Something bothers me about the recent spate of crypto voice news - it looks like we have bungled the threat model, yet again. Do we never learn?
For some reason phone tapping, VoIP and the like is much in the news, and a couple of references have been spotted to suggestions that we should rise to defend that space. Firstly over at the cryptography list, where all are agog about wiretapping in Greece, secondly in many articles to-ing and fro-ing over zFone and Skype (go guys!) and now a more serious call from Bruce Schneier in Wired:
"This is why encryption for VOIP is so important. VOIP calls are vulnerable to a variety of threats that traditional telephone calls are not. Encryption is one of the essential security technologies for computer data, and it will go a long way toward securing VOIP."
I'm all for it! But the repeated references to encryption have that earthly Douglas Adams feel to them - somewhere between "mostly harmless" and downright dangerous through systemic underestimation.
We all love encryption. But when it comes down to it, encrypting the voice channel is such a small part of the equation that I wonder why the fuss? Is it because we all get that wonderful geeky buzz when we shove 256 bits of full blooded AES right back up the NSA's pipe? Smoke that, spook!
I think that's a lot to do with it. And I wouldn't want to ruin anyone's fun - coz crypto should be fun - but while all the cryptographers are dancing around counting bits on a pinhead, they are in danger of missing the real threat.
No, I'll go further than that. We, they, me, all of us - the whole Internet security community - has actually missed the threat. Quite possibly by a decade or so.
The real threat is tracking.
Why is this? Lots of reasons, but unfortunately they are ho-hum, low tech, under the radar reasons. Not things that the geeks can get addicted to, not ones that give them a buzz. Nothing you can write about in Wired, or in cryptography lists, or the popular journalism of the security press, I suppose.
Still, let's give it a shot and see if we can't save the voice threat model before it follows its predecessors into a decade of confusion, waste, and endless laugh value for the attackers. There are a number of ways of looking at this. I'm not shy, I'll try them all.
Consider GSM, as a great forerunner to encrypted VoIP. It uses something like a 40-bit crypto algorithm that's as weak as water. After cryptoplumber Lucky Green reverse-engineered it out of the chips in a 3 month marathon hacking effort, cryptobuddies Dave and Iang (the other one) cracked the actual algorithm in an afternoon. By the time that was done, GSM as a cryptosystem was just so many bits strewn across the floor, or at least the standard version of A5 was. The journalists loved it!
Or so it seems. In fact, the security model was still good! GSM was unchallenged because Lucky and friends weren't in GSM's threat model - the papparazzi and the phone spoofers were the threat and those scum still have some deal of trouble making their attack.
Meanwhile, the GSM juggernaut rumbled on, untroubled. We are now in a Europe where there are as many phones as people - everyone but everyone has one, and every Finn has two. (And they're all encrypted - Yoo Hoo! Plus, if you have one of those supercool cryptophones, they are doubly encrypted at 256+256 volts .. er .. bits!)
The Americans aren't that far behind, with the slight notable exception of having many different systems. Asian and Latino cultures show no real slackening in cellphone worship either, probably because the lack of good copper systems overcame any braking effect of lower incomes.
Now, consider the facts. That is, the facts that are extracted from tracking versus the facts that are extracted from wiretapping. The facts we can get from tracking are hard - when, where, with whom. They look good in a database, they cross-correlate, they datamine, they stand in court. Indeed, all of society's investigative, dispute and judicial processes are based on these sorts of facts, so the new technology of person tracking fits in well with the old ways of doing things.
In contrast consider the facts in a voice conversation. They are hard to put in a database (so forget about datamining), they consume racks and racks of data storage, they have to be searched for quality, and when it comes down to it, they are pretty darn soft - recordings of voice don't stand well in court. Ludicrously, there seems to be research that suggests that use of wiretaps correlates negatively with conviction rates.
So we have this little thing in our pocket - all of us - and it's trackable. It generates a quality set of facts. All the time, whenever it's powered on. Which leaves one question only - are the facts available?
Nominally, most governments and telcos will say that such data are not available. But evidence is starting to suggest another picture. I have it on reasonable but anecdotal authority that the police in a few countries in Europe have full access to GSM tracking - at the tower. The developments in the US would suggest that the NSA isn't that far behind, unless they are already there (there's that silly story about machines collecting data not being against the rules -- what to make of that? -- well, the story is there and repeated by the spooks, so they must be saying it for a reason . . .). And, plans proceed afoot to integrate this data-that's-not-illegal across the usual suspects, the TLAs.
Here's one anecdote I might have heard. Police - your ordinary plod - can pick you up off the streets, like at a demonstration or something, and show you on TV in the vicinity of other demonstrations ... other months ... other places ... with other people ... using public surveillance cameras.
Now, how could they have correlated all that information? Perhaps they were using a blue tooth rifle on your iPod? Maybe the police are tracking the RFIDs in your clothing?
Nah - the only systems approach that makes sense is that they are datamining the tower hand-off records. How this works we leave as an exercise to the victim.
This all would have been fine and dandy 20-30 years ago when governments in the west were a bit better behaved. But these days, suppression of civil liberties, tracking the naysayers, secret databases and so forth is all the rage (much to the chagrin of the newly liberated eastern european peoples. "What, we got rid of communism . . . for this?").
As it all seems to be happening in secrecy, and as there are therefore no safeguards in place, this is a valid threat. If your local police can track you, they can also blackmail you. Even before we get to dishonest police, there are the telcos.
Here's how this this threat evolves. First, they say they don't collect the data. Then they say they don't use it, except for engineering purposes. Then, they say that there are safeguards. Then, they say they don't supply it outside the company. Then, they sell it.
Then, they just make it up. It takes less than 10 years across the full life-cycle from total privacy to total piracy, and telcos have had a decade or two, already. Governments aren't any help.
Your power in anonymity is stripped away by the secret availability of such tracking databases. We the people have no clue how this information is being used - and likely the first time we find out is when we can buy it ourselves to start spying on our spouses. (oops.)
Other than switching off the phone, what's to be done?
Well, all those cryptophone projects out there are still good - they just have to adjust their threat models. They've covered threats 2 through 9, now they need to think about threat #1. VoIP phones with any encryption are still fantastically good while there isn't massive and pervasive IP# tracking. (oops.)
To advance that theme - continue to support the cryptophones - Skype, Zfone, etc. They are your friends, both. But also cast an eye to the IP detrackers: Tor and the like. In my opinion, the whole P2P space (Jim says here) is far more relevent to the future of security, privacy, etc than any product that knows how to spell AES.
Give me RC4 layered over hazenet any day. Hell, give me Rot13 if you can make a good showing that it's deeply hidden in the noise. Fixing Rot13 is child's play compared to unfixing a static IP# or a Sim#.
Posted by iang at April 11, 2006 12:49 PM | TrackBackUnfortunately for us all government employees receive the majority of their information from criminals. The criminal must have money for the risk to be taken. The issue is how one hides their money from those that would attempt to steal it or keep its very existence secret. Everyone knows that Bill Gates has money, but no one knows his credit information. The simple truth is he has hidden or shielded his wealth from criminal entities. The protester for world peace and their friends that sqwat in Berlin and eat from trash bins might have their picture taken at various world peace protest but nothing is known about them because they have no money. So between Bill Gates and world peace folks there is a purpose to shield and poverty. Criminals live somewhere in between and allow the socially networked mass of humanity to select themselves as their victims. Talking at the club about your wealth or having media describe your latest expense is your way of selecting yourself. If I where to say I have the credit card information of Apollo C. Vermouth you might say so what, but if that name where to be the real Paul from the Beatles or Wings depending on how old you are then we would say that has merit(I do not have that information nor would I want it). The issue is one of governance and control. The money and its authorization of use must be split. The phone used for authorization of transactions must be known only to you and what you buy should be kept secret. Many criminals have money and maybe your best friend waiting to sell the information you provide for a profit. Avoid those that have money and talk about it, because they will be robbed shortly and may drag you down with them. Hide everything, keep everything secret, buy used cars, buy used rather than new, go into hiding, and if you are forced to live in the limelight shield yourself.
Posted by: Jimbo at May 19, 2006 05:21 AM