GCHQ's CESG team's crypto proposal isn't dumb, it's malicious... and I didn't notice

@ King Tut

Never had your phone nicked have you?

No blame attaches

The technique of government and security services is to make use of a more important part of Shannon's work; they degrade the channel by adding lots and lots of noise until there is so much noise that only the instructed can reconstitute the signal.

I would call it Orwellian, and I would be right.

IP Phone Home

I'm confused. I have at least a dozen phone numbers. Some are exclusively me but roam around, some i share and are fixed and others some combination of both. Some I intend to keep for life, some not and some are for sale. As for IPs its replicated except the volume is bigger.

I have difficulty keeping up to date on all of them. Be great if GCHQ had a neat little app I could look myself up on. Save a lot of bother with KeePass2 and Evernote ...

Three out of ten?

I'd make that one of ten for them (although nine out of ten for Orwellian-ness), and while the three out of ten for you is maybe fair, ten out of ten for saying so :-)

a user’s identity is their public key

And their public key is issued and can be revoked by.. whom? And used to securely identify themselves with all public sector services. And can be extended to a 'trusted identity' service for other commercial users. CESG is of course expected to generate business and revenues to support it's activities. And I'd rather trust CESG to do this than, say, Facebook. Sign into my NHS account with my Facebook ID? What could possibly go wrong?

Genuinely puzzled

"As a result, successive anencephalic attorneys-general in Australia and the UK's Home Secretary Theresa May have enacted legislation of such egregious idiocy it could have been drafted by a junior in the White Fish Authority."

What is it about the Home Office that causes every politician to enter it to turn into Attila the Hun? Even the seemingly innocuous Alan Johnson transmogrified into a little Hitler once installed.

Something in the air-conditioning?

-A.

What's wrong with using my DNA to show it's me?

I don't have a landline, when spam texts get to much , I dump my SIM and get another (probably every 6 months). Using CLI spoofers I can phone someone, they think it's someone else and I get their bank details.

So many things wong using *any* item to authenticate a person, using fresh DNA is the only real way. What's fresh DNA? Stuff that's just been swabbed from your cheek, not from the remenants of that pizza you chucked out last night.

Actually, it's not...

... a particular spot on a wiring harness in a telephone exchange that a bit of software associates with a number of a handset that can be used by anyone in the same place; or of a physical mobile phone

The public key identifies the secret key that the user has installed in the secure communications device that they use personally. Possesion of that device (and any PIN or passphrase needed to unlock it) is all the identity you need for this purpose. By the same token (sorry) you'd be arguing that the public key of the certificate stored in the smartcard you use to log on to your computer identifies the card and not you. It's technically true, but your possession of the card (its private key and the associate PIN/passphrase) is a proxy for your identity.

Your secure phone is perfectly capable of checking the remote party's secret key matches the public key it makes claim to.

Incidentally, the user might have more than one device with the same private key and the protocol specifically allows for things like secure voicemail that don't require the user (and associated key) to be available at the time of a message being left.

There may be a number of issues with the proposal (I'm not sure about the principle of the KMS or its scalability but I haven't read up on it enough) but its origin is more likely to be its downfall than any particular fault in its design.

Beware the minions!!

Our judiciary and police force, rammed to the brim with poor IT sense, look towards legislation for guidance and clarity.

When an act, so poorly conceived as has recently been proffered becomes law, then the multitude of interpretations that will spew from it will create a mountain of diabolical decisions, based, not on clear IT knowledge, but the insane mutterings of folk who have shown time and again, that they haven't a clue about how the interconnectedness of everything defeats their simplistic logic.

Using my IP address or telephone number to link me with crime is criminal in itself, but given that the people empowered to fuck my life up might not recognise this, scares the pants off me.

I think a person can be identified with a phone number or I.P. address, once you have enough data and know enough of what someone does then it's trivial, you lend your phone/I.P. to someone they use it, it's flagged as an an anomaly add in location and it wouldn't be that difficult to narrow down who that anomaly is especially if it happens a few times, add in your contact information taken from your phone and internet records it gets even narrower (lent your phone to a mate of a mate, it's flagged). Switch devices/I.P./numbers and you're still going to be identifiable as someone that does this. I think of it as a big nasty dataset they are getting their hands on which will identify everyone regardless.

So with all that in mind is it that difficult to see why a phone number or I.P. address could be used to identify someone?

I love the way A.N.Other hack thinks GCHQ are dumb

The politicians might be dumb, ok , not might, are. But the people at GCHQ are extremely smart and we only find out a fraction of what they get up to. In fact the fraction they want us to know.

Still, I'm sure they're more than happy for you to underestimate them. In fact making sure you do is probably policy.

Treason against the UK and its citizens

The UK should pass laws against treason and impose them on GCHQ.

You don't need al Qada or IS when you've got GCHQ taking away your freedom and destroying your democracy.

Phone Numbers

..assuming that nobody's tricked it into presenting someone else's number.

There's no need for under-hand trickery. All you need is a Type 5 Presentation Number agreement with your telco. Once you have that, you can send any number you want. (And guessing from the dodgy/weird phone numbers I receive as PPI calls, I'm guessing all the PPI call centres have done so)

Before the days of VoIP, an exchange always associated two numbers* with a line: The presentation number and the network number. The network number was the real number for the line. For many people the two are the same. It's the network number that allows you to track back where the call came from.

But with VoIP, there's no network number, just a trail of SIP headers. And as we've all seen with SMTP & HTTP, user generated headers can be trusted 100%.

* Actually, there's often a third number, called the billing number which can be different again but that's only seen by billing systems not the phone network.

anencephalic

A little OT, but the word is used twice in the article; didn't know it, so image searched it.

To (figuratively) imply "lack of brains" by using the descriptor for (literally) lack of brains insults the poor sufferer of said disability more than the intended target (the legal profession) in this case.

We've evolved. We don't call people mongols or "flids" (Thalidomides) any more do we?

A new high in brainrot buzzfetishwords

A telephone number as a 'public key'? And used to obtain 'private keys' from a KMS? hahahahaha

Sadly, I actually read the drivel and might have thereby acquired a drive by brainrot infection.

"A telephone number does not identify a human."

It does if the SIM card holding it is implanted into the brain.........

its coming folks, its not far away

It was *this* close!

Heh. Reminds me of a conversation I had with a Bell Labs engineer 30 years ago ... he was telling me we had gotten the system all wrong. That instead of assigning numbers to telephone lines we should have put phone company reps in every hospital and assigned telephone numbers to people at birth!

;-)

The goal of all this is not just to find track phone or internet records or whatever any given proposal or law is targeted at.

The core goal, the real aim, is to have every person uniquely identifiable to the government and for that identity to follow them wherever they go and be attached to whatever they do.

They want and internal passport.

Not only that, but they want that passport to tie into and be required for everything you do. In regards to phone numbers and IP addresses, the goal - I am nearly sure - is to have these identifiers attached not to hardware like phones and routers, but to people, such that when you use a phone you have to log in (in whatever fashion) and that phone is then assigned your phone-number equivalent. Modern VoIP systems already have this feature - Cisco call it 'Extension Mobility'.

Every device, of course, would also have a unique identifier (lMEI but similar system for 'fixed' phones) and it would be easy to have phones able to dial out without anyone logged-in, but to restrict this to certain emergency numbers so as to handle that concern.

To receive calls, of course, you must be logged in and this provides further benefit for tracking people.

Perhaps that all sounds a bit far fetched but spooks want to be able to uniquely identify who is making or receiving a call and they have indicated that they want to do so with phone numbers - something not currently suited for the task. One interpretation of that is that they are just being idiots. BUT, another way to interpret the intersection of those facts is that spooks want phone numbers to become unique identifiers of the person using the phone at that moment.

Anyone have a spare roll of foil? I'm almost out.

So

Every time I pick up a different phone, I change identity.

All that disguise nonsense is a total waste of time then.

BTW if you phone my home number you might get me, or the wife, or one of the kids, or the cleaning lady; but clearly they are all the same to a spook.

Must post anonymously, as I don't have a phone in my hand.

Not Paranoid Enough!

How does identity-based encryption work?

Anyone who knows my identity can compute my public key.

But I was given my private key, based on my identity, from a trusted central authority.

Since telephone numbers do get re-used, the fact that they don't identify a person is, indeed, an additional flaw. But the fact that the private keys are generated by the trusted central authority generating them all - in random order, to eventually get to everyone's private key - means that the "malicious" part is simply the fact that identity-based encryption, even based on a valid identifier, is being proposed.

The telephone number part was no doubt just to distract people from the real problem, so that a "corrected" proposal would find acceptance! And you fell right into their trap!

Do your research Reg!

I'm sure a lot of what GCHQ does is malicious, but endorsing legitimate academic cryptography isn't one of them.

All the arguments you make about this being 'malicious' apply to all of identity-based crypto (IDPKC), and looking at this RFC it's just (rather cumbersomely) endorsing academic research published 12 years ago. I suggest you email Dan Boneh at Stanford who invented much of this field of cryptography and get his view, or any other cryptographer worth his salt. Perhaps do some research next time before jumping to misinformed conclusions.

In TLS or IPSec you authenticate with a PKI certificate in much the same way. This is also not 'a person' and this is also not malicious. In this case of IDPKC the telephone number (or anything else) *is* the PKI certificate. This is actually pretty cool, and there's some very clever academics behind the original research. How or if it is associated with a person is just not relevant.