It’s kind of frightening to see how quickly a skilled lock-picker can jimmy a lock and get in. But new technology makes it even simpler — apparently all you need is a good telephoto lens to break in to someone’s house — just wait till they leave their keys out on a table, snap a picture, and take it to an unethical key maker, and wha-la, a perfect replica:

“We built our key duplication software system to show people that their keys are not inherently secret,” said Stefan Savage, the computer science professor from UC San Diego’s Jacobs School of Engineering who led the student-run project. “Perhaps this was once a reasonable assumption, but advances in digital imaging and optics have made it easy to duplicate someone’s keys from a distance without them even noticing.”

Professor Savage presents this work on October 30 at ACM’s Conference on Communications and Computer Security (CCS) 2008, one of the premier academic computer security conferences.

Read the full article here.

TECHNOLOGY AREAS: Air Platform, Information Systems, Space Platforms, Human Systems

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), which controls the export and import of defense-related material and services. Offerors must disclose any proposed use of foreign nationals, their country of origin, and what tasks each would accomplish in the statement of work in accordance with section 3.5.b.(7) of the solicitation.

OBJECTIVE: Develop visualization techniques for planning and execution of Cyberspace operations.

DESCRIPTION: Fulfilling the Air Force mission “… to fly and fight in Air, Space, and Cyberspace” requires effective C2 tools for the observation, planning and execution of cyberspace operations. Conventional battlespace visualization tools were developed for the physical world (i.e., geospatially oriented), where the battlespace, weapons and effects are concrete, often observable entities. Cyberspace and its critical electronic infrastructures are an artificial world that must be created, modified and sustained by the warfighter. This artificial world of cyberspace has concrete links back to the physical world that shape the information landscape, affect the decision-making process, and control the communication channels crucial to C2.

Standard, geospatially oriented C2 tools are not suitable for providing cyber combatants with comparable situation awareness to understand events, evaluate options, and make decisions in the electromagnetic domain. The combatants in the cyber domain needs to be able to quickly see and understand not just the physical relationships of the traditional battlespace, but also the logical relationships and information dependencies in the abstract landscape of cyberspace. Cyber C2 visualizations need to provide information for strategy, tactics and execution of effects that may, or may not, have physical correlates. Examples of these cyber events include network attack detection, attack identification, damage assessment, denial of service (DOS) warnings, and information warfare or cyber-attack operations.

For example, a commander may be planning to intentionally disrupt a portion of his network to investigate a cyber-attack. He will need to understand what ripple effects will occur across the functionally diverse and geographically distributed network. These ripple effects will have both a cyber component (e.g., locations that will lose connectivity or suffer degraded performance characteristics) and a real-world component (e.g., information about enemy forces may be unavailable or delayed, reducing blue force effectiveness) that must be visualized, explored and tasked from within his C2 tools.

Decision makers will greatly benefit from innovative visualization tools that can improve their understanding of all aspects of the Cyber domain. These aspects include 1) the current state of the information environment, the physical and virtual battlespace and enemy and friendly capabilities and vulnerabilities; 2) the scope and scale of courses of action that affect information or information networks; 3) the primary effects and ripple effects of an operation in both the physical and cyber battlespaces, and 4) the risks for collateral damage associated with cyber warfare activities.

PHASE I: Identify cyberspace characteristics relevant to C2 visualization. Identify correlation methods and visualization techniques to understand battlespace, operations, and effects. Define metrics to evaluate efficacy. Document results in a written report, including mockups of proposed visualizations.

PHASE II: Construct a working prototype to demonstrate integrated visualization of cyber data showing 1) the status of information environment, 2) its effect on the conventional battlespace, and 3) the status of information operations. Evaluate effectiveness using metrics defined in Phase I.

PHASE III / DUAL USE: Military application: Additional military applications include command and control environments, like the Air Operations Centers (AOCs). Commercial application: Monitoring and defending infrastructures (e.g., financial and energy) against cyber-attacks. Visualization cyberspace is beneficial for security of commercial communication and information networks.

REFERENCES:

1. ‘Air Force leaders to discuss new ‘Cyber Command’

2. Laura S. Tinnel, O. Sami Saydjari, and Joshua W. Haines, An Integrated Cyber Panel System, IEEE Computer Society,

3. Anita D’Amico and Stephen Salas, Visualization as an Aid for Assessing the Mission Impact of Information Security Breaches, IEEE 2003.

4. Tim Bass, “Cyberspace Situational Awareness Demands Mimic Traditional Command Requirements,” AFCEA Signal Magazine, February 2000.

KEYWORDS: visualization, cyber, human factors, planning, situation awareness, command and control, HCI

Reference. SITIS Topic Details, Visualization for Command and Control of Cyberspace Operations

See also:  http://www.dodsbir.net/solicitation/sbir083/af083.doc

Finding Zune-Fi: Ina Fried of News.com wanders the polite streets of San Francisco in search of Zune connections over Wi-Fi. She finds a few, and has a good experience. One cafe owner sees the ease with which she can stream music and calls it cool. She can't connect at the long-running Google-sponsored free Wi-Fi at Union Square, however, which means the Wi-Fi likely has an accept button that must be pressed. Surely Microsoft could insert a little technology that would allow a browser-free acceptance of terms? Probably involves Yet Another Protocol: the Wi-Fi Terms Browser-Free Presentation Protocol (WTBFPP).

Kodak adds interesting Wi-Fi enabled all-in-one: The new Kodak ESP 9 is a multi-function printer (fax, scan, print, copy) that connects to a network via Wi-Fi or Ethernet. The $300 device spits out 30 pages per minutes in color, 32 ppm in black only. Kodak claims that the model line to which the ESP belongs uses ink in a vastly more efficient manner than the "average of comparable consumer inkjet printers."

h8er:  So, how does it feel to work for a company that has made so many bad security decisions.

MSFT guy:  Well, I feel lucky to be in a position to try and influence good security decisions going forward - are there any specifics you want to give me feedback on?

h8er:  All those prompts irritating people, for example.

MSFT guy:  Oh, so you don't like that aspect of UAC.  We've gotten a lot of feedback on that, but the UAC security changes in Windows Vista encompass a pretty wide range of options designed to make it easier for most users to run as non-admin.  Plus, we've incorporated some of the feedback into SP1 and I think it is a lot better.  Have you tried SP1?

h8er:  <crickets chirping in the silence>

MSFT guy: (still trying) Let me ask it a different way.  A lot of folks have said that after the first few weeks, the UAC prompts tapered off, have you not found that to be the case?

h8er:  <crickets chirping in the silence>

MSFT guy: What about some of the other changes in Windows Vista - I think the addition of ASLR, for example, was a good decision and raises the bars for attackers developing exploits.

non-MSFT guys standing nearby:  He has probably never even tried Vista - I bet you run Linux and just heard the prompt stuff second hand.

h8er:  I don't run Linux ... I run a Mac!

(NOTE: This seemed to rattle him, so he went on the offensive.)

h8er:  Don't you feel embarrassed working for Microsoft knowing that 40% of your customers are infected with Malware?

MSFT guy:  Actually, based upon research in the latest Security Intelligence Report, less than 1% of machines have malware and need corrective action - plus, recent research in the same report has shown that most of that is on older platforms and Windows Vista has an even lower incidence.  40% is a pretty high number, what source did you hear that from?

h8er:  <crickets chirping in the silence>

(NOTE:  Need a new tack, better try something different.)

h8er:  Well, I feel a lot safer running my Mac and knowing the malware writers aren't targeting me.

MSFT guy:  Oh, threat landscape is a different topic than the security of the software, but I can't really agree anyway.  Many of the folks I talk to are more concerned about spearphishing or targeted attacks specifically against their valuable data.  Recent data shows that Mac OS X has quite a higher incidence of security vulnerabilities that other comparable systems.  That means that if an attacker did target them, he'd have a lot more options to choose from.  In that case, I feel much more comfortable using or recommending Windows Vista than I would using your Mac.

He left shortly after that, but not before giving the Microsoft guy an invite to his company's party - I won't tell you which company it was, but it makes the story even funnier.  To cap it, a few minutes later, one of the bystanders came by and said "so, did the Mac fanboy get tired of harrassing you and leave?"

Having lots of fun at Black Hat 2008 ~ Jeff

iPhone tethering application up, down, up, down: The NetShare connection-sharing application from NullRiver has made a couple of appearances on Apple's App Store, the only authorized place from which owners of iPod touch and iPhone devices can purchase software for uncracked equipment. NetShare appears to violate the terms of service for AT&T, although this wouldn't be the case with all carriers worldwide, by bridging 2.5G and 3G network traffic via the Wi-Fi connection on the iPhone. A laptop or desktop needs special configuration to connect to the iPhone, but various reports show it works fine. AT&T offers tethering with other smartphones - but not the iPhone - for typically about $20 more per month, comparable to a national hotspot aggregated subscription.

Speaking of AT&T, they like WiMax as a wire alternative: AT&T is bullish on WiMax, but the fixed kind used to replace wires in places they have no cable.

The solution to the above problem is very useful in practice — in fact, so useful that it spawns a lot “fights” over patents. Many techniques were patented, including the well-known Encrypted Key Exchange (EKE) and Simple Password Exponential Key Exchange (SPEKE). A secondary problem is technical; both the EKE and SPEKE protocols have subtle but worrying technical limitations (see the paper for details).

At the 16th Workshop on Security Protocols held in April 2008, Cambridge, UK, I presented a new solution (joint work with Peter Ryan) called Password Authenticated Key Exchange by Juggling (or J-PAKE). The essence of the protocol design inherits from the earlier work on solving the Dining Cryptographers problem; we adapted the same juggling technique to the two-party case to solve the PAKE problem. To our best knowledge, this design is significantly different from all past PAKE solutions.

Intuitively, the J-PAKE protocol works like a juggling game between two people — if we regard a public key as a “ball”. In round one, each person throws two ephemeral public keys (”balls”) to each other. In round 2, each person combines the available public keys and the password to form a new public key, and throws the new “ball” to each other.

After round 2, the two parties can securely compute a common session key, if they supplied the same passwords. Otherwise, the protocol leaks nothing more than: “the supplied passwords at two sides are not the same”. In other words, one can prove his knowledge of the password without revealing it. A Java implementation of the protocol on a MacBook Pro laptop shows that the total computation time at each side is merely 75 ms.

We hope this protocol is of usefulness to security engineers. For example, compared with SSL/TLS, J-PAKE is potentially much more resistant against phishing attacks, not to mention that it is PKI-free. Since this protocol is the result of an academic research project, we didn’t — and have no intention to — patent it. As explained in the paper, J-PAKE even has technical advantages over the patented EKE and SPEKE in terms of security, with comparable efficiency. It has been submitted as a follow-up to the future extension of IEEE P1363.2.

We believe the PAKE research is important and has strong practical relevance. This post is to facilitate discussions on this subject. The paper can be viewed here. Any comments or questions are welcome.

Date Reported:
4/25/08

Organization:
People's Republic of China

Contractor/Consultant/Branch:
The Government of Hong Kong Special Administrative Region of the People's Republic of China
Department of Health
Child Assessment Service (Tuen Mun Centre)

Victims:
Adolescent patients

Number Affected:
700

Types of Data:
"detailed records of interviews with troubled youngsters including assessments and, in some cases, their photos, identity card numbers and addresses"

Breach Description:
"The Department of Health ( DH ) is working closely with the police in the investigation of a suspected theft case involving a removable electronic storage device ( USB flash drive ) containing patients’ information."

Reference URL:
Media Newswire
Monsters & Critics
Health & Community News

Report Credit:
Hong Kong Department of Health

Response:
From the online sources cited above:

Hong Kong - Medical data on almost 700 Hong Kong children and teenagers with social and developmental problems have been lost, the territory's government admitted Friday.
[Evan] This is the first breach that we have reported on The Breach Blog concerning information lost in Hong Kong.  Want to know Hong Kong's laws and practices concerning personal information?  Check out the Office of the Privacy Commissioner web site.  I was impressed with what I saw.

The records were held on a memory card which was stolen from an unlocked room at a Child Assessment Centre in the city's Tuen Mun district
[Evan] I DO know that storing confidential information on a memory card (USB drive, flash drive, etc.) without encryption is a bad. bad idea.

The USB flash drive, which contained medical reports and referral letters of about 700 named patients, was found to be missing at the Child Assessment Centre ( CAC ) in Tuen Mun on April 18. Attempts to locate the device failed and the incident was reported to the Police on April 22.

The lost data included detailed records of interviews with troubled youngsters including assessments and, in some cases, their photos, identity card numbers and addresses.
[Evan] Is a Hong Kong identity card at all comparable to a Social Security card?

Hong Kong's Deputy Director of Health Gloria Tam apologized to the families affected and said they should contact police if anyone suspicious approached them with their personal details.

The Department of Health ( DH ) is working closely with the police in the investigation

The department has sent letters to parents of the involved patients to inform them of the situation and the Privacy Commissioner of Personal Data has also been notified.
[Evan] Here is the Commisioner's office "Response to the loss of medical data by Department of Health".

As the case involved personal privacy, the affected families should remain alert and report to the police if they were approached by suspicious people with their personal data, she said.

'We have reminded our staff about the absolute importance of office security and to strictly adhere to the government's security regulations,' she said in a statement.

With immediate effect, staff have been asked to keep storage of identifiable patient information in removable electronic devices to a minimum essential for the efficient conduct of business. The information should be encrypted.
[Evan] Not "should be encrypted", MUST be encrypted.

These should not be removed from the specific office/clinic unless with prior approval from the respective service heads.

A government hotline has been set up to deal with calls from youngsters and family members concerned over the loss of the data, she added.

There is a Department of Health hotline ( 2125 1133 ) for enquiries.  The hotline will operate until 9pm today, from 9am to 1pm tomorrow and Sunday and from 9am to 5pm during weekdays from next Monday.

Dr Tam said the concerned doctor's case may be dealt with under civil-service regulations after the investigation is completed.
[Evan] I fear what this could mean.

Commentary:
The response from the Privacy Commissioner for Personal Data sums it up pretty well.  Section 4 made good sense:

"The Privacy Commissioner for Personal Data Mr. Roderick B Woo takes the opportunity to remind both the public and private sectors to exercise particular caution when handling personal data.  Stringent handling procedure and sufficient security safeguards should be implemented.  In particular, when sensitive personal data are stored or transmitted by electronic means, the data shall be encrypted."

Past Breaches:
Unknown

Extremely fair article on Sebastopol Wi-Fi networking health debate: The local paper manages to push the camel through the eye of the needle in presenting various aspects of the vote by the local council to rescind the gift of a local ISP to provide city-wide Wi-Fi. It neither ridicules the symptoms of people who describe themselves as electrosensitive, nor ignores the clinical research that shows such sensitivity to be unprovable, even as the symptoms are clearly manifest (just not correlated with EMF). The article notes that one radio host who speaks on health has his words carried by a station that is bumping more signal out across Sebastopol than any Wi-Fi network would. In a true Sonoma moment, however, the leading opponent to the city-wide network and the owner of the ISP cross paths in front of Whole Foods where high school students in favor of the network were gather signatures for a petition--and hugged. That kind of behavior is more of what we need: civility, understanding, and mutual working forward to improve everyone's health. More research? Sure. And more kindness, too.

Wired's Wi-Fi map: now, useful! My friend and colleague Cyrus Farivar spent weeks researching what municipal projects were proceeding, on hold, or dead across the U.S., and I wasn't very impressed by the way in which Wired presented this material in their print issue. But never fear! Online, paired with Google Maps, his research is tremendously accessible. It's now a few weeks out of date, but still useful for the scope and locations of projects. It makes me want to build an ongoing effort of the same kind!

Complimentary essay on Boston's pace: By not building fast, OpenAirBoston avoids the mistakes of other municipal networks. True. But in the end, they need to build something; they are only "behind" in the sense of not having put their neck out too far.