[cryptography] cognitive dissonance in threat modelling?

coderman coderman at gmail.com
Sat Dec 14 09:42:55 EST 2013


On Sat, Dec 14, 2013 at 5:57 AM, ianG <iang at iang.org> wrote:
> ... the way in to a sector attack such as is now NSA's mission
> is often by picking the weaker player and perverting them. Then, leapfrog
> (with extortion & bribery) through other players.
>
> Also disturbing is that if the it is Intel, this would mark an intervention
> into the competitive marketplace of industrial policy proportions:  it would
> be promoting Intel over the competitors, which would basically undo decades
> of work to open markets to competition.
>
> Knowing what the NSA are up to is on the verge of becoming a global
> competitive priority.  From an economics / world trade pov, this is seismic.


i hope it was worth it for them!  'cause this is going to be expensive...


Matthew Green posted insights on how one might implement backdoors in chips:
  http://blog.cryptographyengineering.com/p/some-thoughts-on-suborning-encryption.html
as well as the "Weak random number generators" attacks:
  http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html



regarding the unredaction automation: the typographic interpolation
trick discussed on the list, matching type face with justified spacing
with candidate word(s), is a really annoying idea and won't get out of
my head.

 (i tried to distract and forget with a Tor patch -
https://trac.torproject.org/projects/tor/ticket/10402 - to no avail ;)

currently playing with scipy, skimage to:
- obtain from human initial document image
- obtain from human seed words / dictionary for matching
- misc. contrast / levels / etc conditioning for text optimized monochrome
- mask document image into text and non-text areas
- edge detect, align to horoz (for selections by x/y)
- broad region detect text rows into individual row images
- region detect individual chars per row image then assign char value via OCR
- insert human in loop to confirm / correct OCR row by row
- insert human to select redact line + redact area
- interpolate justified components: character spacing, word spacing, etc.
- iterate over known text with candidate fonts until best match.
- iterate over candidate words in best font until best match.
- success?  what confidence? (GOTO 10)
(the extra work for char by char and whole doc dis-assembly is in case
a "re-assemble scanned chars into candidate" rather than "match font
and re-produce text candidate" mode is needed.)

something better, Beuller?  ... Beuller?
... this won't be the last time i find this code useful!


current working set, including known wrong (please add suggestions :)
FeliCa and AMD
Nortel Networks
Apple and ARM
Array Networks
Cisco and Atmel
Philips and VIA
HiFn and Atmel
Cisco and ARM
Cisco and HiFn
Intel Ivy Bridge
Intel RDRAND
Atmel and IBM
Atmel and VIA
Apple and VIA
Intel and AMD
Intel and ARM
Forum Systems
VIA XSTORE
Cavium Nitrox
CAI Networks
A10 Networks
Cisco Systems
Citrix Systems
Sun SCA6000


More information about the cryptography mailing list