Tuesday, June 2, 2009

Hair Dresser Free Templates

basic Calculator java

----- BEGIN PGP SIGNED MESSAGE -----
Hash: SHA1

Newsletter Arturo Cryptography Workshop Quirantes
http://www.
cripto.es
Number 65 November 30, 2008 ====================================

====================================



EDITORIAL TOPICS
- Apology (PGP or letter to a journalist)
- Hashing and reasonable searches
- Attacks WiFi (I): WEP
- Attacks WiFi (II): WPA


PROBATION - Fight against crime and espionage

=============== ================================================== =======














EDITORIAL

has now given way to kick clear. This month is known, for example, a decision by a U.S. court concerning the use of hashing as a forensic tool, in which asked to what extent can be considered a reasonable search
police forces. Besides its relevance in our judicial system
I think it's an interesting topic because of its implications
the liberty-security balance. Another news
leads to the arrest of some of the great heads the terrorist group ETA, known as Txeroki. Among other things , has leaked the news that the character used PGP to encrypt your documents . It is not news that terrorist groups use encryption to protect (the news would be that they did not), but a signed article
this month forced me to draft a response,
included in full in this newsletter. Interested readers may extend
Kriptópolis information that
opened a thread about it. Incidentally, the chapter on Probation
this month about the use of cryptography by ETA. That said this chapter, the last that we had to play in the Bulletin ENIGMA touch a topic as current, I can promise and promise that is the result of chance
. Sometimes things are well.
could not stop talking about a hot topic today : the vulnerability of security protocols wireless.
If some time talking about the problems of WEP, this time
we echo revealed a recent attack against a version of WPA . For that matter, we look at both protocols, which learn a little. Finally, the last chapter of Probation. We only is the epilogue, which appears likely next month. And then what? I do not like to copy by copy, but probably a book that is of interest. Any ideas? While me think of something, I take this opportunity to thank the author, Nacho García
Mustard, permission to reprint here, and send a personal message
. Nacho, I have lost touch and do not know where you are, so if I 're reading, what about the ham you owe me?
Before diving into flour, a message to all of you.
a couple of people have told me that, upon entering www.cripto.es, your antivirus
warn them of a virus or trojan. I talked to my hosting service
and made a personal antivirus scanning, and . It is possible that this is a false positive, but if we
learned here is something to be cautious and not fall into the obvious.

Cheers and take the reading.




















<> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> TOPICS <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>

<> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> =------------------------------- Apology <> ---------------------------------------= PGP (or letter to a journalist ) <> =----------------------------------------------- <> -----------------------= <> [In mid-November 2008, the ETA Txeroki <> was arrested by French police. In other news, it was announced that the <> using PGP encryption software to protect information. Oscar Otálora, <> Basque Journal published an article on 11 critical and <> PGP creator. On the 12th I sent the letter attached below] <> <> <> Granada, November 12, 2008 Dear <> <> of Otálora, <> <> Quirantes My name is Arturo Sierra. I am a professor of physics at the University of Granada
and extra-academically turn a website about
cryptography (www.cripto.es). As a fan of crypto, I read with interest your article
"Death writes PGP" (available online at:
http://www.diariovasco.com/20081111/politica/eta-cifra-mensajes-2008111
1.html). I have read with interest, yes, but also with some chagrin, I
recognition. In his article, raises you
cryptography as a weapon that allows criminals to roam.
According to the same reasoning, should be outlawed kitchen knives as there are people who use
to kill other people. We may also provide
copy of our house keys to the police, because the same
criminals use the locks to prevent someone from entering your home
. Or rather, certainly on the floor of the ETA found
toilet paper, so why do we allow the toilet paper follow
sold legally?

The tactic you use-criminalize
something because it can be used by criminals, is very old, and unfortunately effective. But
not have to see the uses made today to cryptography (from
secure connections to websites, via GSM phones or systems
remote door opening) to recognize that if it
cryptography can be used badly, it is generally
very useful tool at all levels.

The first of these levels is to protect our own privacy
. If you do a little research will find a thousand and one examples of interception of communications
illegal, irregular or infrequent ...
say ... restricted. Just PGP was invented in the early years
90 in an effort to keep some of cryptography in the hands
the public. In those days, the U.S. government
imposed severe restrictions on the export of crypto, and it seemed that
own civil cryptography would be outlawed from one moment to another
(as it was close to happening). It is in this context, the struggle of governments to secure
easily intercepted communications, where he was born
PGP, and not of the cold war, as you assert incorrectly
. You can vd. read their own words about in
http://www.pgpi.org/doc/whypgp/es/.

perceive, on the other hand, some animosity against Zimmermann, the creator of PGP
. When you claim that they sued and won,
not seem to recall that in fact the case had no basis whatsoever. He blamed
export the program when a) many other people had done before
(sometimes legally), and b) it was never
less evidence against him.

Regarding paragraph:

"The creator of PGP, by contrast, advocates a kind of projects
closer to anarchism and liberalism more exacerbated.
In this regard, Zimmermann's writings denouncing attempts by the Bush Administration
to control the largest number of systems
communication between citizens. "If privacy is outlawed, only those
outlaws will have privacy," summarizes the
computer. "
<> I can not disagree more. You have no more than dig a little <> some of the most controversial projects interception <> (Echelon, the Patriot Act, eavesdropping <> legalized by presidential order) to realize that protect us against our own <> government job is not just paranoid, but on the contrary is <> work and self-governance. For <> other hand, I have participated in various legitimate projects for <> one reason or another, must remain confidential at the time, and I assure you that need <> protection is required regardless of whether it is <> a "project near the anarchism and liberalism more exacergado "<> as you say. Unfortunately, it is very easy to label happily <> who want to criticize the motivations reason <> so dispassionate. <> <> In another vein, take it with PGP is absurd, among other things because <> cryptographic protocols are available at any <>. A computer with half a brain (or even one) <> can take the instructions of those algorithms and make them <> lines of code very easily. PGP erase, and even <> will have hundreds of encryption software to use them freely. <> <> I would also like to express my conviction that even <> using PGP, encrypted messages can sometimes be recovered. <> not by direct decryption. But the police have <> very powerful forensic tools, exploring <> hard disk for residual data and deleted files (did you know that a deleted file really is <> hard disk and can be retrieved easily <>?) or passwords stored in cache, and lists <> dictionary and other procedures <> sophisticated attempt to find the key. You can insert <> Trojans that capture passwords, or "sniffing" distance. PGP is not enough to protect <> a message on a computer, just as an armored door <> not sufficient to protect a window with a window open <>. And you, as a journalist, should have been <> better informed about it. <>
Finally, your comment:
<> "According to one expert from the Security Forces for the use of PGP <> be effective in an organization, it is necessary that at some level in the structure <> there is a person who controls all the keys . <> "Without an administrator of the keys is very easy to lose <> documents to forget a password. For the method to be effective "<> continues the expert," the system must have a unique memory <> check all information to prevent <> an important part of the information is destroyed "." <> <> me is just unbelievable. If there is anything that characterizes <> PGP is its decentralized nature. Needless <> any person or authority to create or manage central keys. It is comfortable, but not essential. <> You and I could create our key, exchange and communicate securely <> for years. I do. And I do not need anyone control <> my password. In fact, PGP <> incorporates a functionality that allows, through an additional decryption key, decrypt messages <> even if the owner is not available. <> <> summary: PGP is not invincible in a real environment, nor is it a necessary tool <>, nor is used exclusively (even <> approximately) for the ill. Quite the contrary, I recommend its use <>, for sure more than one occasion <> will need to have communications and storage of confidential data secure. <> <> Moreover, I am at your disposal for any clarification or advice <> vd. want. You can find me in aquirantes@cripto.es, and web <> www.cripto.es <> <> Sincerely, Arturo <> <> Quirantes Sierra <> <> [Previously published in Kriptópolis: <> http://www.kriptopolis.org/la-muerte -be-sold-as-knives-in-kitchen] <> <>
=--------------------------------- -------------------------------------= Hashing and reasonable searches

=-------------------------------------------
---------------------------=
In all the movies and American series where they appear
police or lawyers, one of the things that appear
are log orders. Generically call warrants, authorize the police to register
places, people or objects for testing. The
CSI fans are accustomed to seeing orders for shoes, pants hems
record or examine response
wheel cars. In principle require an order for a left shoe seems too
us specific (what happens if after
blood stain is on the right shoe).

But the trouble to specify what you want to register, how and why
prevents defense attorneys to invalidate a search
too wide. One of the principles of American law consist
demand what is needed for research
, and nothing else. Is imposed by none other than the
United States Constitution, whose Fourth Amendment protects citizens against unreasonable searches
unreasonable ("unreasonable search"): "No orders will be issued
[warrants] except by probable cause ...
particularly describing the place to be searched and the persons or things
be registered ".

Undoubtedly, the Fourth Amendment becomes a limitation
prosecutors and police work, but
also becomes a powerful tool for protection of the rights and liberties
. This means that, as technology advances and
complicate relations between people, institute legal
exciting battles. Can a company as a legal entity, is equal
a natural person privacy purposes? Can
record has thrown away a person? Do you belong to a person the fingerprints
vessel has touched? Can search a home
from the outside by non-intrusive means, such as examining the
infrared radiation (heat) that emerges, or a radar?

The border is more difficult to establish what appears
indicate common sense. There are many automated processes that can hardly be
records or searches, but
the other hand, what a record is defined by its methods, results, or the effect obtained
? Is it an action record conducted outside the
property of a person? Until 1967, the
wiretaps in the United States is considered legal if not invaded the home of
paid, had to be the Supreme Court which ruled that wiretapping
itself was a record, and therefore required a warrant
judicial. One can imagine

current examples.
Suppose we use a thermal camera to measure the heat generated by a house. If
do from the outside, it can be argued that all we do is collect
infrared radiation emitted by its owner without limitations. But if that is
legal evidence in judicial proceedings, the
things get complicated. My client, the defense would never consented to their
heat was detected, it was reported they would on the street,
and was at home. You try to solve the intricacies.
I remember that the Supreme Court invalidated this quest for violating the Fourth Amendment
. But then he said that the photographs that sends a person to reveal
can be searched by police without
of order. As I say, a legal maze.

Of course, the ENIGMA newsletter have not become a legal newsletter
. If I brought up the subject, is
gray border precisely because of the Fourth Amendment has hit a point
already discussed from the technical point of view: the
hash functions.

A hash is a function that takes a file or text (M) and
becomes a "distillate" formed by a few bits. It is a convenient way of representing
that file. We're used to seeing
hash functions within the digital signature scheme, since this
signature is not simply the result of taking a file, submit it to a
encrypt the hash function and hash with our private firm. But it also serves to identify
files. If I want a picture on the internet, I would be very difficult
. Say you want to know the origin of a photograph
once I passed. How to describe Google
me find it? Difficult, if it is a verbal description.
But if instead of saying "a picture I saw once that had white flowers on a background
Hieber, and a small beetle on the right indicates the
its hash value, the system can find the photo whose value
hash matches ours. The hash would be something like our
number of ID card or passport.

can imagine the value this has for
pursuing the exchange of music without paying, or just pictures of
content pederast. And here we connect with the case before us.
Recently a U.S. court had to rule on whether
take a hash of a file is a search reasonable. The case has enough fringe
interesting, but let me
we focus only on the cryptographic.

past, history. The defendant, who call Antonio
(real names are public, but I can not help aerate
), was for rent, and apparently did not pay the rent and
your home Carlos Manuel hired to empty the house.
Manuel, among other things, is Antonio's computer and gives it to his friend Pepe
. It was dedicated to tinker on the computer and, among other things
, discovered two videos with explicit sexual pornography among minors
. Frightened, deleted the videos, and days later went to the police and gave them
computer.

At this point, history is already quite busy. It should
into account whether the home was within the law to take the rented
possessions, who in turn reported the theft of your computer. In
any case, Detective Grissom (sorry, I could not resist using that alias
) took the computer and perform a forensic analysis.
The steps followed will be of great interest to those who have asked how
can, in a case like this, show that the police have not altered
data.

Grissom The first thing is to calculate a hash value (using the MD5 algorithm
) of the entire hard drive. Thus, later
may detect if it has been changed even a bit of the disk. This calculation is performed using a program
in read only mode (to prevent accidental overwriting
on disk). He then made a sweep
antivirus, and then it created an image, ie an exact copy of hard disk
. Using data from the image, Grissom turned to
calculate hashes of all files on your hard disk, and later
compared them with existing hash values \u200b\u200bin a database
National Center for Missing and Exploited Children. Thus, it
can check if any file on your hard disk is suspected of being
pornography without ever seeing the file. According to the complaint, Grissom scored 171 videos
suspects, after an inspection showed multiple images of pornography
child. Finally,
reviewed computer records for information about web pages visited
.

The reader should look at the use of hash values \u200b\u200bas
file handles. The researcher is not directly accessed
suspicious files until he had reasonable grounds based on
hash value comparison with other files. Until
got the hint, no one viewed the videos, and even had
altered a single bit of the defendant's property. On the other hand, these
data could be used to incriminate them, and the process of obtaining the evidence was when
least questionable. Therefore, one of the applications
defense was the removal of the computer as evidence.
argued violation of the Fourth Amendment.

The court ruling stated that, in effect a search without a warrant
is unacceptable, except in very specific.
Nevertheless, it is assumed that when there is no reasonable expectation of privacy
the Fourth Amendment does not protect you. That is, if a police officer makes a
you to locate that does not compromise the privacy of
interested, the search is not affected by the Amendment.
to put a silly example, if a person is speaking in public
telephoned loud cries, and speaker lets anyone listen to
answers to several feet away, should not complain about
violation of privacy.

The prosecution said that it was the case of "no reasonable expectation of privacy
. Pepe had already accessed the computer
Antonio, and the subsequent police search of the computer
carried out under much more restrictive (the doctrine of private check-in
that the Amendment does not apply). In fact, Grissom even "agreed
the computer," but merely to calculate hash values.
is somewhat questionable, unless that by "access" wants to refer to tests or alterations
audiovisual data. Only after comparing the hashes with pornographic videos
values \u200b\u200bknown legal registration was
(visual examination) of the contents of your computer.

In contrast, the defense argued that the failure to obtain hashes
record was more intrusive than visual examination
Pepe, and the protection of the Fourth Amendment should apply
about their privacy interests in the computer. Protection,
this case was a new issue for this court, so
was devoted to studying the subject in depth. The court found Pepe appropriate Chivas
police because the legal interpretation of the Fourth Amendment permits
a third party to whom the defendant has reported data
is go to the police. Accordingly, if the police investigators do not register the computer
more invasive than Pepe, the results obtained
registers are not unreasonable.

This is an important point: was the review of more
Grissom deep, or less than that of Pepe? Or in other words: Is it more
invasive visual examination of a video, or a compilation of values \u200b\u200b
hash? The indictment stated that, since agents
not watch any file, no registration. The court rejected this argument and decreed that
hashes obtain without a warrant was a violation of the Fourth Amendment
"

" For computer hash values \u200b\u200bof [Antonio], the government
[the plaintiff] physically removed
the computer hard drive ... and applied the EnCase program to each compartment, disk,
file, folder, and bit. By subjecting the entire computer to a hash value analysis
, every file, internet history, photography and "list of
colleagues" were made available for review by the Government.
A review this is a record "

The court reasoned that the search for Pepe was very different
of Grissom, and therefore can not apply the doctrine of" Pepe
made first. "That Antonio lost the expectation of privacy with
on the two videos viewed by Pepe
no means lost to the rest of your files. The search
hash values \u200b\u200bdo not change the subject, and still standing the fact that the prosecution
researchers obtained her
much more information than that provided by Pepe.

However, the mode of argument is something strange.
It cites a precedent, according to which there is legitimate to examine all floppy disks or CDs
the home of a suspect only because one of them had found a particular
suspicious information. The argument that the indictment
hard disk is a disk only applies
judge says, because a hard disk consists of several metal plates
demonimadas "platters" that. but functionally
function as a single disc. be regarded as "data containers" individual, and therefore
, physical entities that can be considered as if they were
separate diskettes. Even

visual examination of the videos suspects
made after comparing hash values, is considered by the judge
protected by the Fourth Amendment, and therefore in need of judicial
order. His conclusion is blunt: "The police, without
demand and without authorization, conducted a limited investigation
without warrant a person's computer,
despite the fact that an order could have easily obtained"

Anyway, Antonio should not uncork the champagne. Although no evidence can be used
obtained from your computer, you do not have anything
easy. Police also did his homework to the former
style and questioned the suspect in his house, and Antonio
he admitted that it was he who introduced these videos on your computer. His lawyer tried
invalidate the confession, but the judge found that did so voluntarily and without coercion
, so the legal process continues. Among
his statement and testimony of witnesses, I doubt that Antonio
graceful exit of the case.

decision that data from the computer may not be admitted as evidence
beyond the interest in similar situations.
As a method of legal research, analysis by comparing the values \u200b\u200b
hash is considered in the same terms as the visual examination.
This seems appropriate since they would obtain evidence without a warrant judicial
that could convict a defendant or at least heavily influence a process
. The hash value calculation may not appeal to its non-intrusive
for exemption from such protections
Fourth Amendment. A hash value can be used to determine the legal or illegal
character of a file (not perfectly, but can help in
times), and thus a defendant should
ester protected by the same legal protections granted to records
home or wiretapping.

With the proliferation of Internet traffic, the use of hash functions
will become more widespread, not only in research
criminal cases. Certainly, he will consider now the convenience of the police to obtain judicial permission
for hash values, not just in
cases as seen here, but also to examine type material audiovisual pederast
circulation or can be exchanged for Internet
. Judicial investigations will be harder from now
, but instead will be safeguarded
our privacy rights. Maybe you

believes he is concerned because it has
porn videos at home. But how do you think
audiovisual industry tries to control the software piracy? If a society SGAE
type enters the p2p networks and start compiling lists of hash values,
may determine who is downloading this or that video.
provided information (that a legitimate user of p2p
used to locate the file of interest) may contact the service provider
we threaten to cut off the connection, or even start a legal procedure
. There are already various initiatives, and attempts to disconnect users
that download unauthorized material (the last
in France). How can be conducted without court orders?
Repeat after me: hash functions.


=---------------------------------------------- Attacks
------------------------= WiFi (I): WEP
=--------------- -------------------------------------------------- -----=

ENIGMA's bulletin No. 52, mentioned the recent attacks against the system
WEP encryption, which protects (so to speak) the Wi-Fi communications
the wireless router so fashionable today. The
solution, according to all experts, was to spend to much more secure WPA
. However, even that we will have to rethink
reason? It seems that even the powerful WPA is
succumbing to cryptanalytic attacks. We will describe the
attack, and in the process take the opportunity to shed some light on how
both WEP and WPA work. Of course, we will avoid the pitfalls
cumbersome.

Before, a brief introduction. The family of technical standards for wireless communications
the generic name
IEEE 802.11 standard. At first, access was protected by standard
Wireless Equivalent Privacy (WEP). Basically, WEP
using two algorithms: RC4 for encryption and CRC-32 (
Cyclic Redundancy Code) to ensure message integrity. Use CRC-32 allows
in theory, detect whether it has altered the flow of data. Unfortunately,
the linearity of CRC-32 and how it is implemented in WEP
can perform active attacks, ie, alter
bit encrypted message and then change the value of CRC-32. In this way you can play with the message
passed without detection of the alteration.

Let us focus now on the encryption itself. RC4 is a stream number
(Stream Cipher) that, from a key K, generates a stream of pseudorandom numbers
'll call "pseudo-random stream." The cash flow
sum (XOR) with the plaintext to give the ciphertext.

One of the problems of RC4 is that if we know some bits of the key
K, is relatively easy to get the others. I stress it's
"relatively easy" in the sense that it can not be easy in
all. Depending on the amount of key that is known and what
ready to be one, you can mount attacks to determine K, or when
least, less likely to discard the key.

Second problem: if two messages encrypted with the same portion of the keystream
is a cinch to get in plain text. It is,
therefore important that this flow is not repeated. The problem is that in
a wireless network, all use the same key intercoms
K ("root key"). It may not be a problem in a residential installation
with my computer, but if we have more of a problem appears, and
not say anything in a corporate environment.

For use in WEP, the problem is multiplied because each packet data
figures independently. For this, the
sender sends a data packet consisting of a vector of
initialization (IV) and the key itself (K). Thus the package
compound IV / K works as a key for each packet of data. The initialization vector IV
has a length of 24 bits. In regard to the key K
remember that when WEP was developed
U.S. restrictions on the export of cryptographic material, so that RC4
had two flavors: the Home (104 bits) and international (40 bits) .
That gives us keys composed of 64 and 128 bits, respectively.

A point to note is that RC4
no capacity to generate initialization vectors, so that was the algorithm WEP
which produced. The scheme works as follows.
The issuer making the composite key IV / K (more
initialization vector key) and uses the RC4 algorithm. The pseudorandom stream joins
(XOR) the plaintext to give the ciphertext. This text, along with
the IV is transmitted through the air. At the other end, the receiver takes the
IV has received, along with the key K that it had, and reconstructs the flow
pseudorandom, makes a sum XOR with the ciphertext and get back
plain flow.

is, WEP is just an added RC4 (IV) to
to encrypt each packet separately. And here comes the part that puts the willies
. Both parties know the secret key K, and is not given to anyone
. However, during transmission of the ciphertext,
has also sent the initialization vector. !
IV is sent in plain, unencrypted! This means that we are giving the opponent 24
bits of the composite key. It is as if the bank manager to tell him
customer who just got out of the branch something like "! Eh, Mr.
Lopez!, I forgot to tell you that the first digit of your card PIN
is three." Hands up who would not want to go back and put him the card in the throat
the largemouth. Since same. Even in domestic
version, that means cutting at a stroke of a security to
104-bit key. It is still very safe, but someone who, in
entrance, you reduce possible keys by a factor 2 ^ 24
not seem to have much idea about it.

The matter is worse than we imagine. A 24-bit IV
means that there are only 2 ^ 24 possible values \u200b\u200bfor the IV. If we
than 2 ^ 24 = 16777216, sounds great. But imagine that each packet encryption
has a length of 1 kilobyte. A network broadcasting to 11 Mbs
exhaust all possible IV in less than four hours. To finish the task
some wifi cards IV used in sequence: first IV
take as zero when the card is reset, and then goes
increasing the values \u200b\u200bof an IV. As a final blow, the 802.11 standard
itself merely states that changing the IV of a package to
other! Is optional! If at this point you're wondering what use
have the IV in security, two of us.

The weakness of WEP as it is up to the IV
allows different types of passive attacks, in which the attacker is limited to "sniff" packets
. When sum (XOR) two of those packages that share
IV, the result is equal to the XOR with the two plain texts
corresponding giving information on such texts.
type files, and the very nature of IP traffic, such traffic makes
is fairly predictable. And do not forget that the IV is part of the key used for RC4
, so that we can extract
know about the other key.

WEP Attacks focused, of course, the public nature of
IV. Will be transmitted unencrypted, so no more
to put the ear. At the same time, we can try to imagine the first
plaintext bytes transmitted packets as they are
to some extent predictable. The first attacks
required a great number of packets (about five million), but the staff was resourceful
soon. In 2004, a person with the pseudonym
Korek published on an Internet forum a number of cryptanalytic attacks,
who had chances of success of between 5% and 14%, which were based on different
correlations found between
first L bits of the RC4 key and the first pseudo-random bytes generated
flow. Another new attack, 2007 ("WEP, wireless
insecurity" ENIGMA Bulletin No. 52) only needed about 50,000
data packets to be 50% chance of success.
and we are talking about just a few minutes in a typical network, and
few seconds of CPU for computation. Better we leave here, because they want to mourn
. Suffice to say that, currently, there are software packages
("WEP Cracker") that made this work automatically,
without the user having to know anything about cryptanalysis. Clearly

WEP is discarded when
mentioned the words "wireless security." According to Bruce Schneier, cryptography useless
many products have been implemented by people who read his book Applied Cryptography
. In this case, it seems that WEP has been
designed by people who are not reading or crossword page.
The only reason that is still used by inertia: the telcos
not want to complicate life, and users do not know about the topic or subject
concerned. Of course, readers of the Bulletin are bagged
ENIGMA apart.


=---------------------------------------------- Attacks
------------------------= WiFi (II): WPA
=--------------- -------------------------------------------------- -----=
Vista
how WEP was water, they created a working group to resolve the fault
. The problem that appeared was
common to many other cases where something needs to be improved. And the problem is:
create something new, or improving something old? Both approaches have their
buts. Improving something old is just like applying a patch: sometimes goes well, sometimes badly
sometimes the cure is worse than the disease. In
as to create something new, it is not always count out the
things right the first time, which means plenty of time to
checks and verifications, and meanwhile
what do users?

The working group adopted both solutions. While on the one side was preparing a
new system, another
adapted the existing and improved. The latter allows the systems that can not be replaced
can at least improve. Then get to work, they said, and
will develop a "patch" that allowed
circumvent the problems of incorrect use of the IV. To this solution was called
Protocol Temporal Key Identity or TKIP (Temporal Key Identity Protocol).
TKIP, together with the old algorithm RC4, is a new
system called WPA, or Wi-Fi Protected Access (Wi-Fi Protected Access).

parallel with WPA, which can be considered as a system of temporary migration
("legacy") developed a second system
that closed several security holes. Instead of
RC4 stream cipher, AES decided to replace it, a real "heavy artillery"
cryptography. To avoid the problems of integrity due to CRC-32,
was decided to use AES in chaining mode known as CBC,
in which encrypted blocks depends on the previous blocks (you
recommends refresher article "Chaining blocks, "ENIGMA
Bulletin 64). The combination of AES and CBC chaining
(receiving protocol name here CCMP) strengthens security system
to stratospheric heights. Now we are talking serious
.

Unfortunately, the need to include "legacy systems"
to ensure compatibility with older cards made the TKIP
continue operating. Now we have two solutions: WPA and WPA2
. The difference is that WPA only allows the use of "legacy"
(RC4 and TKIP), while WPA-2 allows two solutions (
RC4 AES + TKIP and CCMP mode, to choose).

We say "unfortunately" because this month has published a
attack on WPA. Under the title "practical attacks against WEP and WPA"
researchers Martin Lewis Beck and Eris, the
technical universities in Dresden and Darmstadt, lash out against the system TKIP. This
protocol is an improved version of WEP key scheme.
includes a function to "mix" the key K and initialization vector IV. Reduncancia
code CRC-32, used previously to verify the integrity of the message
is complemented by an integrity checker
(MIC, Message Integrity Check) named Michael, 64 bits.
It's just a patch for WEP, but thus
legacy systems can be improved by updating software or firmware
.

Beck and Lewis took advantage of some cracks in the system to
his way. The first crack is a clever tactic called
"chopchop attack", which used to WEP.
Imagine a data encryption package, which carries a checksum or CRC-32 value to ensure the integrity of the package
. In chopchop, the attacker takes the package, removed the last byte
(call it R), replaces it with another that has
created and calculated "checksum" that is, the value for the new package
byte. It then sends the packet to
new access point, and see if it accepts it. If so, the value of R
you created is correct and if not, try another R.

It's like asking the access point "is this the correct
byte?" If the answer is yes, we know what is the last byte of the packet
. And there is no control by the access point
how many packets are dropped, the attacker can continue
to find the value of R that "school."

The problem would be analogous to that of a thief who tries to take money from the cashier
alien card. If there were an easy way to test
ten thousand combinations, no more than give
button and wait. To avoid this, ATMs impose a waiting between
a try and another, and blocked after three wrong attempts.
To avoid this, the Michael algorithm (replacing the CRC-32) checks
two "checksum" wrong in an interval of sixty seconds.
If that happens, the access point proceede to reset the system for a
minute and then request a new key exchange
for all customers.

Still, there are times that you can launch an attack
chopchop. This is because the checksum generated by Michael
included in the package which, in turn, is subject to the WEP checksum. This
to mount a chopchop without Michael's knowledge. The

conditions are these: we will assume that you use the TKIP
, the IP address is, to some extent known (some
and 150.168.0.XX) TKIP system uses a range of key change
high (say, hour), and the network supports the call QoS
(Quality of Service), which allows allows data to travel by
eight different channels.

first thing we do is sniff packets to find a type
ARP. Packages ARP (Address Resolution Protocol), responsible
associate an IP address with an Ethernet card (MAC),
are easily identified by its length. In an ARP packet
known all data except the last byte of IP address (the address is known as ethernet
sent unencrypted). When encryption,
know another 12 bytes: the checksum of Michael, we will call
MIC (Message Integrity Check, 8 bytes), and the WEP checksum, which call
ICV (4 bytes).

MIC and ICV are the last 12 bytes of plain text. How
"chochopearlos" no alarm bells? TKIP has two counter-attacks chopchop
. First, as we have seen before,
two incorrect MIC values \u200b\u200bless than a minute lead
a system reset, followed by the delivery of new keys. Second, each
packet carries a digital counter. If the system has its counter
the number 1540, and receives a packet with a smaller number (say,
1538), the packet is discarded.

The solution is simple: let the attack
a different channel to that for which the packet was received. We choose to do a channel
with little traffic, so most likely have your accountant to
low, lower than the number of the package. Thus, the anti-
chopchop second alert is not activated. Regarding the first, with space enough
attacks over a minute. Thus,
just over 12 minutes, we will have ascertained the 12 bytes unknown.
Once known the value of MIC, we use the algorithm for
MICHAEL find out what has been the key you used.

At this point, the attacker has managed not only to recover the
MIC, but also knows the pseudorandom stream. With it, you can send packets
false to the system, except that you must use
little traffic channel (ie, whose count is lower than the package
false). As we have eight channels, one that can be used
. It is not difficult because in most networks
all traffic is routed through the channel 0, so that we channel our
1-7 provision. The result is not spectacular, since we are only
attacking a small data package called ARP. But attacks can be mounted
forged ARP packets ("ARP poisoning"), the result would be the establishment
channel the attacker to the customer.

The authors of this attack suggests, as a countermeasure,
reduce the interval after which the change TKIP keys until
one or two minutes at most. They claim that the problem can be fixed without major complications
. But his best recipe is the most obvious: ditch
TKIP and we use the strong version, which uses AES.

Unfortunately, much of the press misunderstood the attack
Becky Lewis. Some said they were the encryption keys (which we call K
above) which had been recovered. There was even
who tore his hair in despair because the supposedly indecipherable
WPA had jumped into the air.
should not take things out of proportion. This is a partial strike against
TKIP system, part of WPA, but only that. Of course, that will change
WPA to WPA2. And trust that will withstand future attacks.







































PROBATION






































=------------------ -------------------------------------------------- --=
Fighting crime and espionage
=-----------------------------------------
-----------------------------=
[From the book "Probation" Nacho García mustard with permission
author]

Part II, Chapter 24:

Terrorists are well aware that their communications are
vulnerable, so use encryption methods, change the cards to
mobile phones, calling from phone booths, speak in code or use
people as couriers to transmit information. We have already seen
have their own intelligence organization, of which
daily work is to analyze the press to detect
possible targets, but also select other news that may affect the operation
criminal organization. Of course, in
ETA took note of the English authorization for U.S. spies to act
country. Also,
also read the report published by Gordon Thomas in The World, when
revealed that U.S. spy satellite with an ETA. Whether or not true, the news
certainly did a disservice to the fight against terrorism.
is quite possible that ETA have also read reports and documents on
"Echelon" and the latest methods
police to round up the criminals intercepting their communications. Otherwise,
not understand the steps they took in 2001 to protect themselves. According

José Luis Barber published in the newspaper El Pais in
December 2001, "September 11 has been caught fleeing
ETA Internet. At this point," said the report, and has evidence that its program
Internal communication has been pierced by
services English and foreign intelligence. The system seemingly perfect
, which for years has guaranteed the secrecy and concurrency
communications, is increasingly secure
space, a trap, a land ductile, soft, sandy, which stores
traces of their passage and mark the trail. With the help of companies
matrices, the police are decrypting your passwords and codes in the Network and broken
shielding, the ETA-Internet increasingly resembles a Gruyere cheese
. Like Osama bin Laden, who, apparently, used recently to
secular system of trusted messengers, ETA is
back to the galleys and boxes provided. He does not trust the new
technologies. For her, the Internet is no longer the end El Dorado's
century, and not mobile, so practical, offers and guarantees
years ago. "[1]

Thus, ETA is aware that
methods are being applied much more powerful to anticipate their criminal acts .
In the fight against terrorism has taken a giant step, and that the police before,
pursuing terrorists after they committed their crimes,
while now working with preventive methods to try to anticipate their
measures. In this context, it seems likely that
are using the network of Army signals intelligence American
against ETA. You may also
English authorities are using similar mechanisms, although perhaps less sophisticated
, for the same purpose. As
measures adopted by European institutions on the interception of communications,
seems obvious that in Spain have taken
immediately so they can be applied in the persecution of ETA. While it is true that this
technology is not perfect, as amply demonstrated the 11-S, and
the necessary "human factor" can disrupt your ability, it is also
logical that, if there, is because it works.

Defence Ministry sources declined to comment
purpose of "Echelon" when we asked for an interview with Minister Federico Trillo-Figueroa
to document this book. Officially, this
matter is unknown, they said. The interview was denied. However,
the holder of the Defence Ministry attended the February 14, 2002 at
program "The First Circle Time" Telemadrid, television public
the Community of Madrid.
Interviewers asked about U.S. cooperation on terrorism and
specifically, the transfer of "data" obtained by the intelligence community <> U.S.. The minister said he had to be <> "obviously very quiet" in this area, but said that "it is not that Americans <> give us the data." It is said that he makes available <> our technological capacity <> they have for certain actions. And that they are already doing. <> last few months, they are doing, "he said, concluding <> calling for" huge "and" unprecedented "progress in this area. [2] <> <> <> [1]. José Luis Barber, "The financial network of terrorism <> Basque." El País. Sunday December 2, 2001. <> <> [2]. The First Circle Time. Telemadrid. <> Issue 14, February 2002. Exact words of Federico Trillo-Figueroa video taken <> provided by the Press Department Telemadrid, SA <> <> <> ========================== ============================================== <> <> The newsletter ENIGMA is a free publication <> Cryptography Workshop, and is governed by the rules of <> Creative Commons license "Attribution-NonCommercial-ShareAlike. <> is permitted free copying, distribution and communication for non-profit, citing <> name and reference. <> <> For more information, see Creative Commons license in their full forms and reduced <>: <> http://creativecommons.org/licenses/by-nc-sa/2.5/es/deed.es <> http://creativecommons. <> org/licenses/by-nc-sa/2.5/es/legalcode.es <> TO REGISTER: send an email to high arroba <> alta_enigma cripto.es adding the words on the subject (subject). <> <> unsubscribe, send a message to the base address @ <> cripto.es baja_enigma adding the words on the subject (subject) <>
For comments this newsletter (doubts, questions, queries, reviews, news
, partnerships, etc..), I am at your disposal in the direction @ cripto.es <> news <> <> Enigma Bulletin webpage (including back issues): http:/ <> / www.cripto.es / enigma.htm <> <> <> (c) Arturo Quirantes 2008. <> <> ================================================ <> <> ======================== ----- BEGIN PGP SIGNATURE ----- <> Version: PGP 6.5i <> <> iQA/AwUBSTLTFQ7Y43Xkw2u9EQLCBACg7 / kvdy9qnJiNh9TONEruaWLJmV0AoPjg M2R3dxp2iwtMNiWZ3XEhsb3c <> <> = kzHG <> ----- END PGP SIGNATURE ----- <> <> =-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <> <> <>

0 comments:

Post a Comment