baco © 2007 baco s.à.r.l. information warfare the operational need for national cryptology...
TRANSCRIPT
© 2007 BACO S.à.r.l.
BACO
Information Warfare
The operational need for national cryptology solutions – a user‘s view
BACO S.à.r.l.46, rue de l‘HôpitalL-4137 Esch-sur-Alzette
Centre de Recerca Matemàtica, 2007
BACO S.à.r.l. 2007
BACO
Contents
Industrial Espionage
Waasenaar Arrangement
Crypto Policy
Key Management Infrastructure – Key Escrow
BACO S.à.r.l. 2007
BACO
What do we talk about ?
Information warfare is the use and management of information in pursuit of a competitive advantage. It comprises– collecting information, – assurance that one's own information is valid, – spreading of propaganda or disinformation, – undermining the quality of opposing force
information, – and denial of information collection
opportunities to others.
BACO S.à.r.l. 2007
BACO
With friends like this ...
BACO S.à.r.l. 2007
BACO
ECHELON
Australia, Canada, New Zealand, UK and USA operate under th 1948 UKUSA-Agreement to
– monitor international telecommunication satellites – INTELSAT,
– intercept non - INTELSAT communications,
– tap land based or sub-sea communication cables plus microwave communications.
BACO S.à.r.l. 2007
BACO
National Security Agency /Central Security Service – NSA/ CSS
60 – 100.000 collaborators world‘s largest employer of mathematicians CSS controls all US Signal Intelligence ( SIGINT ) budget in excess of US $ 30 billion ( 1998 27 billion )
beyond democratic control
Fort Meade, Maryland, USA
BACO S.à.r.l. 2007
BACO
ECHELON Report
On Sept. 05th, 2001, G. Schmid, rapporteur of the Temporary Committee on the ECHELON Interception System, presented his report to the European Parliament.
„The existence of a global system for intercepting communications, operated by) the USA, the UK, Canada, Australia and New Zealand under the UKUSA Agreement, is no longer in doubt.“
BACO S.à.r.l. 2007
BACO
ECHELON Site
Misawa, Japan
BACO S.à.r.l. 2007
BACO
BACO S.à.r.l. 2007
BACO
FAPSI
Federalnoje Agenstwo Prawitelstwennoj Swjasi i Informazij
tasked, inter alia, with economic-technological espionage
ground-stations only in CIS, except Socotra Island, Yemen
SIGINT aircraft ( four outside-CIS bases ) and ships
service provider to western industry
BACO S.à.r.l. 2007
BACO
FAPSI
BACO S.à.r.l. 2007
BACO
DGSE
Direction Générale de la Sécurité Extérieure operates nine SIGINT stations in mainland France
stations in Djibouti, la Réunion, Kourou, Nouvelle-Calédonie, United Arab Emirates (?)
Co-operates with the Bundesnachrichtendienst
HELIOS Photo & SIGINT satellites
BACO S.à.r.l. 2007
BACO
DGSE
Domme, Périgord
BACO S.à.r.l. 2007
BACO
ONYX
The Swiss COMINT system ONYX is run by the Ministry of Defence in:
– Heimenschwand– Leuk– Zimmerwald ( Operations Centre )
for broad surveillance of military and civilian communications ( downlinks of INTELSAT, INMARSAT, EUTELSAT, PANAMSAT, ARABSAT, GORIZONT )
BACO S.à.r.l. 2007
BACO
ONYX Sites
VERESTAR in Leuk
BACO S.à.r.l. 2007
BACO
The Solution
To protect information we need national cryptology solutions not under control of the “big spy nations”.
Is this really the solution ?
If yes, how far ?
BACO S.à.r.l. 2007
BACO
Export Controls
The Waasenaar Arrangement of 1995, to which Luxembourg is a signatory, imposes export control on systems, equipment and components using the following (either directly or after modification):
– symmetric algorithm using a key longer than 56 bits; or– a public-key algorithm, in which the security of the algorithm
is based on one of the following:
(1) the factorisation of integers higher than 512 bits (e.g. RSA),(2) discrete log computations in the multiplicative group of a finite
field larger than 512 bits,(3) discrete log computations in a group other than those mentioned
above, and which is larger than 112 bits.
BACO S.à.r.l. 2007
BACO
Countries under export control
Afghanistan, Angola, Armenia, Azerbaijan, Bosnia-Herzegowina, Burundi, Cuba, Eritrea, Ethiopia, Iraq, Iran,
D R Kongo, Lebanon, Liberia, Libya, Mynamar (Burma), Nigeria, North Korea, PRC (except Hong Kong), Ruanda, Sierra Leone, Somalia, Sudan, Syria, Tansania, Uganda.
BACO S.à.r.l. 2007
BACO
Crypto Policy – GLIC* Report 1998
A survey yielded 76 responses:
– 30 Green ( no restrictions )– 19 Green / Yellow ( no restrictions, but respect Waasenaar
Arrangement )– 12 Yellow ( domestic controls plus Waasenaar Arrangement )– 3 Yellow / Red– 1 Red / Yellow– 6 Red ( tight controls )– 5 Unknown / no Response
* Global Internet Liberty Campaign
BACO S.à.r.l. 2007
BACO
Key Management Infrastructure ( KMI )
A large ( unknown ) number of countries requires national KMI.
NSA still requires world-wide KMI under their control.
Access to keys by national authorities based on applicable national and international law.
Governments‘ respect of national and international law ranges from „flexible“ to non-existent; under „anti-terrorism“ everything goes.
BACO S.à.r.l. 2007
BACO
Key Escrow
Governments need to fight crime – access to key escrow is understood.
Nobody really knows who actually will have access.
No western government can resist the „friendly approach“ of the NSA for access.
BACO S.à.r.l. 2007
BACO
My shopping list
Crypto solution that is not recognized as such
„Ad hoc“ keys ( individualized crypto )
On the spot key generation
Any „illegality“ shall be invisible
Steganography with file formats other than .bmp
BACO S.à.r.l. 2007
BACO
We may need to look into a different direction
BACO S.à.r.l. 2007
BACO
Into which direction ?
Operate beyond the reach of a particular legal jurisdiction.
Find legal loopholes – need to be the same in sending and receiving country.
Use strong encryption with „non-escrow“ keys.
„Super encrypt“ with a state approved - therefore „crackable“ – key ( or with steganography ).
BACO S.à.r.l. 2007
BACO
The government syndrome
Governments agree that industry should be protected from espionage with the help of strong crypto means, – but not strong enough to prevent governments
to spy on industry.
Governments want legal access to encrypted information, – but frequently do not respect international or
national law.
BACO S.à.r.l. 2007
BACO
The dilemma
Legal government interest
Crypto policy Key Escrow
Governments as spies
Illegal government action
Protection of industry
? ? ? ? ? ? ?
BACO S.à.r.l. 2007
BACO
The conclusion
Il est dangereux d‘avoir raisonquand le gouvernement a tort.
François Marie Arouet (Voltaire)
It is dangerous to be right when the government is wrong.