All posts by Markus Kuhn

PhD studentship in side-channel security

I can offer a 3.5-year PhD studentship on radio-frequency side-channel security, starting in October 2018, to applicants interested in hardware security, radio communication, and digital signal processing. Due to the funding source, this studentship is restricted to UK nationals, or applicants who have been resident in the UK for the past 10 years. Contact me for details of the project proposal.

PhD studentship: Model-based assessment of compromising emanations

We have a fully funded 3.5-year PhD Studentship on offer, from October 2014, for a research student to work on “Model-based assessment of compromising emanations”. The project aims to improve our understanding of electro-magnetic emissions that are unintentionally emitted by computing equipment, and the eavesdropping risks they pose. In particular, it aims to improve test and measurement procedures (TEMPEST) for computing equipment that processes extremely confidential data. We are looking for an Electrical Engineering, Computer Science or Physics graduate with an interest in electronics, software-defined radio, hardware security, side-channel cryptanalysis, digital signal processing, electromagnetic compatibility, or machine learning.

Check the full advert and contact Dr Markus Kuhn for more information if you are interested in applying, quoting NR03517. Application deadline: 23 June 2014.

Eavesdropping a fax machine

I was intrigued this morning to see on the front page of the Guardian newspaper a new revelation by NSA whistleblower Edward Snowden: a US eavesdropping technique “DROPMIRE implanted on the Cryptofax at the EU embassy [Washington] D.C.”. I was even more intrigued by an image that accompanied the report (click for higher resolution):

The Guardian, 1 July 2013, page 1

Having done many experiments to eavesdrop on office equipment myself, the noisy image at the bottom third of the picture above looked instantly familiar: it is what you might get from listening with a radio receiver on the compromising emanations of a video signal of a page of text. Continue reading Eavesdropping a fax machine

A one-line software patent – and a fix

I have been waiting for this day for 17 years! Today, United States Patent 5,404,140 titled “Coding system” owned by Mitsubishi expires, 22 years after it was filed in Japan.

Why the excitement? Well, 17 years ago, I wrote JBIG-KIT, a free and open-source implementation of JBIG1, the image compression algorithm used in all modern fax machines. My software is about 4000 lines of code long (in C), and only one single “if” statement in it is covered by the above patent:

      if (s->a < lsz) { s->c += s->a; s->a = lsz; }

And sadly, there was no way to implement a JBIG1 encoder or decoder without using this patented line of code (in some form) while remaining compatible with all other JBIG1 implementations out there. Continue reading A one-line software patent – and a fix

Liberal Democrat leader visits our lab

This week, Nick Clegg, leader of the UK Liberal Democrat Party, and David Howarth, MP for Cambridgeshire, visited our hardware security lab for a demonstration of Chip & PIN fraud techniques.

They used this visit to announce their new party policy on protections against identity fraud. At present, credit rating companies are exempt from aspects of the Data Protection Act and can forward personal information about an individual’s financial history to companies without the subject’s consent. Clegg proposes to give individuals the rights to “freeze” their credit records, making it more difficult for fraudsters to impersonate others.

See also the Cambridge Evening News article and video interview.

How (not) to write an abstract

Having just finished another pile of conference-paper reviews, it strikes me that the single most common stylistic problem with papers in our field is the abstract.

Disappointingly few Computer Science authors seem to understand the difference between an abstract and an introduction. Far too many abstracts are useless because they read just like the first paragraphs of the “Introduction” section; the separation between the two would not be obvious if there were no change in font or a heading in between.

The two serve completely different purposes:

Abstracts are concise summaries for experts. Write your abstract for readers who are familiar with >50% of the references in your bibliography, who will soon have read at least the abstracts of the rest, and who are quite likely to quote your work in their own next paper. Answer implicitely in your abstract experts’ questions such as “What’s new here?” and “What was actually achieved?”. Write in a form that squeezes as many technical details as you can about what you actually did into about 250 words (or whatever your publisher specifies). Include details about any experimental setup and results. Make sure all the crucial keywords that describe your work appear in either the title or the abstract.

Introductions are for a wider audience. Think of your reader as a first-year graduate student who is not yet an expert in your field, but interested in becoming one. An introduction should answer questions like “Why is the general topic of your work interesting?”, “What do you ultimateley want to achieve?”, “What are the most important recent related developments?”, “What inspired your work?”. None of this belongs into an abstract, because experts will know the answers already.

Abstract and introduction are alternative paths into your paper. You may think of an abstract also as a kind of entrance test: a reader who fully understands your abstract is likely to be an expert and therefore should be able to skip at least the first section of the paper. A reader who does not understand something in the abstract should focus on the introduction, which gently introduces and points to all the necessary background knowledge to get started. Continue reading How (not) to write an abstract

Identity theft without identification infrastructure

Recent comments to my last post about biometric passports have raised wider questions about the general purpose, risks and benefits of new government-supplied identification mechanisms (the wider “ID card debate” in the UK). So here is a quick summary of my basic views on this.

For some years now, the UK government has planned to catch up with other European countries in providing a purpose-designed identification infrastructure in order to make life simpler and reduce the risk of identity fraud (impersonation). The most visible of these plans center around a high-integrity identity register that keeps an append-only lifetime record of who exists and how they can be recognized biometrically. People will be able to get security-printed individual copies of their current record in this register (ID card, passport, biometric certificate), which they can easily present for offline verification. (What exact support is planned for remote identification over the telephone or Internet is not quite clear yet, so I’ll exclude that aspect for the moment, although the citizen PKIs already used in Finland, Belgium, etc., and under preparation elsewhere, probably give a good first idea.)

However, such plans have faced vocal opposition in the UK from “privacy advocates”, who have showed great talent in raising continuous media attention to a rather biased view of the subject. Their main refrain is that rather than prevent identity fraud, an identification infrastructure will help identity thieves by making it easier to access the very data that is today used by business to verify identity. I disagree. And I put “privacy advocates” into quotation marks here, because I believe that the existing practice whose continuation they advocate restricts both my privacy and my freedom. Continue reading Identity theft without identification infrastructure

Passports and biometric certificates

A recurring media story over the past half year has been that “a person’s identity can be stolen from new biometric passports”, which are “easy to clone” and therefore “not fit for purpose”. Most of these reports began with a widely quoted presentation by Lukas Grunwald in Las Vegas in August 2006, and continued with a report in the Guardian last November and one in this week’s Daily Mail on experiments by Adam Laurie.

I have closely followed the development of the ISO/ICAO standards for the biometric passport back in 2002/2003. In my view, the worries behind this media coverage are mainly based on a deep misunderstanding of what a “biometric passport” really is. The recent reports bring nothing to light that was not already well understood, anticipated and discussed during the development of the system more than four years ago. Continue reading Passports and biometric certificates

Permissive action links for individual bullets

I read with interest about US Patent application 20060117632, which proposes to apply the notion of cryptographic accessory control to individual bullets in firearms. Only after an authentication protocol has convinced the tiny microprocessor in a cartridge that it is OK to potentially kill someone, it will close a transistor switch that normally blocks the electrical ignition mechanism.

It does not seem to me technically infeasible, or even cost prohibitive, to apply security mechanisms comparable to those we have come to expect to be used in weapons of mass destruction also to smaller weapon systems that were designed to kill only a few people at a time.

(The idea could be extended. If we add a chip to each cartridge, we might as well place it into the bullet itself. The bullet processor could then store in its NVRAM an audit log of the certification chain that ultimately authorized the firing of this bullet. With the right packaging, NVRAM chips can be made extremely tough and withstand hundreds of km/s² acceleration, much more than the conditions a normal bullet faces when penetrating a body. Having a log file in each bullet that identifies who is responsible for firing it could make the forensic investigation of shootings and war crimes so much easier.)