Dartmouth Student Invents A Carnivore Leash

timdorr writes: "Looks like a student at Dartmouth wants to turn Carnivore into a much more resonable tool according to this Wired article. I'd personally feel a lot less invaded if I knew the system was in place and in this form. Hopefully the government takes notice becuase Carnivore still seems like quite a loophole for our government to exploit."

Re:Encrypt your mail...

[u01000101]

most websites only support 128bit encryption for online transaction, which can be broken in a matter of days

No, AC, you got it wrong: 128bit *symmetric* encryption is very strong - comparable to 1024-1536 bit public-key (or assymetric) encryption.

If you're feeling like a good read, try "Handbook of Applied Cryptography" - do a google search, it downloadable for free.

Iliev's Abstract

[echucker]

Taken from the PDF of his proposal "Prototyping an Armored Data Vault Rights Management on Big Brother's Computer" Alex Iliev and Sean Smith Department of Computer Science/Institute for Security Technology Studies Dartmouth College PDF can be found at http://www.cs.dartmouth.edu/~pkilab/papers/bb.pdf "This paper reports our experimental work in using commercial secure coprocessors to control access to private data. In our initial project, we look at archived network traffc. We seek to protect the privacy rights of a large population of data producers by restricting computation on a central authority's machine. The coprocessor approach provides more exibility and assurance in specifying and enforcing access policy than purely cryptographic schemes. This work extends to other application domains, such as distributing and sharing academic research data.This paper reports our experimental work in using commercial secure coprocessors to control access to private data. In our initial project, we look at archived network traffc. We seek to protect the privacy rights of a large population of data producers by restricting computation on a central authority's machine. The coprocessor approach provides more exibility and assurance in specifying and enforcing access policy than purely cryptographic schemes. This work extends to other application domains, such as distributing and sharing academic research data."

Re:Questions for the security experts

[vidarh]

First of all the processor destroys itself, not the data. If a second copy of the private key exists, then you could still access the data by installing a new processor with the same key. However of course, then a possible attack against the system would be to get hold of the second copy of the key.

You could keep a set of processors encoded with the same key available as backups in case the processor in use is destroyed, though.

Also, presumably in real life use noone would have network access to the interface you'd request data from, so unless someone gained physical access to the box at the ISPs offices, they wouldn't be able to trigger any destruction.

Re:Justice Dept partially paid for it. Wow

[David+Kennedy]

> I take that back.
> The guy's paper clears says it was funded by DoJ.
>
> Wired == suckAssJournalism

Learn to read carefully; the article clearly states
"The U.S. Department of Justice and IBM partially funded this research."

Wired isn't my journalistic choice, but this criticism at least is unfounded.

Re:Too clever for his own good...

[iamplasma]

Well, as an Australian I think you'd hate it over here. We allow knife searches based on suspicion, and various limitations on our freedoms which Americans would never dream of. It's not that we are oppressed, it's just the way we like to live, even if you disagree.

Though have you considered that you may be acting a bit paranoid? I mean, really, you seem to be (along with most of Carnivore's opponents) assuming the very worst, without any firm evidence to do so. How about giving things a chance before passing judgement?

Re:Questions for the security experts

[Just+another+crypto]

It's a little misleading to say the 4758 is "designed to destroy itself" when it detects a tamper attempt. What it does is immediately destroy all sensitive data stored inside the secure module. Thus, any data inside the card (like keys) cannot be obtained by anyone attacking the card. There are a number of sensors and barriers to detect many different hi-tech attempts to break in or extract data, and all of them trigger hardware-based tamper response mechanisms that destroy data before the attacker could get inside. Note that with the 4758, it is entirely possible to have the card generate its own RSA key pair, then keep the private key inside, so that it can never be compromised by getting at a backup, or at another card with the same key. The standard 4758 CCA software provides functions to do that, as it is a requirement by some applications. (Yes, they realize that the keys are lost if the hardware fails, is stolen, etc.)

Re:Get some perspective

[Angst+Badger]

I'm afraid there's a lot more to monitoring communications than just keyword searches, which are not necessarily even the first thing an email monitoring system would examine.

When examining a communications network -- which is what we would be doing if we were trying to track illegal activity through email -- the first thing we look at is not the content of the messages, but the pattern of communications between nodes. We would only have to start with keywords if we had no suspects, and that would be the sort of fishing expedition that is prohibited by law. But odds are we do have a suspect, so we look at who he's talking to, who those people are talking to, and so on, until we are eight or nine steps away from the suspect. (Much further than that is not only impractical but generally pointless.)

Having established a clique, we can examine the volume of mail between nodes, and see who is the best-connected (and therefore likely to be exerting some kind of administrative control). If, in the course of this, we see some people who are suspects in a previously unrelated investigation, we can explore the possibility of hitherto unknown connections.

Without once having looked at the content of a single message, we have developed a pretty clear picture of the relationships between our suspect, people not yet suspected of anything, and if we are lucky, other suspects.

Then we can start using keyword searches on a reasonable volume of mail to serve as a starting point for manual examination of message contents.

In any event, the word 'terrorist' is not going to be a problem for law enforcement, because terrorists don't call themselves terrorists -- that's a label that our propagandists apply to them. Judging from what has been released to the public, they refer to themselves as 'freedom fighters', 'fighter brethren', 'mujahideen', and several other labels -- which points out another thing we can exploit: people who belong to cliques, especially tight-knit underground ideological factions, develop their own characteristic jargon. Simple word-frequency analysis as well as more complicated techniques such as n-gram analysis and Markov chains, can be used to pick these out of the crowd once you have a 'model text' to study. (These techniques can be applied with significant but lesser accuracy to less-cohesive cliques, such as professions, religious affiliations, and ordinary political factions.)

In short, it is wise to bear in mind that however misguided federal law enforcement agencies may be, they are not stupid or naive, and neither are the computer scientists who work for them. Even if they were, the kind of programming involved is not especially challenging -- ninety percent of what you'd need to know can be found in Knuth.