Tag Archives: security

On e-mail encryption

Upon receiving an e-mail from Cory Doctorow, I noticed that he happens to encrypt his messages. To accomplish this, he is using OpenPGP through Enigmail.  In the first place, I thought it was very cool to see that. You know, it is something different, something I had not seen before — especially considering that I am on the Net for quite some time now. So to me it was kind of special, unique in a sense, undergroud, straight from the Net’s darkest trenches  or catacombs I would say. But why do you have to use encryption? And is it safe at all?

Anyway, I have never fully grasped how the mechanisms behind PGP works though, the encryption Doctorow uses. What I understand is that the cryptography is based upon assymetric cryptography, meaning that there are two keys: one to encrypt and one to decrypt the information. But the thing is, encryption doesn’t make much sense when the receiving party does not apply it. You have to add the public key of your receivers to your public keyring. And of course you also need a private key to decrypt the data. That’s one observation.

My point is that encrypting e-mails can be useful, but it is not very secure in the end. In the remainder I will explain you why.

To begin with, the e-mail SMTP protocol is a very little secured protocol as the SMTP protocol requires no authentication. With a scripting language like PHP, you can easily send an e-mail by implementing the mail() function. But it doesn’t have to be that difficult. In fact, one can e-mail from every computer using the network protocol telnet. What is more alarming, is that telnet is present on every Unix machine. So when your colleague is away from the computer, it takes very little effort to open a command prompt when they did not lock their machine. Not only will you then be able to send on their behalf, but also from their IP address and hunting down the SMTP server is also a piece of cake. Regarding a telent session, it is worth knowing though that it interprets character by character, so also when using the backspace for instance, it will be displayed in the message you intend to send. The bottom line is that every character has to be right.

Secondly, e-mails are also insecure because they can be read while they are in transit over networks, or when they are in e-mail servers.  So no real guarantee exists that information in transit is secure. That brings me to e-mail encryption. In the corporate world, it is usually advised to encrypt e-mails that contain confidential information using Digital Certificates. Read for example how to use Digital Certificates in Microsoft Outlook.  I think it is very useful to extend the idea of using e-mail encryption to our personal lives to, for our own sake, privacy and trust, like Doctorow does. Webmail services like gmail can help in this, by enabling e-mail encryption by default. That however introduces another problem here, since it is not always easy for us to make the right decisions on what is to be classified as highly confidential information. In companies, there are usually policies available for this matter, but for the individual it is entirely up to him or her to decide if the receiving party can be trusted with a particular type of information. Let’s just not forget that information indeed is power. Human behavior can be influenced by technology though, and in this case by giving the means, right incentives and tools to use encryption when e-mailing.

If applied correctly, e-mail encryption can be useful for business needs like protecting classified information or to share information with the ones you trust in general. It helps to keep the barrier between our public and private matters alive. However, there is a catch to it. Ironically, just because the e-mail protocol is inherently so insecure by design, encrypted e-mails cannot be checked for viruses by, for instance an exchange server or by any other anti-virus systems. Indeed, the purpose of encryption is that it should be decrypted by the receiver’s computer only and not by the server. And viruses can be propagated not only in attachments, but also in the body of a message. Therefore, also be aware that you should not open encrypted messages from anyone unless you have previously arranged to exchange encrypted messages with them.

WiFi Sourcing

When we had finally found a decent place to live in, we discovered one vital thing was missing to complete the picture: the holiness of Internet connectivity. While our lodging in Delfshaven, Rotterdam, does have a cable connection, the landlord did not approve of our request to also opt-in for Internet with the same cable company that already delivers television,  for the sake of administrative burdens. And as there is no telephone line, ADSL was not an option either. You can imagine how tremendously inconvenient that is in a world where you are expected to be connected all the time.

So basically we were not left with many options, although the landlord advised us to go with a dongle —mobile broadband through a USB stick that functions as a modem. It is true though that dongles are omnipresent nowadays, but for two young people starting up their lives, the carriers data plans and their respective rates are still too high.

However, when you are not — legally speaking — the owner of an Internet connection, there is still the possibility you can rely on an open wireless network sitting there somewhere in your neighborhood, waiting for you to stand under its umbrella. Well, as a matter of fact, not a single WiFi network was open. So then a friend of us suggested to go talk to the neigbhours, explaining them that we were having a hard time acquiring an Internet connection, asking them if we could share their connectivity, but as a consequence of that of course also contributing to their monthly bill.

Taking that advise, I reached out to them. This was a disappointing experience, as all of them were very hesitant to say the least. Some apprised me even that they would never even think of sharing their connection, as they think it brings troubles. So that left us with two options: going with the expensive dongle or (illegally) breaching the closed networks security.

A locked wireless network is secured by a password, and in our surroundings, again, all of the networks were protected, either using WEP encryption but most of them even using the more secure WPA encryption. WEP has security limitations and is therefore fairly easy to crack.  You just have to collect enough initialization vectors (IV) and data packages and a weak scheduling attack will do the rest. While the recommended solution to WEP security problems is to switch to WPA, even with WPA enabled, the network will remain vulnerable to password cracking of cracking weak passphrases.

I am not writing this to prove that I know how to crack such closed networks.  It was just striking me that all people locked down their wireless networks. This is in line what is said in the Open Wirless Movement call to action post. It nowadays indeed is harder to find an open wireless network. People lock their networks because they fear about privacy and security risks when WiFi is unencrypted. Well, just like my mom who is still fearing that her credit card data will be stolen once exposed on the Net. No wonder when almost every day our media reports about credit card and identity theft. Another fear might be that they have dataplan restrictions in place,  even for broadband, and they don’t want others “free-riding” and hogging bandwidth. Such a data restrictions are however no longer the case in a country like The Netherlands though and as per my understanding broadband connections are capable of at least something, only slowing down the traffic to a minimum extent. The above, in a sense, makes me think that people are quite greedy.

The earlier mentioned EEF post discusses the technical work that needs to be done in order to fight “the real problem, which isn’t that people are encrypting their WiFi: it’s that the encryption prevents them from sharing their WiFi with their friends, neighbours, and strangers wandering past their houses who happen to be lost and in need of a digital map.” So what is needed is WiFi that is open and encrypted at the same time. Apparently, the proposed protocol offers some additional privacy/security benefits not available in shared-pass-phrase WPA2 since under WPA2 all the users on the network can calculate each others’ session keys and eavesdrop on each other. With the  suggested design, that would cease to be possible. Moreover, WiFi networks turn out to make inherently much more efficient use of the electromagnetic spectrum than systems of widely spaced cell phone towers. So in order to make the Internet work seamlessly for everyone, we would need short-range networks with routers everywhere.

I am absolutely in favor of such a new protocol, but as always it takes time and has to go through different phases before it becomes a standard.  Requirements have to be analyzed more deeply and thoroughly, the protocol needs to be designed, implemented and tested. While it is good to see it is already materializing, I have been wondering how we can work something out using current WiFi  structures and protocols already in place. A concept that I call WiFi sourcing is introduced in the remainder part.

WiFi Sourcing refers to the practice of sharing a WiFi network with trusted agents for a limited time and limited bandwidth.

That firstly brings me to Clay Shirky’s concept called cognitive surplus. Basically this idea says that we should use our free time more wisely and exploit our goodwill. As we now have access to new media we can collaborate instead of passively watch television. Our society and daily lives will thus improve dramatically.

What if say your are in a certain foreign neighborhood, desperately in need of access to a wireless network as you need to check the local map to find a place because you are lost, but you find yourself in a very inconvenient situation because there is no open Internet access.  Although there are plenty of networks around you and electromagnetic wireless signals are flowing through your body, you just cannot access any of them since they all are password protected.

Let’s apply the principle of cognitive surplus to closed WiFi networks. If you would be able to tap into a database where people can access and contribute to “data” about closed WiFi networks, that could be very valuable.  Users of the service would then just lookup the Service Set Identifier (SSID), or browse by location as WiFi networks could be mapped to a location. A simple lookup will do the rest, and the password will be displayed accordingly. As such, people can share their network.

I think that in the first place people should be reminded and made aware that they are socially responsible of opening up their networks instead of hoarding them. However, if everyone opens up their network in the wild, people will notice there connection is slowing down if used carelessly and abundantly by others. So the ability to share a pass-phrase with certain “trusted” users over others should be possible.

Just like in “Down and Out in the Magic Kingdom” by Cory Doctorow the concept of Whuffie – social capital – should be part of the design of such a system. It functions as a way to normalize and steer human behavior, rewarding safe, conservative behavior and penalizing struggles and conflict. There are many more trust metrics, such as “Karma”, a system where people can give you reputation points based on your behavior. So a moderation, rating or reputation system as well as trust metrics are essential. The service earlier described should be build with that from the ground up and the community should support it.

From a cryptographic point of view, to increase trust and security, some sort of a Web of Trust is created.  Keys (PGP) will be accumulated from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. Everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. So if people abide to a fair use, they can be added to a trusted listed and can be referred to other WiFi proprietary owners. Just like in the Foaf+ssl protocol, trust is established recursively. Individuals add people they trust to their profile. Those people in turn do the same.

If such reputation based mechanisms are carefully implemented, people would be able to fine tune the allocation of bandwidth too. I am thinking of the design of a new application layer where the pass-phrase gets hashed multiple times, as many times as needed, according to the number of users that one wants to allow to share with. After all, if the password is plainly shared the danger exists that it will be passed on or spread to others. The proprietor of the closed WiFi network would administer the second level pass-phrases and distribute them accordingly. The newly generated pass-phrases could then be assigned to 1 to n IP addresses. Of course, the user wants instant access to the network so there should be a way to assign them automatically without the direct involvement of the WiFi owner. The authentication to the network would happen within the boundaries of the software itself, translating the newly generated passwords to the unique WiFi pass-phrase. It should be designed in such a way that is impossible to reverse engineer the cryptography to the original WiFi password.

IP operator van Live Search

In een security paper las ik het gegeven dat Live Search een IP operator heeft. En nu wordt het interessant.

Stel dat je over een pakket shared hosting beschikt. Dan biedt de IP operator perfect de mogelijkheid om na te gaan welke websites allemaal nog op dezelfde webserver zijn gehost. Je IP vind je door een ping te zenden naar je domeinnaam. Door deze als parameters mee te geven in het input veld op Live Search bekom je een mooi overzichtje van alle websites die op een bepaald IP gehost zijn. Zo ontdek je misschien wel de specifieke service of website die de oorzaak vormt van de lage requests per second of de zeer trage connection time. Of kom je misschien te weten dat er op de Netlash IP,  zo’n 9400 andere websites zijn gehost. En oeh! Dat deze blog positie 1 bekleed!

Maar interpreteer het op een hoger niveau, zoals welke sites echte dedicated hosting hebben en welke niet. Zo ben ik te weten gekomen dat alle VRT sites op éénzelfde IP gehost zijn.

Een futiliteit zegt u? Denk eens goed na wat dit voor een gevolgen heeft. Er moet namelijk maar 1 beveiligingslek zijn in om het even welke site. Een lek op site A kan desastreuse gevolgen hebben, waardoor de ganse webserver van kaart kan worden geveegd. En mensen die geen goede bedoelingen hebben zullen daar ongetwijfeld misbruik van maken.

Ik hoef u niet te vertellen dat dit een catastrofe is. En bovenal: in het VRT geval (de openbare omroep van de Vlaamse gemeenschap), gaat het om fundamentele diensten van de overheid.

Zijn er nog mensen die leuke anekdotes hebben? Zit ik naast de kwestie? Wat denken jullie hierover?

Update: blijkbaar was ik een beetje te overhaastig met het trekken van mijn conclusies. Ik ben hierover ingelicht.

Ten eerste heb ik begrepen dat er tools bestaan zoals myIPneighbors.com die rechtstreeks data halen uit het domain name registry en de registar tabel. Deze methode is veel accurater en bovendien lijkt het of Live Search alles behalve betrouwbaar is. Of is dit het werk van creatieve zielen die gefoefeld hebben met de registar tabellen?

Een tweede punt is dat er webservers zijn die per poort verwijzen naar andere webservers. Hoewel deze technologie weinig toegepast wordt, moet deze mogelijkheid niet uitgesloten worden.