Tag Archives: cryptography

Application Layer Snake Oil

TL;DR: The author thinks Snowden’s home security app, Haven, is snake oil regardless of the algorithms it uses. Operational security is at least as hard as cryptography and no app is going to provide it for you.

Bogus cryptography is often being referred to as snake oil—a remedy designed by charlatans to the sole end of selling it to the gullible. Discussions of snake oil traditionally focused on cryptography as such and technical aspects like the choice of algorithms, the competence of their designers and implementers, or the degree of scrutiny a design and its implementation received. As a rule of thumb, a set of algorithms and protocols is widely accepted as probably secure according to current public knowledge, and any poorly motivated deviation from this mainstream raises eyebrows.

However, reasonable choices of encryption algorithms and crypto protocols alone does not guarantee security. The overall application in which they serve as building blocks needs to make sense as well in the light of the threat models this application purports to address. Snake oil is easy to mask at this level. While most low-level snake oil can be spotted by a few simple patterns, the application layer calls for a discussion of security requirements.

Enter Haven, the personal security app released by Freedom of the Press Foundation and Guardian Project and associated in public relations with Edward Snowden. Haven turns a smartphone into a remote sensor that alerts its user over confidential channels about activity in its surroundings. The intended use case is apparently to put the app on a cheap phone and leave this phone wherever one feels surveillance is need; the user’s primary phone will then receive alerts and recordings of sensed activity.

Haven is being touted as “a way to protect their [its users] personal spaces and possessions without compromising their own privacy.” The app allegedly protects its users against “the secret police making people disappear” and against evil maid attacks targeting their devices in their absence. To this end, Haven surveils its surroundings through the smartphone’s sensors for noise, movement, etc. When it detects any activity, the app records information such as photos through the built-in camera and transmits this information confidentially over channels like the Signal messenger and Tor.

Alas, these functions together create a mere securitoy that remains rather ineffective in real applications. The threat model is about the most challenging one can think of short of an alien invasion. A secret police that can make people disappear and get away with it is close to almighty. They will not go through court proceedings to decide who to attack and they will surely not be afraid of journalists reporting on them. Where a secret police makes people disappear there will be no public forum for anyone to report on their atrocities. Just imagine using Haven in North Korea—what would you hope to do, inside the country, after obtaining photos of their secret police?

Besides strongly discouraging your dissemination of any recordings, a secret police can also evade detection through Haven. They might, for example, jam wireless signals before entering your home or hotel room so that your phone has no chance of transmitting messages to you until they have dealt with it. Or they might simply construct a plausible pretense, such as a fire alarm going off and agents-dressed-as-firefighters checking the place. Even if they fail to convince you, you will not be able to react in any meaningful way to the alerts you receive. Even if you were close enough to do anything at all, you would not physically attack agents of a secret police that makes people disappear, would you?

What Haven is trying to sell is the illusion of control where the power differential is clearly in favor of the opponent. Haven sells this illusion to well pampered westerners and exploits their lack of experience with repression. To fall for Haven you have to believe the  premise that repression means a secret police in an otherwise unchanged setting. This premise is false: A secret police making people disappear exists inevitably in a context that limits your access to institutions like courts or media or the amount of support you can expect from them. Secret communication as supported by Haven does not even try to address this problem.

While almost everyone understands the problems with low-level snake oil and how to detect and avoid it, securitoys and application layer snake oil continue to fool (some) journalists and activists. Here are a few warning signs:

  1. Security is the only or primary function of a new product or service. Nothing interesting remains if you remove it.
  2. The product or service is being advertised as a tool to evade repression by states.
  3. The threat model and the security goals are not clearly defined and there is no sound argument relating the threat model, security goals, and security design.
  4. Confidentiality or privacy are being over-emphasized and encryption is the core security function. Advertising includes references to “secure” services like Tor or Signal.
  5. The product or service purports to solve problems of operational security with technology.

When somebody shows you a security tool or approach, take the time to ponder how contact with the enemy would end.


ECRYPT II Yearly Report on Algorithms and Key Lengths

For those who aren’t aware of it yet: the ECRYPT II Network of Excellence maintains »a list of recommended cryptographic algorithms (e.g. block ciphers, hash functions, signature schemes, etc) and recommended keysizes and other parameter settings (where applicable) to reach specified security objectives.« This list is available as a public report, one can download the current version from their web site. If you need to assess the security and suitability of an algorithm used somewhere, this might be a valuable source.


Celebrate the 80th year of David Kahn in Luxemburg

The New Codebreakers, Luxembourg, June 28-29, 2010:

»The purpose of this event is to celebrate the 80th year of the eminent writer and historian of cryptography and intelligence David Kahn.

Dr Kahn is arguably the most famous writer on these subjects. In particular, he is the author of the famed book “The Codebreakers“. This appeared in the 60s and for decades was the only widely available and readable book on the making and breaking of codes and ciphers. For many researchers in the field this book was an inspiration and a key ingredient in setting them on their professional course.

The event brings together several eminent researchers in cryptography and the history of intelligence. Anyone interested in the event and in its topics is warmly invited to attend. There is no registration fee …«


Unterschätzte Risiken: Literaturrecherche

»There is another questionable use of the word “standard” that is frequently encountered in the literature. After a complicated interactive problem P has been used in a couple of papers, subsequent papers refer to it as a standard problem. The casual reader is likely to think that something that is standard has withstood the test of time and that there’s a consensus among researchers that the assumption or problem is a reasonable one to rely upon—although neither conclusion is warranted in such cases. The terminology obfuscates the fact that the new problem is highly nonstandard.«

(Neal Koblitz and Alfred Menezes: The Brave New World of Bodacious Assumptions in Cryptography)