Re: SECURITY: Logistics of paranoia.

From: Warrl kyree Tale'sedrin (warrl@blarg.net)
Date: Sat Jun 06 1998 - 01:38:16 MDT


From: Alex Future Bokov <alexboko@umich.edu>

> Let's say James Bond and Austin Powers want to correspond about
> secret stuff. Obviously, they would exchange keys signed by trusted
> parties and go at it. However, what if there are no trusted parties, and a
> face to face meeting is too risky/expensive? They could each create a new
> key-pair not associated with their normal identities and correspond
> through two-way anonymous remailers, thus neither knowing whom they're
> talking to but at least knowing it's the same entity each time. If one of
> them is captured or subverted, they still won't be able to give away the
> identity of the other. Can anyone see any vulnerabilities in this plan
> whatsoever?

OK, let's start this conversation. But we must start it at the beginning. James
Bond wants to start this conversation, but he doesn't know who with and he
doesn't want to reveal his identity. So he creates a new secured ID, and sends
a thusly-signed clear message to -- whom?

(Or maybe he does know who with, but he is aware that this target person will
NOT want James Bond to know who he is dealing with. How do you send a
message to some specific person, securely, while making it obvious to that
person that you do not know to whom you are sending the message? You
cannot use his normal email address or his normal public encryption key.)

One possible solution: he broadcasts it. An ad appears in the Personals
column (Seeking Same) section of your local Internet newspaper:
  
  "Somewhat destructive secret agent on another continent seeking same
   in North America for exchange of information and target identification. Reply
   to me@anonymous.remailer with encrypted message using this public key:
   123456789-qwertyuio-asdfghjkl-zxcvbnmp.-."

And HOW MANY government anti-terrorist groups from around the world
respond? Each of them claiming to be the sort of person requested in the ad?

> Now, supposing they want to bring Maxwell Smart into their
> organization. He joins under the same terms as they: anonymity,
> encryption, digital signatures on everything. Can anyone spot any
> vulnerabilities at this point?

How do they know who joins?

Here's another approach, in a system of public-key cryptography. I will
assume that James Bond wishes to communicate with Austin Powers, and
that neither objects to the other knowing the identity of the person they are
communicating with.

First, double encryption. Assuming the recipient's key is not compromised, it
is not possible by examining a doubly-encrypted message to determine its
source. (Examining the envelope on the msg is a different matter; thus an
anonymous remailer.)

Once the recipient decrypts it using his own private key, he *must* have the
source available to him so that he knows whose public key to use for the
second decryption.

But assume that at least one person's regular security ID is believed to
possibly be compromised. Are there any SEMI-trusted parties?

Let's assume there are 12 parties, each of whom Bond semi-trusts and whom
Powers could safely come in physical contact with.

Bond sets himself up *two* new security IDs. ID#1 he splits the public key into
5 parts. Each part is wrapped in a message "Key part 3 is sdfausdofds". This
message is then encrypted with Powers' public key. In front of each of the
results add the text 'Please deliver the following to the next person who comes
to you and says "foursquare bullfrogs".' Then send each part to two *different*
people on the list of twelve semi-trusted parties, encrypted with their public
keys, through the anonymous remailer.

Next Bond writes the message: "When Austin Powers comes and asks you
about an email code, tell him 'foursquare bullfrogs'." He sends this message to
the remaining two semi-trusted parties, encrypted with their public keys,
through the anonymous remailer.

Now he writes a message to Austin Powers, saying "I've sent you a new public
key via distributed means. Fred or Joe can tell you the email code that will
persuade the contact persons to give you their portions of the key. The contact
persons are... And you have a message you'll need that key to decrypt.". He
sends this through a remailer to Austin Powers, encrypted with Austin's regular
public key.

Finally he writes a message saying "This is James Bond. I need to
communicate with you about..." and giving new contact info, INCLUDING the
public key for his new ID#2. He encrypts this using his normal private key.
Adds appropriate text and encrypts it again using the private key from ID#1.
Adds further appropriate text and encrypts it a third time using Austin Powers'
public key, and sends it through an anonymous remailer.

To break this by simple spying and wiretapping, you must have compromised
the private keys of no fewer than six people out of a specific group of thirteen,
and you must intercept the parts and connect them together.

US$500 fee for receipt of unsolicited commercial email. USC 47.5.II.227



This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 14:49:10 MST