Re: GAK news - Windows guru requested - Securing Windows
- From: Peter Fairbrother <zenadsl6186@xxxxxxxxx>
- Date: Thu, 08 Jun 2006 18:57:03 +0100
Simon Johnson wrote:
Not so.
Peter Fairbrother wrote:
Today the UK Home Office announced the public consultation on the Code of
Practice of Part 3 of RIPA. This is the first stage of the process by which it
can be brought into force. Part III of RIPA is the
"policeman-say-gimme-all-your-keys-or-go-to-jail-(and-don't-tell-anybody)" law
passed 6 years ago but not yet brought into force.
There's a couple of points to be aware of:
1.) RIPA only covers encryption keys. Keys used for authentication are not
covered by the act.
Keys used only for signatures are excluded from being the subject of
demands, but the question of whether a signature key used to authenticate a
request for access to a database is excluded is by no means settled - I
have been asking the Home Office for guidance on that point for several
years now, without getting it resolved.
So have several MPs.
The recent draft CoP gives no guidance.
s49(9):
"(9) A notice under this section shall not require the disclosure of any key
which-
(a) is intended to be used for the purpose only of generating
electronic signatures; and
(b) has not in fact been used for any other
purpose."
...... s56: " "electronic signature" means anything in electronic form which-
(a) is incorporated into, or otherwise logically associated with,
any electronic communication or other electronic data;
(b) is generated by the signatory or other source of the
communication or data; and
(c) is used for the purpose of facilitating, by means of a link
between the signatory or other source and the communication or data, the
establishment of the authenticity of the communication or data, the
establishment of its integrity, or both;"
Now if a key is used to sign a request for access to a database, it is
undoubtedly being used to establish the authenticity of the request - but is
it also being used to access the database? I'm pretty sure a Judge could say
yes, and in fact I think they probably would. That's a different use, and
the key is then demandable.
That this gets us into conflict with the electronic signatures act and
the EU would not matter to the Judge, it would not be pertinant to the case.
More, if the person upon whom a notice is served is unable to give a key, it
is it then his duty to give the police any information in their possession
which "would facilitate the obtaining or discovery of the key or the putting
of the protected information into an intelligible form". s50(9)
Afaict the signature-key exclusion does not apply to this information. This
is again unclear though.
Even if it turns out that signature keys used to authenticate requests for
data are exempt, which possibility I regard as naive foolishness, Judges do
not like arguments like that which make whole swathes of law meaningless,
they tend to think "Parliament must have meant something, it's my job to
decide what", ...
... how many databases actually do it that way?
2.) Many protocols, like SSH and SSL sign key exchange parameters to avoidAgain, this is not certain.
Man-In-The-Middle attack. Despite the fact the signing keys are signing
encryption parameters, there is still no legal basis for them to ask for your
keys.
However those keys wouldn't be of any great use; possession would allow a
mitm attack, but the keyowner could easily repudiate the key and get a new
one.
What is worrying is that for instance PGP keys can be demanded, as they are
routinely used for non-authentication purposes.
Both-party-online comms using ephemeral DH keys and signature-only keys for
authentication are ripa-proof if done correctly - but there ain't any
available software that does that.
Email is not RIPA-proof - there are ways to do it, but they are not
deployed.
3.) The act says that if you don't know the key and never have done you can'tIt is a defence to show that you don't know the key. However there is an
be charged.
implicit assumption that you _do_ know the key, and the point is again
unclear - extremely so in this case, many people are worried that the burden
of proof is being reversed.
This follows from Human Rights law; you can't be punished for not performingCould you explain how?
the impossible.
Given these three points, instant messages that are encrypted with a keyDone correctly, I agree. But very few IMs work that way, fewer still are
established by signed Diffie-Helman exchange are completely "RIPA-secure", as
I call it.
done right, and no form of presently deployed email encryption is secure.
Truecrypt, with it's plausible deniability feature, is probably RIPA-secure.Not on windows it isn't.
The legal argument would go something like this:It goes something like this: - user saves a file and it goes in the "recent
"The Defendant has submitted the key to you as requested by the act. We know
that Truecrypt has this plausible deniability feature. However, it is up to
the Prosecution to prove that he did not give us the right key, since the
burden of proof rests with them. Since they can give no evidence to establish
this conjecture, I submit that there is no case to answer."
docs" or "saved docs" folder - police examiner can't find the file? - assume
it's in a secret partition - therefore there is a secret partition -
therefore ..
The other attempts at sfs's all have the same problem. All of them. And they
all have other problems. I expect truecrypt has some other problems too, but
I haven't looked closely.
My Brother is a lawyer and has used a similiar legal argument drink-driveI agree, and a good nerd can get around the last few hurdles as well. If you
cases with great affect. I'd say that this argument would either have the case
dismissed before the Jury is sworn in or that you'd win the case on appeal
after conviction.
Basically, the act is a waste of paper and a waste of everybodies time.
Any serious criminal would have legal contacts who could give them analysis
simliar to this.
look at the m-o-o-t website you will find it all explained there.
Yes, it's possible, almost easy, for the criminal, and the terrorist, and
the paedophile to avoid/evade the law - but it isn't so easy for the average
windows luser.
I am not interested in the criminal or terrorist or paedophile (weren't
there four horsemen? I forget the fourth) - I am interested in protecting
the innocent, the man-in-the-street, from this intrusion.
I wouldn't worry about it.Maybe you wouldn't - but I do. We need the right crypto to defeat these GAK
attacks - they are pretty much like any other attacks, design the crypto
right and they can be rebuffed.
We also need it in deployed systems, or at least available in software.
Fortunately it's not particularly hard to do - what is hard is to do it in
Windows.
More important, this is a step in the wrong direction, towards a tyranny of
information, and should be resisted on that basis alone.
--
Peter Fairbrother
.
- Follow-Ups:
- Re: GAK news - Windows guru requested - Securing Windows
- From: Peter Fairbrother
- Re: GAK news - Windows guru requested - Securing Windows
- From: Steve Smith
- Re: GAK news - Windows guru requested - Securing Windows
- References:
- GAK news - Windows guru requested - Securing Windows
- From: Peter Fairbrother
- Re: GAK news - Windows guru requested - Securing Windows
- From: Simon Johnson
- GAK news - Windows guru requested - Securing Windows
- Prev by Date: Re: RSA signing security
- Next by Date: Re: PKCS#11 C_EncryptFinal
- Previous by thread: Re: GAK news - Windows guru requested - Securing Windows
- Next by thread: Re: GAK news - Windows guru requested - Securing Windows
- Index(es):
Relevant Pages
|
