Monthly Archives: January 2011

Energy, Sailing, Security

America’s Cup Planning for San Francisco

Leave a comment

Craig Thompson is interviewed by Sailing in Marin. He discusses how two factors are influencing the location of the event: poor and unsafe state of the city piers and proximity to automobile parking.

It just happened that piers 27-29, 26-28 are in better shape than some of the piers being considered further south, which will help speed things up as they wont require as much work or environmental assessment work allowing us to up and running a lot quicker. As is well documented, pier 30-32 which will be part of the new plan is going to require extensive rebuilding. It’s not in good condition. It’s not so busy in the southern part and there’s not as much foot traffic. Being in the northern part has other benefits – it’s much better from a public standpoint as this is where the people are anyway. It’s phenomenal and doesn’t get much better. How often can you come into a city like San Francisco and stage an event right there in the center of everything? And then having the course running along the waterfront like it does so that people can actually come out, park their car, walk down to the beach and watch the racing. It’s a very unique opportunity.

That is a strange statement. No one who lives in the Bay Area is going to say people should come park their car at the piers, given that parking is impossible even on a regular day. Maybe it is a plug for an automobile sponsor like BMW?

However, trains, trolleys, cable cars, subway (BART), and buses all run directly and within walking distance to southern piers. There also is no beach at any of the southern piers that he mentions, so he must be hinting that races will happen further north.

I understand the benefits to use piers in better shape but the city is wise to recondition and make use of the piers that are in the worst shape like 30/32. Wind and water conditions are more favorable at the southern piers also, further away from the nuclear gusts that fire through Golden Gate to Angel Island.

Development to the south is great news for the city and improving the safety of the waterfront. South Beach / China Basin is the most exciting area for commercial development. It helps shore up public use of these areas, while providing excellent views from both sides of the Bay. The northern piers make sense for tours, parades and photo shoots when the weather permits but public access and transportation options are limited. Hopefully the focus of events will be southern…and hopefully no one will drive a car.

It is notable that Thompson is from Southern California, which allowed the automobile companies to back-stab and murder mass transit systems in order to boost car sales. Although San Francisco also was threatened by the same situation, much of the infrastructure has been able to survive.

San Francisco was a city without much surplus land to use for roads and depended on its cablecars and its Key system, a system operating 230 electric trolleys and trains. Immediately after acquiring controlling interest in the parent company of the Key system, National City Lines announced its plans to replace the entire system with a fleet of—you guessed it—General Motor’s buses. The Key system owned rights of way across the Golden Gate Bridge; these rights of way were paved over to make way for cars and buses. San Francisco’s recently developed light rail system, (the Bay Area Rapid Transit system, generally known as BART,) had no right of way across the Bay Bridge and was forced to tunnel under the bay at a cost of $180 million.

The right of way issue is essential to the success or failure of a transit system in America.

Once we had a mass transit system, a system that was the envy of the world. This system was almost entirely a private enterprise. What began the demise of mass transit was the loss of rights of way. When trolleys are forced to compete with the more mobile cars and trucks for space, the trolley loses time. This reduces the number of passengers per mile a trolley can carry. It plays havoc with the transit schedule. It also means that it can be quicker to get somewhere using your own car than taking a trolley.

It may be quicker for a few, but less efficient and more harmful overall. So, again, hopefully the development groups working on the next America’s Cup think about the inefficiency of the automobile and discourage people from driving. After all, the America’s cup is about technology and efficiency — using a set amount of input (wind) — so modern and clean public transportation options should be integrated into thinking about the event.

Security

GSM Hacked (Again)

Leave a comment

Karsten Nohl and Sylvain Munaut explained in their presentation called “GSM Sniffing” to the Chaos Computer Club Congress how you can find specific phones and eavesdrop on their communication.

Nohl cracked the 64-bit A5/1 GSM encryption code at the start of last year and made a set of encryption tables public. GSM, now over 20 years old, is used in most cell phones around the world — over 3 billion devices and 80 percent of phones including American Apple phones. When he published his results last year he said he wanted to embarrass operators into upgrading 2G calls to the more secure 128-bit A5/3 algorithm.

The GSM Association responded with skepticism. They emphasized strange things like the commercial aspects of hacking and the physical size of 2 Terabytes when converted into books. They also said eavesdropping was unlikely due to complexity of attacks as well as other controls such as broadcast frequency hops.

In 2007-8, a hacking group claimed to be building an attack on A5/1 by constructing a large look-up table1 of approximately 2 Terabytes — this is equivalent to the amount of data contained in a 20 kilometre high pile of books. […] All in all, we consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM. More broadly, A5/1 has proven to be a very effective and resilient privacy mechanism.

How tall is 2 Terabytes when measured in slices of humble pie?

Nohl, to prove the viability of a look-up table, released a set of open source hacking tools in mid-2010 called Kracken. So you might be tempted to conclude that he has been pushing on this very issue for a while. However, I see several news sources emphasize that it has taken a year for the CCC attack to be put together. It must comfort the Association to see reports of how long it takes but each step has been timed with a security conference — Nohl and Munaut have shown in this latest presentation that $100 in hardware is all that is necessary to perform the attack.

That has been their point all along.

So I think a more accurate description of this CCC presentation is that security experts have spent nearly two years trying to convince an Association of the need to improve security, and this is the latest “I told you so” presentation. Their first few slides include the August 2009 quote from the Association as a kind of problem statement:

“the GSM call has to be identified and recorded from the radio interface…we strongly suspect the team developing the intercept approach has underestimated its practical complexity. A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data.”

The GSM Association has a strong suspicion — faith-based security. Nohl and other security experts, in other words, are presenting facts to disprove a suspicion. He has now, for the third time in a year, publicly demonstrated the simplicity of an attack. Interestingly, although he had to show how to bypass frequency hops to prove his point he only showed an attack on A5/1 and not A5/3; this year he does not explicitly call for the stronger encryption algorithm.

That could be because the 128-bit A5/3 algorithm (aka KASUMI) was was also easily cracked by the Weizmann Institute of Science soon after his presentation in 2009.

The privacy of most GSM phone conversations is currently protected by the 20+ years old A5/1 and A5/2 stream ciphers, which were repeatedly shown to be cryptographically weak. They will soon be replaced in third generation networks by a new A5/3 block cipher called KASUMI, which is a modified version of the MISTY cryptosystem. In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of $2^{ -14}$. By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4 related keys, $2^{26}$ data, $2^{30}$ bytes of memory, and $2^{32}$ time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the $2^{128}$ complexity of exhaustive search, which indicates that the changes made by the GSM Association in moving from MISTY to KASUMI resulted in a much weaker cryptosystem.

Given that A5/3 also is broken, Nohl and Munaut conclude their presentation with the following “wish-list” and threat map for GSM Network security:

  1. SMS home routing
  2. Randomized padding
  3. Rekeying before each call and SMS
  4. Frequent TMSI changes
  5. Frequency hopping

Security

Civil War Vignere Cipher Code Decrypted

Leave a comment

An interesting Telegraph story describes how a Civil War vignere cipher code message in a bottle has been decrypted.

A message in a bottle sent to a Confederate general during the Siege of Vicksburg, one of the key turning points of the American Civil War, has finally been deciphered [by the CIA] after 147 years.

Source: Daily Mail

See also the 2007 CIA publication “Intelligence in the Civil War” (PDF)