[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Service denial attacks on Eternity




Tim May wrote:

> It is also likely in the extreme that a working Eternity service will
> quickly be hit with attackers of various sorts who want to test the limits
> of the service, or who want such services shut down.

Exactly. When I first talked about Eternity, which was at either the
1994 or 1995 protocols workshop, I was walking back to my seat when
Bob Morris (then at the NSA) said, from behind his hand in a stage
whisper, `Kiddyporn!'

Adam Back added:

> the spooks / feds have a history of posting their own child porn if
> none is available to seize

Indeed, and a decade or so ago there was a scandal when it turned out
that the spooks were using the Kincora Boys' Home in Belfast as a pedo
brothel in order to entrap various local politicians. For them to say
now that they need key escrow to suppress Kiddyporn is a bit rich!

However the main threat is the court order - Anton Pillar or whatever
- and the best weapon against court orders is anonymity. If they don't
know your address they can't serve you the order or arrest you for
contempt.

Tom Womack:

> I can imagine *use* of the service becoming a felony

I mentioned in the paper that Mossad might deny Eternity service to
the Muslim world by posting something rude about the Prophet Mohammed.

One must of course create a lawful excuse for people to have Eternity
software mounted on their system. Maybe in addition to the `public'
Eternity service we should have many corporate or even private
services, many of which have escrow capabilities and are thus clearly
law-abiding and accountable :-)

There are many other possibilities. One topic that oozes into my
consciousness from time to time is that one might integrate covert
communications and storage with an anti-spam mail program - maybe a
natural way forward if Adam hides Eternity traffic in spam!

Tim again:

> Great idea, but where are the customers?

Some 90% of security research effort is on confidentiality, 9% on
authenticity and 1% on availability. Corporate infosec expenditures
are exactly the other way round, and tools to enable disaster recovery
databases to be spread holographically over a company's PCs could save
a fortune compared with the cost of some current arrangements. If a
few of these backup resources have hidden directories that mount the
public Eternity service, then who can tell?

At the Info Hiding Workshop at Portland in April, I will present a new
idea which may facilitate such implementations of Eternity. This is
the Steganographic File System - designed to provide you with any file
whose name and password you know. If you don't know this combination,
then you can't even tell that the file is there. We do not need to
make any assumptions about tamper resistance; it can be done using
suitable mathematics. (This is joint work with Roger Needham and Adi
Shamir.)

Ross

PS: we need a better word for `eternityspace', and Bell Labs have
already trademarked `Inferno'. So what - Nirvana? Valhalla?