Add to collection(s) Add to saved
  1. Business
  2. Finance

0707secnotes - Digital Transactions

advertisement 
How to Really Fight Wireless
Vulnerability
Gideon Samid • Gideon@agsencryptions.com
More than 140 years ago, James Clerk Maxwell described a curious natural phenomenon: An electric field
generates a magnetic field, and vice versa. Hence, by moving some electrons up and down an antenna, one
generates a surrounding electric field, followed by a magnetic field, followed by another electric field,
which once again generates a magnetic field, and on it goes. One field generates the next, and the speed of
this regeneration is the fastest possible.
Some decades later, Maxwell’s finding became the most profound discovery of modern life. It turns out
that any peculiarity effected among the generating electrons is found also in the derived magnetic field, and
then among the further derived electric field, and so on. Hence anyone with some loose electrons (for
example, a metal wire) can detect the original peculiarity effected in the original field. And if that peculiarity
is a bit stream, that bit message is readable through any wire that is put any place where any of those
subsequent fields is active.
Today, in a way Maxwell could never have imagined, wireless communication has become omnipresent.
But the principle he discovered means that, chances are, lots of predators can now suck in your
communications, leaving no trace of their pilferage. It starts with big government and so-called vacuum
cleaning (wholesale copying of human messages worldwide), and it ends with a teenager in his pickup truck
positioning a crude antenna close to your dish.
Many implementers mistakenly believe that strong encryption recommended by the National Institute of
Standards and Technology (NIST) will take care of the problem. As recent incidents like the TJX Cos. Inc.
embarrassment have proven, hackers don’t need to math-attack the encryption algorithm. Instead, they tend to
set their focus on implementation flaws.
Sometimes they masquerade as a bona fide user by simply re-sending an encrypted sequence without
themselves being able to read it. Other times, hackers initiate a transaction in a store, then learn from the
encrypted way it is beamed to headquarters how to fake a bona fide ciphertext for themselves.
Most common, though, is the situation where alongside the encrypted stuff, some plain English data are
going through. The sender thinks it’s marginal and unimportant, but in fact it gives the hacker enough clues
to call up a person in the target organization and wheedle out of him compromising information. Hackers
very often simply monitor volumes of wireless data coming off, say, a sensitive financial center. They may
not break the encryption, but they sure can tell if something “hot” is brewing in the financial market.
Most data communication rides in the microwave range, and the source can be easily determined. So
while the sender has no clue who is popping up an antenna to capture his messages, the hacker generally
knows who is sending that information. Storage is cheap, and hackers routinely store encrypted
communication from sensitive sources. That sensitive source may dutifully and periodically replace its
encryption keys, discarding the old ones as useless. A patient hacker, sifting through trash cans or buying
used hard disks, can find that obsolete key. That key decrypts messages aired months ago and captured by
the hacker for just this opportunity. The messages might be old, but any Social Security Numbers, mothers’
maiden names, addresses, and bank-account data are very much alive and hot.
A robust countermeasure to wireless hacking entails:
1) The assumption that your unfriendly hacker has complete visibility to anything you and your partner
are saying. Any password, any account information—anything—is vulnerable. Security, therefore, must be
based on a key that was shared off line, and is never typed in. Instead, one should employ a zeroknowledge protocol (for example, PINpen or an RSA token).
2) The use of non-committed ciphertexts for your most sensitive communication (for example, Vernam
cipher or Daniel). Committed ciphertexts will always yield to the stubborn and patient hacker.
3) The use of fixed-volume protocols, where the bit rate is fixed regardless of the volume of content, thus
denying the hacker any clue to the level of excitement in your store.
Until recently, you could choose to avoid wireless data vulnerability, but that option is
non-existent today. After all, you can’t take your corded phone on the road, can you?
Related documents
Basement Innovators
Basement Innovators
Network security. Lecture 13
Network security. Lecture 13
1. In January 2000 Yahoo!, eBay, Amazon, E*Trade and... for several hours by what kind of attack?
1. In January 2000 Yahoo!, eBay, Amazon, E*Trade and... for several hours by what kind of attack?
Electronic Commerce Security - Information Technology Services
Electronic Commerce Security - Information Technology Services
Cause- English for CS I: What`s Wrong With These Cause and Effect
Cause- English for CS I: What`s Wrong With These Cause and Effect
CH 8 – Review - WordPress.com
CH 8 – Review - WordPress.com
General Resources: Chapter 1--Meeting New Friends
General Resources: Chapter 1--Meeting New Friends
Adam Capriola Risks of Computing 9/11/05 Many people don`t
Adam Capriola Risks of Computing 9/11/05 Many people don`t
For Hacker Ethics
For Hacker Ethics
Hackers (Presentation)
Hackers (Presentation)
What is Ethical Hacking??
What is Ethical Hacking??
Online English 101 syllabus, spring 2007
Online English 101 syllabus, spring 2007
Download
advertisement