friends [entries|archive|friends|userinfo]

## Arvind Narayanan's journal

Research Blog | Web page

Friday Squid Blogging: Eating Giant Squid [May. 24th, 2013|09:54 pm]
 bruce_schneier

http://www.schneier.com/blog/archives/2013/05/friday_squid_bl_377.html

How does he know this?

Chris Cosentino, the Bay Area’s "Offal Chef" at Incanto in San Francisco and PIGG at Umamicatessen in Los Angeles, opted for the most intimidating choice of all -- giant squid. "When it comes to underutilized fish, I wish the public wasn't so afraid of different shapes and sizes outside of the standard fillet," he said.

"I think the giant squid is a perfect example of an undervalued ocean creature. Everyone isn't afraid of squid but the size and flavor of the giant squid scares people because it has a very intense flavor but it is quite delicious."

I am surprised he has tasted giant squid?

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Training Baggage Screeners [May. 24th, 2013|05:17 pm]
 bruce_schneier

http://www.schneier.com/blog/archives/2013/05/training_baggag.html

The research in G. Giguère and B.C. Love, "Limits in decision making arise from limits in memory retrieval," Proceedings of the National Academy of Sciences v. 19 (2013) has applications in training airport baggage screeners.

Abstract: Some decisions, such as predicting the winner of a baseball game, are challenging in part because outcomes are probabilistic. When making such decisions, one view is that humans stochastically and selectively retrieve a small set of relevant memories that provides evidence for competing options. We show that optimal performance at test is impossible when retrieving information in this fashion, no matter how extensive training is, because limited retrieval introduces noise into the decision process that cannot be overcome. One implication is that people should be more accurate in predicting future events when trained on idealized rather than on the actual distributions of items. In other words, we predict the best way to convey information to people is to present it in a distorted, idealized form. Idealization of training distributions is predicted to reduce the harmful noise induced by immutable bottlenecks in people’s memory retrieval processes. In contrast, machine learning systems that selectively weight (i.e., retrieve) all training examples at test should not benefit from idealization. These conjectures are strongly supported by several studies and supporting analyses. Unlike machine systems, people’s test performance on a target distribution is higher when they are trained on an idealized version of the distribution rather than on the actual target distribution. Optimal machine classifiers modified to selectively and stochastically sample from memory match the pattern of human performance. These results suggest firm limits on human rationality and have broad implications for how to train humans tasked with important classification decisions, such as radiologists, baggage screeners, intelligence analysts, and gamblers.

New Report on Teens, Social Media, and Privacy [May. 24th, 2013|01:40 pm]
 bruce_schneier

http://www.schneier.com/blog/archives/2013/05/new_report_on_t_1.html

Interesting report from the From the Pew Internet and American Life Project:

Teens are sharing more information about themselves on their social media profiles than they did when we last surveyed in 2006:
• 91% post a photo of themselves, up from 79% in 2006.
• 71% post their school name, up from 49%.
• 71% post the city or town where they live, up from 61%.
• 53% post their email address, up from 29%.
• 20% post their cell phone number, up from 2%.

60% of teen Facebook users set their Facebook profiles to private (friends only), and most report high levels of confidence in their ability to manage their settings.

danah boyd points out something interesting in the data:

My favorite finding of Pew's is that 58% of teens cloak their messages either through inside jokes or other obscure references, with more older teens (62%) engaging in this practice than younger teens (46%)....

Over the last few years, I've watched as teens have given up on controlling access to content. It's too hard, too frustrating, and technology simply can't fix the power issues. Instead, what they've been doing is focusing on controlling access to meaning. A comment might look like it means one thing, when in fact it means something quite different. By cloaking their accessible content, teens reclaim power over those who they know who are surveilling them. This practice is still only really emerging en masse, so I was delighted that Pew could put numbers to it. I should note that, as Instagram grows, I'm seeing more and more of this. A picture of a donut may not be about a donut. While adults worry about how teens' demographic data might be used, teens are becoming much more savvy at finding ways to encode their content and achieve privacy in public.

skeuomorph: Dictionary.com Word of the Day [May. 24th, 2013|12:00 am]
 dictionary_wotd

skeuomorph: a design on an object copied from a form of the object when made from another material or by other techniques.

Messier 109 [May. 24th, 2013|08:38 am]
 apod

http://antwrp.gsfc.nasa.gov/apod/ap130523.html

Beautiful barred spiral

Synchronous Sampling and Clock Recovery of Internal Oscillators for Side Channel Analysis, by Colin [May. 23rd, 2013|08:24 pm]
 iacr_eprint

http://eprint.iacr.org/2013/294

Measuring power consumption for side-channel analysis typically uses an oscilloscope, which measures the data relative to an internal timebase. By synchronizing the sampling clock to the clock of the target device, the data storage and sampling requirements are considerably relaxed; the attack will succeed with a much lower sample rate. Previous work has demonstrated this on a system with a fixed and easily available clock; but real devices will often have an inaccessible internal oscillator, and may purposely vary the frequency this oscillator runs at (the Varying Clock countermeasure).

This work measures the performance of a synchronous sampling system attacking a modern microcontroller running a software AES implementation. This attack is characterized under three conditions: with a stable clock, with a clock that randomly varies between 4.5~MHz--12.7~MHz, and with an internal oscillator that randomly varies between 7.41~MHz--7.49~MHz.

Traces captured with the synchronous sampling technique can be processed with a standard Differential Power Analysis (DPA) style attack in all three cases, whereas when an oscilloscope is used only the stable oscillator setup is successful. This work also develops the required hardware to recover the internal clock of a device which does not have an externally available clock.

A Toolkit for Ring-LWE Cryptography, by Vadim Lyubashevsky and Chris Peikert and Oded Regev [May. 23rd, 2013|05:34 pm]
 iacr_eprint

http://eprint.iacr.org/2013/293

Recent advances in lattice cryptography, mainly stemming from the
development of ring-based primitives such as ring-$\lwe$, have made it
possible to design cryptographic schemes whose efficiency is
competitive with that of more traditional number-theoretic ones, along
with entirely new applications like fully homomorphic encryption.
Unfortunately, realizing the full potential of ring-based cryptography
has so far been hindered by a lack of practical algorithms and
analytical tools for working in this context. As a result, most
previous works have focused on very special classes of rings such as
power-of-two cyclotomics, which significantly restricts the possible
applications.

We bridge this gap by introducing a toolkit of fast, modular
algorithms and analytical techniques that can be used in a wide
variety of ring-based cryptographic applications, particularly those
built around ring-\lwe. Our techniques yield applications that work
in \emph{arbitrary} cyclotomic rings, with \emph{no loss} in their
underlying worst-case hardness guarantees, and very little loss in
computational efficiency, relative to power-of-two cyclotomics. To
demonstrate the toolkit's applicability, we develop two illustrative
applications: a public-key cryptosystem and a somewhat homomorphic''
symmetric encryption scheme. Both apply to arbitrary cyclotomics, have
tight parameters, and very efficient implementations.

A Leakage Resilient MAC, by Dan Martin and Elisabeth Oswald and Martijn Stam [May. 23rd, 2013|05:34 pm]
 iacr_eprint

http://eprint.iacr.org/2013/292

We put forward a message authentication code (MAC) for which we claim a high degree of resilience against a key-recovering attacker expoiting practical side channels. We achieve this by blending
the lessons learned from many years of engineering with the scientific
approach provided by leakage resilience. This highlights how the two often disparate fields can benefit from each other.

Our MAC is relatively simple and intuitive: we essentially base our construction on bilinear groups and secret share out our key. The shares are then refreshed before each time they are used and the algebraic properties of the bilinear pairing are used to compute the tag without the need to reconstruct the key.
This approach allows us to prove (in the random oracle model) existential unforgability of the MAC under chosen message attacks in the presence of (continuous) leakage, based on two novel assumptions:
a bilinear Diffie--Hellman variant and an assumption related to how leaky performing a group operation is.

In practice we envision our scheme would be implemented using pairings on some pairing friendly elliptic curve, where the leakiness of the group operation can be experimentally estimated. This allows us to argue about practical implementation aspects and security considerations of our scheme.
We compare our scheme against other leakage resilient MACs (or related schemes) that have appeared in the literature and conclude ours is both the most efficient and by far the most practical.

On Diffie-Hellman-like Security Assumptions, by Antoine Joux and Antoine Rojat [May. 23rd, 2013|05:34 pm]
 iacr_eprint

http://eprint.iacr.org/2013/291

Over the past decade bilinear maps have been used to build a large variety of cryptosystems. In parallel to new functionalities, we have also seen the emergence of many security assumptions. This leads to the general question of comparing two such assumptions. Boneh, Boyen and Goh introduced the Uber assumption as an attempt to offer a general framework for security assessment. Their idea is to propose a generic security assumption that can be specialized to suit the needs of any proof of protocols involving bilinear pairing. Even though the Uber assumption has been only stated in the bilinear setting, it can be easily restated to deal with ordinary Diffie-Hellman groups and assess other type of protocols.
In this article, we explore some particular cases of the Uber assumption; namely the n-CDH-assumption, the nth-CDH- assumption and the Q-CDH-assumption. We analyse the relationships between those cases and more precisely from a security point of view. Our analysis does not rely on any special property of the considered group(s) and does not use the generic group model.

Massive Group Message Authentication with Revocable Anonymity, by Boaz Catane and Amir Herzberg [May. 23rd, 2013|05:34 pm]
 iacr_eprint

http://eprint.iacr.org/2013/290

We present and implement schemes for authenticating messages from a
group of users to a recipient, with revocable anonymity and massive (very high) message rate. Our implementations present a trade-off between the efficiency and the security required: from online group managers that participate in every message sent to offline managers, from assuming a trusted group manager and a trusted recipient to securing against both entities. All implementations have the {\em traceablity} feature, allowing to distributively and efficiently trace
all messages that originated from a specific group member without violating anonymity of other members. In addition, our schemes are efficient and practical.

Secure Second Price Auctions with a Rational Auctioneer, by Boaz Catane and Amir Herzberg [May. 23rd, 2013|05:34 pm]
 iacr_eprint

http://eprint.iacr.org/2013/289

We present novel security requirements for second price auctions and a
simple, efficient and practical protocol that provably maintains these
requirements. Novel requirements are needed because commonly used requirements,
such as the indistinguishability-based secrecy requirement of encryption schemes
presented by \cite{goldwasser1982pep}, do not fit properly in the second price
auctions context. Additionally, the presented protocol uses a trustworthy
supervisor that checks if the auctioneer deviated from the protocol and fines
him accordingly. By making sure the expected utility of the auctioneer when
deviating from the protocol is lower than his expected utility when abiding by
the protocol we ascertain that a {\em rational} auctioneer will abide by the
protocol. This allows the supervisor to optimize by performing
(computationally-intensive) inspections of the auctioneer with only low
probability.

Key Classification Attack on Block Ciphers, by Maghsoud Parviz and Seyed Hassan Mousavi and Saeed Mi [May. 23rd, 2013|05:34 pm]
 iacr_eprint

http://eprint.iacr.org/2013/288

In this paper, security analysis of block ciphers with key length greater than block length is proposed. For a well-designed block cipher with key length k and block length n s.t. k>n and for all P, C, there are 2^{k-n} keys which map P to C. For given block cipher, if there is an efficient algorithm that can classify such keys, we propose an algorithm will be able to recover the secret key with complexity O(max{2^n, 2^{k-n}}). We apply this method on 2-round block cipher KASUMI.

The failure of McEliece PKC based on Reed-Muller codes., by I. V. Chizhov and M. A. Borodin [May. 23rd, 2013|05:34 pm]
 iacr_eprint

http://eprint.iacr.org/2013/287

This paper describes new algorithm for breaking McEliece cryptosystem, built on Reed-Muller binary code $RM(r, m)$, which receives the private key from the public key. The algorithm has complexity $O(n^d+n^4log_2n)$ bit operations, where $n=2^m, d=\text{GCD}(r,m-1).$ In the case of $\text{GCD}(r,m-1)$ limitation, attack has polynomial complexity. Practical results of implementation show that McEliece cryptosystems, based on the code with length $n=65536$ bits, can be broken in less than 7 hours on a personal computer.

Salvaging Indifferentiability in a Multi-stage Setting, by Arno Mittelbach [May. 23rd, 2013|05:34 pm]
 iacr_eprint

http://eprint.iacr.org/2013/286

Ristenpart, Shacham and Shrimpton (Eurocrypt 2011) recently presented schemes which are provably secure in the random-oracle model (ROM),
but easily broken if the random oracle is replaced by typical indifferentiable hash constructions such as chop-MD or prefix-free-MD.
They found that the indifferentiability framework, due to Maurer, Renner and Holenstein (TCC 2004), does not
necessarily allow composition in multi-stage settings, that is, settings consisting of multiple disjoint adversarial stages. On the positive
side, they prove that the non-adaptive chosen distribution attack (CDA) game of Bellare et al.~(Asiacrypt 2009), a multi-stage game capturing the security of deterministic encryption schemes,
remains secure if the random oracle is implemented by an NMAC-like hash function.

In this paper we introduce a framework to work with the indifferentiability notion in multi-stage scenarios. For this we provide
a model for iterative hash functions which is general enough to cover not only NMAC-like functions, but also functions such as chop-MD
or even hash trees. We go on to define a property on multi-stage games called \emph{unsplittability} which intuitively captures that
adversaries cannot split the computation of a single hash value over several stages. We present a composition theorem for
unsplittable multi-stage games which generalizes the single-stage composition theorem for indifferentiable hash functions. We then show that
the CDA game (adaptive or non-adaptive) is unsplittable for \emph{any} iterative hash function (thereby extending the preliminary results
by Ristenpart et al.). Finally, we prove that the \emph{proof-of-storage} game presented by Ristenpart et al.~as a counterexample to
the general applicability of the indifferentiability framework is unsplittable for any multi-round iterative hash function, such as
Liskov's Zipper Hash (SAC~2006).

One-Shot vs. Iterated Prisoner's Dilemma [May. 23rd, 2013|02:18 pm]
 bruce_schneier

http://www.schneier.com/blog/archives/2013/05/one-shot_vs_ite.html

This post by Aleatha Parker-Wood is very applicable to the things I wrote in Liars & Outliers:

A lot of fundamental social problems can be modeled as a disconnection between people who believe (correctly or incorrectly) that they are playing a non-iterated game (in the game theory sense of the word), and people who believe that (correctly or incorrectly) that they are playing an iterated game.

For instance, mechanisms such as reputation mechanisms, ostracism, shaming, etc., are all predicated on the idea that the person you're shaming will reappear and have further interactions with the group. Legal punishment is only useful if you can catch the person, and if the cost of the punishment is more than the benefit of the crime.

If it is possible to act as if the game you are playing is a one-shot game (for instance, you have a very large population to hide in, you don't need to ever interact with people again, or you can be anonymous), your optimal strategies are going to be different than if you will have to play the game many times, and live with the legal or social consequences of your actions. If you can make enough money as CEO to retire immediately, you may choose to do so, even if you're so terrible at running the company that no one will ever hire you again.

Social cohesion can be thought of as a manifestation of how "iterated" people feel their interactions are, how likely they are to interact with the same people again and again and have to deal with long term consequences of locally optimal choices, or whether they feel they can "opt out" of consequences of interacting with some set of people in a poor way.

genethliac: Dictionary.com Word of the Day [May. 23rd, 2013|12:00 am]
 dictionary_wotd

genethliac: of or pertaining to birthdays or to the position of the stars at one's birth.

Red Sprite Lightning with Aurora [May. 23rd, 2013|06:39 am]
 apod

http://antwrp.gsfc.nasa.gov/apod/ap130522.html

What's that in the sky?

"The Global Cyber Game" [May. 22nd, 2013|05:05 pm]
 bruce_schneier

http://www.schneier.com/blog/archives/2013/05/the_global_cybe.html

Executive Summary: This report presents a systematic way of thinking about cyberpower and its use by a variety of global players. The urgency of addressing cyberpower in this way is a consequence of the very high value of the Internet and the hazards of its current militarization.

Cyberpower and cyber security are conceptualized as a 'Global Game' with a novel 'Cyber Gameboard' consisting of a nine-cell grid. The horizontal direction on the grid is divided into three columns representing aspects of information (i.e. cyber): connection, computation and cognition. The vertical direction on the grid is divided into three rows representing types of power: coercion, co-option, and cooperation. The nine cells of the grid represent all the possible combinations of power and information, that is, forms of cyberpower.

The Cyber Gameboard itself is also an abstract representation of the surface of cyberspace, or C-space as defined in this report. C-space is understood as a networked medium capable of conveying various combinations of power and information to produce effects in physical or 'flow space,' referred to as F-space in this report. Game play is understood as the projection via C-space of a cyberpower capability existing in any one cell of the gameboard to produce an effect in F-space vis-a-vis another player in any other cell of the gameboard. By default, the Cyber Game is played either actively or passively by all those using network connected computers. The players include states, businesses, NGOs, individuals, non-state political groups, and organized crime, among others. Each player is seen as having a certain level of cyberpower when its capability in each cell is summed across the whole board. In general states have the most cyberpower.

The possible future path of the game is depicted by two scenarios, N-topia and N-crash. These are the stakes for which the Cyber Game is played. N-topia represents the upside potential of the game, in which the full value of a globally connected knowledge society is realized. N-crash represents the downside potential, in which militarization and fragmentation of the Internet cause its value to be substantially destroyed. Which scenario eventuates will be determined largely by the overall pattern of play of the Cyber Game.

States have a high level of responsibility for determining the outcome. The current pattern of play is beginning to resemble traditional state-on-state geopolitical conflict. This puts the civil Internet at risk, and civilian cyber players are already getting caught in the crossfire. As long as the civil Internet remains undefended and easily permeable to cyber attack it will be hard to achieve the N-topia scenario.

Defending the civil Internet in depth, and hardening it by re-architecting will allow its full social and economic value to be realized but will restrict the potential for espionage and surveillance by states. This trade-off is net positive and in accordance with the espoused values of Western-style democracies. It does however call for leadership based on enlightened self-interest by state players.

A Novel Proof on Weil Pairing, by Sutirtha Sanyal [May. 22nd, 2013|04:13 pm]
 iacr_eprint

http://eprint.iacr.org/2013/285

In this paper we will prove a basic property of weil pairing which helps in evaluating its value. We will show that the weil pairing value as
computed from the definition is equivalent with the ratio formula based on the miller function. We prove a novel theorem (Theorem 2) and use it
to establish the equivalence. We further validate our claims with actual random examples.

A Secure Paper-Based Electronic Voting With No Encryption, by Asghar Tavakkoli, Reza Ebrahimi Atani [May. 22nd, 2013|04:13 pm]
 iacr_eprint

http://eprint.iacr.org/2013/284

Abstract: We present a paper-based voting method that attempts to achieve the privacy of voters and election universal verifiability and integrity with only paper ballots and without using any cryptography method. The voting procedure is easy and it needs only selecting the intention of voter over screen of an electronic device. The rest of the voting procedure will be carried out by the device. Voter gets a receipt that can be used to verify that his vote has been counted in final tally as he intended. However the receipt cannot help voter to reveal who he voted for. Also vote selling or coercion is not possible even with the voter's cooperation. The ballot in our voting method has two side, one positive and one negative. Ballots have been prepared for voting in prepackaged form (i.e. 5 ballots per package). Some bubbles of each ballot are prefilled in random way. Numbers of positive and negative filled bubbles are equal with each other and also for each candidate in a package. For example if every package has 30 filled bubbles and if there are three candidates, there would be 10 filled bubbles for each candidate in a package. As it is clear half of those are positive and the other half are negative. The procedure of OneBallot voting is as follows: Voter puts the ballot inside of an electronic device and then he chooses his candidate on the device screen. Then device print another ballot exact same as the original one by one difference; the device fills one positive bubble or unfills one negative bubbles for the selected candidate. First action can be done on the original ballot but the second one needs to print new ballot inevitably. Then device makes a copy from new ballot as voter's receipt and transfers original ballot to the ballot box. After election, there will be a copy from all of ballots in a public board (i.e. a website).

Function-Private Identity-Based Encryption: Hiding the Function in Functional Encryption, by Dan Bon [May. 22nd, 2013|04:13 pm]
 iacr_eprint

http://eprint.iacr.org/2013/283

We put forward a new notion, function privacy, in identity-based encryption and, more generally, in functional encryption. Intuitively, our notion asks that decryption keys reveal essentially no information on their corresponding identities, beyond the absolute minimum necessary. This is motivated by the need for providing predicate privacy in public-key searchable encryption. Formalizing such a notion, however, is not straightforward as given a decryption key it is always possible to learn some information on its corresponding identity by testing whether it correctly decrypts ciphertexts that are encrypted for specific identities.

In light of such an inherent difficulty, any meaningful notion of function privacy must be based on the minimal assumption that, from the adversary's point of view, identities that correspond to its given decryption keys are sampled from somewhat unpredictable distributions. We show that this assumption is in fact sufficient for obtaining a strong and realistic notion of function privacy. Loosely speaking, our framework requires that a decryption key corresponding to an identity sampled from any sufficiently unpredictable distribution is indistinguishable from a decryption key corresponding to an independently and uniformly sampled identity.

Within our framework we develop an approach for designing function-private identity-based encryption schemes, leading to constructions that are based on standard assumptions in bilinear groups (DBDH, DLIN) and lattices (LWE). In addition to function privacy, our schemes are also anonymous, and thus yield the first public-key searchable encryption schemes that are provably keyword private: A search key sk_w enables to identify encryptions of an underlying keyword w, while not revealing any additional information about w beyond the minimum necessary, as long as the keyword w is sufficiently unpredictable.

DDOS as Civil Disobedience [May. 22nd, 2013|11:24 am]
 bruce_schneier

http://www.schneier.com/blog/archives/2013/05/ddos_as_civil_d.html

For a while now, I have been thinking about what civil disobedience looks like in the Internet Age. Certainly DDOS attacks, and politically motivated hacking in general, is a part of that. This is one of the reasons I found Molly Sauter's recent thesis, "Distributed Denial of Service Actions and the Challenge of Civil Disobedience on the Internet," so interesting:

Abstract: This thesis examines the history, development, theory, and practice of distributed denial of service actions as a tactic of political activism. DDOS actions have been used in online political activism since the early 1990s, though the tactic has recently attracted significant public attention with the actions of Anonymous and Operation Payback in December 2010. Guiding this work is the overarching question of how civil disobedience and disruptive activism can be practiced in the current online space. The internet acts as a vital arena of communication, self expression, and interpersonal organizing. When there is a message to convey, words to get out, people to organize, many will turn to the internet as the zone of that activity. Online, people sign petitions, investigate stories and rumors, amplify links and videos, donate money, and show their support for causes in a variety of ways. But as familiar and widely accepted activist tools -- petitions, fundraisers, mass letter-writing, call-in campaigns and others -- find equivalent practices in the online space, is there also room for the tactics of disruption and civil disobedience that are equally familiar from the realm of street marches, occupations, and sit-ins? This thesis grounds activist DDOS historically, focusing on early deployments of the tactic as well as modern instances to trace its development over time, both in theory and in practice. Through that examination, as well as tool design and development, participant identity, and state and corporate responses, this thesis presents an account of the development and current state of activist DDOS actions. It ends by presenting an analytical framework for the analysis of activist DDOS actions.

One of the problems with the legal system is that it doesn't make any differentiation between civil disobedience and "normal" criminal activity on the Internet, though it does in the real world.

theurgy: Dictionary.com Word of the Day [May. 22nd, 2013|12:00 am]
 dictionary_wotd

theurgy: the working of a divine or supernatural agency in human affairs.

The Red Rectangle Nebula from Hubble [May. 22nd, 2013|04:23 am]
 apod

http://antwrp.gsfc.nasa.gov/apod/ap130521.html

How was the unusual Red Rectangle nebula created?

Surveillance and the Internet of Things [May. 21st, 2013|11:15 am]
 bruce_schneier

http://www.schneier.com/blog/archives/2013/05/the_eyes_and_ea.html

The Internet has turned into a massive surveillance tool. We're constantly monitored on the Internet by hundreds of companies -- both familiar and unfamiliar. Everything we do there is recorded, collected, and collated -- sometimes by corporations wanting to sell us stuff and sometimes by governments wanting to keep an eye on us.

Ephemeral conversation is over. Wholesale surveillance is the norm. Maintaining privacy from these powerful entities is basically impossible, and any illusion of privacy we maintain is based either on ignorance or on our unwillingness to accept what's really going on.

It's about to get worse, though. Companies such as Google may know more about your personal interests than your spouse, but so far it's been limited by the fact that these companies only see computer data. And even though your computer habits are increasingly being linked to your offline behavior, it's still only behavior that involves computers.

The Internet of Things refers to a world where much more than our computers and cell phones is Internet-enabled. Soon there will be Internet-connected modules on our cars and home appliances. Internet-enabled medical devices will collect real-time health data about us. There'll be Internet-connected tags on our clothing. In its extreme, everything can be connected to the Internet. It's really just a matter of time, as these self-powered wireless-enabled computers become smaller and cheaper.

Lots has been written about the "Internet of Things" and how it will change society for the better. It's true that it will make a lot of wonderful things possible, but the "Internet of Things" will also allow for an even greater amount of surveillance than there is today. The Internet of Things gives the governments and corporations that follow our every move something they don't yet have: eyes and ears.

Soon everything we do, both online and offline, will be recorded and stored forever. The only question remaining is who will have access to all of this information, and under what rules.

We're seeing an initial glimmer of this from how location sensors on your mobile phone are being used to track you. Of course your cell provider needs to know where you are; it can't route your phone calls to your phone otherwise. But most of us broadcast our location information to many other companies whose apps we've installed on our phone. Google Maps certainly, but also a surprising number of app vendors who collect that information. It can be used to determine where you live, where you work, and who you spend time with.

Another early adopter was Nike, whose Nike+ shoes communicate with your iPod or iPhone and track your exercising. More generally, medical devices are starting to be Internet-enabled, collecting and reporting a variety of health data. Wiring appliances to the Internet is one of the pillars of the smart electric grid. Yes, there are huge potential savings associated with the smart grid, but it will also allow power companies - and anyone they decide to sell the data to -- to monitor how people move about their house and how they spend their time.

Drones are another "thing" moving onto the Internet. As their price continues to drop and their capabilities increase, they will become a very powerful surveillance tool. Their cameras are powerful enough to see faces clearly, and there are enough tagged photographs on the Internet to identify many of us. We're not yet up to a real-time Google Earth equivalent, but it's not more than a few years away. And drones are just a specific application of CCTV cameras, which have been monitoring us for years, and will increasingly be networked.

Google's Internet-enabled glasses -- Google Glass -- are another major step down this path of surveillance. Their ability to record both audio and video will bring ubiquitous surveillance to the next level. Once they're common, you might never know when you're being recorded in both audio and video. You might as well assume that everything you do and say will be recorded and saved forever.

In the near term, at least, the sheer volume of data will limit the sorts of conclusions that can be drawn. The invasiveness of these technologies depends on asking the right questions. For example, if a private investigator is watching you in the physical world, she or he might observe odd behavior and investigate further based on that. Such serendipitous observations are harder to achieve when you're filtering databases based on pre-programmed queries. In other words, it's easier to ask questions about what you purchased and where you were than to ask what you did with your purchases and why you went where you did. These analytical limitations also mean that companies like Google and Facebook will benefit more from the Internet of Things than individuals -- not only because they have access to more data, but also because they have more sophisticated query technology. And as technology continues to improve, the ability to automatically analyze this massive data stream will improve.

In the longer term, the Internet of Things means ubiquitous surveillance. If an object "knows" you have purchased it, and communicates via either Wi-Fi or the mobile network, then whoever or whatever it is communicating with will know where you are. Your car will know who is in it, who is driving, and what traffic laws that driver is following or ignoring. No need to show ID; your identity will already be known. Store clerks could know your name, address, and income level as soon as you walk through the door. Billboards will tailor ads to you, and record how you respond to them. Fast food restaurants will know what you usually order, and exactly how to entice you to order more. Lots of companies will know whom you spend your days -- and nights -- with. Facebook will know about any new relationship status before you bother to change it on your profile. And all of this information will all be saved, correlated, and studied. Even now, it feels a lot like science fiction.

This essay originally appeared on the Guardian.

pasquinade: Dictionary.com Word of the Day [May. 21st, 2013|12:00 am]
 dictionary_wotd

pasquinade: a satire or lampoon, especially one posted in a public place.

Blue Sun Bursting [May. 21st, 2013|04:59 am]
 apod

http://antwrp.gsfc.nasa.gov/apod/ap130520.html

Our Sun is not a giant blueberry.

Security Risks of Too Much Security [May. 20th, 2013|11:34 am]
 bruce_schneier

http://www.schneier.com/blog/archives/2013/05/security_risks_8.html

All of the anti-counterfeiting features of the new Canadian \$100 bill are resulting in people not bothering to verify them.

The fanfare about the security features on the bills, may be part of the problem, said RCMP Sgt. Duncan Pound.

"Because the polymer series' notes are so secure ... there's almost an overconfidence among retailers and the public in terms of when you sort of see the strip, the polymer looking materials, everybody says 'oh, this one's going to be good because you know it's impossible to counterfeit,'" he said.

"So people don't actually check it."

coalesce: Dictionary.com Word of the Day [May. 20th, 2013|12:00 am]
 dictionary_wotd

coalesce: to blend or come together.

Earths Richat Structure [May. 20th, 2013|08:23 am]
 apod

http://antwrp.gsfc.nasa.gov/apod/ap130519.html

What on Earth is that?

darg: Dictionary.com Word of the Day [May. 19th, 2013|12:00 am]
 dictionary_wotd

darg: a day's work.

Comet PanSTARRS with Anti Tail [May. 19th, 2013|07:19 am]
 apod

http://antwrp.gsfc.nasa.gov/apod/ap130518.html

Once the famous

consortium: Dictionary.com Word of the Day [May. 18th, 2013|12:00 am]
 dictionary_wotd

consortium: any association, partnership, or union.

The Waterfall and the World at Night [May. 18th, 2013|05:26 am]
 apod

http://antwrp.gsfc.nasa.gov/apod/ap130517.html

The Waterfall and the World at Night

Friday Squid Blogging: Striped Pyjama Squid Pet Sculpture [May. 17th, 2013|09:57 pm]
 bruce_schneier

http://www.schneier.com/blog/archives/2013/05/friday_squid_bl_376.html

Technically, it's a cuttlefish and not a squid. But it's still nice art. I posted a photo of a real striped pyjama squid way back in 2006.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Applied Cryptography on Elementary [May. 17th, 2013|07:59 pm]
 bruce_schneier

http://www.schneier.com/blog/archives/2013/05/applied_cryptog.html

In the episode that aired on May 9th, about eight or nine minutes in, there's a scene with a copy of Applied Cryptography prominently displayed on the coffee table. This isn't the first time that my books have appeared on that TV show.

motza: Dictionary.com Word of the Day [May. 17th, 2013|12:00 am]
 dictionary_wotd

motza: a large amount of money, especially a sum won in gambling.

Four X-class Flares [May. 17th, 2013|04:51 am]
 apod

http://antwrp.gsfc.nasa.gov/apod/ap130516.html

Swinging around the Sun's eastern limb on Monday,

Bluetooth-Controlled Door Lock [May. 16th, 2013|01:45 pm]
 bruce_schneier

http://www.schneier.com/blog/archives/2013/05/bluetooth-contr.html

Here is a new lock that you can control via Bluetooth and an iPhone app.

That's pretty cool, and I can imagine all sorts of reasons to get one of those. But I'm sure there are all sorts of unforeseen security vulnerabilities in this system. And even worse, a single vulnerability can affect all the locks. Remember that vulnerability found last year in hotel electronic locks?

Anyone care to guess how long before some researcher finds a way to hack this one? And how well the maker anticipated the need to update the firmware to fix the vulnerability once someone finds it?

I'm not saying that you shouldn't use this lock, only that you understand that new technology brings new security risks, and electronic technology brings new kinds of security risks. Security is a trade-off, and the trade-off is particularly stark in this case.