cahwyguy | Dec. 27th, 2013

Dec. 27th, 2013

userpic=cardboard-safe The news is reporting yet another problem with Target security: this time, the headline is screaming “Target says hackers took encrypted PIN data but can’t crack it“.

I can’t resist that headline, so I had to see how Target was doing an unbreakable encryption. Before I dive in, remember your encryption basics: Alice wants to talk to Bob, and they have a shared secret that they use to encrypt the data (called the plain text) using some algorithm. This shared secret can either be shared out of band, pre-installed, or via some secret-sharing protocol.

So, what is Target saying this time:

The PIN data is encrypted as it’s entered by a customer at a keypad at checkout, protected with what’s known as Triple DES encryption, according to Target.

The PIN information stays encrypted within Target’s system and “remained encrypted when it was removed,” the Minneapolis-based company said.

The code can only be cracked when the data is received by Target’s external, independent payment processor, according to the retailer.

“What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident,” the company said Friday.

First, let’s look at this shared secret. It must be known by both sides, meaning it has to be available to the independent payment processor and the keypad at checkout. There are three ways to do that: they could create a new secret each time and share it using a key exchange protocol (good, but expensive network-wise), they could store the secret on the Debit card (easy and flexible, and unique for each user, but vulnerable to readers, plus you need to send the card number in plaintext to retrieve the key), or they could store the secret in the device. Target doesn’t say which they were doing, but I’m guessing it is the same for every keypad device. This means: capture a keypad device, capture the key.

Next, they are using 3DES. While this is better than DES, it isn’t as good as AES. They also don’t state the key length they are using, and this is a big factor in the ability to break the key.

Next, think about the data itself. There is the card number and the pin likely being encrypted. If the badguys are capturing data, it is easy to get encryption of a number of known plaintexts, with a fixed key. You’ve now got a known plaintext attack.

In short: I wouldn’t trust Target’s platitudes here. If I had a debit card, I’d contact my bank to cancel it and get a new one. Yes, that will cost the bank, but they may convince Target to go to chip and pin. You simply don’t have any protection with a debit card.

Am I worried about Target and credit cards? Surprisingly, no. Target is no better or worse than any other American retailer, and you are still at greater risk giving your card to a strange waitcritter in a restaurant or over the phone when you order a pizza. Check your charges regularly, dispute any that aren’t valid, and if there is more than one disputed charge, cancel and get the card reissued. Enough of these problems, and the banks will move to chip and pin because it will be cheaper.

I’d welcome the thoughts of other cryptography folks on this one. Was my (admittedly limited) cryptographic analysis correct?

This entry was originally posted on Observations Along The Road (on cahighways.org) as this entry by cahwyguy. Although you can comment on DW, please make comments on original post at the Wordpress blog using the link below; you can sign in with your LJ, FB, or a myriad of other accounts. There are currently comments on the Wordpress blog. PS: If you see share buttons above, note that they do not work outside of the Wordpress blog.

===> Click Here To Comment <==
(Click Here to Comment)

Crossposts: http://cahwyguy.livejournal.com/1685122.html

userpic=obama-superman A few other lunchtime news articles have caught my eye while I’ve been on vacation. In the first, CBS News is asking “Do voters want less government, or just a government that works?” The second is a report on how a US Federal Judge has ruled NSA’s wiretaps as legal. Here’s what they have in common…

In the first, I posit that voters want a government that gets out of the way. Its not an issue of “more” or “less” — they want a government that does what it needs to do, does that efficiently, and without an overblown bureaucracy that gets in the way. The Obamacare debacle is a great example of this. I think that the people want insurance to be affordable and available to everyone, and to provide some defined set of minimum coverage. They want that to be able to happen with the least amount of hassle. This is what the Obama administration tried to provide, but they never clearly communicated how they were going to do it and what that meant. They let the other side shape the conversation, or they incorrectly stated what they were doing. For such a great communicator on the campaign trail, Obama failed miserably at conveying the message while in office. The Republicans were no better: they understood what the people wanted, but the only message they could convey was “block and appeal”. They never detailed the precise problems in an understandable way, nor did they work to correct the problem. So, again, what we have was a failure to communicate.

Now, let’s look at the second issue. One judge rules the program legal, the other illegal. This again is a failure of communication, and a failure of understanding. Both sides have failed to communicate the key notion: it is legal under the constitution to conduct surveillance outside of the country, and inside the country on non-citizens. Protections against unwarranted search and seizure apply only to US citizens. That’s how the Constitution is written boys and girls: protections are for citizens. Thus, to the extent that the NSA data collection has at least one side of the conversation being a non-citizen, they are legal. For the courts, that’s what this will boil down to.

The failure of understanding regards making a distinction between “legal” and “right”. Just because something is “legal”, boys and girls, doesn’t make it “right”. If you don’t believe me, ask yourself about all the outrageous things corporations and bankers are doing that are “legal”, but morally questionable. Similarly, although what the NSA is doing here may be legal, when seen through the eyes of today’s generation, it may not be right. By that, I mean that one thing the Internet has done is to break down country barriers; when dealing with information flow across the networks, citizenship status seems secondary to basic human rights. If we judge a right to some level of privacy to be a basic human right, then what is being done is wrong. Of course, if we are making this judgement, we can’t just judge against the US — we need to judge against all organizations that are violating the right of privacy, including other governments (including fundamentalist religious governments) and corporations that fail to protect the data.

The other legal issue in the second question has to do with balance. Suppose, for instance, that we determine there is a right of privacy. However, the government also has a right to protect its citizens. Where is the balancing point of privacy vs. protection? Can there be some level of information that could protect the people by deterring, preventing, or permitting discovery of an attack, and could that level of information be an acceptable tradeoff. This isn’t a black and white issue — we make such tradeoffs every day, giving up privacy for medical care, or everytime we post on Facebook.

In short, both of these questions revolve about having clear communications of the issues. That seems to be the theme of the day.

===> Click Here To Comment <==
(Click Here to Comment)

Crossposts: http://cahwyguy.livejournal.com/1685268.html

userpic=roadgeeking It’s the end of the year. I’m sure snow is on the ground somewhere, and so it is time for the final set of updates to the highway pages.

Updates were made to the following highways, based on my reading of the papers (which are posted to the roadgeeking category at the “Observations Along The Road” and to the California Highways Facebook group) as well as any backed up email changes. I also reviewed the the AAroads forum — sad to say, I’m not seeing much there other than discussions about topics that aren’t the sort of information I capture here.^† I’ve given up on misc.transport.road. This resulted in changes on the following routes, with credit as indicated [my research⁽¹⁾, contributions of information or leads (via direct mail) from Eric Armoror⁽²⁾, Douglas Bright⁽³⁾, Chris Sampang⁽⁴⁾]: I-10^(*), Route 11⁽²⁾, Route 23⁽¹⁾, Route 24⁽¹⁾, Route 29⁽⁴⁾, Route I-710⁽¹⁾.

Reviewed the Pending Legislation page. The new California Legislature site is very nice, but it occasionally switches to another bill when moving tabs. As usually, I recommend to every Californian that they visit the legislative website regularly and see what their legis-critters are doing. We seem to be in the quiet months — there were no substantive changes, and no new bills or bill passages.

Reviewed the Traversable Highways document on the Caltrans website. Updated information for the following highways: Route 12, Route 13, Route 14, Route 18, Route 19, Route 24, Route 36, Route 37, Route 39, Route 47, Route 48, Route 52, Route 54, Route 56, Route 57, Route 64, Route 65, Route 74, Route 77, Route 81, Route 84, Route 87, Route 90, Route 92, Route 93, Route 100, Route 102, Route 104, Route 109, Route 118, Route 122, Route 127, Route 128, Route 130, Route 142, Route 143, Route 148, Route 152, Route 162, Route 164, Route 169, Route 170, Route 179, Route 180, Route 181, Route 190, Route 211, Route 217, Route 227, Route 230, Route 234, Route 235, Route 238, Route 239, Route 249, Route 251, Route 257, Route 258, Route 270, Route 276, Route 280, Route 281, Route 285, I-380, I-605, Route 710, Route 905. Traversable highways are existing roads or streets between the termini of and approximately along the State highway routes described in the Streets and Highways Code. Most traversable highways do not comply with state highway standards and cannot be adopted into the state highway system. Whenever a traversable highway is complete over its entire route and constructed to State highway standards. The California Transportation Commission must adopt the constructed facility and the Department must maintain it with funds from the State Highway Account. If a traversable highway exists over a portion of a route is constructed to State highway standards and connects to an already maintained state highway, the Commission may adopt the constructed facility. After the Commission adopts the facility, the Department maintains that facility with funds from the State Highway Account. An existing facility meets State highway standards if it provides an acceptable level of traffic service and does not require restoration.

I checked the CTC Liaison page for the results of the CTC meetings the December 11, 2013 meeting. The following items were of interest (note: ° indicates items that were below the level of detail for updating the specific route pages) :

Read the rest of this entry »