Slashdot Mirror
Australian PLAID Crypto, ISO Conspiracies, and German Tanks
New submitter Gaglia writes: PLAID, the Australian 'unbreakable' smart card identification protocol has been recently analyzed in this scientific paper (disclaimer: I am one of the authors, and this is a personal statement.)
Technically, the protocol is a disaster. In addition to many questionable design choices, we found ways for tracing user identities and recover card access capabilities. The attacks are efficient (few seconds on 'home' hardware in some cases), and involve funny techniques such as RSA moduli fingerprinting and... German tanks. See this entry on Matt Green's crypto blog for a pleasant-to-read explanation.
But the story behind PLAID's standardization is possibly even more disturbing. PLAID was pushed into ISO with a so-called "fast track" procedure. Technical loopholes made it possible to cut off from any discussion the ISO groups responsible for crypto and security analysis. Concerns from tech-savvy experts in the other national panels were dismissed or ignored. We contacted ISO and CERT Australia before going public with our paper, but all we got was a questionable and somewhat irate response (PDF) by PLAID's project editor (our reply here). Despite every possible evidence of bad design, PLAID is now approved as ISO standard, and is coming to you very soon inside security products which will advertise non-existing privacy capabilities.
The detailed story of PLAID in the paper is worth a read, and casts many doubts on the efficacy of the most important standardizing body in the world. It is interesting to see how a "cryptography" product can be approved at ISO without undergoing any real security scrutiny.
On a related note, the enthusiastic comments to PLAID's design made by a few readers in the old Slashdot story reminds us as a cautionary tale that you need cryptographers to assess the security of cryptography. Quoting Bruce Schneier: amateurs produce amateur cryptography.
Technically, the protocol is a disaster. In addition to many questionable design choices, we found ways for tracing user identities and recover card access capabilities. The attacks are efficient (few seconds on 'home' hardware in some cases), and involve funny techniques such as RSA moduli fingerprinting and... German tanks. See this entry on Matt Green's crypto blog for a pleasant-to-read explanation.
But the story behind PLAID's standardization is possibly even more disturbing. PLAID was pushed into ISO with a so-called "fast track" procedure. Technical loopholes made it possible to cut off from any discussion the ISO groups responsible for crypto and security analysis. Concerns from tech-savvy experts in the other national panels were dismissed or ignored. We contacted ISO and CERT Australia before going public with our paper, but all we got was a questionable and somewhat irate response (PDF) by PLAID's project editor (our reply here). Despite every possible evidence of bad design, PLAID is now approved as ISO standard, and is coming to you very soon inside security products which will advertise non-existing privacy capabilities.
The detailed story of PLAID in the paper is worth a read, and casts many doubts on the efficacy of the most important standardizing body in the world. It is interesting to see how a "cryptography" product can be approved at ISO without undergoing any real security scrutiny.
On a related note, the enthusiastic comments to PLAID's design made by a few readers in the old Slashdot story reminds us as a cautionary tale that you need cryptographers to assess the security of cryptography. Quoting Bruce Schneier: amateurs produce amateur cryptography.
The detailed story of PLAID in the paper is worth a read, and casts many doubts on the efficacy of the most important standardizing body in the world. It is interesting to see how a "cryptography" product can be approved at ISO without undergoing any real security scrutiny.
Not really surprising given the Microsoft OOXML standard controversy a few years ago. I suppose the ISO could always have been susceptible to influence peddling in the past, but the OOXML thing was the first time I, and a lot of others, became aware of it.
Australians have been selling their freedom for security for years. Socialized society, insane gun control, and their crypto attitude is just horrible.
With a firearm related homicide rate 1/30th that of the USA (and firearm related deaths due to all causes about 1/12th that of the USA), maybe their gun control isn't so insane.
Part of the argument the PLAID designers are making boils down to "well it's theoretically possible to implement it securely even if the standard doesn't warn you about that risk, nobody does it right, and even the reference implementation got it wrong".
For examples of how well that works out in real life, see:
* WiFi WPS pins - just search the web for "WiFi WPS pin attack" - most WiFi routers were vulnerable
* DNS source port randomisation - http://www.kb.cert.org/vuls/id/800113 - most DNS resolvers were vulnerable
* PKCS#1 signature validation - https://www.imperialviolet.org/2014/09/26/pkcs1.html - most browsers were vulnerable
* Many others
It's irrelevant to the core logic of the issue, but misspellings and grammar errors are a pretty good indicator of the quality of a piece of work.
A "mute" item would be "(1) refraining from making sound or (2) silent" -- one that does not make an actual audible sound.
A "moot" item is one that is "(1) of no importance or (2) merely hypothetical."
There are many other errors that seem to indicate this whole document was whipped up in a hurry by a pissed off individual without review, but the high-school-level error "mute point" sticks out like a sore thumb.
Seeing this kind of minor but highly-visible mistake in the headings and TOC of a formal document... does not lend credibility to the whole.
I think not...(*poof*)
Incorrect. It has gone down.
What has increased is imbeciles harping on the interweb echo chamber about some shit they've read in 'the media'. A media that will report and hype anything and everything that seems even remotely 'shocking'.
"Man hit and killed by meteorite!" would remain a headline for two weeks because they can't find anything else to report about. Then some dipshits see this and think it's going to happen to them and start a "Sky is falling" panic, and start taking out shares in the underground bunker industry.