Author Archive

Jul 1, '13

I was intrigued this morning to see on the front page of the Guardian newspaper a new revelation by NSA whistleblower Edward Snowden: a US eavesdropping technique “DROPMIRE implanted on the Cryptofax at the EU embassy [Washington] D.C.”. I was even more intrigued by an image that accompanied the report (click for higher resolution):

The Guardian, 1 July 2013, page 1

Having done many experiments to eavesdrop on office equipment myself, the noisy image at the bottom third of the picture above looked instantly familiar: it is what you might get from listening with a radio receiver on the compromising emanations of a video signal of a page of text. (more…)

Apr 4, '12

I have been waiting for this day for 17 years! Today, United States Patent 5,404,140 titled “Coding system” owned by Mitsubishi expires, 22 years after it was filed in Japan.

Why the excitement? Well, 17 years ago, I wrote JBIG-KIT, a free and open-source implementation of JBIG1, the image compression algorithm used in all modern fax machines. My software is about 4000 lines of code long (in C), and only one single “if” statement in it is covered by the above patent:

      if (s->a < lsz) { s->c += s->a; s->a = lsz; }

And sadly, there was no way to implement a JBIG1 encoder or decoder without using this patented line of code (in some form) while remaining compatible with all other JBIG1 implementations out there. (more…)

Jan 22, '10

A few days ago, BBC2’s Newsnight approached me to have a look inside what might have been some kind of smartcard, but had long been suspected to be part of a simple-minded and dangerous fraud that may already have cost lives. (more…)

Oct 17, '08

This week, Nick Clegg, leader of the UK Liberal Democrat Party, and David Howarth, MP for Cambridgeshire, visited our hardware security lab for a demonstration of Chip & PIN fraud techniques.

They used this visit to announce their new party policy on protections against identity fraud. At present, credit rating companies are exempt from aspects of the Data Protection Act and can forward personal information about an individual’s financial history to companies without the subject’s consent. Clegg proposes to give individuals the rights to “freeze” their credit records, making it more difficult for fraudsters to impersonate others.

See also the Cambridge Evening News article and video interview.

Mar 14, '07

Having just finished another pile of conference-paper reviews, it strikes me that the single most common stylistic problem with papers in our field is the abstract.

Disappointingly few Computer Science authors seem to understand the difference between an abstract and an introduction. Far too many abstracts are useless because they read just like the first paragraphs of the “Introduction” section; the separation between the two would not be obvious if there were no change in font or a heading in between.

The two serve completely different purposes:

Abstracts are concise summaries for experts. Write your abstract for readers who are familiar with >50% of the references in your bibliography, who will soon have read at least the abstracts of the rest, and who are quite likely to quote your work in their own next paper. Answer implicitely in your abstract experts’ questions such as “What’s new here?” and “What was actually achieved?”. Write in a form that squeezes as many technical details as you can about what you actually did into about 250 words (or whatever your publisher specifies). Include details about any experimental setup and results. Make sure all the crucial keywords that describe your work appear in either the title or the abstract.

Introductions are for a wider audience. Think of your reader as a first-year graduate student who is not yet an expert in your field, but interested in becoming one. An introduction should answer questions like “Why is the general topic of your work interesting?”, “What do you ultimateley want to achieve?”, “What are the most important recent related developments?”, “What inspired your work?”. None of this belongs into an abstract, because experts will know the answers already.

Abstract and introduction are alternative paths into your paper. You may think of an abstract also as a kind of entrance test: a reader who fully understands your abstract is likely to be an expert and therefore should be able to skip at least the first section of the paper. A reader who does not understand something in the abstract should focus on the introduction, which gently introduces and points to all the necessary background knowledge to get started. (more…)

Mar 12, '07

Recent comments to my last post about biometric passports have raised wider questions about the general purpose, risks and benefits of new government-supplied identification mechanisms (the wider “ID card debate” in the UK). So here is a quick summary of my basic views on this.

For some years now, the UK government has planned to catch up with other European countries in providing a purpose-designed identification infrastructure in order to make life simpler and reduce the risk of identity fraud (impersonation). The most visible of these plans center around a high-integrity identity register that keeps an append-only lifetime record of who exists and how they can be recognized biometrically. People will be able to get security-printed individual copies of their current record in this register (ID card, passport, biometric certificate), which they can easily present for offline verification. (What exact support is planned for remote identification over the telephone or Internet is not quite clear yet, so I’ll exclude that aspect for the moment, although the citizen PKIs already used in Finland, Belgium, etc., and under preparation elsewhere, probably give a good first idea.)

However, such plans have faced vocal opposition in the UK from “privacy advocates”, who have showed great talent in raising continuous media attention to a rather biased view of the subject. Their main refrain is that rather than prevent identity fraud, an identification infrastructure will help identity thieves by making it easier to access the very data that is today used by business to verify identity. I disagree. And I put “privacy advocates” into quotation marks here, because I believe that the existing practice whose continuation they advocate restricts both my privacy and my freedom. (more…)

Mar 9, '07

A recurring media story over the past half year has been that “a person’s identity can be stolen from new biometric passports”, which are “easy to clone” and therefore “not fit for purpose”. Most of these reports began with a widely quoted presentation by Lukas Grunwald in Las Vegas in August 2006, and continued with a report in the Guardian last November and one in this week’s Daily Mail on experiments by Adam Laurie.

I have closely followed the development of the ISO/ICAO standards for the biometric passport back in 2002/2003. In my view, the worries behind this media coverage are mainly based on a deep misunderstanding of what a “biometric passport” really is. The recent reports bring nothing to light that was not already well understood, anticipated and discussed during the development of the system more than four years ago. (more…)

Jun 27, '06

I read with interest about US Patent application 20060117632, which proposes to apply the notion of cryptographic accessory control to individual bullets in firearms. Only after an authentication protocol has convinced the tiny microprocessor in a cartridge that it is OK to potentially kill someone, it will close a transistor switch that normally blocks the electrical ignition mechanism.

It does not seem to me technically infeasible, or even cost prohibitive, to apply security mechanisms comparable to those we have come to expect to be used in weapons of mass destruction also to smaller weapon systems that were designed to kill only a few people at a time.

(The idea could be extended. If we add a chip to each cartridge, we might as well place it into the bullet itself. The bullet processor could then store in its NVRAM an audit log of the certification chain that ultimately authorized the firing of this bullet. With the right packaging, NVRAM chips can be made extremely tough and withstand hundreds of km/s² acceleration, much more than the conditions a normal bullet faces when penetrating a body. Having a log file in each bullet that identifies who is responsible for firing it could make the forensic investigation of shootings and war crimes so much easier.)

Jun 6, '06

Today, Tuesday 6/6/6, Mike Bond and George Danezis published our department’s 666-th technical report titled “A pact with the Devil”. In this devious research paper, they explore the risks of a whole new generation of malware that exploits not only computer users’ inexperience to propagate, but also their greed, malice and short-sightedness. (more…)

Mar 9, '06

If you happen to be at CeBIT 2006 in Hanover this week, don’t miss a little demonstration of compromising video emanations that I developed (Halle 6, Stand A42, booth of GBS). It shows how easily now cheap FPGA DSP evaluation boards can be turned into impressive home-brew eavesdropping devices.

COVISP demonstration setup at CeBIT 2006

The system shown consists of a log-periodic antenna (not on the photo), a Dynamic Sciences R1250 wideband receiver, and an Altera FPGA DSP Development Kit, Stratix II Edition. The FPGA board is the implementation platform for my COVISP-1 (compromising video emanations processor) circuit. It receives the 30 MHz intermediate-frequency output signal from the UHF tuner, samples it with 12-bit resolution at 120 MHz, applies a number of signal-processing steps (AM demodulation, gain control, clipping, blanking), and outputs the result – along with sync-pulses – onto the connected VGA monitor. It implements all the controls necessary to adjust it precisely and comfortably to the video mode of the eavesdropping target, including a video clock synthesizer with a frequency-resolution of about 1 part-per-billion, necessary for accurate synchronization of the image.
The eavesdropping target to which the demo setup is tuned in on the above picture is a PC with a flat-panel display:
Eavesdropping target of COVISP demonstration at CeBIT 2006

It belongs to a nearby Russian stand, is about 25 meters away from our antenna. Its PowerPoint presentation is clearly readable on our eavesdropping system, which managed to isolate this signal from the many hundred PCs located in the same room.


April 2014
« Mar    

Posts by Month

Posts by Category