Haha, Blizzard is going to release a new security token for the authentication of WoW. Not a bad idea imho, and especially the price of 6$ + shipping is quite fair. But we will see if this really enhances the security of Blizzard games.
More information about the "security authenticator" can be found here.
Update: A lot of other websites talk about this topic now.
Montag, 30. Juni 2008
Blizzard's new Security Token
Samstag, 28. Juni 2008
Review: Secret Key Cryptography Using Graphics Cards
Review of this paper:
Graphics Processing Units (GPU), also known as graphics accelerators, have several advantages concerning cryptographic computations compared to normal CPUs. First of all, moving encryption as well as decryption into GPUs will offbad system ressources. Furthermore, the corresponding plaintext isn't stored in the system memory which could enhance security. The authors claim that recently (in 2004) this only concerned image encryption or decryption.
My purpose of reading this paper was to figure out exactly why it is ?impossible? or very hard to compute asymmetric encryption algorithms with the help of a GPU. Computing XOR operations seams to be quite easy due to the fact, that the plaintext is stored in an array of bytes as well as the key. So the same data structure as for pixels is used. In the paper, this was tested with the help of an OpenGL implementation.
To enhance security by computing symmetric ciphers on GPUs makes sence in my opinion. Is there any malware out there which trys to read the GPU memory in order to steal cipher keys?
Anyway, "Exploiting the Power of GPUs for Asymmetric Cryptography" is a new paper released by two guys from my university. It will be published at the CHES workshop 2008.
Freitag, 27. Juni 2008
AstroGPU 2007 - videos available
In 2007, there has been a conference about GPUs in astrophysics and astronomy at the Princeton Univ. The videos and slides are available now.
In addition, there was an introduction into CUDA programming and the corresponding videos are also available on the website.
Montag, 23. Juni 2008
Currently in Berlin
I'm currently in Berlin at the DACH Conference so don't expect much traffic during the next days.
Donnerstag, 19. Juni 2008
The new iPhone 3G
engadget.com gives answers to lots of questions concerning the new iPhone 3G. I didn't like these new iPhone hype ... but recently, due to the fact that one of my collegues here goes crazy for it, I begin to like it. :D
But what still confuses me a little bit is the EULA of iTunes & Quicktime which says:
... iTunes & Quicktime not intended for the creation of nuclear weapons ...Äh, what? So what's next? The new iPhone is not intended to the creation of biological arms?
Anyway, 200$ dollars for the new iPhone, isn't it a fair price? Despite all privacy considerations , the new one will be a great tool for playing around. The world goes mobile ... I had to realise this again when I was in Morocco last winter. Some parts of this country are only provided with GSM network - no old landline anymore. And yes, it's the same priece for the locals due to the fact, that running a cable is even much more expensive for the telcos.
By the way, to all spanish guys out there: http://www.forbes.com/afxnewslimited/feeds/afx/2008/06/05/afx5083148.html
Mittwoch, 18. Juni 2008
Short introduction into CUDA
I found this 9-page article about CUDA on behardware.com. Perhaps it is helpful for anyone out there.
PS: You should also have a look at this link.
Dienstag, 17. Juni 2008
Helsinki Bus Tracking
From now on you can track the buses inside Helsinki online on a "Public Transport Map". Imho a great feature. You can exactly check if it's worth waiting for the bus or you better walk or go by taxi. The google API makes it possible ...
via drwebart.es
Review: Advances in Digital Video Content Protection (2005)
By reading this paper, I came across CSS and SDMI (CSS stands for Content Scramble System, a broken encryption framework for DVDs, and SDMI stands for Secure Digital Music Initiative).
During the background search on this keywords, I realised, that this was all a great, funny story. Why? The SDMI announced a tournament for breaking a watermarking technology. Ed. Felten and his team took part but didn't sign the NDA. In the end, they achieved to break the watermark method and tried to publish the corresponding information at a conference! Anyway, finally they didn't do it because the SDMI threatened him and his team to go to law. All the information was released at the USENIX in 2001. I can totally understand that due to the fact, that the content protection army (mafia?) is quite powerful: ATSC, CEA, CPTWG, SCTE, MPAA, IETF, MPEG, DVB ...
Anyway, the paper gives a comprehensive introduction into DRM by dicussing legal and technical solutions for DRM. In addition, the users' concerns are taken into account. Perhaps, the usage of the word "packaging" instead "encryption" made me a little bit dizzy. :D
The paper also discusses "encryption VS watermarking". Encryption techniques do not offer any protection once the encrypted data has been decrypted. This is what watermarking focuses on. But the role of watermarking complements and does not replace encryption.
Another quite important part of DRM frameworks are Key Management and Delivery Network Issues as well as multicast fingerprinting. In fact it is still a great challenge to DRM because all receivers will obtain the same video. One idea to solve this problem is to multicast two different watermarked videos and send a unique binary string to each receiver. The receiver decodes exactly one of the two watermarked videos, depending on the unique binary string (search for "a secure multicast protocol with content protection").
So this paper doesn't propose a specific method or framework but contains a really well made summary of recent developments.
Montag, 16. Juni 2008
Review: A Signature Scheme with Message Recovery as Secure as Discrete Logarithm
"A Signature Scheme with Message Recovery as Secure as Discrete Logarithm" is a paper of 8 pages written by Abe and Akomoto. I just read this paper in order to get more information about the Nyberg-Rueppel signatures which focus on digital signatures with message recovery.
This paper claims that there has been no provably secure signature scheme with message recovery based on the discrete logarithm problem even in the random oracle model (ROM). Like I already posted recently, Nyberg-Rueppel is vulnerable to several attacks.
The authors wanted to present a provably secure (existentially unforgeable against adaptively chosen message attacks) DL-type signature scheme with message recovery un-
der two reasonable assumptions; the elliptic-curve discrete logarithm assumption and the random oracle assumption.
For related work, I read (or better I tried) "The Random Oracle Methodology, Revisited" by Canetti, Goldreich and Halevi. But this is in fact quite difficult stuff to understand totally.
Samstag, 14. Juni 2008
Domber's selfmade laundry dryer :D
Like you already know, I had an unintentional stay for one more night in Frankfurt last weekend. Jep, I also wash my clothes sometimes :D but how to dry my pants during the travel? Exactly, abusing the fan of the hotel! You won't believe it, but this is unbeatable fast ...
Freitag, 13. Juni 2008
On Cuda compatibles GPUs as an efficient hardware accelerator for cryptography
What da hell is CUDA?
NVIDIA CUDA™ technology is the world’s only C language environment that enables programmers and developers to write software to solve complex computational problems in a fraction of the time by tapping into the many-core parallel processing power of GPUs.(according to NVIDIA)
At my work, a lot of highly skilled people work with that kind of environment, not exactly CUDA but other environments. Of course, not for breaking algorithms but for computing other stuff. :D
Here several different applications are presented (commercial and free) and this was also the place where I found the paper about AES computing in CUDA.
The interesting content in this paper was the direct comparison with FPGAs, which use hardware implementations. Now read what the author claims:
Since 2001, when AES was accepted as a FIPS standard [2], a lot of hardware implementations, using ASIC and FPGA devices, have been proposed. C. Su et al. [14], J. Wolkerstorfer et al.[15], Hodjat et al.[16], using particular S-box optimizations, rather than pipelining, or combination of S-box and MixColumns, called T-box, provided throughput rates from 1 to 70 Gbit/s.Hoho! Listen up! :D "in the same range of". In this case we got a range from 1 to 70 Gbit/s, on hardware based systems, and an average of 8 Gbit/s on CUDA based systems. Hmm ...
The presented CUDA-AES implementation, tested on a NVidia GeForce 8800 GTX, performs a peak throughput of 8.28 Gbit/s. This result, interestingly obtained with commodity hardware, is in the same range of the above hardware based solutions. Furthermore, the implementation could linearly improve its throughput exploiting the parallelism of several GPU devices, when available on the same machine.
Anyway, I really enjoyed reading the paper ... nice one! We will see what the future of CUDA will bring.
Donnerstag, 12. Juni 2008
Review: Security Analysis of Public-Key Watermarking Schemes
This paper by Craver and Katzenbeisser faces an traditional problem: for the verification of a watermark, a key is needed. In ordinary, symmetric watermarking schemes, there is only one key for embedding as well as retrieving the watermark.
Whereas in public-key watermarking schemes, a SK is used for embedding and a PK is used for the extraction.
The main advantage of PK-watermarking schemes is quite obvious: The secret key (SK) doesn't need to be disclosed. So the ordinary symmetric schemes face the same problem like the symmetric schemes in the encryption field. Another advantage could be the possibility to provide verification without removing the watermark.
A few days ago, I already talked about the "Fast PK-watermarking scheme" of Hartung and Girod. The current paper offers an interesting attack on the fast PK-watermarking scheme:
If you have a file, which is not watermarked, but you want it to be, you just need to embed the public-key sequence in it. Sounds simple and I think in fact it is. It is called "ambiguity attack". Afterwards, it is possible to claim the file "watermarked" but obviously the watermark has never be embedded with the help of the secret key.
The challenging problem is to prove the existance of a valid watermark without revealing its value. Now, the word "zero-knowledge" should come to your mind. :D Yes, indeed, imho it is comparable to the zero-knowledge proofs.
The second part of the paper concerns protocol proposals which address these problems. One of them was based on finding an isomorphism between two large graphs but it would be too complex to discribe it here.
Anyway, the problem of almost all proposals for PK-watermarking it the need for large computations. Quite often, devices which embed and retrieve watermarks have to accomplish huge processes in real-time. I mean, it's the same problem we have with all the common asymmetric real-world scenarios.
In addition, it could possibly be, that the amount of the watermark information which neeeds to be transferred gets larger than the object in which it is embedded. Sounds ugly ... and yes, it is. Welcome to the real world.
So, PK watermarking is still an open, unsolved problem which is only possible to solve in theory, but not in practise. We will see what future brings.
20 different cipher devices
source: oobject.comApple Mac OS X security guides
Apple released recently new security guides for Mac OS X 10.3 - 10.5. I browsed over it but realised that most of the hints are a) already well know or b) are for server installations. So, if you use Mac OS X as a desktop system, these guidlines can be pretty useless.
Mittwoch, 11. Juni 2008
Shmocoon 2008 materials available
Perhaps a little bit late, but the Shmocoon 2008 materials are out now! Presentations as well as videos can be downloaded here.
Dienstag, 10. Juni 2008
Back in Spain
What a weekend! First of all, Hamburg is really an awesome city with lots of things worth seeing and friendly people. After my security meeting on friday, I had a lot of time left to spend with an old friend of mine who is studying in Hamburg.
All in all it was an interesting but exhausting weekend and I really changed my mind about Hamburg. This city has a lot more than the "Kiez"!
On sunday, I took my flight back to Frankfurt in order to catch the plane to Bilbao, but my flight from Hamburg was delayed and so I missed the one to Bilbao. Great stuff!
Lufthansa payed me a room at the intercity airport hotel ... so, not bad after all! :D
Until now, I didn't know that some of the spanish buses are provided with WIFI (non public, by the way :D). I think, they use it for data transactions if they are near to the mainstations, because the mainstations also provide WIFI.
Only the WEP-encryption is a pain in the neck. :-/
Samstag, 7. Juni 2008
Review: Signing a Postcard
When do you need short signatures? Jep, with "Signing a Postcard". If you write your mom a postcard during your holidays on a nice island and you wonna sign it (no, not digitally, you nerd :D), you need some space left at the bottom of the card.
If you do the same in the digital world and you use RSA for signing, you wouldn't have much space left for your original message. Ever tried to put 1024-bit on a postcard and add some nice words?
Another example is a 1-D barcode or even take 2-D ones. There again, it depends on the size of the barcode, how many information you can store. The capacity of 2-D codes varies typically between a few hundreds to a couple of thousands of bytes. The paper "Signing a Postcard" focuses on all these topics and afterwards gives a nice introduction into "random orcale model", also called ROM and generic algorithms.
What the authors try to proove or to confirm is he following sentence:We say that a signature scheme allows message recovery if the message m is a deterministic function of the signature.I already showed you the Nyberg-Rueppel (NR) algorithm based on the
discrete logarithm (DL) problem. In this paper, the NR is based on elliptic curves. But a new method is proposed, which "only" provides partial recovery. But what does this mean? A short quote:Our proposal allows to sign a message m = m1 || m2 , where || denotes con-The whole proof can be looked up in the paper.
catenation and to only transmit m2 together with the signature.
Freitag, 6. Juni 2008
DEFCON 16 speakers and schedules
Just a short note:
The schedule for the next DEFCON 16 is out now. Speakers and topics can be watched here.
I'm really looking forward to watch the slides or the streams ...
By the way, I recently watched the movie of Valsmith's and Delchi's talk at the DEFCON 15 about malware secrets. Very nice one ... some of their slides were indeed really funny:
CardSpace broken?
Recently, some guys from my university claimed to have broken "Microsofts CardSpace" within IE. There were a lot of bad comments on heise with which I can partly agree. Kim Cameron, the chief architect of identity in the Connected Systems Division at Microsoft, has the better arguments in my opinion. The attack brings to many "ifs" with it ... which make it impractical.
The students are not able to undermine the system without active co-operation by its owner.Another thing is:
If we look at SSL, also user activity is needed. But in this case, a root certificate needs to be installed ...
However, should all the planets involved in the attack align, the contents of the token are never visible to the attacker. They are encrypted for the legitimate party, and no personally identifying information is disclosed by the system. This is not made clear by the students' paper.But nice try anyway ... I'm by myself not pretty involved into this CardSpace stuff, just wondered what happened to the reputation of my university. :D
Mittwoch, 4. Juni 2008
Reduce Hash Output
Guys, I need your help. I currently face a problem where even google can't help me. :D
For instance, take a SHA-1 output of 160-bits respectively 20 bytes. If we now extract only the first 10 bytes, how does this affect the collision resistance in general? And how does this affect the 2nd-preimage resistance?
I would appreciate any useful link to any kind of information. I think, I currently use the wrong search words. :-|
What's this for? Take a signature scheme which focuses on short messages like Nyberg-Rueppel. So you need a 10 byte message (not more) for input and afterwards get a really small signature size.
I wrote a small script which tries to simulate what I need:
#!/bin/sh
var=`wc -l movies.list`
echo $var | awk '{print $1}'
i=1
while read LINE; do
echo "$LINE" > temp
var=`md5sum temp`
echo | awk '{ print substr("'"${var}"'",1,20)}' >> md5-totalhashes
echo | awk '{ print substr("'"${var}"'",1,20)}'
echo $i
i=`expr $i + 1`
done < movies.list
This script takes a file called movies.list, reads each line, puts it into a file and hashes it with MD5. You could switch to SHA-1 easily. After that, the first 20 characters are extracted and put into a file. 20 characters, because the standard output of unix programs like sha1sum and md5sum is hex. 160 bits --> 20 bytes --> 40 hex, therefore 10 bytes --> 20 hex
Well, anyway, I don't know how this reduces the resistance. Anyone an idea? I found a collision neither with MD5 nor with SHA-1 concerning the movies.list file. You can download it for free from the IMDB website.
Dienstag, 3. Juni 2008
Review: Fast Public-Key Watermarking of Compressed Video
The problem most watermarking techniques face is the publication of the secret key in order to remove the watermark. You can compare it to symmetric encryption, where the key is needed in order to decrypt given data.
I currently read a paper which focuses on watermarking a compressed video with public-key watermarking. This means, decoding and verification doesn't need the secret key but can be done with a public key. Again, spread-spectrum watermarking techniques are used.
http://citeseer.ist.psu.edu/88164.html
PS: I came across interesting pages on the IBM and HP websites:
http://www.research.ibm.com/areas.shtml
http://www.hpl.hp.com/techreports/
Awesome Wallpapers
Thx to schrankmonster.de, these wallpapers are indeed fu**ing awesome. I especially like the Warcraft 3 ones ... great!
Abonnieren
Posts (Atom)
