Slashdot Mirror
Aussie Speed Cameras in Doubt Because of MD5
An anonymous reader writes "A speeding case has been thrown out in Australia after the Roads and Traffic Authority admitted that it could not prove the integrity of speed-camera photos. 'The case revolved around the integrity of a mathematical MD5 algorithm published on each picture and used as a security measure to prove pictures have not been doctored after they have been taken.'" I wonder if Australian police are as (radar gun) trigger happy as they are in certain parts of the U.S.
and you don't get caught...
That sounds like a loophole. However I am not in favor of automated law enforcement, I like to face my accuser.
Many of those red light tickets were dismissed in the US for various reasons, some technical, some through loopholes, and some through plain old dishonesty in the ticket system operator. They had lowered the yellow light timing below legal standards to make more money. Outrageous if you ask me.
Law enforcement is supposed to be run by government employees, who have no axe to grind and nothing to gain by dishonesty. I like it like that.
.
I live in South Australia (thats the name of the state, they werent that original when the pohms came here :)
Anyway, we now have speed cameras on traffic light intersections and any random car parked on the side of the road *could* be a speed camera.
In Victoria (where Melbourne is), they are even more tough. As soon as I cross the border to Vic, I don't speed at all.
So the answer is "yes", they are very very trigger happy and in a lot of cases, there was no trigger, just an automated photo.
Can your karma go above being Excellent?
I've experianced speed cameras in both Queensland and Victoria and I have to say that by far Melbourne is the dodgiest of the lot. They claim that the cameras are there to save lives however they are little more then revenue raisers.
Melbournians are subjected to hidden cameras looking over overtaking lanes. The cameras are privatised so people get paid more the more cars they catch. The situation there is terrible.
Queensland is somewhat better because police are required to have a sign out saying that there are speed cameras in use, however this sign is usually conveniently placed behind a bush or behind the car with the camera in it. Queensland is also better off because the police do not rely so heavily on the revenue that their cameras drum up, it seems at times the only thing paying for Melbournes police is speeding offiences.
One thing is certain, these cameras do not save any lives. I remember clearly once in high school a Policeman came to give a talk on vehicle safety he showed us a big graph with a stedily declining death rate over the years, he pointed out the huge drop after the introduction of seat bealts, then one after they banned drink driving, and a smaller drop after the introduction of airbags. My hand immediently shot up and I asked him when speed cameras were introduced, my teachers just laughed and he never answered the question.
Just to make it clear, this guy didn't prove something was flawed in their system, so much as the courts didn't bother to find an expert witness.
Officer: Please sign and initial box A, put your phone number and address in box B, please confirm and write in this 32-digit md5 hash in boxes C and D...
Did you know subscribers can see articles in the future? Holy shit!
I think that is the point of the article. They take the picture, write it and a MD5 hash, then try saying that it is official because it has a matching MD5 hash. I can make any picture with a matching MD5 hash. Even this post can have a matching MD5 hash, does the MD5 hash prove that I wrote it?
Video Production Support
Heisenberg was driving down the Autobahn whereupon he was pulled over by a policeman. The policeman asked, "Do you know how fast you were going back there?
Heisenberg replied, "No, but I know where I am."
The MD5 of course needs salt, otherwise anyone could self-sign their own stuff.
I live in Victoria, Australia (the state Melbourne is in) -- these refer to cameras in New South Wales (the state Sydney is in). There's been a rather strong backlash against speed cameras here; the margin has been lowered to 3kph. If you do exceed the speed limit by more than 25 kph, you lose your license for a month; more than 35 kph is six months; more than 45 kph is twelve months. The fines are harsh: $131 (Australian) for less than 10kph; $210 for less than 25 kph; $278 for less than 35kph; $377 for less than 45 kph; and $451 for more than 45 kph.
There have been cases of cars being clocked at speeds greater than they are physically capable of doing, and a great brou-ha-ha about how travelling "five kph above the speed limit" doubles your risk of crashing (with some people extrapolating that to an exponential curve). (For the record: the research is five kph above the prevailing speed of the traffic, and it's not exponential.)
If speed camera evidence is deemed untrustworthy, you can see a large chunk of government revenue fly out the window; they'll be onto it as fast as they can get their snouts out of the pork barrel.
Slightly off topic, but one of my favorite jokes...
So there was this guy driving through town one day, he was going about 100 in a 35, he crosses over a bridge and not too far past the end of it he sees the familiar blinking lights behind him and pulls over. The police officer comes up to the window and asks him where he's trying to get in such a hurry, and the guy says he's late for work.
The cop says "what job do you have that you have to get to so urgently?" and the guy says "I'm a Rectum Stretcher"
The cop looks a little funny at the guy and says "A Rectum Stretcher? What does a a Rectum Stretcher do?"
The guy says "well, first you start with a finger or two, work you way up to a fist, and keep going until it's six feet wide"
The cop looks absolutely amazed and says "Well, what do you do with a six foot asshole?" and the man replies
"You give him a radar gun and stick him at the end of a bridge".
http://www.smh.com.au/news/national/motorist-wins
I.e., it wasn't thrown out because MD5 is suspect; it was thrown out because the government couldn't find an expert witness to be cross-examined, for some reason we don't know. In fact, I'd read that statement as meaning that the magistrate wanted to examine the entirety of speed camera security, not just MD5.
That part of the story is just a lawyer's opinion, not a fact. "Successfully", in the context of the previous quote, just means that his argument was unopposed in court.
My understanding is that it is easy to generate multiple messages that have the same MD5 hash, but only if you get to choose both messages. It's still very hard (i.e., an infeasibly large number of CPU cycles for most of us) to generate data that yields the same MD5 hash as some other, arbitrary document.
It all sounds to me more like a case of blinding a magistrate with science, than some kind of victory for common sense. (Well, lawyers are involved, so commonsense isn't relevant, anyway.)
I have a pysics teacher (also in WA) that drives as fast as he wants. Then when he goes to court for the speeding tickets he dazzles the judge with science and calculus until the ticket gets dropped.
You are so boring that when I see you my feet go to sleep.
OK, I'm partially responsible for people seeing applied attack against MD5, so I'll comment for a second.
.md5 file as well. (Files on multiple servers are a little different, because you can go elsewhere to see the deviating MD5 hash.)
Basically, in 2004 Xiaoyun Wang released two different files with the same MD5 hash. This has been predicted since around 1996, when Hans Dobbertin showed the hash was broken -- but it took a while for the actual attack to show up.
Alot of people said there were _no_ applied uses. Not true. For instance, the following two pages have the same hash:
Lockheed Martin
Boeing
What's important to realize about the above content is that both web pages are included in both links; the difference between the source files (which MD5 is blind to) is just used to determine which page is displayed. What that means is that, for forensic purposes, it's trivial to rule out the best known attack against MD5 -- just look at the content being hashed.
Thats not to say we should keep using MD5. It's broken, we need to move on. But attempts to claim that MD5 is broken, so we have no idea of any link between hashed content and real material -- that's just ridiculous. We have plenty of idea, especially with human-guided forensic operations.
That being said -- if you can doctor a photo, you can doctor a hash. This is one of the things that makes files hosted on a single server w/ MD5 hashes "verifying" them a little silly...if you can alter the file, you can alter the
Speed cameras in Perth (West Coast for the punters) are a real bitch. I hear these contraptions pay for themselves within a week of indiscriminately snapping drivers going just 4-5km/h over the speed limit. That probably sounds reasonable in built up areas where you the speed limit is 40km/h (during school hours), but on the open road where 110km/h is legal, you're better off flicking on the cruise control to avoid the boys in blue. Pre-cameras, the cops used to book you for in excess of 9km/h in the country - at least then there was some logical wiggle room, not to mention it wasn't some impersonal surprise money earner turning up in your mail one day.
The extraordinary thing is that around the burbs, often I have to put my foot on the brake going down small hills just to ensure I don't edge over the limit. Perhaps sales of brake pads and cruise control equipment have increased substantially since the introduction of these fuckers. Both my parents have received speeding fines in the last few years, having gone for over forty years with a clean record.
As an aside, a few years back, one chap was flashed by the camera as he drove by and promptly responded by swerving into the offending machine, taking it out all together. Unfortunately, these cameras have a bunch of wire connected to a nearby van, which stores all the data. The cops simply lifted the last photo taken and arrested the guy. Though a tad rash in his response, I still consider him a legend.
I just like to drive so fast that the cameras see me as a blur.
In the UK the deployment of speed cameras is at the discretion of the chief constable (the boss) of the local constabulary (usually with the jurisdiction of the county they are situated in). Interesting one or two counties in the UK don't have speed cameras. Even more interesting is that in the last set of figures, those counties without them actually saw a drop in injuries and fatalities whereas those with saw a rise.
The thing about speed limits and cameras is that they are set an arbitrary value which, on average, appears to suit the road. But it's like seat belts, there are times when wearing one is worse than not wearing one but on average its better to wear one. My particular bug-bear is speeds on motorways. A nice sunny Sunday morning when the road is empty 100mph is not dangerous. 50mph in the fog in rush hour is. Speed cameras don't generally account for that. Speed doesn't kill. Inappropriate speed kills.
There is one section of one motorway in the UK that has it right. A section of the M25 has adjusting speed limits and cameras to suit. I would like to see them on all motorways, moving from 30mph at the lower end to 100mph at the upper end. (Why 100 because that's the top speed of some small cars and having cars with differing speeds is also dangerous).
Warning for visitors: WA has one of the most zealous state highway patrol forces in the nation. Just don't exceed 10 over the limit here.
WARNING! Police in Washington enforce laws!
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
I have a pysics teacher (also in WA) that drives as fast as he wants. Then when he goes to court for the speeding tickets he dazzles the judge with science and calculus until the ticket gets dropped.
Well then, if "as fast as he wants" means "much faster than the law allows", then I hope physics brings him some swift justice before he kills some innocent person who is not a complete ass.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
I wonder if Australian police are as (radar gun) trigger happy as they are in certain parts of the U.S.
Yes.
And I'd rather have a fine and a few points on my license than a murder conviction for running over a pedestrian at 90km/h in a 60km/h zone
The Speed Limit is designed to be a universally safe speed. This includes a half-blind old person driving a poorly maintained SUV during heavy traffic. It is not an actual "limit" on the safest speed. If some guy is out in the boonies, with nothing but empty fields to hit, the fact that he's going 30 over the speed limit doesn't really mean much.
Also, on a well-maintained highway, at a time when there is little or no other traffic, with a good driver and a well maintained vehicle, the fact that a person is driving 85 in a 55 does not necessarily mean that he is presenting an unreasonable risk to himself or others.
If the laws being enforced are themselves unreasonable, a warning is not out of order. Just because something is "the law" does not mean it's reasonable or prudent.
And most of them are really well sign posted with (normally at least 2) big signs before them saying "Speed camera ahead" and afterwards a big sign pointing out that your speed was just checked.
So if you get caught speeding by one of those cameras then you're an idiot.
Actually, I kind of like the idea that enforcement of the law can be, in some circumstances at least, automated. There would be very few cases where speeding can be justified and, assuming that all equipment is working properly, it's a binary test: either you were over the speed limit or you weren't. There's not a lot of grey area there. I know a lot of people complain about them with arguments about revenue raising, but I have no problems with them whatsoever.
Let's assume this is the protocol:
- camera takes snap shot, uses signing key on tamper-resistant chip inside camera to sign a hash of that photo (with the time, speed, etc. concatenated onto the end of the photo before hashing)
- send bill to speeder (possibly including hash of picture or in some way "committing" to that particular md5sum)
Then, the problem the bad guy has is to find another picture with that same hash value. This is a preimage attack [find another photo that outputs this hash value] and the weaknesses in MD5 were collision weaknesses: particular collisions found and an algorithm for generating collisions. But collisions are just two messages that have the same hash value, not a particular hash value of your choosing.If the protocol doesn't have a way to securely associate a hash with a photo (e.g. doesn't sign it), then it doesn't make a difference if you're using MD5 or SHA-1 or SHA-256, the cops can still just doctor photos at will and only produce the hashes of the doctored photos. So this line of "attack" has nothing to do with underlying cryptographic weaknesses.
[Note also that the weaknesses in MD5 don't affect the security of HMAC-MD5]. Hell, the case should be thrown out since the defense atty had the temerity to issue this stunning (even in buzz-word-addled tech) mischaracterization: http://www.smh.com.au/news/national/motorist-wins
WARNING! Police in Washington enforce laws... that generate a revenue stream!
Personally I have no problem with Police enforcing laws, it's just when they go for the easy, (relatively) harmless, money-grabbing ones to the detriment of rapes, murders, assault, criminal damage, etc. that I have a problem.
Yeah, the problem is pretty bad where I live, too. Cops whoring themselves out for speeding fines when more serious crimes go reported and with no police response for hours or days.
F*** them.
Until he/she has a tyre blowout, or comes across an unexpected pothole in the road, or has to swerve to avoid a rabbit running across the road... at which point that extra 30mph or 50kmph could make a huge difference to the ensuing damage to the person and other people, not to mention their car. Those are things that can happen to anyone, no matter how good a driver they are.
Until he/she has a tyre blowout, or comes across an unexpected pothole in the road, or has to swerve to avoid a rabbit running across the road... at which point that extra 30mph or 50kmph could make a huge difference to the ensuing damage to the person and other people, not to mention their car. Those are things that can happen to anyone, no matter how good a driver they are.
Yes, that reminds me of something I witnessed about 25 years ago when I was a child. On a freeway a car flew past us at high speed, minutes later we drove past to see it, upside down, with a front type blown open and bloody bodies on the ground around it. I'll never forget that.
The World is full of people who are "better than average" in their own minds. Especially young people who think they are the next F1 champion. A while ago on TV in Australia, a current affairs type program got a bunch of hoons together to do a high performance driver training and testing. They all failed because they ALL went out too hard with something to prove. The funniest thing, was that the old guy training them, drove their own hotted up cars around the course much better and faster than the owners did.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
incrediable. you say an 'old guy' who trained racing drivers is a better driver than his trainees? what next? teachers knowing more than their pupils? i'm flabbergasted.
incrediable. you say an 'old guy' who trained racing drivers is a better driver than his trainees? what next? teachers knowing more than their pupils? i'm flabbergasted.
The point was that he was driving THEIR cars better than they were and showing that they were nowhere near as good as they thought they were. You can't keep a car driving near its limits if you don't know the car well. Yet this old guy drove their cars much better than they did. They didn't respect this guy at first because he was old and saddly after proving these young idiots wrong, they were still fast talking and making excuses.
Of course I expect the old driving instructor to be much better than them. What was funny was that this old guy who the young hoons would not identify with as being a fast driver, handed them their asses in their own boy racer cars. As far as old racing drivers go, the instructor did not look the part either. Imagine you're an 18yo with some crazy hotted up 600kW Supra and your grandfather, who normally drives the speed limit in his Volvo, shows you how to drive it hard.
These hoons were humiliated. The point of the show was a challenge to the hoons to prove that they were good enough drivers to speed. They all failed.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Yes, but on a four lane highway, where the most severe turn is about 30 degrees per mile, which is the 'unsafe speed'?
55(1980's speedlimit)
65(1990's)
75(current)
The road has been all of the above. Is 85 even that much of a stretch for a stable, well maintained car with good tires?
I've driven a number of vehicles, and there are a number that I wouldn't drive past 55-65 in on any road. It could be an immaculate runway and I wouldn't go that fast. On the other hand, I've driven a few sports-cars, and they feel more in control even going 30mph faster than the delivery truck.
I don't read AC A human right
Why anybody would swerve and risk their own life and the lives of others to avoid hitting a rabbit, squirrel, cat, et al is beyond rational comprehension.
Ignorance is curable, stupid is forever.
Disclaimer I rarely watch "current affairs" on the commercial channels as I think most of it is crap. But I did see part of the story you mentioned...
"These hoons were humiliated. The point of the show was a challenge to the hoons to prove that they were good enough drivers to speed. They all failed."
Dead on, but even after all that some of them still could not see a problem with thier own speeding. They were male and had the "indestructable" attitude (I suffered the same syndrome 25 yrs ago and have the scars to prove it).
Off course we have vast highways over here where you can see a Camel 2km up the road, no traffic, no cops, no bends. Speeding is not a problem in the middle of nowhere, falling asleep and road-trains will kill you.
Speed limits are made so that the AVERAGE driver can make a stupid mistake once in a while and live to be honked at and humiliated. If EVERY driver is driving near thier skill limit then NOBODY can make a mistake, ever!
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
interesting idea - swerving to AVOID a rabbit. i usually CHASE the rabbit (or deer, or racoon)... it's the closest activity to a sport that i perform.
Wave upon wave of demented avengers March cheerfully out of obscurity into the dream
What about a child? Where would YOU draw the line?
That's a ridiculous question - dogs, cats, etc. are legally property. People are not. Of course I'd feel badly running over a cat or other cuddly animal, but if it's between that and losing control of the vehicle, causing perhaps thousands of dollars in damage or worse, injuring someone, the cat doesn't get a second thought at the moment. Certainly I avoid animals on the road where possible. However, the most important part of driving is judgement, and that means knowing when you just have to suck it up and barrel over someone's pet in the road for the greater good.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
Yes, but on a four lane highway, where the most severe turn is about 30 degrees per mile, which is the 'unsafe speed'?
The answer is: any speed other than the one all the other vehicles are moving at.
Numerous studies have shown that the most important factor in reducing the total number of accidents on highways is to get all of the vehicles moving at about the same speed. Driving the speed limit when everyone else is going 10 over is dangerous. Driving 10mph faster than everyone else is dangerous.
Higher absolute speed increases the severity of injuries in case of an accident, different roadways also impose a natural maximum (though the US Interstates were mostly designed for 80mph traffic, since the speed limit was 70mph when they were constructed), and weather conditions can change things dramatically, but the most important consideration in minimizing accidents is getting all of the cars moving at close to the same speed.
If you're the granny with cars whizzing by to the left and right, you're a hazard, even if you're going the speed limit. If you're the punk passing everyone and weaving through traffic, you're a hazard, even if your car is perfectly capable of handling the speed on that road. In both cases, it doesn't even matter how good of a driver you may or may not be... if your actions may surprise another driver, then you'll eventually cause an accident.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Yes, please.. at least 69.34% of us are simply deathly sick and tired of it.
Welcome to the Panopticon. Used to be a prison, now it's your home.