April 27, 2004

QC - another hype cycle

Cryptographers and software engineers are looking askance at the continued series of announcements in the Quantum Cryptography world. They are so ... vacuous, yet, so repititious. Surely nobody is buying this stuff?

'Fraid so. It's another hype cycle, in the making. Here's my analysis, as posted to the cryptography list.

Subject: Re: Bank transfer via quantum crypto
From: "Ian Grigg" <iang@...>
Date: Sun, April 25, 2004 14:47
To: "Ivan ..."
Cc: "Metzdowd Crypto" <cryptography@metzdowd.com>

Ivan Krstic wrote:
> I have to agree with Perry on this one: I simply can't see a compelling
> reason for the push currently being given to ridiculously overpriced
> implementations of what started off as a lab toy, and what offers - in
> all seriousness - almost no practical benefits over the proper use of
> conventional techniques.


You are looking at QC from a scientific perspective.
What is happening is not scientific, but business.

There are a few background issues that need to be
brought into focus.

1) The QC business is concentrated in the finance
industry, not national security. Most of the
fiber runs are within range. 10 miles not 100.

2) Within the finance industry, the security
of links is done majorly by using private lines.
Put in a private line, and call it secure because
only the operator can listen in to it.

3) This model has broken down somewhat due to the
arisal of open market net carriers, open colos, etc.
So, even though the mindset of "private telco line
is secure" is still prevalent, the access to those
lines is much wider than thought.

4) there is eavesdropping going on. This is clear,
although it is difficult to find confirmable
evidence on it or any stats:

"Security forces in the US discovered an illegally installed fiber
eavesdropping device in Verizon's optical network. It was placed at a
mutual fund company?..shortly before the release of their quarterly
numbers" Wolf Report March, 2003

(some PDF that google knows about.) These things
are known as vampire taps. Anecdotal evidence
suggests that it is widespread, if not exactly
rampant. That is, there are dozens or maybe hundreds
of people capable of setting up vampire taps. And,
this would suggest maybe dozens or hundreds of taps
in place. The vampires are not exactly cooperating
with hard information, of course.

5) What's in it for them? That part is all too
clear.

The vampire taps are placed on funds managers to
see what they are up to. When the vulnerabilities
are revealed over the fibre, the attacker can put
in trades that take advantage. In such a case,
the profit from each single trade might be in the
order of a million (plus or minus a wide range).

6) I have not as yet seen any suggestion that an
*active* attack is taking place on the fibres,
so far, this is simply a listening attack. The
use of the information happens elsewhere, some
batch of trades gets initiated over other means.

7) Finally, another thing to bear in mind is that
the mutual funds industry is going through what
is likely to be the biggest scandal ever. Fines
to date are at 1.7bn, and it's only just started.
This is bigger than S&L, and LTCM, but as the
press does not understand it, they have not
presented it as such. The suggested assumption
to draw from this is that the mutual funds are
*easy* to game, and are being gamed in very many
and various fashions. A vampire tap is just one
way amongst many that are going on.

So, in the presence of quite open use of open
lines, and in the presence of quite frequent
attacking on mutual funds and the like in order
to game their systems (endemic), the question
has arisen how to secure the lines.

Hence, quantum cryptogtaphy. Cryptographers and
engineers will recognise that this is a pure FUD
play. But, QC is cool, and only cool sells. The
business circumstances are ripe for a big cool
play that eases the fears of funds that their
info is being collected with impunity. It shows
them doing something.

Where we are now is the start of a new hype
cycle. This is to be expected, as the prior
hype cycle(s) have passed. PKI has flopped and
is now known in the customer base (finance
industry and government) as a disaster. But,
these same customers are desperate for solutions,
and as always are vulnerable to a sales pitch.

QC is a technology who's time has come. Expect
it to get bigger and bigger for several years,
before companies work it out, and it becomes the
same disputed, angry white elephant that PKI is
now.

If anyone is interested in a business idea, now
is the time to start building boxes that do "just
like QC but in software at half the price." And
wait for the bubble to burst.

iang

PS: Points 1-7 are correct AFAIK. Conclusions,
beyond those points, are just how I see it, IMHO.

Posted by iang at 01:59 PM | Comments (7) | TrackBack

April 26, 2004

Rates II - Mortgages and Musical Chairs

Dismal Science - By SUSAN LEE - April 26, 2004; Page A15

Financial crises usually come from left field. But that doesn't stop swamis from searching for the next trigger. Right now, the prospect of rising interest rates is focusing swamis on trouble in the bond market. Not a bad bet, since the past few years of falling rates have produced a ton of complicated ways to extract profits from fixed-income securities. Also not a bad bet since a forecast of higher rates is driving investors to unwind positions -- presenting a perfect moment to expose flaws in hedging and other strategies.

So it's hardly surprising that concentration of risk is Topic One. Consider, for example, a recent speech by the new head of the Federal Reserve Bank of New York. In lovely Fed-speak, Timothy Geithner blended concerns about the increasing vulnerability of the financial system to the growth in Fannie Mae and Freddie Mac and the high degree of concentration in the market for interest-rate options.

Mr. Geithner was vague in the extreme, but the details of his concern are laid out in a report from Credit Suisse First Boston. Here are the mechanics of a possible crisis scenario in which the particular nature of risk in the mortgage market becomes concentrated in the market for interest-rate options.

The chain of transmission starts with the mortgage market. (Bear in mind that, at some $7 trillion, this market is enormous.) Mortgages are of course wondrous financial instruments. They allow people, even those with humble means, to own a big asset -- a house -- without having to pay the full price up-front. But mortgages have an almost as wondrous property -- they give home buyers the opportunity to pay off before maturity. This prepayment option allows homeowners to transfer interest-rate risk to mortgage holders.

Holders of mortgage securities borrow money to buy those securities. If all goes according to plan, holders buy securities that yield more than they pay on their debt. However, when interest rates fall and homeowners prepay, mortgage holders find that cash flows have changed. What was a nice deal of, say, receiving 6% on mortgages and paying 5% on debt could become a less comfortable arrangement of receiving 5% on mortgages and paying 5% on debt. Not good. Or say that interest rates go up; then homeowners keep their mortgages and holders could find themselves getting 6% on assets but paying 6% on debt. Also not good.

Thus, having taken on interest-rate risk, owners of mortgage securities must hedge against that risk. One route to insure against a change in the spread between assets and liabilities is to use a derivative, usually involving Treasuries like interest-rate options. With these options, one party can insure itself against rising rates (or against falling rates).

All this is very cozy and safe in theory, but what about the real world?

The market for interest-rate options has two distinguishing properties. First, it is huge -- with a notional value of roughly $6 trillion -- larger than the amount of Treasury debt outstanding. Second, it is the only derivative market in which broker-dealers, collectively, take a position. Ordinarily, dealers just match buyers and sellers of risk, but in the interest-rate options market, dealers sell a lot more than they buy.

Simply put, prepayment risk has now been shifted to dealers. Dealers, in turn, try to dynamically hedge that risk. But their exposure is not symmetrical. Because they carry an inventory of Treasuries, they have a structural long position that gives them a natural hedge when interest-rates fall, but works against them when rates rise (they have to sell a lot of Treasuries -- and fast.)

This creates a powerful feedback loop. For example, dealers buy Treasuries when rates are falling, putting further downward pressure on rates -- and sell Treasuries when rates are rising, putting further upward pressure on rates. Although dynamic hedging is less likely to be a systemic issue when rates are falling, either way changes in rates are amplified by dealers covering exposure to interest-rate options.

What makes this feedback loop potentially lethal is that a change in rates requires an even larger adjustment in hedging portfolios. The CSFB report calls this "the embedded accelerator effect." The market had a tiny taste of this feedback loop last summer when interest-rates suddenly shot up and spreads in the swap market almost doubled in a few weeks. It was a stunning demonstration of just how sensitive the market is to rising rates.

Scary, sure, but two other aspects conspire to make the situation positively frightening. Over the past several years, coupons in the mortgage market have become concentrated, as owners rushed to refinance at the same time. Instead of a wide array of interest rates, coupons have collapsed to a very narrow range. This concentration increases the amount of hedging adjustments necessary for even a small move in rates.

Moreover, interest-rate options have become concentrated among a small number of dealers. Five, to be exact. And three of those five hold more than two-thirds of the options outstanding among FDIC-insured banks: JPMorgan Chase, Bank of America and Citigroup. (Even scarier, JPMorgan alone holds a notional amount of $4.5 billion -- that's 40% of the options held by banks and 27% of the total interest-rate options market.)

Simply put, any swami who wants to worry about the concentration of risk need not look beyond the mortgage market. Two highly leveraged hedge funds, Fannie and Freddie, are laying off giant amounts of risk in the interest-rate options market, where that risk is then redistributed to a handful of dealers. Throw in a little feedback loop, where changes in rates can quickly become a crack-the-whip situation causing massive instability -- and viola, giant liquidity risk.

Of course, Mr. Geithner isn't forecasting the end of the world or even a liquidity crisis. Nonetheless, his concerns should remind us that financial markets, no matter how sophisticated, cannot extinguish risk. Indeed, risk can be only moved around, from one player to another. But just like in musical chairs, when the music stops somebody is left standing.

Ms. Lee is a member of the editorial board of The Wall Street Journal.

Posted by iang at 09:15 PM | Comments (0) | TrackBack

Rates I - US moves to raise rates

Scuttlebut has it that banks have heard Mr G's suggestions and are responding. A month or so back he said "banks are missing out on the opportunity to sell variable rate product to consumers."

What strange language! Yet insiders knew that what he was saying was that the time to balance your books is now, and sharpish, before he raises rates. Now comes rumour that the banks are moving to consolidate their customers into variable rate packages.

Here's how one bank does it. Take a customer who's awash with credit card debt, but has some equity on a fixed rate loan. Offer them the chance to switch their credit card debt (variable) and their mortgage (fixed) into a new mortgage (variable) with a higher valuation (90% instead of 80%).

Bingo, the bank has got rid of two headaches in one. The consumer "benefits" because they have expunged their credit card debt. There's only one problem left: if the variable rate mortgage suffers an increased default rate as the interest rates rise to pay back the 90's hangover, the banks might be left holding a lot of collapsed real estate. (This sort of sweet deal may only be available in coastal, stable areas....).

And here's the clincher: no, even that doesn't happen, because the banks don't hold the loan. They've already sold the securitized packages off into the market, by the time the rate increase bites. So not only have they got rid of their credit card debt (uncollateralised, so not saleable) they've repaired the prior securitised portfolios with the chance to take a new origination fee.

Banks in the US no longer do much in the way of banking. That is, they don't borrow and lend to the public. What they do instead is originate loans which are sold to the market. Each group of a thousand mortgages becomes its own little community IPO. Which means, banks are in the process of selling securities (or, is it buying securities? no matter). They've solved the balance sheet problem - the term rate misbalance - that made banking special.

As sellers of securities, banks are now more like brokers. Yet, they are still supervised by the bank regulators. Expect more mystical and godly pronouncements from the regulatory sector, as they catch up to the recognition of the Arrow observation: as the cost of transactions shrinks to zero, banking disappears and everyone goes to market.

Posted by iang at 09:31 AM | Comments (0) | TrackBack

April 21, 2004

Tumbleweed casts CA-signed cert lure

The Feb issue of Nilson Report reports stats from the antiphishing.org WG. New for me at least, is some light thrown on Tumbleweed, the company behind the WG, which as suspected is casting itself as a solution to phishing.

"Email Signatures [quoteth Nilson]. Tumbleweed is developing a method of using digital signature issued by a trusted Certificate Authority (CA) to sign emails. This type of technology, also being pursued by AOL, Microsoft, and Yahoo, would help thwart phishing scams. While crooks who own legitimate sounding domain names (such as Visa.customerservice.com) could still sign their messages, an alert would arrive with the email if the signature had not been issued by a CA. The larger problem with signing emails could come down the line as phishers migrate to other methods of luring victims. Some have already started using instant messaging. Next could be mobile messaging, banner ads, and sites that would turn up readily in a Google search. Beefing up law enforcement is another option, but with more and more phishers operating globally, it can take up to a week to ferret them out and shut them down."

Well, Nilson picked up the obvious, so no need to dwell on it here. It then goes on to talk about Passmark, which I slammed in Phishing - and now the "solutions providers".

What are we supposed to conclude from this parade of aspiring security beauties? One solution provider hasn't thought it through at all, and the other seems to be "just using CA-signed certs," the very technology that is being perverted in the first place. As if it hadn't thought it through at all...

Is there no security company out there that does security? It is rather boring repeating the solution so I won't, today.

Posted by iang at 10:13 AM | Comments (1) | TrackBack

April 20, 2004

DPA patents

Cryptography Research, the California company that announced the discovery of differential power analysis around late 1997, have picked up a swag of patents covering defences against DPA. One can't read too much into the event itself, as presumably they filed all these a long time ago, way back when, and once filed you just have to stay the distance. It's what companies do, over that side, and if you didn't predict it, you were naive (I didn't, and I was).

What is more significant is the changed market place for smart cards. The Europeans dominated this field due to their institutional structure. Big contracts from large telcos and banks lead to lots of support, all things that were lacking in the fragmented market in the US. Yet the Europeans kept their secrets too close to the chest, and now they are paying for the vulnerability.

CR managed to discover and publish a lot of the stuff that the Europeans thought they had secretly to themselves. Now CR has patented it. What a spectacular transfer of rights - even if the European labs can prove they invented it first (I've seen some confidential stuff on this from my smart card days) because they kept it secret, they lose it. Secrets don't enjoy any special protection.

Security by obscurity loses in more ways than one. What's more, royalties and damages may be due, just like in the Polaroid film case. When both sides had the secret, it didn't matter who invented it, it was who patented it first that won.

We will probably see the switch of a lot more smart card work across to CR's labs, and a commensurate rush by the European labs to patent everything they have left. Just a speculative guess, mind. With those patents in hand, CR's future looks bright, although whether this will prove to be drain or a boon to the smart card world remains to be seen.

Cryptography Research Granted Patents for Safer Smart Cards

Technology Prevents DPA Attacks to Combat Fraud and Piracy

SAN FRANCISCO, April 19 /PRNewswire/ -- Cryptography Research, Inc., a leader in advanced security research and engineering, today announced it has been granted several broad patents on technology that reduces fraud and piracy by protecting smart cards and other systems from Differential Power Analysis (DPA) attacks. The company developed the technology to help cryptographic device manufacturers, systems integrators, and smart card issuers develop secure, DPA-resistant implementations for use in financial, pay television, mass transit, secure identification and wireless industries.

Differential Power Analysis involves measuring the electrical power consumption of smart cards and other cryptographic devices. Statistical methods are then used to extract cryptographic keys and other secrets.

Vulnerable devices are at risk for compromises including fraud, cloning, impersonation, counterfeiting, and piracy. Although DPA attacks typically require technical skill to implement, they can be repeated with a few thousand dollars of standard equipment, and can often break a device in a few minutes. DPA and related attacks were originally discovered at Cryptography Research in the 1990s.

"We are proud to have our work recognized by the United State Patent and Trademark Office," said Paul Kocher, president of Cryptography Research. "As a research-focused company, we rely on patents to help us commercialize our results and make our ongoing R&D efforts possible."

The Cryptography Research DPA patents broadly cover countermeasures to DPA attacks, and include:
-- U.S. Patent #6,654,884: Hardware-level mitigation and DPA countermeasures for cryptographic devices;
-- U.S. Patent #6,539,092: Leak-resistant cryptographic indexed key update;
-- U.S. Patent #6,510,518: Balanced cryptographic computational method and apparatus for leak minimization in smartcards and other cryptosystems;
-- U.S. Patent #6,381,699: Leak-resistant cryptographic method and apparatus;
-- U.S. Patent #6,327,661: Using unpredictable information to minimize leakage from smartcards and other cryptosystems;
-- U.S. Patent #6,304,658: Leak-resistant cryptographic method and apparatus;
-- U.S. Patent #6,298,442: Secure modular exponentiation with leak minimization for smartcards and other cryptosystems; and
-- U.S. Patent #6,278,783: DES and other cryptographic, processes with leak minimization for smartcards and other cryptosystems.

Other Cryptography Research patents are issued and pending in the United States, Europe, Japan, Canada and other countries.

According to the Smart Card Alliance, an industry trade group, the United States became the third largest market for microprocessor smart cards in 2003, and more than 70 million smart cards shipped to the United States and Canada. The Card Industry Directory reported over 1.9 billion worldwide smart card shipments in 2003.

About Cryptography Research, Inc.
Cryptography Research, Inc. provides consulting services and technology to solve complex security problems. In addition to security evaluation and applied engineering work, CRI is actively involved in long-term research in areas including tamper resistance, content protection, network security, and financial services. The company also produces the DPA Workstation(TM) to help qualified organizations analyze DPA-related security vulnerabilities and improve their use of licensed DPA countermeasures. This year, security systems designed by Cryptography Research engineers will protect more than $60 billion of commerce for wireless, telecommunications, financial, digital
television, and Internet industries. For additional information or to arrange a consultation with a member of the technical staff, please contact Jennifer Craft at 415-397-0123 or visit http://www.cryptography.com.

Posted by iang at 12:37 PM | Comments (0) | TrackBack

April 19, 2004

Comdot from Beepcard

Beepcard has developed ComdotTM, a self-powered electronic card that performs wireless authentication without using a card reader. The card transmits a user identification code to a PC, cell phone, or regular phone, enabling online authentication and physical presence in online transactions.

Comdot supports payment card legacy systems, such as magnetic stripe readers, smart chips and embossing. It can be implemented as a standard credit card, a membership card, or a gift certificate, and works both on the Internet and in the offline world.

The Comdot system will come as welcome relief to any system provider struggling to increase security rapidly on a mass scale, and to do so unobtrusively. ComdotTM is the ideal solution to the “reader” problem that has plagued mass deployment of smart cards. Indeed, these sound-based communications cards reach most transaction arenas that until now have been relegated to a status that the financial services world has always regarded as “card-not-present.” Also for healthcare organizations, transportation and communications networks and corporate computing systems, ComdotTM cards offer an important leap forward as an authentication scheme that is both secure and convenient.

The "Reader-Free" Revolution

How do we do it? By using "clientless" architecture and by creating an active, rather than passive, card device:

Clientless architecture. Any standard home computer can talk to Comdot cards, as soon as the card software is installed. The sub-100k card communications software applet can be embedded in any service provider web page or e-wallet system or can reside within any other software that is permanently resident on a user's computer. Either way, installation is simple and neat. The web-based version installs automatically on the user's computer. The resident version comes with a wizard that installs onto the user's computer in seconds.

ComdotTM Applications
Comdot turns every PC or phone into a secure point of sale, enabling secure Internet shopping, banking, and financial account services. Comdot and accompanying software provide online value in several core operations, such as:

Launch. One-click launch of web browser and direction to the card issuer's online services. One-click launch of e-wallets, online account services, or other value-added Internet services.

Authenticate. Online authentication of users. The proliferation of Internet banking, stock portfolios, and application service providers of all sorts increases the need for online user authentication. Comdot is a low-cost, physical, first-factor user authentication device that replaces vulnerable and easy-to-forget passwords.

Transact. Unprecedented physical presence in online transactions. The Beepcard card authenticates cardholders to their payment card issuers and e-merchants, greatly reducing the problem of on-line fraud. Because the presence of a Comdot card in transactions can be proven, cardholders shop online without fear of credit card theft. The result: increased consumer trust in e-commerce. The presence of Comdot technology in an online transaction reduces the likelihood of purchase dispute and repudiation.

Posted by graeme at 02:30 PM | Comments (0) | TrackBack

El Qaeda substitution ciphers

The Smoking Gun has an alleged British translation of an El Qaeda training manual entitled _Military Studies in the Jihad Against the Tyrants_

Lesson 13, _Secret Writing And Ciphers And Codes_ shows the basic coding techniques that they use. In short, substitution ciphers, with some home-grown wrinkles to make it harder for the enemy.

If this were as good as it got, then claims that the terrorists use advanced cryptography would seem to be exaggerated. However, it's difficult to know for sure. How valid was the book? Who is given the book?

This is a basic soldier's manual, and thus includes a basic code that could be employed in the field, under stress. From my own military experience, working out simple encoded messages under battle conditions (in the dark, with freezing fingers, lying in a foxhole, and under fire, are all various impediments to careful coding) can be quite a fragile process, so not too much should be made of the lack of sophistication.

Also, bear in mind that your basic soldier has a lot of other things to worry about and one of the perennial problems is getting them to bother with letting the command structure know what they are up to. No soldier cares what happens at headquarters. Another factor that might shock the 90's generation of Internet cryptographers is that your basic soldiers' codes are often tactical, which means they are only secure for a day or so. They are not meant to hide information that would be stale and known by tomorrow, anyway.

How far this code is employed up the chain of command is the interesting question. My guess would be, not far, but, there is no reason for this being accurate. When I was a young soldier struggling with codes, the entire forces used a single basic code with key changes 4 times a day, presumably so that an army grunt could call in support from a ship off shore or a circling aircraft. If that grunt lost the codes, the whole forces structure was compromised, until the codes rotated outside the lost window (48 hours worth of codes might be carried at one time).

Posted by iang at 09:10 AM | Comments (0) | TrackBack

April 17, 2004

LD3 - At the Breakfast Table

A few months back, I was showing the Liberty Dollars to some children, as an adjunct to a conversation about money. I really don't recall what that topic was, but the LD is a great demonstration of the concept of independent issuance. And they are so pretty!

The two children insisted on buying some, being numismatic of mind. After a few moments of indecision (should I gift them or sell them? socialism or capitalism? responsibility or rapacity?) I decided to sell the LD at the face value, that number in dollars printed on the two top corners. One child purchased a $5 note, with hard-earnt allowance, the other a $1.

And, just a week or so ago, came the announcement of the recall and replacement of the LD with new paper bearing a number twice the size. This morning, the following conversation took place at the breakfast table.

[elided discussion of counterfeiting]

"I think the Liberty Dollar is silly," suggested the 12 year old (the other is 9).

"Why is that?" I asked, in a study of emotionless pasivity.

"Because it is done on silver and dollars. It should be one or the other."

"Ah." Some conversation ensued, and I launched in: "And, there is some news about that. The Liberty Dollars might be recalled and replaced with new notes bearing a number twice as large." I'm not sure of the words I used, but I had started taking notes by this stage. I also tried to be strictly neutral - I find it best to keep secret my own opinion, except in private and obscure forums such as DGCChat, where armchair monetary architects lurk and ponder such things.

It took a while to explain the change being suggested, but we got there. "Why is that?" asked the worried 12 year old. Anything effecting her money was bad.

"Because the price of silver has gone up. Each $10 has an ounce of silver. And when they first issued it, the price of silver was $4 or so per ounce. Now it has gone up to almost $7.50."

"Oh..." More conversation ensued. Stuff about whether the note would come back, etc, to which I ventured the opinion that the new note so promised would probably come back.

Now, I am not a literary person. I don't buy that business about sparkle in the eyes, seeing people's faces light up, and all that they talk about in novels. But, at some point in the conversation, our 12 year old's eyes bulged, and her face spread wide, eyebrows, mouth, cheeks, in excitement.

She looked at me, and asked "Can I buy your $10 note?"

"Oh?"

"Can I buy your $10 note with my $5 note and $5 of other money?"

"Ah." Our combined gears where churning here... "I'll have to think about that."

"Me too." And, she thought about it as she raced off to go and get the cup that held her allowance, in escrow, pending resolution of fines and other demerits. Today was Saturday, being the day that fines got reset, money distributed, and new trades could be made.

So much for thinking about it. The Liberty Dollar is on a roll, and is certainly popular with some.

Posted by iang at 01:20 PM | Comments (0) | TrackBack

LD2 - Liberty Bimetallism

In response to the most fanatical and interesting debate in recent monetary times, I published the following rant on the LD. (You should read the prior announcement to pick up the context, and also the 3 score or so responses, if you can get the archives of DGCChat.)

I don't claim to have nailed it, but nothing that was said later or before shook my suspicion that Liberty Dollar have architectured a flimflam currency, and are headed for a fall, some way, some day.

-------- Original Message --------
Subject: [dgc.chat] Liberty Bimetallism
Date: Sun, 11 Apr 2004 16:20:03 -0400
From: Ian Grigg
To: dgcchat@lists.goldmoney.com

It seems to me that Liberty Dollars are Bimetallic.

One metal is the silver, and the other is the USD.

Ignoring the fact that there isn't any more metal in a USD than a shiny strip these days, the notion of a currency trying to balance itself between the movements of two diverging metals may explain the turmoil.

Bimetallic currencies all come to a bad end, some day. This notion of trying to maintain the face value of the Liberty Dollar at something above the cost of silver, and around the price of dollars, has to have a bad end, according to anything I've ever read or heard about.

It's nice that a distribution chain can take a margin of approximately 100% before getting to the user. Really good that someone has figured out how to sell the concept of metallic currencies to the users out there, in a nice easy pretty package.

But, that doesn't mean that we should all drop our economic marbles and squeal for joy like a bunch of teenagers. There's more to music than a good looking pop star.

Apparently, the face value can go up, and we are exhorted to rush in and collect up the old ones. Because, when the change happens - phones ringing hot, must be soon now - we can all change our old notes to new notes. And, *double* our face value, in one deal.

Now, it seems to be a good deal. We seem to gain, coz the users will then take the face value and give us twice the benefit. Sellers are obligated to do some trading, so there is support at some level for this face value.

Great deal. The problem is, if there is money made by some, then there is money *lost* by others. Hence, this is a non-productive move of wealth from one group to another.

As it is non-productive, then it can't be sustainable. It flies against the sense of economic thought much prized in these places; on the face of it, and it is very much a facial issue, this is no better than the taxes, scams, cons and other evils that we bemoan.

Why is Liberty Dollar offering something for nothing?

Or, am I wrong? Is there any viable case to be made, in an economic sense, to support the notion that a solid, important currency can just turn around and rewrite a number from 10 to 20?

iang

subscribe: send blank email to dgcchat-join@lists.goldmoney.com
unsubscribe: send blank email to dgcchat-leave@lists.goldmoney.com
digest: send an email to dgcchat-request@lists.goldmoney.com
with "set yourname@yourdomain.com digest=on" in the message body

Posted by iang at 12:40 PM | Comments (0) | TrackBack

LD1 - Inflation Proof Currency Set to Double

A week or two back, the Liberty Dollar architect, Bernard von NotHaus, published the following announcement. In essence, he is close to announcing that the paper issue of Liberty Dollars is to be recalled and replaced with notes being a number twice as large. This is because silver - the reserve of one ounce behind every $10 of Liberty Dollars - has gone up in price from $4 or so up to nearly $7.50.

Subject: [dgc.chat] Inflation Proof Currency Set to Double
Date: Thu, 8 Apr 2004 06:51:52 -0400
From: Bernard von NotHaus <bernard@libertydollar.org>
To: GoldMoney chat <dgcchat@lists.goldmoney.com>

On Friday, March 19, silver crossed over $7.50 per ounce and the phones started ringing. "Silver is over $7.50!!! Have we crossed over to the $20 Silver Base? Have you DOUBLED the face value of the Liberty Dollar?" You could feel the excitement over the phone. So we asked Bernard von NotHaus, the monetary architect who designed and developed the new gold and based currency, and he confirmed that the "Crossover Point"* is without a doubt "the most exciting part of the Liberty Dollar currency".

Von NotHaus explained that just as gasoline has doubled, the price of silver has doubled from $4 to over $8 per ounce. Now the Liberty Dollar is also about to double. That means every Liberty Dollar you have - will double in face value when the Silver base crosses over from the $10 to $20 Silver Base. In other words, if you have a one-ounce $10 Silver Liberty or Certificate - you will able to exchange it for a new $20 Silver Liberty when the Crossover Point is reached.

Head turning? Maybe to some and to the new initiates into the world of emerging currencies. Welcome to the Liberty Dollar 'already the second most popular currency in America' that is distributed by NORFED - a national, nonprofit, educational, organization. It contends that the Liberty Dollar is not head turning, but an example of classical economics at it finest that has been turbocharged with the speed of the Internet and emboldened by massive government spending.

As the dollar continues to fall, and the price of silver rebounds from a half-century of manipulation and control, the Liberty Dollar is being driven by market forces to double the face value of the currency. Again as von NotHaus explained, "The Liberty Dollar is a 'free market currency' as described by Friedrich von Hayek, a Nobel Laureate economist. It is simply responding to the market. As silver doubles, the Liberty Dollar must double. thereby exemplifying a truly 'inflation proof currency' that is the essence of a free market currency. And the best part is that everybody can participate. Everybody can profit as Americans begin the arduous process to return our monetary system to value."

David Morgan, the 'Silver Guru' who publishes "Silver Investor" agrees with von NotHaus. "That is why I became a Liberty Associate with NORFED. I like the Liberty Dollar because it makes economic sense and using it is the right action for our country. We need a currency backed by real substance, backed by gold and silver. Real value for real American."

That feeling seems to parallel the NORFED position which professes not only to know the problems caused by the depreciating Federal Reserve Notes, it also proposes a simple positive solution that pays the participant to use the new currency. Again NORFED leads the edge of economic thought by putting classical economic principles into daily action. Fortunately, von NotHaus has proven to be an able manager during the Liberty Dollar's first five years and seems to reflect his 30 years in the trade.

Richard H. Timberlake, an octogenarian PhD in Economics from the University of Chicago, has keenly followed the emerging story of the Liberty Dollar for years. He said he has been fortunate to have von NotHaus' numerous overnight stops at his estate outside of Athens Georgia. And while Timberlake notes that his guest is often outspoken and intense, he defends the Liberty Dollar model as a functional substitute to the depreciating Federal Reserve Notes. He chides the Federal Reserve for its policy: "Its money has no connection to gold; its activities are unconstrained by any law or principle; its policies are at the discretion of men (and women) who bear no responsibility for the results of their actions; the Fed is as unconstitutional as any institution can get."

So while an increasing number of economists warn us about the economic war between the falling dollar and rising precious metal prices, and the monetary crisis to follow, the Liberty Dollar has become increasingly popular. Already there are over 100,000 people now using the $5 million Liberty Dollars in circulation. And that is about to double to $10 million dollars of purchasing power.

With double the price for gasoline, we may all need some extra purchasing power. Well the NORFED folks have just the answer, especially if you get the Liberty Dollar before it doubles. And even after it doubles, you can still continue to get the new silver based currency at a discount and use it at a profit. NORFED simply points out that as the US dollar has lost 40% of its value in the past two years in comparison to the euro, and silver has doubled just like gasoline, doesn't it make sense to use a currency that not only reflects the current market prices but one that you can use at a profit?

* The Crossover Point of the Liberty Dollar from the current $10 Silver Base (one Troy ounce of .999 fine silver backs $10 Liberty Dollars) to the new $20 Silver Base (one Troy ounce of .999 fine silver backs $20 Liberty Dollars) will occur when the thirty day moving average (30DMA) for silver stays over $7.50 for thirty consecutive calendar days.

As the Crossover Point is so important, NORFED uses an independent, third party source for its 30DMA so there are no doubts. Just like the monthly audits, there is total transparency for the econometric features that were designed into the Liberty Dollar model to guard it against being whipsawed by an erratic silver market. You can follow the 30 DMA and watch it develop by simply going to ScotiaMocotta at http://www.scotiamocatta.com/prec/pdfs/pm_daily.pdf. Scroll down the Gold & Silver Market Watch. The 30DMA is at the bottom of page two.

Von NotHaus urges everyone "To get as many Liberty Dollars as possible before the base doubles. Your family's financial life might depend on it! Either change your money or lose your value - that is the choice."

As of April 2. 2004 the 30DMA was $7.23

Bernard von NotHaus
Monetary Architect


subscribe: send blank email to dgcchat-join@lists.goldmoney.com
unsubscribe: send blank email to dgcchat-leave@lists.goldmoney.com
digest: send an email to dgcchat-request@lists.goldmoney.com
with "set yourname@yourdomain.com digest=on" in the message body

Posted by iang at 12:13 PM | Comments (0) | TrackBack

April 16, 2004

Sharing Files is still a "Hard App"

How hard can finance be? Real hard. Below is a snippet from techwatchers NTK (below) that reports on the state of simple file sharing amongst a bunch of mates.

Our own little efforts to add this feature to Ricardo were illuminating. It took me 3 days to write the protocol additions to SOX, add the storage into the existing backends, and confirm via self-tests. Ricardo is now fully capable of sharing files, encrypted, authenticated, and all that, across a bunch of, well, mates!

That just leaves the client. Whoops... it took me a week just to compile, due to a serialization bug (an oxymoron, if ever I heard it). Anyway, that part's done, and if I can just wade my way through a month of SWING, then we might be able to show file sharing done the Ricardo way.

Sum total: infrastructure wise, almost any app is easy in Ricardo. Client wise? That's where all the work is. Now read NTK, as if your weekend depends on it:

>> TRACKING <<

sufficiently advanced technology : the gathering

The big new (yet old) killer app this year is going to be a
some dinky little program that lets you easily and
selectively share individual files with groups and
sub-groups of your friends. It seems such a simple idea, but
given the number of Known Clever People struggling to
implement it, it has to be harder than it looks. The
Nullsoft guys tried it with WASTE, but that was too
crypto-tastic to succeed; Ximianites have adopted Novell's
iFolder as their effort, but that's still pre-alpha. Now
ex-Audiogalaxy staffers are working on FolderShare.
FolderShare has some of the right idea - it just sits in
the background, talking P2P with your mates, and silently
rsyncing their shared directories with yours. Weirdly it
requires a central logon, but still won't cope when you and
your friend are both behind NATs or firewalls; you'd think
having a central server, they'd be up for negotiating some
connections. The ACL stuff is still, in the way of ACLs,
confusingly powerful instead of usefully simple. It's also,
tragically, Windows only. It might yet grab the Napster
crown of reaching critical-mass usability, but there's still
a way to go.
http://www.foldershare.com/ - can't help feeling the hard part is a compelling UI
http://usefulinc.com/edd/blog/contents/2004/03/08-ifolder/read - uh-oh virtual file systems!
http://forge.novell.com/modules/xfmod/project/?ifolder - uh-oh C#!

Oh, and "Copying is fine, but include URL: http://www.ntk.net/ "

Posted by iang at 12:25 PM | Comments (1) | TrackBack

April 15, 2004

Spammers have stats?

The following email from spammers & scammers indicates that the view of e-gold and Paypal is about the same - a round 400k each of addresses. I don't believe that there are that many e-gold active users out there, but it may be that their more heavy duty approach to financial transactions increases the punch of their lower numbers.

One of the great difficulties with these markets (decried frequently by superlative marketeers such as JPMay) is that there are no statistics on ... well, everything. It would be sad if we had to rely on the biased view of scammers to conduct our business. Still, worse things happen at sea, at least their biases will be where the money is.

------------ Forwarded Message ------------
Date: 15 April 2004 15:56 -0400
From: Tom Theroux
To: Domains
Subject: RE: Emails of PayPal customers

Hello:

We are offering 2 email databases which allow to contact PayPal and e-Gold
customers (both sellers and shoppers).
These are individuals that buy and sell items using PayPal and e-Gold
payment systems. (Please notice that 90% of PayPal customers are also
customers of eBay.)

These databases will be perfect for selling your products/services, because
we are providing you unique prospects who purchase and sell online more
than anybody else! Besides, the data provided contains personal email
addresses of only those PayPal and e-Gold members who were active
(purchased or sold something) in the last 2 months.

PayPal - 406,000 records
e-Gold - 372,000 records

The databases will be delivered to you in any format of your choice (Excel,
ASCII, CSV, etc.). By default they are provided in 4-6MB TXT files.
New updates will be released quarterly.

The total price we are asking for both databases is $365. To place the
order please fill out the form: http://www.gmthost.com/paypal.php

To contact me please email to service@gmthost.com (THIS EMAIL ONLY! DO NOT
'REPLY').

Please notice that we also maintain a variety of other b2b and b2c lists.

Best,
Tom Dullex


---------- End Forwarded Message ----------

Posted by iang at 04:46 PM | Comments (0) | TrackBack

April 14, 2004

AES now rated to "Top Secret"

Of interest only to hard core cryptogaphers, it seems that the CNSS (a US intelligence/Defense security advisory body) has designated AES as suitable for "top secret." This is highly significant, as DES was only ever rated as suitable for "unclassified" material only, and the AES competition was specifically designed to create a replacement. I.e., the requirement was "good enough for the rest, not the big boys."

There is now no reason to ever prefer anything but AES as a secret key algorithm. Steve Bellovin reports:

-------- Original Message --------
Subject: AES suitable for protecting Top Secret information
Date: Wed, 14 Apr 2004 08:43:03 -0400
From: Steve Bellovin
To: cryptography@metzdowd.com

I haven't seen this mentioned on the list, so I thought I'd toss it
out. According to http://www.nstissc.gov/Assets/pdf/fact%20sheet.pdf ,
AES is acceptable for protecting Top Secret data. Here's the crucial
sentence:

The design and strength of all key lengths of the AES algorithm
(i.e., 128, 192 and 256) are sufficient to protect classified
information up to the SECRET level. TOP SECRET information will
require use of either the 192 or 256 key lengths.


--Steve Bellovin, http://www.research.att.com/~smb


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

Posted by iang at 11:00 AM | Comments (2) | TrackBack

April 10, 2004

"The Ricardian Contract"

This paper, written for publication in a proceedings, covers the background of "why the Ricardian Contract?" It's now in final proofreading mode, so if anyone wants a review copy, let me know (still embargoed so no link posted).

This was a hard paper to write - I had to reverse-engineer the process of many years back. It travels the journey of how we came to place the contract as the keystone of issuance.

(Along that journey, or revisiting thereof, I had to dispose of any notions of making this paper the one and only for Ricardian Contracts - they suddenly sprung an 8 page limit on me, which put the 22 page draft into turmoil. So, I've stripped out requirements and also any legal commentary, which means - oh joy - two more papers needed...)

Many thanks to Hasan for the metaphor. The more I think about it, and write about it, the contract really does have a critical place in financial cryptography, such that it deserves that title: the keystone. Because, only when it is in place is the archway of governance capable of supporting the real application.

Or something. Expressive writing was never my strong suit, so the metaphor is doubly welcome. Bring them on!

Posted by iang at 09:09 AM | Comments (5) | TrackBack

April 09, 2004

When Play Money Becomes Real

The virtual games world has been around for a long long time, and recent years have seen an explosion of interest as gamers from around the world bid to buy and sell their game artifacts for real money.

Certainly potential there for setting up virtual monies that are in some way related to the normal monies for meatspace. One thing: there isn't the usual security problem, as players have some incentive to act honestly, and some way to punish those that don't.

Play Money Becomes Real

By Daniel Terdiman 02:00 AM Apr. 07, 2004 PT

The buying and selling of virtual currencies, weapons and other goods from massively multiplayer online games like EverQuest and Ultima Online may be off most people's radar, but it is truly big business.

One company, Internet Gaming Entertainment, or IGE, has more than 100 full-time employees in Hong Kong and the United States who do nothing but process its customers' hundreds of thousands of annual orders for virtual goods, the lion's share of which average nearly a hundred dollars each. And demand is so strong, says IGE CEO Brock Pierce, that the company is hiring about five new people a week.

IGE is by no means the only outfit on the Internet that's trafficking in items from games like EverQuest, Ultima Online, Dark Age of Camelot and others, but it is the biggest.

"In this industry, it's eBay and us," boasts Pierce. "We're the major players. We've consolidated most of the other players out there."

While IGE has had several hundred thousand customers since its inception in 2001, it depends on a stable of more than 100 suppliers -- hard-core players who sell IGE surplus currency, weapons and other goods they regularly accumulate.

"They can play games all day and make a little money for it," says Pierce. "Most of the time, they're selling off their garbage, but one man's garbage may be another man's treasure.... They'll sell us that (extra) suit of armor, or sell the suit of armor in the game and sell us the currency, and then they'll go pay their rent with it."

IGE's business treads into controversial waters in the gaming world. That's because its buyers are spending real cash to improve their lot in life, or at least in the games they play, without having to spend the time to do so.

Some game companies, like Origin, which produces Ultima Online, say they don't mind if players buy and sell the virtual goods in secondary markets because, ultimately, it increases interest in the game. Linden Lab, which produces the metaverse Second Life, actively encourages secondary-market trading, because it sees such activity as part of a larger social and economic experiment, with its game at the center.

And still others, like EverQuest publisher Sony Online Entertainment, see such trafficking as nothing but a headache.

"The official line is that the selling of characters, items or equipment in EverQuest goes against our end-user licensing agreement," says Sony Online Director of Public Relations Chris Kramer. "It's currently not something the company supports and causes us more customer-service and game-balancing problems than probably anything else that happens within the game."

Kramer adds that Sony Online's objections are based mostly on the idea that such trafficking isn't fair to players who've spent countless hours in the game.

"From a design perspective, our developers don't like it, because essentially what it comes down to is it rewards the rich. It sort of cheapens the experience for people who have invested the time in the game to get to a certain level.

"We have people who have been playing for a number of years in EverQuest," he continues. "They've invested a large number of hours into creating their character, (and) amassing a small fortune in platinum. To have a person who has spent that much time and effort turn around and see someone else who has a character with equal abilities who has done nothing more than buy it on eBay, it turns off a lot of our players."

Yet despite the fact that trafficking in EverQuest goods runs counter to the game's end-user licensing agreement, it is the driving force that keeps IGE's operations center in Hong Kong running 24 hours a day, every day of the year, says Pierce.

To some, like Sony Online's chief creative officer, Raph Koster, the question boils down to different philosophical approaches to the creation of virtual worlds. Some companies, like Linden Lab, There and, to some extent, Origin, get excited watching what happens when their players take elements of their virtual worlds out into real secondary markets. Others, like Sony Online, see them as games, and nothing more.

"We don't happen to regard being a game as being somehow less noble of a goal," says Koster. "It's not a bad thing. A lot of people will want that. That doesn't mean that as a company and as individuals, we're not excited (with) virtual worlds as exciting and interesting places. But at the same time, if we've created one that's specifically a game, the audience wants it to be a game. We try to do right by that philosophical desire: to keep it a game."

But it is impossible to ignore that, percolating within many of the MMORPGs in operation today, including EverQuest, are economies that straddle the real and virtual worlds.

This has led IGE to bring on Ken Selden, a Hollywood screenwriter and leading peddler of virtual goods, as its chief economist.

"There's a relationship between real-life economies and a virtual economy," says Selden. "I happen to believe that these virtual economies are very real, serious economies."

Selden says the strength of a virtual economy is determined largely by how stable its currency is. And because IGE is the largest secondary market for the currencies of games like EverQuest, it has a lot of influence over the stability of the exchange rates between the game currencies and U.S. dollars.

"Everything circulates around the exchange rate between a real and virtual-world economy," explains Selden. "We set the rates that we buy and sell at, and those are divined by supply and demand. The amount of currency in circulation at any point is extremely important to the out-of-game exchange rate."

He also explains that real-world events often have an impact on what people pay for the virtual currencies.

"Bubbles in the economy, they'll also impact the exchange rate between the two economies, because by and large the buying and selling of virtual-world economies are something I would consider to be a luxury," says Selden. At "tax refund time, demand goes up, because there's more money. The consumer wants to spend (and) he has more discretionary income."

Kramer says Sony Online is aware of IGE and has spoken with the company.

"At this point, we're still sort of trying to decide what direction the company's going to move in on this topic," he says.

But whether Sony Online likes it or not, EverQuest players are lining up to buy the game's currency, weapons and armor from IGE all day, every day.

And Selden thinks the game companies should accept that fact and learn that they can benefit from supporting the secondary markets in their games' goods.

"One of the problems is that there isn't enough communication between the people who are minting the currency and the people outside who are selling it and defining it," he argues. "It's almost like the treasury isn't talking to the federal reserve in these worlds. And I think it's because the game companies are just waking up to how important it is."

Posted by iang at 11:56 AM | Comments (0) | TrackBack

April 07, 2004

Playing Favorites

An article on the "gap" in regulatory coverage between the Federal Reserve and the SEC. It tries to show that the banks regulated by the Fed got off lightly in the Enron mess, but the ones regulated by the SEC suffered more.

I don't buy it. The evidence is weak, and the bias shows. However, the discussion is worth having, and no doubt there are tensions there that we need to understand when dealing with a multi-regulator scenario.

Playing Favorites
Why Alan Greenspan's Fed lets banks off easy on corporate fraud.

Ronald Fink, CFO Magazine April 01, 2004

When the Financial Accounting Standards Board released its exposure draft of new accounting rules for special-purpose entities (SPEs), in late 2002, the nation's financial regulators sent FASB chairman Robert H. Herz decidedly mixed signals.

On the one hand, the Securities and Exchange Commission wanted Herz to make the rules effective as soon as possible. SPEs were the prime vehicle for the fraud that brought Enron down, and were widely used by other companies to take liabilities off their balance sheets, obscure their financial condition, and obtain lower-cost financing than they deserved. Not surprisingly, the SEC was anxious to head off other financial fiascos resulting from such abuse.

At the same time, however, the Federal Reserve Board pressed Herz to slow down. That's because the new rules threatened to complicate the lives of the Fed's most important charges: large, multibusiness bank holding companies that happen to earn sizable fees by arranging deals involving SPEs. Stuck between this regulatory rock and hard place, Herz told the Fed and the SEC to get together and work out a timetable that satisfied both constituencies.

...

http://www.cfo.com/printarticle/0,5317,12866|M,00.html?f=options

Posted by iang at 12:36 PM | Comments (0) | TrackBack

April 06, 2004

Security Modelling

One bright spot in the aforementioned report on cyber security is the section on security modelling [1] [2]. I had looked at this a few weeks back and found ... very little in the way of methadology and guidance on how to do this as a process [3]. The sections extracted below confirm that there isn't much out there, as well as listing what steps are know, and provide some references. FTR.

[1] Cybersecurity FUD, FC Blog entry, 5th April 2004, http://www.financialcryptography.com/mt/archives/000107.html
[2] Security Across the Software Development Lifecycle Task Force, _Improving Security Across the Software Development LifeCycle_, 1st April, 2004. Appendix B: PROCESSESTOPRODUCESECURESOFTWARE, 'Practices for Producing Secure Software," pp21-25 http://www.cyberpartnership.org/SDLCFULL.pdf
[3] Browser Threat Model, FC Blog entry, 26th February 2004. http://www.financialcryptography.com/mt/archives/000078.html



Principles of Secure Software Development

While principles alone are not sufficient for secure software development, principles can help guide secure software development practices. Some of the earliest secure software development principles were proposed by Saltzer and Schroeder in 1974 [Saltzer]. These eight principles apply today as well and are repeated verbatim here:

1. Economy of mechanism: Keep the design as simple and small as possible.
2. Fail-safe defaults: Base access decisions on permission rather than exclusion.
3. Complete mediation: Every access to every object must be checked for authority.
4. Open design: The design should not be secret.
5. Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key.
6. Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job.
7. Least common mechanism: Minimize the amount of mechanism common to more than one user and depended on by all users.
8. Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly.

Later work by Peter Neumann [Neumann], John Viega and Gary McGraw [Viega], and the Open Web Application Security Project (http://www.owasp.org) builds on these basic security principles, but the essence remains the same and has stood the test of time.

Threat Modeling

Threat modeling is a security analysis methodology that can be used to identify risks, and guide subsequent design, coding, and testing decisions. The methodology is mainly used in the earliest phases of a project, using specifications, architectural views, data flow diagrams, activity diagrams, etc. But it can also be used with detailed design documents and code. Threat modeling addresses those threats with the potential of causing the maximum damage to an application.

Overall, threat modeling involves identifying the key assets of an application, decomposing the application, identifying and categorizing the threats to each asset or component, rating the threats based on a risk ranking, and then developing threat mitigation strategies that are then implemented in designs, code, and test cases. Microsoft has defined a structured method for threat modeling, consisting of the following steps [Howard 2002].

  • Identify assets
  • Create an architecture overview
  • Decompose the application
  • Identify the threats
  • Categorize the threats using the STRIDE model (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege)
  • Rank the threats using the DREAD categories (Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability)
  • Develop threat mitigation strategies for the highest ranking threats

    Other structured methods for threat modeling are available as well [Schneier].

    Although some anecdotal evidence exists for the effectiveness of threat modeling in reducing security vulnerabilities, no empirical evidence is readily available.

    Attack Trees

    Attack trees characterize system security when faced with varying attacks. The use of Attack Trees for characterizing system security is based partially on Nancy Leveson's work with "fault trees" in software safety [Leveson]. Attack trees model the decisionmaking process of attackers. Attacks against a system are represented in a tree structure. The root of the tree represents the potential goal of an attacker (for example, to steal a credit card number). The nodes in the tree represent actions the attacker takes, and each path in the tree represents a unique attack to achieve the goal of the attacker.

    Attack trees can be used to answer questions such as what is the easiest attack. The cheapest attack? The attack that causes the most damage? The hardest to detect attack? Attack trees are used for risk analysis, to answer questions about the system's security, to capture security knowledge in a reusable way, and to design, implement, and test countermeasures to attacks [Viega] [Schneier] [Moore].

    Just as with Threat Modeling, there is anecdotal evidence of the benefits of using Attack Trees, but no empirical evidence is readily available.

    Attack Patterns

    Hoglund and McGraw have identified forty-nine attack patterns that can guide design, implementation, and testing [Hoglund]. These soon to be published patterns include:

    1. Make the Client Invisible
    2. Target Programs That Write to Privileged OS Resources
    3. Use a User-Supplied Configuration File to Run Commands That Elevate Privilege
    4. Make Use of Configuration File Search Paths
    5. Direct Access to Executable Files
    6. Embedding Scripts within Scripts
    7. Leverage Executable Code in Nonexecutable Files
    8. Argument Injection
    9. Command Delimiters
    10. Multiple Parsers and Double Escapes
    11. User-Supplied Variable Passed to File System Calls
    12. Postfix NULL Terminator
    13. Postfix, Null Terminate, and Backslash
    14. Relative Path Traversal
    15. Client-Controlled Environment Variables
    16. User-Supplied Global Variables (DEBUG=1, PHP Globals, and So Forth)
    17. Session ID, Resource ID, and Blind Trust
    18. Analog In-Band Switching Signals (aka "Blue Boxing")
    19. Attack Pattern Fragment: Manipulating Terminal Devices
    20. Simple Script Injection
    21. Embedding Script in Nonscript Elements
    22. XSS in HTTP Headers
    23. HTTP Query Strings
    24. User-Controlled Filename
    25. Passing Local Filenames to Functions That Expect a URL
    26. Meta-characters in E-mail Header
    27. File System Function Injection, Content Based
    28. Client-side Injection, Buffer Overflow
    29. Cause Web Server Misclassification
    30. Alternate Encoding the Leading Ghost Characters
    31. Using Slashes in Alternate Encoding
    32. Using Escaped Slashes in Alternate Encoding
    33. Unicode Encoding
    34. UTF-8 Encoding
    35. URL Encoding
    36. Alternative IP Addresses
    37. Slashes and URL Encoding Combined
    38. Web Logs
    39. Overflow Binary Resource File
    40. Overflow Variables and Tags
    41. Overflow Symbolic Links
    42. MIME Conversion
    43. HTTP Cookies
    44. Filter Failure through Buffer Overflow
    45. Buffer Overflow with Environment Variables
    46. Buffer Overflow in an API Call
    47. Buffer Overflow in Local Command-Line Utilities
    48. Parameter Expansion
    49. String Format Overflow in syslog()

    These attack patterns can be used discover potential security defects.

    References

    [Saltzer] Saltzer, Jerry, and Mike Schroeder, "The Protection of Information in Computer Systems", Proceedings of the IEEE. Vol. 63, No. 9 (September 1975), pp. 1278-1308. Available on-line at http://cap-lore.com/CapTheory/ProtInf/.
    [Neumann] Neumann, Peter, Principles Assuredly Trustworthy Composable Architectures: (Emerging Draft of the) Final Report, December 2003
    [Viega] Viega, John, and Gary McGraw. Building Secure Software: How to Avoid Security Problems the Right Way, Reading, MA: Addison Wesley, 2001.
    [Howard 2002] Howard, Michael, and David C. LeBlanc. Writing Secure Code, 2nd edition, Microsoft Press, 2002
    [Schneier] Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons (2000)
    [Leveson] Leveson, Nancy G. Safeware: System Safety and Computers, Addison-Wesley, 1995.
    [Moore 1999] Moore, Geoffrey A., Inside the Tornado : Marketing Strategies from Silicon Valley's Cutting Edge. HarperBusiness; Reprint edition July 1, 1999.
    [Moore 2002] Moore, Geoffrey A. Crossing the Chasm. Harper Business, 2002.
    [Hogland] Hoglund, Greg, and Gary McGraw. Exploiting Software: How to break code. Addison-Wesley, 2004

    Posted by iang at 07:54 AM | Comments (0) | TrackBack
  • April 05, 2004

    The Future of Phishing

    The Future of Phishing
    by Dr. Jonathan Tuliani - UK Technical Manager for Cryptomathic Ltd. - Monday, 5 April 2004.

    This article examines how attackers are likely to respond to the current move towards 2-factor authentication as a defence against phishing scams, and describes an alternative approach, available today, that provides a longer-term solution.

    In recent months, newspaper and television reports have highlighted how highly-organised criminal gangs are launching large-scale, carefully planned attacks against high-street banks and other services, both in the UK and overseas. These so-called 'phishing' attacks begin with an email. Appearing to come from the bank, it leads the recipient to a convincing web page, at which point he is tricked into entering his username and password.

    Of course the web page has been set up by the attacker and does not belong to the bank at all. Once obtained, these details are used by the attacker to log-in to the user's account and drain it of funds.

    Surely, in an ideal world the user would realise that the web page is bogus - that's what SSL/TLS is all about, right? Unfortunately, a combination of browser flaws, DNS attacks, lack of control over root SSL certificates and the need to make systems user-friendly means that for most users, detecting a fraudulent web page is nigh-on impossible. Moreover, the economics of spam requires that only a very small percentage of users need to fall for the scam for it to be worthwhile.

    The current industry trend to counter this threat is the introduction of stronger user authentication. For reasons of cost, mobility, ease of deployment and user acceptance, password-generating tokens are the most commonly adopted technology. These supply the user with a one-time-password, a random string of letters or digits that is valid only for a single use. The idea is that the attacker is thwarted since the one-time-password, once obtained, has already been used or has expired.

    Password-generating tokens are offered by a variety of vendors. The password is generated cryptographically based on a key shared with the bank, and varied either by means of a clock, a counter value or a user-input challenge - perhaps even a combination of the three. The key may be internal to the token or a separate card and card reader may be used - the Association of Payment Clearing Services (APACS) has devised a scheme based on existing retail banking chip-cards and PINs. Each scheme has both advantages and disadvantages, and these must be considered and balanced in the context of the business requirements.

    The history of security teaches us that it would be wrong to assume that the introduction of two-factor authentication will be the end of the story. Faced with additional security measures, we must assume that the attacks will evolve, and more advanced exploits will emerge. What might these be, and how might we prepare for or respond to them?

    My firm belief is that the next few years will see the emergence of internet man-in-the-middle attacks. Here, the user is tricked exactly as described above, except that instead of just the user communicating with the attacker, the attacker is also communicating in real-time with the bank. Two (or even ten) factor authentication is of no help, since the attacker doesn't interfere with the log
    -in process. Both the user and the bank are unaware of the presence of the attacker, and believe they have a secure connection directly from one to the other.

    Once established, the man-in-the-middle has complete control. He can modify instructions, for example transferring funds to a different account to that specified by the user. Most simply, he can simply cut the user off and submit whatever instructions he desires directly to the bank. The most obvious way to combat this problem is to stop it arising in the first place. Unfortunately, this requires the widespread deployment of a trustworthy and foolproof PC interface, something which is beyond the current technology horizon. In the absence of this, a more lateral approach is required.

    The widespread adoption of mobile phones and SMS text messaging offers an alternative channel between the user and the bank. Whilst it is neither authenticated nor encrypted, it is in practice infeasible for an attacker to compromise both the SSL/TLS channel and the SMS channel to a particular user simultaneously.

    Several vendors already offer the option of one-time-password distribution via SMS as a cost-effective alternative to password-generating tokens. However, this independent channel also offers a way around the man-in-the-middle. To achieve this, it is necessary to move away from session-based security (based on a secure log-in), to message-based security (based on explicit authentication of individual transactions).

    In this scenario, the user would log on using his username and password, exactly as he does today. For each transaction entered, a summary would be returned to the user together with a one-time-password, in the form of an SMS. For example, 'Pay \xa350 to British Gas a/c 12345? Confirm: ADJPEQ'. Any tampering with the transaction details would be evident at this point. Assuming all is correct, the user enters the one-time-password into his PC to confirm the transaction.

    As well as thwarting man-in-the-middle attacks, this approach defends against another significant emerging threat, namely malicious 'Trojans' on the user's PC. Apart from being used in direct attacks, a user may claim infection in an attempt to repudiate a legitimate transaction. The mobile phone is a separate user interface, independent of the (possibly infected) PC, thereby effectively closing this vulnerability.

    Adoption of SMS-based security measures must be carefully managed, particularly the procedures used for registering and maintaining records of users' mobile phone numbers. The benefits, however, are great: there is no other cost-effective system offering defence against phishing, man-in-the-middle and Trojan attacks whilst maintaining a simple and intuitive user experience.

    ----

    Cryptomathic Ltd. are exhibiting at Infosecurity Europe 2004 which is Europe's number one IT Security Exhibition. Now in its 9th year, the show features Europe's most comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 27th to the 29th April 2004.

    Posted by iang at 12:57 PM | Comments (0) | TrackBack

    cybersecurity FUD

    The "Security Across the Software Development Lifecycle Task Force" has released a report on cybersecurity[1]. Released on the 1st April, 2004, this report was dismissed in some circles as an April Fool's joke. By others, it was seen to presage future legislation for this, that or the other favourite hobby horse (liability for vulnerabilities, exculpation from vulnerabilities...) [2][3].

    Either way, the report is a scary document. Not for the security it promises, but for the power and assurance of its routine socialist claptrap. There is momentum in Washington-based circles to do something, anything, about security, and this report predicts some of those directions.

    These people cannot grasp the nature of security, notwithstanding the "impressive credentials" assembled. The whole thing reads like the usual suspects, writing the report to steer criticism away, and curry favour towards. For that reason, it's a prediction of a direction, and not reliable in detail. The ultimate prescription to save America's cyberspace from harm will be subject to more political whim and weather before we know how much damage is to be done.

    In summary form, what "simply must be done" is: educate, by instructing the universities on what they should teach, instruct software developers on suitable practices to be employed, fix the patches so they work, and align incentives for developers and against "Cyber Criminals."

    Space and time do not permit a larger review, but one can make these observations. The prescriptions on education will cause more outsourcing, not less, as desired, simply because they talk in terms that will raise costs of education, to dubious ends. I.e., less and less ROI. Means more and more real work done where the barriers aren't so exhaustive.

    Also striking was the absence of any mention of actual security: things like E, Eros, etc: "No processes or practices have currently been shown to consistently produce secure software [B1.iii]." Instead, we see calls to certify this, verify that, and measure those. In short, more window dressing is required (am I the only one who's offended by the ugly nakedness behind the panes?).

    [1] http://www.cyberpartnership.org/SDLCFULL.pdf
    [2] http://www.fortune.com/fortune/fastforward/0,15704,606544,00.html
    [3] http://www.csmonitor.com/2004/0402/dailyUpdate.html?s=entt

    Posted by iang at 10:25 AM | Comments (0) | TrackBack

    April 04, 2004

    Media shift - Cellphones go soapie

    [comment:] Phones are different to prior broadcast media - they are 2 way, and one can run protocols over them such as payments. Given this, the mobile phone world is the nearest thing that the old world has to the Internet. Here's another development that indicates how the Empire is striking back:

    Cellphones go soapie

    April 04 2004 at 12:15PM By Audrey Stuart

    Cannes, France - The launch of TV's first-ever soap for the tiny cellphone screen might not suit everyone's taste, but it is living proof that the TV and digital worlds are merging.

    With this convergence due to transform the average consumer's entertainment fix, a record number of mobile-phone operators -including heavy-hitters such as Vodafone, Nokia and Telefonica -turned up in large numbers at this week's international MiPTV and MILIA trade shows.

    Aside from ringtones and music, games, news and sports results are the current favourites of cellphone users, many of them children and younger adults. And now the race is on to attract new audiences, with the big strides achieved in video streaming to phones throwing up new opportunities.

    Movie lovers are also in for a treat

    "The quality of content, like video, is improving as are the handsets. It's a step change in the level of service," Vodafone's Graham Ferguson told a forum in this Riviera town.

    The first soap-drama specifically made for cellphones, called Hotel Franklin, has just been launched by media giant News Corporation. The episodes last just one-minute because, said News Corp.'s Lucy Hood, this "seems to us to be the natural length" for phone viewers.

    That time frame allows for enough character development and plot before leaving a hook at the end to get viewers to look at the next episode.

    The hugely popular dysfunctional Simpson family characters star in another News Corporation initiative to tap into the big cellphone market.

    Phone users can call up cute, short clips featuring The Simpsons with messages like I'm tired or Happy Birthday to send to their friends.

    Hit TV game shows such as Who Wants To Be A Millionaire are also transferring to telephones, and a deal to license a Millionaire phone game, developed by Active media, and an SMS text version, was unveiled here this week.

    Movie lovers are also in for a treat. There has been a huge rise in the number of homes with broadband connections opening the way for video-on-demand services and on-demand television (IPTV).

    Japan's Softbank Broadmedia has led the way in video-on-demand and just a year after the service was launched, BB Cable TV subscribers can choose from a 2 300-strong video library.

    A number of companies have followed in BB Cable's footsteps. The world's largest cable company, Comcast, offers a large selection of interactive video-on-demand products, which are proving popular with over 50 per cent of its 23 cable subscribers. "We're getting lots of mileage out of video-on-demand," Comcast's Ty Ahmad-Taylor said here.

    Viewers appear to appreciate the ease of the system, which enables calling up a movie directly on the TV set, without having to leave home. The cost of the "rental" is either included in a subscription or automatically put onto the phone bill.

    The millionaire-studded principality of Monaco was one of the first in Europe to launch the VOD concept in Europe but it is also available elsewhere, notable in Britain through Video Networks.

    The more optimistic market watchers believe it might not be long now before all digital devices in the home, including the DVD, mobile phones, digital cameras and the brand-new digital video recorders known as DVRs are hooked up together.

    If and when that happens, the PC could play the central link-up, upstaging the power of the television.

    With the number of remote controls that are scattered around many people's homes that might be a great step forward. But other experts are hedging their bets about how long this may take to happen, if it comes about at all.

    As one key speaker at MILIA, Joichi Ito, pointed out, "traditionally, the (content) industry has been wrong about how consumers use these devices."

    So while there may be a lot of balls in the air, no one really knows for the moment which ones are going to stay up and which are going to fall.

    Sapa-AFP

    Posted by iang at 07:02 PM | Comments (0) | TrackBack

    April 02, 2004

    The Dollar on the Move

    As international currency is one of the big possible applications for Financial Cryptography, the way the currencies move makes for an important business backdrop. It's well known that volatility is good for business, and a rising market is good for startups...

    In this vein, the prediction that the US Dollar is losing its pole position is starting to show true. James Turk, in goldmoney's Founder's Notes, presents "What Future for the U.S. Dollar?", being discussion by W. Joseph Stroupe of the Central Banks' of Japan and India decision to "ease up in buying dollars."

    This signalling away from single-minded support of the dollar, by means of lesser reserves purchasing, will mean their currencies will rise, and their exports to the US will shrink. But it also means that Japan and India will be less vulnerable to the shrink in international value of their reserves, as the dollar moves further down.

    This article "US complicit in its own decline", in the Asia Times, by the same author, is much longer and broader, and raises the surprising claim that Russia is manouvering to take an important position in oil supply. To become, it seems, the other Opec. Interesting stuff, which I mostly placed in the "reserved for future evidence" basket.

    Posted by iang at 01:07 PM | Comments (1) | TrackBack

    Biggest scandal is only starting...

    The governance scandal in Mutual Funds is now the biggest ever, according to an article Bear Stearns Faces U.S. Probes... on Bloomberg:

    "Spitzer's probe into Canary marked the beginning of a regulatory investigation into sales and trading practices in the $7.6 trillion U.S. mutual fund industry that has led to the departures of some 80 industry executives and the imposition of more than $1.7 billion in penalties."

    $1.7 bullion puts it past the $1.3 billion settlement in 2002 for email retention. That makes it the biggest financial scandal ever, by size of fines, at least.

    And it's only just starting. Up until now it has primarily been the New York and other state AGs on the prowl, but now it's the Feds: the SEC and the US Attorney.

    That means criminal charges, Federal judges, RICO, long jail sentences and a lot more fines. Also, for the first time, it seems, money market mutual funds are being targetted - these were conspicious in their absence in all the activities by the states. That means the Federal Reserve, as well, as the dollar funds act as dollar payment systems.

    Some last year estimated fines of about $12-13 billion.in a 7 trillion industry. It's still a drop in the bucket of actual losses, which were estimated by some as about 10% of the value under management: so about $700bn.

    Which funds are involved? The quiet money is on "assume all or almost all of them and you will be righter than any other possibility." That is, it isn't possible to work out without some form of divine knowledge, but proving that a given fund wasn't doing it has been harder than first thought.

    For information on the detail and arisal of this scandal, check out Mutual Funds and Financial Flaws by James Nesfield and Ian Grigg, presented as testimony to the US senate hearings. See the more journalistic Governance or Regulation - You Pick? for a blog entry explaining the FC relevance.

    Posted by iang at 12:12 PM | Comments (0) | TrackBack