[149234] in cryptography@c2.net mail archive
Re: [Cryptography] The crypto behind the blackphone
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Mon Jan 27 15:24:51 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAPLrYETDS4khqrXomXcgq_WPFM2Zjf=bT58uV_QX7SydpqwE8A@mail.gmail.com>
Date: Mon, 27 Jan 2014 15:04:42 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: =?ISO-8859-2?Q?Daniel_Cegie=B3ka?= <daniel.cegielka@gmail.com>
Cc: Ralf Senderek <crypto@senderek.ie>,
Cryptography <cryptography@metzdowd.com>, Jon Callas <jon@callas.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4211485966961391016==
Content-Type: multipart/alternative; boundary=001a11345aa0e9d6d704f0f937e7
--001a11345aa0e9d6d704f0f937e7
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On Mon, Jan 27, 2014 at 12:24 PM, Daniel Cegie=C5=82ka <daniel.cegielka@gma=
il.com
> wrote:
> 2014-01-27 Jon Callas <jon@callas.org>:
> >
> > On Jan 26, 2014, at 10:41 PM, Daniel Cegie=C5=82ka <daniel.cegielka@gma=
il.com>
> wrote:
>
> >> I don't know how they
> >> will solve the baseband problem (closed-source proprietary chip/RTOS
> >> running alongside e.g. Android).
> >>
> >>
> http://www.technologyreview.com/news/428632/gps-weakness-could-enable-mas=
s-smartphone-hacking/
> >>
> http://reverse.put.as/wp-content/uploads/2011/06/basebandplayground-luism=
iras.pdf
> >
> > There's no way we can solve this problem for the first device. Baseband
> security is a huge problem.
> >
> >>
> >> Crypto is the smallest problem in this project.
> >
> > Absolutely! Frankly, one of the things I consider most important is
> building the phone so that the OS can be updated for a reasonable life of
> the hardware.
> >
> > Jon
>
> What gives you the use of cryptography, if your phone is factory
> built-in backdoor (baseband)? Until not solve this problem, you can
> not say that Blackphone is really safe.
>
Yes they can.
I have no direct knowledge of the specs other than brief hints from Jon.
But it is pretty clear that this phone is going to offer application layer
encryption like the silent circle products do.
The big difference is that on this phone you can compile the code from
source and be sure there is no backdoor. Which is not really possible on
the iPhone version (though I guess someone could compile the source and
check that the deployed app matches if they provide source for that.)
There are some attacks that no application layer scheme can protect you
against. In particular, traffic analysis and metadata can't be fully
controlled, particularly for a system with a low user volume. Say there are
a million users of the phone and a thousand calls in progress at a time. if
the Feds are watching two people and one dials and the other picks up at
that very moment, they have a data point. If they do it a second time then
they have two data points. Three data points are enough to put the match
beyond reasonable doubt.
This is the attack that caught the jackass who tried to avoid a finals exam
with a bomb threat at Harvard last term. The police found that only five
people were using Tor on campus at the time. Now if the guy had been at
MIT...
I am pretty certain Jon and co have the confidentiality pretty well locked
down so that is an advance.
--=20
Website: http://hallambaker.com/
--001a11345aa0e9d6d704f0f937e7
Content-Type: text/html; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Mon, Jan 27, 2014 at 12:24 PM, Daniel Cegie=B3ka <span dir=3D"lt=
r"><<a href=3D"mailto:daniel.cegielka@gmail.com" target=3D"_blank">danie=
l.cegielka@gmail.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">2014-01-27 Jon Callas <<a href=3D"mailto:=
jon@callas.org">jon@callas.org</a>>:<br>
<div class=3D"im">><br>
> On Jan 26, 2014, at 10:41 PM, Daniel Cegie=B3ka <<a href=3D"mailto:=
daniel.cegielka@gmail.com">daniel.cegielka@gmail.com</a>> wrote:<br>
<br>
</div><div class=3D"im">>> I don't know how they<br>
>> will solve the baseband problem (closed-source proprietary chip/RT=
OS<br>
>> running alongside e.g. Android).<br>
>><br>
>> <a href=3D"http://www.technologyreview.com/news/428632/gps-weaknes=
s-could-enable-mass-smartphone-hacking/" target=3D"_blank">http://www.techn=
ologyreview.com/news/428632/gps-weakness-could-enable-mass-smartphone-hacki=
ng/</a><br>
>> <a href=3D"http://reverse.put.as/wp-content/uploads/2011/06/baseba=
ndplayground-luismiras.pdf" target=3D"_blank">http://reverse.put.as/wp-cont=
ent/uploads/2011/06/basebandplayground-luismiras.pdf</a><br>
><br>
> There's no way we can solve this problem for the first device. Bas=
eband security is a huge problem.<br>
><br>
>><br>
>> Crypto is the smallest problem in this project.<br>
><br>
> Absolutely! Frankly, one of the things I consider most important is bu=
ilding the phone so that the OS can be updated for a reasonable life of the=
hardware.<br>
><br>
> =A0 =A0 =A0 =A0 Jon<br>
<br>
</div>What gives you the use of cryptography, if your phone is factory<br>
built-in backdoor (baseband)? Until not solve this problem, you can<br>
not say that Blackphone is really safe.<br></blockquote><div><br></div><div=
>Yes they can.</div><div><br></div><div>I have no direct knowledge of the s=
pecs other than brief hints from Jon. But it is pretty clear that this phon=
e is going to offer application layer encryption like the silent circle pro=
ducts do.</div>
<div><br></div><div>The big difference is that on this phone you can compil=
e the code from source and be sure there is no backdoor. Which is not reall=
y possible on the iPhone version (though I guess someone could compile the =
source and check that the deployed app matches if they provide source for t=
hat.)</div>
<div><br></div><div>There are some attacks that no application layer scheme=
can protect you against. In particular, traffic analysis and metadata can&=
#39;t be fully controlled, particularly for a system with a low user volume=
. Say there are a million users of the phone and a thousand calls in progre=
ss at a time. if the Feds are watching two people and one dials and the oth=
er picks up at that very moment, they have a data point. If they do it a se=
cond time then they have two data points. Three data points are enough to p=
ut the match beyond reasonable doubt.</div>
<div><br></div><div>This is the attack that caught the jackass who tried to=
avoid a finals exam with a bomb threat at Harvard last term. The police fo=
und that only five people were using Tor on campus at the time. Now if the =
guy had been at MIT...</div>
<div><br></div><div>I am pretty certain Jon and co have the confidentiality=
pretty well locked down so that is an advance.</div><div><br></div><div>=
=A0</div></div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://h=
allambaker.com/</a><br>
</div></div>
--001a11345aa0e9d6d704f0f937e7--
--===============4211485966961391016==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4211485966961391016==--
