Rc3: the heavy collateral damage of the first crypto was

RC3: The heavy collateral damage of the first Crypto was

What have millions of insecure rfid chip cards, which are used, among other things, for access controls, and an increasing number of car hells with the rings to do secure sealing? For ross anderson a lot. The professor of security engineering at the university of cambridge pays these phenomena to the heavy collateral damage of the first round of the continued crypto wars of the 1990s.

At that time, the us government tried under prasident bill clinton to largely prevent the export of hardware and software for secure closure procedures and also destroy us burger when using cryptographic solutions with the clipper chip. Scientists and burgerechtler had already warned that with such restrictive politics the it security has been massively affected. It only helps criminals if the industry consciously install weaknesses in their products must not be closed or laughing in the interest of security robes.

Blockade with consequences

Us deputy presentation al gore officially ended the fight against the it economy in 2000. However, the massive consequences are still trailable, anderson explained on monday on the remote chaos communication congress (rc3). According to anderson, for example, all wireless attenuation systems of cars use insufficient shutters. Therefore, it is not surprised that the number of car help meters has almost doubled in recent years. Although not all these deeds are due to weak suspension. The crypto was guided into a false culture in this area.

According to the scientist, millions of turse systems use rfid chip cards of the generation mifare classic generation, which has been considered cracked for many years. Even at the university of which he teaches, this is the way it was exchanged last 20 years ago. A renewed change is expensive, many institutions had therefore waived so far.

Also unsafe gsm mobile (2g) owes the world to the targeted weakness of closure methods. Including the following standards, including the current specification 5g, the matter was not much better. Similarly, it behaves with bluetooth, which is also easy to crack. In addition, since then, most of the states have been prepared via certification bodies, whom the geared browsers are familiar to blindly. They open them for man-in-the-middle attacks with folded but officially signed certificates. Although some browser manufacturers had introduced a maaking with public key pinning to secure the https protocol. But this procedure is controversial, the problem continues to be widespread.

Concealed vulnerabilities

According to oderson, intelligence stores secure in part serve heavy security, including zero-day exploits over certs (computer emergency response teams). Thus, about the nsa or british pendant gchq so far, unknown weaknesses take advantage of one to three months before being sealed. And should the nsa itself identify a security chute, they probably unopolit you, even though they were so 300 million americans. Rather, they will go over to attack and prefer potentially 450 million europe and a billion chinese with their knowledge.

The wars around the closure also flared up again, explained anderson. For example, the eu commission has been using technical solutions for the deceleration of messages, using the fight against the dissemination of sexual abuse representations of children as a pretext. In principle, it is about the use of upload filters with hash procedures in user software that should be supported in the server side. But among the consultants of brusseler government institution were old acquaintances from the gchq like ian levy and crispin robinson.

In parallel, investigators from eu states such as great britain, france and the netherlands showed in the case of encrochat, according to the 64-year-old, that they are well able to subside even strong casing with root kits and 45.000 mobile endgerate in one "targeted" to absorb. The eu council of ministers adopted a resolution of which for security authorities to be a form of outdoor access to captive data in plain text and help the it economy.

Remove defensive gait

For the emerging cold war 2.0 between the west and china anderson demanded a paradigm shift. The defensive gait should finally be significantly expanded towards the offensive: "we have to defend all, not just the elites." the us and the eu should jointly face the site of freedom, protection of privacy and the rule of law. Otherwise they came quickly into an environment in which confidential communication was no longer allowed.