The Doghouse: Crown Sterling

A decade ago,the Doghouse was aregular featurein both my email newsletter Crypto-Gram and my blog.必威体育官方In it,I would call out particularly egregious -- and amusing -- examples of cryptographic "snake oil."

I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries,which meant standard non-snake-oil cryptography.But every so often,a new company comes along that is so ridiculous,so nonsensical,so bizarre,that there is nothing to do but call it out.

Crown Sterlingis complete and utter snake oil.The companysells"TIME AI,""the world's first dynamic 'non-factor' based quantum AI encryption software,""utilizing multi-dimensional encryption technology,including time,music's infinite variability,artificial intelligence,and most notably mathematical constancies to generate entangled key pairs."Those sentence fragments tick three of mysnake-oil warning signs-- from 1999!-- right there: pseudo-math gobbledygook (warning sign #1),new mathematics (warning sign #2),and extreme cluelessness (warning sign #4).

More: "In March of 2019,Grant identified the first Infinite Prime Number prediction pattern,where the discovery was published on Cornell University'swww.arXiv.orgtitled: 'Accurate and Infinite Prime Number Prediction from Novel Quasi-Prime Analytical Methodology.' The paper was co-authored by Physicist and Number Theorist Talal Ghannam PhD.The discovery challenges today's current encryption framework by enabling the accurate prediction of prime numbers."Note the attempt to leverage Cornell's reputation,even though the preprint server is not peer-reviewed and allows anyone to upload anything.(That should be another warning sign: undeserved appeals to authority.) PhD student Mark Carney took the time torefute it.Most of it is wrong,and what's right isn't new.

I first encountered the company earlier this year.In January,Tom Yemington from the company emailed me,asking to talk."The founder and CEO,Robert Grant is a successful healthcare CEO and amateur mathematician that has discovered a method for cracking asymmetric encryption methods that are based on the difficulty of finding the prime factors of a large quasi-prime numbers.Thankfully the newly discovered math also provides us with much a stronger approach to encryption based on entangled-pairs of keys."Sounds like complete snake-oil,right?I responded as I usually do when companies contact me,which is to tell them that I'm too busy.

In April,a colleague at IBM suggested I talk with the company.I poked around at the website,and sent back: "That screams 'snake oil.' Bet you a gazillion dollars they have absolutely nothing of value -- and that none of their tech people have any cryptography expertise."But I thought this might be an amusing conversation to have.I wrote back to Yemington.I never heard back -- LinkedInsuggestshe left in April -- and forgot about the company completely until it surfaced at Black Hat this year.

Robert Grant,president of Crown Sterling,gave a sponsored talk: "The 2019 Discovery of Quasi-Prime Numbers: What Does This Mean For Encryption?"I didn't see it,but it waswidelycriticizedand heckled.Black Hat was so embarrassed that it removed the presentation from the conference website.(Parts of it remainon the Internet.Here'sa short video from the company,if you want to laugh along with everyone else at terms like "infinite wave conjugations"and "quantum AI encryption."Or you can read the company'spress releaseabout what happened at Black Hat,or Grant'sTwitter feed.)

Grant has no cryptographic credentials.Hisbio-- on the website of something called the "Resonance Science Foundation"-- is all over the place: "He holds several patents in the fields of photonics,electromagnetism,genetic combinatorics,DNA and phenotypic expression,and cybernetic implant technologies.Mr.Grant published and confirmed the existence of quasi-prime numbers (a new classification of prime numbers) and their infinite pattern inherent to icositetragonal geometry."

Grant'sbioon the Crown Sterling website contains this sentence,absolutely beautiful in its nonsensical use of mathematical terms: "He has multiple publications in unified mathematics and physics related to his discoveries of quasi-prime numbers (a new classification for prime numbers),the world's first predictive algorithm determining infinite prime numbers,and a unification wave-based theory connecting and correlating fundamental mathematical constants such as Pi,Euler,Alpha,Gamma and Phi."(Quasi-primes are real,and they're not new.They're numbers withonly large prime factors,like RSA moduli.)

Near as I can tell,Grant's coauthoris the mathematicianof the company: "Talal Ghannam -- a physicist who has self-published a book calledThe Mystery of Numbers: Revealed through their Digital Rootas well as a comic book calledThe Chronicles of Maroof the Knight: The Byzantine."Nothing about cryptography.

There seems to be another technical person.Ars Technicawrites: "Alan Green(who,according to the Resonance Foundation website,is a research team member and adjunct faculty for the Resonance Academy) is a consultant to the Crown Sterling team,according to a company spokesperson.Until earlier this month,Green -- a musician who was 'musical director for Davy Jones of The Monkees' -- was listed on the Crown Sterling website as Director of Cryptography.Green has written books and a musical about hidden codes in the sonnets of William Shakespeare."

None of these people have demonstrated any cryptographic credentials.No papers,no research,no nothing.(And,no,self-publishing doesn't count.)

After the Black Hat talk,Grant -- and maybe some of those others --sat down with Ars Technicaand spun more snake oil.They claimed that the patterns they found in prime numbers allows them to break RSA.They're not publishing their results "because Crown Sterling's team felt it would be irresponsible to disclose discoveries that would break encryption."(Snake-oil warning sign #7: unsubstantiated claims.) They also claim to have "some very,very strong advisors to the company"who are "experts in the field of cryptography,truly experts."The only one they name isLarry Ponemon,who is a privacy researcher and not a cryptographer at all.

Enough of this.All of us can create ciphers that we cannot break ourselves,which means that amateur cryptographers regularly produceamateur cryptography.These guys are amateurs.Their math is amateurish.Their claims are nonsensical.Run away.Run,far,far,away.

But be careful how loudly you laugh when you do.Not only is the company ridiculous,it's litigious as well.It has sued ten unnamed "John Doe"defendants forbooing the Black Hat talk.(Italsosued Black Hat,which may have more merit.The company paid good money to have its talk presented amongst actual peer-reviewed talks.For Black Hat to remove its nonsense may very well be a breach of contract.)

Maybe Crown Sterling can file a meritless lawsuit against me instead for this post.I'm sure it would think it'd result in all sorts of positive press coverage.(Although any press is good press,so maybe it's right.) But it I can prevent others from getting taken in by this stuff,it would be a good thing.

EDITED TO ADD: Crown Sterlingpaid $115Kfor that Black Hat sponsorship.

Posted on September 5,2019 at 5:58 AM30 Comments

Massive iPhone Hack Targets Uyghurs

China isbeing blamedfor a massive surveillance operation that targeted Uyghur Muslims.This story broke in waves,the first wave being about the iPhone.

Earlier this year,Google's Project Zerofounda series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site.(The vulnerabilities were patched in iOS 12.1.4,released on February 7.)

Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites.The hacked sites were being used in indiscriminate watering hole attacks against their visitors,using iPhone 0-day.

There was no target discrimination;simply visiting the hacked site was enough for the exploit server to attack your device,and if it was successful,install a monitoring implant.We estimate that these sites receive thousands of visitors per week.

TAG was able to collect five separate,complete and unique iPhone exploit chains,covering almost every version from iOS 10 through to the latest version of iOS 12.This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.

Fourmorenewsstories.

This upends pretty much everything we know about iPhone hacking.We believed that it was hard.We believed that effective zero-day exploits cost$2Mor$3M,and wereused sparinglyby governmentsonly againsthigh-value targets.We believed that if an exploit was used too frequently,it would be quickly discovered and patched.

None of that is true here.This operation used fourteen zero-days exploits.It used them indiscriminately.And it remained undetected for two years.(I waited before posting this because I wanted to see if someone would rebut this story,or explain it somehow.)

Google's announcement left out of details,like the URLs of the sites delivering the malware.That omission meant that we had no idea who was behind the attack,although the speculation was that it was a nation-state.

Subsequent reportingadded that malware against Android phones and the Windows operating system were also delivered by those websites.And then that the websites weretargeted at Uyghurs.Which leads us all toblame China.

So now this is a story of a large,expensive,indiscriminate,Chinese-run surveillance operation against an ethnic minority in their country.And the politics will overshadow the tech.But the tech is still really impressive.

EDITED TO ADD: New data on thevalue of smartphone exploits:

According to the company,starting today,a zero-click (no user interaction) exploit chain for Android can get hackers and security researchers up to $2.5 million in rewards.A similar exploit chain impacting iOS is worth only $2 million.

Posted on September 3,2019 at 6:09 AM36 Comments

Friday Squid Blogging: Why Mexican Jumbo Squid Populations Have Declined

A group of scientistsconcludethat it's shifting weather patterns and ocean conditions.

As usual,you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelineshere.

Posted on August 30,2019 at 4:09 PM72 Comments

Attacking the Intel Secure Enclave

Interesting paper by Michael Schwarz,Samuel Weiser,Daniel Gruss.The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code.Of course,that's not true.And there are no security mechanisms that can deal with malicious enclaves,because the designers couldn't imagine that they would be necessary.The results are predictable.

The paper: "Practical Enclave Malware with Intel SGX."

Abstract:Modern CPU architectures offer strong isolation guarantees towards user applications in the form of enclaves.For instance,Intel's threat model for SGX assumes fully trusted enclaves,yet there is an ongoing debate on whether this threat model is realistic.In particular,it is unclear to what extent enclave malware could harm a system.In this work,we practically demonstrate the first enclave malware which fully and stealthily impersonates its host application.Together with poorly-deployed application isolation on personal computers,such malware can not only steal or encrypt documents for extortion,but also act on the user's behalf,e.g.,sending phishing emails or mounting denial-of-service attacks.Our SGX-ROP attack uses new TSX-based memory-disclosure primitive and a write-anything-anywhere primitive to construct a code-reuse attack from within an enclave which is then inadvertently executed by the host application.With SGX-ROP,we bypass ASLR,stack canaries,and address sanitizer.We demonstrate that instead of protecting users from harm,SGX currently poses a security threat,facilitating so-called super-malware with ready-to-hit exploits.With our results,we seek to demystify the enclave malware threat and lay solid ground for future research on and defense against enclave malware.

Posted on August 30,2019 at 6:18 AM21 Comments

AI Emotion-Detection Arms Race

Voice systems are increasingly using AI techniques to determine emotion.A new paperdescribes an AI-based countermeasure to mask emotion in spoken words.

Their method for masking emotion involves collecting speech,analyzing it,and extracting emotional features from the raw signal.Next,an AI program trains on this signal and replaces the emotional indicators in speech,flattening them.Finally,a voice synthesizer re-generates the normalized speech using the AIs outputs,which gets sent to the cloud.The researchers say that this method reduced emotional identification by 96 percent in an experiment,although speech recognition accuracy decreased,with a word error rate of 35 percent.

Academicpaper.

Posted on August 29,2019 at 6:17 AM30 Comments

The Myth of Consumer-Grade Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure.Yet that's not possible,because there is no longer any difference between those categories of devices.Consumer devices are critical infrastructure.They affect national security.And it would be foolish to weaken them,even at the request of law enforcement.

Inhiskeynoteaddressat the International Conference on Cybersecurity,Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations.Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all,we are not talking about protecting the nation's nuclear launch codes.Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations.We are talking about consumer products and services such as messaging,smart phones,e-mail,and voice and data applications."

The thing is,that distinction between military and consumer products largely doesn't exist.All of those "consumer products"Barr wants access to are used by government officials -- heads of state,legislators,judges,military commanders and everyone else -- worldwide.They're used by election officials,police at all levels,nuclear power plant operators,CEOs and human rights activists.They're critical to national security as well as personal security.

This wasn't true during much of the Cold War.Before the Internet revolution,military-grade electronics were different from consumer-grade.Military contracts drove innovation in many areas,and those sectors got the cool new stuff first.That started to change in the 1980s,when consumer electronics started to become the place where innovation happened.The military responded by creating a category of military hardware called COTS: commercial off-the-shelf technology.More consumer products became approved for military applications.Today,pretty much everything that doesn't have to be hardened for battle is COTS and is the exact same product purchased by consumers.And a lot of battle-hardened technologies are the same computer hardware and software products as the commercial items,but in sturdier packaging.

Through the mid-1990s,there was a difference between military-grade encryption and consumer-grade encryption.Laws regulated encryption as a munition and limited what could legally be exported only to key lengths that were easily breakable.That changed with the rise of Internet commerce,because the needs of commercial applications more closely mirrored the needs of the military.Today,the predominant encryption algorithm for commercial applications -- Advanced Encryption Standard (AES) -- is approved by the National Security Agency (NSA) to secure information up to the level of Top Secret.The Department of Defense's classified analogs of the Internet­ -- Secret Internet Protocol Router Network (SIPRNet),Joint Worldwide Intelligence Communications System (JWICS) and probably others whose names aren't yet public -- use the same Internet protocols,software,and hardware that the rest of the world does,albeit with additional physical controls.And the NSAroutinely assistsin securing business and consumer systems,including helping Google defend itself from Chinese hackers in 2010.

Yes,there are some military applications that are different.The US nuclear system Barr mentions is one such example -- and it usesancient computersand 8-inch floppy drives.But for pretty much everything that doesn't see active combat,it's modern laptops,iPhones,the same Internet everyone else uses,and the same cloud services.

This is also true for corporate applications.Corporations rarely use customized encryption to protect their operations.They also use the same types of computers,networks,and cloud services that the government and consumers use.Customized security is both more expensive because it is unique,and less secure because it's nonstandard and untested.

During the Cold War,the NSA had the dual mission of attacking Soviet computers and communications systems and defending domestic counterparts.It was possible to do both simultaneously only because the two systems were different at every level.Today,the entire world uses Internet protocols;iPhones and Android phones;and iMessage,WhatsApp and Signal to secure their chats.Consumer-grade encryption is the same as military-grade encryption,and consumer security is the same as national security.

Barr can't weaken consumer systems without also weakening commercial,government,and military systems.There's one world,one network,and one answer.As a matter of policy,the nation has to decide which takes precedence: offense or defense.If security is deliberately weakened,it will be weakened for everybody.And if security is strengthened,it is strengthened for everybody.It's time to accept the fact that these systems are too critical to society to weaken.Everyone will be more secure with stronger encryption,even if it means the bad guys get to use that encryption as well.

This essaypreviously appearedon Lawfare.com.

Posted on August 28,2019 at 6:14 AM44 Comments

Detecting Credit Card Skimmers

Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth.There's now anapp that can detect them:

The team from the University of California San Diego,who worked with other computer scientists from the University of Illinois,developed an app calledBluetanawhich not only scans and detects Bluetooth signals,but can actually differentiate those coming from legitimate devices -- like sensors,smartphones,or vehicle tracking hardware -- from card skimmers that are using the wireless protocol as a way to harvest stolen data.The full details of what criteria Bluetana uses to differentiate the two isn't being made public,but its algorithm takes into account metrics like signal strength and other telltale markers that were pulled from data based on scans made at 1,185 gas stations across six different states.

Posted on August 26,2019 at 6:41 AM33 Comments

Friday Squid Blogging: Vulnerabilities in Squid Server

It's always nice when I cancombine squid and security:

Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service (DoS) attacks triggered by the exploitation of a heap buffer overflow security flaw.

The vulnerability present in Squid 4.0.23 through 4.7 iscausedby incorrect buffer management which renders vulnerable installations to "a heap overflow and possible remote code execution attack when processing HTTP Authentication credentials."

"When checking Basic Authentication with HttpHeader::getAuth,Squid uses a global buffer to store the decoded data,"saysMITRE's description of the vulnerability."Squid does not check that the decoded length isn't greater than the buffer,leading to a heap-based buffer overflow with user controlled data."

The flaw was patched by the web proxy's development team with the release of Squid 4.8 on July 9.

As usual,you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelineshere.

Posted on August 23,2019 at 6:19 PM50 Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.