Slashdot Mirror

← Back to Domains

Domain: dropboxusercontent.com

Stories and comments across the archive that link to dropboxusercontent.com.

Stories · 3

  1. Australian PLAID Crypto, ISO Conspiracies, and German Tanks

    It · Encryption · · posted by Soulskill · from the get-what-you-pay-for dept. · 62 comments
    New submitter Gaglia writes: PLAID, the Australian 'unbreakable' smart card identification protocol has been recently analyzed in this scientific paper (disclaimer: I am one of the authors, and this is a personal statement.)

    Technically, the protocol is a disaster. In addition to many questionable design choices, we found ways for tracing user identities and recover card access capabilities. The attacks are efficient (few seconds on 'home' hardware in some cases), and involve funny techniques such as RSA moduli fingerprinting and... German tanks. See this entry on Matt Green's crypto blog for a pleasant-to-read explanation.

    But the story behind PLAID's standardization is possibly even more disturbing. PLAID was pushed into ISO with a so-called "fast track" procedure. Technical loopholes made it possible to cut off from any discussion the ISO groups responsible for crypto and security analysis. Concerns from tech-savvy experts in the other national panels were dismissed or ignored. We contacted ISO and CERT Australia before going public with our paper, but all we got was a questionable and somewhat irate response (PDF) by PLAID's project editor (our reply here). Despite every possible evidence of bad design, PLAID is now approved as ISO standard, and is coming to you very soon inside security products which will advertise non-existing privacy capabilities.

    The detailed story of PLAID in the paper is worth a read, and casts many doubts on the efficacy of the most important standardizing body in the world. It is interesting to see how a "cryptography" product can be approved at ISO without undergoing any real security scrutiny.

    On a related note, the enthusiastic comments to PLAID's design made by a few readers in the old Slashdot story reminds us as a cautionary tale that you need cryptographers to assess the security of cryptography. Quoting Bruce Schneier: amateurs produce amateur cryptography.

  2. Experiment Shows Stylized Rendering Enhances Presence In Immersive AR

    Tech · Displays · · posted by samzenpus · from the looks-like-the-real-thing dept. · 75 comments
    An anonymous reader writes William Steptoe, a senior researcher in the Virtual Environments and Computer Graphics group at University College London, published a paper (PDF) detailing experiments dealing with the seamless integration of virtual objects into a real scene. Participants were tested to see if they could correctly identify which objects in the scene were real or virtual. With standard rendering, participants were able to correctly guess 73% of the time. Once a stylized rendering outline was applied, accuracy dropped to 56% (around change) and even further to 38% as the stylized rendering was increased. Less accuracy means users were less able to tell the difference between real and virtual objects. Steptoe says that this blurring of real and virtual can increase 'presence', the feeling of being truly present in another space, in immersive augmented reality applications.

  3. Many UAVs Vulnerable To Directed-Energy Weapons

    Tech · Security · · posted by Soulskill · from the phasers-on-stun dept. · 153 comments
    mask.of.sanity writes "A New Zealand researcher has detailed ways that UAVs can be crashed using cheap tools like Herf guns and GPS jammers, and could even be downed by flying drones with more powerful radio. The attacks (podcast) interfere with the navigation systems used by flying drones and are possible because security was not designed into the architecture of some machines."