Domain: uma.es
Stories and comments across the archive that link to uma.es.
Comments · 15
-
Re:Use TPM
Yes, please do go into details.
Please remember that Trusted Platform Module chips have special protection against side channel attacks. And differential power analysis is not impossible to foil. Consider the example in section IV.B) of the following paper: https://www.nics.uma.es/seciot10/files/pdf/liu_seciot10_paper.pdf
1) Blind the message M using vi: M0 = vi M mod N.
2) Blind the exponent E using a random number r (for a 1024-bit RSA, r is typically 32 bits): E0 = E +r fN.
3) Do exponentiation after blinding: C0 = M0E0 mod N.
4) After receiving C0, un-blind it to get the original value of C: C = v f C0 mod N.Blinding the exponent and the message significantly increases resistance to DPA. And that's just some people running some code on an 8-bit microcontroller, I imagine the big names can invent even better methods of resisting DPA. Off the top of my head, how about a series of resistors that are flipped on and off randomly during calculations to create distortion in the input power?
-
Re:What video
The best videos, processed and raw, are available in javascript, flash, and mpg from the lockheedmartin/solarsoft group that handles SDO AIA: http://sdowww.lmsal.com/sdomedia/ssw/ssw_client/data/ssw_service_110606_235609_98013/www/
If you look at the proton monitors in L1 http://www.swpc.noaa.gov/ace/SIS_24h.html and earth geosynchronous http://www.swpc.noaa.gov/rt_plots/Proton.gif orbit there is a very suggestive correlation between this flare and a flux of high energy protons! The timing is about right and the flare itself is positioned such that the parker spiral http://spaceweather.uma.es/solarstorms_files/figura1bc.JPG of the interplanetary magnetic field http://www.youtube.com/watch?v=2434rAbImf0 would put earth in sun spot 1226's path http://i.imgur.com/ZIffl.gif. This tight coupling of timing between the flare time (~06:30:00) and proton arrival (07:00:00) suggests not a coronal mass ejection (that takes days) but instead of weakly relativistic particle beam traveling down the magnetic field lines to earth in only tens of minutes. This interpetation is confirmed by the UMA automatic solar energetic particle forcaster http://spaceweather.uma.es/forecastpanel.htm and later in the day mentioned by a press release http://www.physorg.com/news/2011-06-unusual-solar-storm-disrupt-earth.html.
-
Re:What video
The best videos, processed and raw, are available in javascript, flash, and mpg from the lockheedmartin/solarsoft group that handles SDO AIA: http://sdowww.lmsal.com/sdomedia/ssw/ssw_client/data/ssw_service_110606_235609_98013/www/
If you look at the proton monitors in L1 http://www.swpc.noaa.gov/ace/SIS_24h.html and earth geosynchronous http://www.swpc.noaa.gov/rt_plots/Proton.gif orbit there is a very suggestive correlation between this flare and a flux of high energy protons! The timing is about right and the flare itself is positioned such that the parker spiral http://spaceweather.uma.es/solarstorms_files/figura1bc.JPG of the interplanetary magnetic field http://www.youtube.com/watch?v=2434rAbImf0 would put earth in sun spot 1226's path http://i.imgur.com/ZIffl.gif. This tight coupling of timing between the flare time (~06:30:00) and proton arrival (07:00:00) suggests not a coronal mass ejection (that takes days) but instead of weakly relativistic particle beam traveling down the magnetic field lines to earth in only tens of minutes. This interpetation is confirmed by the UMA automatic solar energetic particle forcaster http://spaceweather.uma.es/forecastpanel.htm and later in the day mentioned by a press release http://www.physorg.com/news/2011-06-unusual-solar-storm-disrupt-earth.html.
-
Re:Embarassing, but not suprising
It shows the benefit of this kind of outside security analysis, which should have probably been executed during the development process.
Better the issues be uncovered now than when the issuance is widespread.
There's always a loophole.
There was lots of analysis. Years in fact. If you Google you can see there were groups working on MRTD standards since 1968. Biometric passports were conceived in 1997 and implemented in 2004, only because the US wanted to speed up the process after 9/11. That's still 7 years!
Plenty of time for various committees of tire kickers to muse on the security of the system.
http://www.rfidsec07.etsit.uma.es/slides/present/slides-1.1.pdf page 6
1968: ICAO starts working on MRTD
1980: first standard (OCR-B Machine Readable Zone (MRZ))
1997: ICAO-NTWG (New Tech. WG) starts working on biometrics
2001 9/11: US want to speed up the process
2004: version 1.1 of standard with ICC
2006: extended access control under development in the EUIn fact if you do some research this cloned passport would be detected by a system which verifies the trust chain correctly, i.e. it was a flaw in the software he tested with. Most likely the systems used at airports do verify the trust chain.
-
Re:Um, well...
This is more like PGP signing. DRM has a flaw in that the user must be able to decrypt so the decryption key must be available. PGP signing is much more secure since you only need to know the private key if you sign. Verifying is done with the public key which is not secret.
The passport contains data - name, address, photograph (and in future fingerprints and retinal scans). When the passport is made this data is digitally signed with the private key in some secure system.
There is a trust chain from the per country CSCA (Country Signing Certificate Authority) down to the DS (Data Signers) down to the passports.
See here, page 13
http://www.rfidsec07.etsit.uma.es/slides/present/slides-1.1.pdfIn the UK as far as I know there is only one DS, the Foreign and Commonwealth Office even for passports issued overseas (I got mine renewed from a non biometric one in Stockholm and the issuer is still marked as FCO not British Embassy Stockholm). So to check the trust chain you need the public keys for the CSCA and the DS that made a passport. The article says that "But only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it." But elsewhere it says "Some of the 45 countries, including Britain, swap codes manually, but criminals could use fake e-passports from countries that do not share key codes, which would then go undetected at passport control". True, but if you used a clone British Passport anywhere with access to the shared keys it will be caught if you don't know the British private CSCA key. And any country that doesn't share it's public key could be threatened with being dropped from visa waiver programs, so it's fair to assume that given time they all will. Any country who leaked their private key could be handled the same way.
As someone commented to the article
Seemingly Mr Van Beek created only a copy of personal data with fake certificates, keys and signatures to fool only the reader he was using. In real life if he could have been able to put the chip into a real passport control systems where data is checked against the CSCA and DS certificates he would have been arrested at the same moment.
The problem with not having a PKD is that people who don't have access to manually swapped public keys cannot verify the passport. But I bet the scanners in airports do. Installing 45 CSCA keys, one per country, and one or more DS keys per country is not very hard to do.
I actually wonder how serious this is - of course a faked passport will not be detected by software that cannot verify the trust chain. The systems at airports can do this from what I've read.
-
Re:Dirty thieves
Without dredging the labyrinth of the state ethics codes, I only have my own experiences as an educator in Utah. I began first as a secondary education teacher at a state technical school, then got shifted into teaching at the collegiate level as the school became a college. I was allowed to write curricula and guidebooks for the courses, but no self-required textbooks (we actually signed copyright agreements that counted everything as "work-for-hire". It was lifted afterwards, but with the 'thou shalt not racket' limitation.)
One of my old guidebooks (badly mangled) can still be found still floating around online. It was really fun (heh) getting it copylefted. /P -
Lies!
-
Lies!
-
Lies!
-
Lies!
-
Khaaaan
Giant catfish? Can only be Khan of Liberty Meadows fame.
:) -
Let's see here...
-
Pneuman!
-
Mysterio?
What, AOL is going to start battling Spider-Man as well now?
-
Re:Not a trademark?Out of curiosity, why 1987?
1987 was when "everything" became copyrightable- at that time, the Berne convention made copyrights apply similarly across most of the globe. Previously, there were all sorts of loopholes where a person in one nation could ignore copyrights registered elsewhere.
But yes, from a US-centric viewpoint, the Copyright Act of 1976 was the big change.
Anyway, no characters are not copyrightable. Check out, among other things, Copyright circular 44 at the US Copyright Office. Names are not copyrightable; they belong under trademark law. A
How can names of fictional people be trademarked?
The circular you reference doesn't say that characters can be trademarked. It says they "may". And by trademark law, they may, if they are used to identify goods (such as the title of a comic strip, or branded merchandise).
Here's the definition of trademark:- A trademark is a word, phrase, symbol or design
... that identifies and distinguishes the source of the goods of one party from those of others.
That's all. "Characters" don't fit there at all.
Now, back to Circular 44. It never says "characters can't be copyrighted"- it says "the idea of a character can't be copyrighted". That's just to stay consistent with copyright law as a whole, which claims "Ideas cannot be protected, only their embodiments".
Rather than trying to pick apart a distinction between "character" and "idea of a character", lets just check how the legal system in the past 20 years has treated it.
You can open a newspaper today and read about the upcoming movie "LXG", which features a team of "public domain characters"- except for one of them. The Invisible Man was Hawley Griffin originally, but it turns out the copyright is still in effect some places, so the movie renamed him Rodney Skinner.
Here's a TOC for a law review, with articles claiming characters can become public domain (implying they were once copyrighted).
And here's even a few slashdot articles mentioning characters that've gone in and out of copyright.
specific description of a character may be part of a copyrighted work, BUT the character qua character is more of an idea, and thus not copyrightable either.
For any reasonable legal purpose, characters go out of copyright when the work they were first published in does.
Yes, but wouldn't confusion NATURALLY occur as a result of using MM?
No.
Well if everyone on Earth can freely copy MM, how can Disney possibly allege that they're a unique source for him?
They can't. Neither can Apple computer claim that a fruit, or pictures of a fruit, is uniquely from them. But if you use an Apple to refer to a corporation, or to a computer, then you're infringing.
If Mickey Mouse was PD, it would be just like any other PD concept which has been incorporated into a trademark.
The existince of a PD Mickey would've weakened Disney's trademark in a few places (those limited areas where confusion can occur), and that's why they made sure the copyright will never end. - A trademark is a word, phrase, symbol or design