Home Tags Cryptanalysis

Tag: Cryptanalysis

Give us encrypted camera storage, please – filmmakers, journos

Photojournalists plead for secured data in professional cams Over 150 prominent filmmakers and photojournalists have asked leading camera makers to add support for data encryption to their devices. An open letter published on Wednesday by the Freedom of the Press Foundation – a group that includes Academy Award winners Laura Poitras and Alex Gibney – states that encryption is absent from all commercial cameras being sold today and that the technology is needed to protect both those capturing images and those depicted in them. "Without encryption capabilities, photographs and footage that we take can be examined and searched by the police, military, and border agents in countries where we operate and travel, and the consequences can be dire," the letter states. The list of camera makers contacted includes Canon, Fuji, Nikon, Olympus, and Sony. According to the Committee to Protect Journalists, the confiscation of cameras from journalists is so common that the organization cannot accurately track such incidents. Mobile phones often have passable cameras and also support the encryption of data at rest, for images and text messaging.

That makes them safer in theory than professional camera equipment in conflict zones and in confrontations with authorities. Against a well-funded, resourceful, or determined adversary, however, technical protection doesn't guarantee that encrypted data will remain secure. After attempting to pressure Apple into creating a special version of iOS that would allow it to gain access to an iPhone used by one of the San Bernardino shooters in 2015, the FBI ultimately gained access to the device with the help of a third party, through what's believed to be software vulnerability. What's more, US Border authorities have broad latitude to search electronic devices, and many countries have laws that can be used to compel individuals to disclose encryption keys.
So the availability of encryption doesn't mean it will be effective at shielding data from scrutiny. At a recent Hacks/Hackers event in San Francisco titled "Information Security for Journalists," Data Guild cofounder David Gutelius said that, with the possible exception of Signal, he wouldn't recommend any digital communication technology for journalists with serious security concerns involving nation-level adversaries.

Even Tor, a generally well-regarded network anonymity tool, can be compromised, he said. In an email to The Register, Trevor Timm, executive director of the Freedom of the Press Foundation, acknowledged that laws limiting encryption and border searches could diminish its effectiveness but emphasized that it should be an option. "Journalists – or anyone who uses a camera with encryption enabled – would always have the option to unlock it if they chose to, but right now they don't even have that choice, and that's the problem," said Timm. Jonathan Zdziarski, an iOS forensic researcher, in a series of Twitter posts on Wednesday voiced support for better encryption and stronger privacy protection but expressed doubt that camera makers, as they lose sales to smartphone makers, see the addition of encryption as a way to revive sales. "Until every journalist learns to encrypt their hard drive and use Signal, I'm not sure an encrypted camera will do them any good," said Zdziarski. And even then, it may not withstand the threat of rubber-hose cryptanalysis or a $5 wrench. ® Sponsored: Customer Identity and Access Management

Google teaches “AIs” to invent their own crypto and avoid eavesdropping

reader comments 18 Share this story Google Brain has created two artificial intelligences that evolved their own cryptographic algorithm to protect their messages from a third AI, which was trying to evolve its own method to crack the AI-generated crypto. The study was a success: the first two AIs learnt how to communicate securely from scratch. Enlarge / The setup of the crypto system. P = input plaintext, K = shared key, C = encrypted text, and PEve and PBob are the computed plaintext outputs. The Google Brain team (which is based out in Mountain View and is separate from Deep Mind in London) started with three fairly vanilla neural networks called Alice, Bob, and Eve. Each neural network was given a very specific goal: Alice had to send a secure message to Bob; Bob had to try and decrypt the message; and Eve had to try and eavesdrop on the message and try to decrypt it. Alice and Bob have one advantage over Eve: they start with a shared secret key (i.e. this is symmetric encryption). Importantly, the AIs were not told how to encrypt stuff, or what crypto techniques to use: they were just given a loss function (a failure condition), and then they got on with it. In Eve's case, the loss function was very simple: the distance, measured in correct and incorrect bits, between Alice's original input plaintext and its guess. For Alice and Bob the loss function was a bit more complex: if Bob's guess (again measured in bits) was too far from the original input plaintext, it was a loss; for Alice, if Eve's guesses are better than random guessing, it's a loss. And thus an adversarial generative network (GAN) was created. Alice, Bob, and Eve all shared the same "mix and transform" neural network architecture, but they were initialised independently and had no connection other Alice and Bob's shared key. For Alice the key and plaintext are input into the first layer of the neural network; for Bob the key and the ciphertext were input; and for Eve, she got just the ciphertext. The first layer is fully-connected, so the text and key can mix about. Following the first layer there are a number of convolutional layers, which learn to apply a function to the bits that were handed to it by the previous layer. They don't know what that function might be; they just learn as they go along. For Alice, the final layer spits out some ciphertext; Bob and Eve output what they hope is the plaintext. Enlarge / Bob and Eve's reconstruction errors during training. You can see that Eve starts to improve, but then a change in the Alice-Bob crypto method shuts her out again. The results were... a mixed bag. Some runs were a complete flop, with Bob never able to reconstruct Alice's messages. Most of the time, Alice and Bob did manage to evolve a system where they could communicate with very few errors. In some tests, Eve showed an improvement over random guessing, but Alice and Bob then usually responded by improving their cryptography technique until Eve had no chance (see graph). The researchers didn't perform an exhaustive analysis of the encryption methods devised by Alice and Bob, but for one specific training run they observed that it was both key- and plaintext-dependent. "However, it is not simply XOR. In particular, the output values are often floating-point values other than 0 and 1," they said. In conclusion, the researchers—Martín Abadi and David G. Andersen—said that neural networks can indeed learn to protect their communications, just by telling Alice to value secrecy above all else—and importantly, that secrecy can be obtained without prescribing a certain set of cryptographic algorithms. There is more to cryptography than just symmetric encryption of data, though, and the researchers said that future work might look at steganography (concealing data within other media) and asymmetric (public-key) encryption. On whether Eve might ever become a decent adversary, the researchers said: "While it seems improbable that neural networks would become great at cryptanalysis, they may be quite effective in making sense of metadata and in traffic analysis." You can read the researchers' preprint paper on arXiv. This post originated on Ars Technica UK