer School:
The Future of Identity in the Information Society – Challenges for Privacy and Security FIDIS/IFIP Internet Security & Privacy Summer School 2008
When: 1-7 September 2008
Submission Deadline: April 28, 2008
Where: Masaryk University in Brno, Czech Rep
What: “The increasing diversity of Information & Communication Technologies and their equally diverse range of uses in personal, professional and official capacities raise challenging questions of identity in a variety of contexts. What constitutes an identity, how do new technologies affect identity, how do we manage identities in a globally networked information society?”

2008 USENIX/ACCURATE Electronic Voting Technology Workshop
When: July 28-29, 2008
Submission Deadline: March 28, 2008
Where: San Jose, CA, USA
What: “EVT '08 seeks to bring together researchers from a variety of disciplines, ranging from computer science and human-computer interaction experts through political scientists, legal experts, election administrators, and voting equipment vendors. EVT seeks to publish original research on important problems in all aspects of electronic voting.”

If you are going to be in Barcelona in March, hurry up and register for PKC 2008: The 11th International Workshop on Practice and Theory in Public Key Cryptography. The late registration deadline is almost upon us, as it falls on February 13th.

Tune in next week for an interview with Ian Goldberg, author of many great papers including “Improving the Robustness of Private Information Retrieval” which was featured on last week’s program.

Anonymity Bibliography Paper of the week
The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval [Anonbib entry][Bibtex]
By Len Sassaman, Bram Cohen, and Nick Mathewson

Other papers mentioned in this week’s episode
Security Analysis of a Cryptographically-Enabled RFID Device [Bibtex]
By S. Bono, M. Green, A. Stubblefield, A. Juels, A. Rubin, and M. Szydlo

Acknowledgements

First musical segue: Here I am	EVERYDAY JONES via Podsafe Audio
Second musical segue: Safe Primes	Cryptocrat
Midi sequence of safe primes taken from	http://www.research.att.com/~njas/sequences/table?a=5385&fmt=6
Shortwave radio samples taken from	galeku via the freesound project
Album photograph by	Jacob Appelbaum

My Oakland paper was accepted!

Fri, 08 Feb 2008 16:01:45 GMT

I am very excited to announce that my Oakland (IEEE Security and Privacy) paper was accepted:

Title To Be Announced

Thomas S. Heydt-Benjamin, Daniel Halperin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, William M. Maisel M.D.

IEEE Security and Privacy 2008 (Oakland)

The title is still confidential, but I'll put it up as soon as the Oakland program is posted. I've been working on this thing with my co-authors for over a year, and it is really gratifying to see it accepted in such a challanging year (early reports state 255 submissions and a maximum of 33 acceptances for 12%). I won't be able to attend Oakland this year, but the plan from the beginning was to have my wonderfully talented colleague Daniel Halperin present the paper.

Cryptocracy Podcast now online!

Mon, 04 Feb 2008 10:41:47 GMT

Subscribe to the Cryptocracy Podcast

This week I am starting a weekly podcast: The Cryptocracy Podcast brings you news, announcements, interviews, and narration of paper abstracts on privacy enhancing technologies, cryptography, security, and electronic society.

In this first episode I reading some abstracts from the Freehaven anonymity bibliography of which I am an editor. The papers I have selected this week span a variety of topics in privacy enhancing technology, and were published within the past two years.

Please make requests for future podcast episodes by sending me email (tshb@acm.org) or by leaving a comment here on my blog. I rely on you to suggest interviews you would like to hear, abstracts or venues you would like me to cover, or other things you would like to hear.

I also invite contributions. If you are interested in speaking on my show please contact me.

Download the Cryptocracy Podcast episode 001 as a VBR MP3, or Cryptocracy Podcast in other formats.

A list of papers mentioned in this week's podcast after the jump.

This week I read the following abstracts. The metadata and comments reproduced here are copied from the Freehaven anonymity bibliography. For up to date information please refer back to this source.

Sampled Traffic Analysis by Internet-Exchange-Level Adversaries (PDF) (Cached: PDF)
by Steven J. Murdoch and Piotr Zieliński.
In the Proceedings of the Seventh Workshop on Privacy Enhancing Technologies (PET 2007), Ottawa, Canada, June 2007. (BibTeX entry)·
Examines efficacy of traffic analysis against a low-latency anonymity network by an adversary who controls Ineternet exchanges, and who can only sample a fraction of traffic.
Nymble: Anonymous IP-address Blocking (PDF)
by Peter C. Johnson, Apu Kapadia, Patrick P. Tsang, and Sean W. Smith.
In the Proceedings of the Seventh Workshop on Privacy Enhancing Technologies (PET 2007), Ottawa, Canada, June 2007. (BibTeX entry)·
Describes Nymble, a system that allows services to block anonymous users that misbehave, without making their transactions linkable.
The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications (PDF) (Cached: PDF)
by George Danezis and Bettina Wittneben.
In the Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS 2006), Cambridge, UK, June 2006. (BibTeX entry)·
Locating Hidden Servers (PDF) (Cached: PDF)
by Lasse Øverlier and Paul Syverson.
In the Proceedings of the 2006 IEEE Symposium on Security and Privacy, May 2006. (BibTeX entry)·
Motivates and describes Tor's entry guard design.
How to win the clonewars: efficient periodic n-times anonymous authentication (PDF) (Cached: PDF)
by Jan Camenisch, Susan Hohenberger, Markulf Kohlweiss, Anna Lysyanskaya, and Mira Meyerovich.
In the Proceedings of the 13th ACM conference on Computer and communications security (CCS 2006), Alexandria, Virginia, USA, 2006, pages 201-210. (BibTeX entry)·

Download the Cryptocracy Podcast episode 001 as a VBR MP3, or Cryptocracy Podcast in other formats.

SUBMIT to PET

Fri, 30 Nov 2007 15:04:48 GMT

Today the Privacy Enhancing Technologies Symposium released its call for papers: http://petsymposium.org/2008/cfp.php

If you work at all with privacy, please consider submitting to PETS. Don't forget: submissions do NOT need to be crypto or otherwise technical. Clear statements of problems that need addressing, social studies of privacy needs and/or attitudes, law, etc, are just as important.

Make sure to read about the new session we are trying this year: HotPETs. Basically HotPETs is like our traditional rump session talks, but with more time to talk, and more chance to get feedback. Roger and I will co-chair the session.

A "proof-reading" of Some Issues in Cryptography

Thu, 04 Oct 2007 11:23:01 GMT

Last month I recommended Ivan Damgård's position paper on resolving misunderstandings and misconceptions about crypto papers and provable security.

I relayed to him that several friends and colleagues of mine had requested a version of the paper that is not behind a paywall, and he has generously posted an updated version on his website:
http://www.daimi.au.dk/%7Eivan/positionpaper.pdf

This is a paper that I plan to re-read every year or so, and I would advocate for its inclusion in graduate level security and cryptography curricula. I know that some of you teach such courses, so if you decide to have your students read it please let me know whether you think it helps clarify these issues for them.

The dangers of a partial solution

Wed, 12 Sep 2007 07:46:25 GMT

goodness, how much we would love a Komplete Privacy Solution (guaranteed less than 5% identification precipitate).

i am reflecting, of course, on my powerfully ambivalent feelings towards the recently reported misuse of tor in wired news.

first of all, i am happy to have confirmation of what many of us in the community suspected: tor is being used by people with important privacy needs such as embassies, foreign ministries, the Dali Lama's liaison office, etc. By the nature of the technology it is difficult for us to tell who is using the service when it is being used correctly.

the bad news: i am deeply sorry to have confirmation of what many of us secretly feared: even users who should have technically savvy support staff do not understand what tor is, or how to use it safely.

the tor documentation is written to try and make an average user aware of what it can and cannot do, and the fact that tor by itself is NOT a complete privacy solution, just one link in a chain of several pieces of software required for private communication.

it troubles me somewhat that wired is treating this disclosure as though a "researcher" has found a "vulnerability", when the things that the "researcher" says "kind of shocked [him]" are quite clearly stated in the tor documentation.

don't get me wrong: this reinforces the need for better user interface and documentation for tor. it is an eternal problem for the research community; to find ways to communicate the value and limitations of new technologies to end users. we get funded for the basic research, but the software engineering and psychology that go into user understanding and adoption are frequently not part of our funded mandate.

on the other hand, i view the work of dan egerstad as the worst kind of unethical hacking. it might be of some scientific interest to privately gather the data he disclosed, and then present aspects of the data in anonymized aggregate in a paper which also proposes solutions to the problems involved. simple identifying disclosure of such data is in and of itself an immoral act (it violates several clauses of the ACM code of ethics, for example). to make matters worse he has weakened the public perception of an important technology in a manner that appears calculated to disinform. Furthermore he has done this without contributing anything towards the important research question of how to make privacy technologies intuitive; to help prevent the mistakes upon which he has preyed.

Ultra-low-cost true randomness AND physical fingerprinting

Mon, 10 Sep 2007 11:31:41 GMT

i recommend reading my friend dan holcomb's recent article on low cost random sequence generation: "Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags" (disclaimer, i was involved in discussions leading up to the publication of this paper).

why is this so cool?

the idea of using meta-stability and thermal noise in integrated circuits is hardly new, indeed it is the basis of many popular true random number generation schemes. what is new here is that halcomb proposes techniques for harvesting true randomness from the existing RAM of a computer: strong physically based randomness without a single additional transistor. as a side-benefit, device tied entropy can be gathered which can reliably identify the individual device.

these new techniques are suitable for almost any kind of computer, from desktop PC to the cheapest RFID tags, and could potentially be used to bring much better random number generation and device tied functions to low cost and resource constrained devices. even better, some devices might be able to enjoy new benefits of their hardware with only a software upgrade.

how does it work?

as we all know, when a computer is powered down, it's RAM looses state. but what is the state of the RAM when the computer is first powered on? the answer is that the state of an individual bit of RAM, before it has been written to for the first time during a power cycle, depends largely on the way its transistors were printed during manufacturing. these bits fall into one of three categories:

initially (almost) always 0
initially 0 or 1 with somewhat even probability
initially (almost) always 1

by performing several power cycles and doing some statistics on the power-on state of a bank of RAM a computer can create a profile of the bank, recording which of these three cases applies to each bit. this profile can then serve as a fingerprint, since it will be unique to that particular bank of RAM. since it is now known which bits will change with each power cycle, those bits can be used as a source of true randomness (rather than psuedo-randomess, which is less valuable). i am glossing over the special algorithms used to make sure that this is all done securely, you can find them in the paper.

Future Work

although thermal noise is well recognized as being suitable for hardware random sequence generation, i would like to see this work examined in the light of the (way cool) identification attacks based on temperature as it effects clock skew such as steven murdoch's "Hot or Not: Revealing Hidden Services by their Clock Skew". i can't help but wonder if an adversary armed with fine-grained information about a chip's temperature (such as through clock skew) could attack the randomness of holcomb's scheme.

tempests and teapots: update

Mon, 10 Sep 2007 09:14:14 GMT

i discussed this topic over breakfast with my colleague christian cachin, who, i believe, shares my disdain of controversy for controversy's sake.

christian is an editor of the quite recent springer LNCS book Automata, Languages, and Programming.

christian recommended to me the quite excellent article from that book by ivan dagaard A "proof-reading" of Some Issues in Cryptography.

this article not only provides the best discussion of these issues i have seen, but provides some quite helpful reminders and clarifications of several issues which can lead to bad security papers.

the uneasy relationship between tempests and teapots

Mon, 10 Sep 2007 07:45:04 GMT

so, neal koblitz published an article The Uneasy Relationship Between Mathematics and Cryptography which made many people unhappy, and has widely been regarded as a bad idea. i won't consume many more precious bits in discussing this except to add the following observation:

koblitz makes many points, some good, some bad. the central tensions are due to some cultural differences between applied and theoretical disciplines.

my question: why the controversy? these tensions are as old as the industrial revolution, if not older. sure: the goodness/badness of the criticism comes largely down to disagreements over definitions and other semantics. again, why the controversy? we use math exactly for the precision of semantics and definitions, otherwise we might as well use natural language with all its ambiguities. the misunderstandings explored in koblitz's article are partially a result of the interface between natural language and more precise mathematical terms (most notably the meaning of the word "proof"), and the alleged different connotations of natural language terms in different communities.

i think: these controversies will be finally settled once i am dictator of the world for life, and i require all communication to be in a provably secure and provably correct language.

Commitment issues

Fri, 07 Sep 2007 06:54:48 GMT

C = g^x * h^r

That is all I know, and all I need know.

Cryptocracy

New tracks posted

New photos from Ivy

Made it inbox Zero

Song about my upcoming Digital Identity Management presentation

Patent evaluations take energy

Two geeky tunes

I've posted some new tunes

Anyone going to be in Munich on May 16th?

My blog is moving, please update your links

Cryptocracy Podcast: Interview with Ian Goldberg

Acknowledgements

Please let me know if you are having trouble downloading the podcast

Cryptocracy Podcast Episode 2

The program

This Week’s Guest

This Week’s Announcements

Acknowledgements

galeku via the freesound project

My Oakland paper was accepted!

Cryptocracy Podcast now online!

SUBMIT to PET

A "proof-reading" of Some Issues in Cryptography

The dangers of a partial solution

Ultra-low-cost true randomness AND physical fingerprinting

tempests and teapots: update

the uneasy relationship between tempests and teapots

Commitment issues