Key Escrow that Might Work

12. December, 2018

Instead of encrypting everything with a single government key, several government agencies need to provide new public keys every day. The private key must be under the control of a court. Each secure encryption channel needs to subscribe to one or more of those agencies. The court must delete those keys after six months.

Advantages:

  • No attacker will be able to monitor any channel of communication for a long period of time.
  • Generating and sharing new keys can be automated easily.
  • A single stolen key will just compromise a small fraction of the whole communication.
  • Judges will decide in court which messages can be deciphered during the storage period.
  • It’s still possible to decipher all messages of a person if there is a lawful need.
  • If a key is lost by accident, the damage is small.
  • No one can secretly decode messages.
  • The system can be adapted as attackers find ways to game it.

Disadvantages

  • More complex than a single key or single source for all keys. It will break more often.
  • Pretty expensive.
  • Judges need to be trained to understand what those keys mean.
  • Keys will be in more hands, creating more points of attack.

Always remember that in a democracy, the law isn’t about justice but balancing demands. There are people afraid that embarrassing details of their private communicate will be exposed as well as people trying to cover the tracks of a crime.

Right now, there is no better way to determine which communication needs to be cracked open than a normal court case.

Reasoning:

If we used one or a few keys to encrypt everything (just because it’s easier), that would put a huge attraction on this data. Criminals will go to great lengths to steal those. If there are many keys, each one of them becomes less important. The amount of damage each key can cause must be smaller in this case. It would also mean they would have to steal many keys which would raise chances to get caught.

I was wondering if one key per month would be enough but there is really no technical reason to create so few. We have the infrastructure to create one every few seconds but that might be overkill. Once per day or maybe once per hour feels like a sweet spot. Note: When the technical framework has been set up, it should be easy to configure it to a different interval.

If we spread the keys over several organizations, an attack on one of them doesn’t compromise everyone. Also, software developers and users can move around, making it harder for unlawful espionage to track them.

Police officers and secret services should not be left alone with the decision what they can watch. Individuals make mistakes. That’s one reason why you talk to a friend when you make important decisions. Therefore, the keys should be in the hands of the law.

The law isn’t perfect. My thoughts are that we would use the perfect system if it existed. Since we’re using the law, the perfect solution probably doesn’t exist or it doesn’t exist, yet. In either case, using court rulings is the best solution we have right now to balance conflicting demands. The keys could be confiscated when the case is started and destroyed when the case is closed to avoid losing access halfway through the proceedings.

Mistakes will happen. Systems will break, keys will be lost, important messages will become indecipherable, criminals will attack the system, idiots will put keys on public network drives. Is there a way that this can be avoided? I doubt it. Therefore, I try to design a system which shows a certain resilience against problems to contain the damage.

For example, a chat app can request keys from its source. If that fails, it has options:

  1. Use a previous key
  2. Log an error in another system which monitors health of the key sources
  3. Automatically ask a different source
  4. Tell the user about it and refuse to work
  5. Let the user chose a different source

Virtual Cables for IoT Devices

10. January, 2017

IoT devices are a security nightmare: They should be easy to use / set up but hard to hack.

With classic devices, the solution is “cable”. If there is no cable between two devices, they can’t talk to each other. If you follow the cable, you can see who talks to whom.

Translating this solution for the wireless devices is “virtual cables”. Each device needs a wireless (NFC) connection area where the user can press a “virtual cable drum” (VCD). The device then passes a token to the VCD. Next, the user presses the VCD to the other device.

That creates a virtual wire between the two devices. The VCD is just a small NFC knob which can keep an encrypted token for a couple of minutes. Not having batteries and permanent storage will be a plus: No one can steal the tokens after the connections have been made.

In a similar fashion, the VCD could be used to install security updates: Put the token for the update or the whole patch on the VCD, press the VCD against the device to update to trigger the update.

Related articles:


App to Manage Terms and Conditions

28. December, 2014

There is this old joke on User Friendly about license agreements: “Have any of you ever actually read a license agreement?” “I have! A few words, anyway …” “And what did the part you read say?” “umm… ‘I accept.'” (whole story starts here; afterwards, someone actually wrote a version of Clippy for Vim called Vigor).

I remembered all this when I saw this video on YouTube:

And that led me to an idea: How about an app which tracks T&C for you? In general, it should take a license and show you the important bits. Then, you could say “okay, I like that and that and I can live with those.” The app would then remember your preferences. For the rest of the terms, you could chose “I grudgingly accept these” or “no business with me because of this term.”

Even better, the app could notify you of terms which don’t apply to you because of local law or because courts ruled them out.

That way, the app could just show you the parts of a new license which you want to know about, that is the parts which you didn’t already agree to and without the parts that you’d accept anyway.


Printing Money @Home

2. July, 2013

Ever thought about printing money at home?

It’s illegal, right. But think about this idea:

Your printer driver is connected to, say, PayPal. You draw some cute image (or use your cat if you can’t draw or the Internet, it’s full of cats). You create a QR code worth $15, slap them together with gimp and go to spend it.

Everyone has a mobile phone, so checking those codes would be no big deal. Just an app and you’re done.

And the best part: The NSA would know all the time where you are! You’d never get lost! When they notice you stopped spending money, they could send you an ambulance!


Patently Unpatentable: Remote Presence Systems

16. April, 2013

With the recent advances in 3D printing and robotics, there will be a time when traveling to conferences to meet people in person will work like this:

You send a 3D scan of your head and hands to a 3D printing service plus a set of clothes via normal mail. When the clothes arrive and the face has been printed, both will be dressed on an android frame.

The androids will then meet “in person” while you can safely stay at home.

Related:

 


Patently Unpatentable: Federal Circuit is Trying to Develop New Test For Patentability

20. October, 2012

One of the old problems for patent office or a court is to determine whether a patent is patentable. “‘Laws of nature, natural phenomena and abstract ideas’ are not patentable under US law – but their particular inventive application is.” (source)

But with lawsuits like Apple vs. Samsung (great coverage on groklaw), it’s becoming obvious even for the hard-core patent defenders that things must change.

The Federal Circuit is now trying to come up with a test that answers whether software is patentable or just an abstract idea.

Maybe they should check this article on groklaw: What Does “Software Is Mathematics” Mean? – Part 1

 


Patently Unpatentable: Put a Camera Into the Headlight

19. October, 2012

Simple idea: If you exit a tight side street with high walls on both sides, you can’t see the traffic coming from the sides.

If there was a camera in the headlights of your car, you could see around the corner without exposing more than a few centimeters of your car.

Other interesting technologies: