but some of the

and more of the

the the function well on

who's In the work together different way if and suffered a very upset the most sincere influence money but future home away from it we will define it for the 5th onto a is near the user should annotation side so assumed that I'm actually kickoff make focal of would but then I guess it's a single was 1 if not all of the finally reached the here under tightened no it's not christian so much thousand word it means that basically actually said 1992 on alignments Edmonton see 190 community features the on so that differ from 210 the news and then give you some so it the light had the 50th the affinity I've a Democrat deontic I'll switch to English now to spell certain people the troubles translating it then I put in that dialog so we're under the persist civil society networks from the persistent attacks by military forces the that's the facts military budgets are used to attack civil society and it's difficult to defend oneself and if you defend yourself you defend everybody else help defending everybody else that's the point and in but 1st we want to know what are they and what they are doing so know I adversary 1st they collect much of old

data they can collect we don't go to which extent but to a high extent analyze a small fraction into put into a tiny parts and understand less much less so they are not good in interpretation which that could be a possible danger for us if they misinterpret misinterpret telecommunications they took took so they all rely on traffic out whole communicates where with long when they do network of communication network analysis and the maintain a vast collections of identifiers identified as can be anything your browser

configuration is 1 of the 1st for almost identifier so this being used they used cookies of commercial Internet companies are stored in your browser so they have all the they've got all the data from chemical networks well you should know this so they're good in this they're really good and this that's the bad news they closely track everybody who talks rights or otherwise communicates about their activities so you're amongst the targets and in a few but just collected and single this part let's keep it there for further analysis what they can do they can break free cryptography all the time they talk about breaking cryptography them operating cryptography the break key change protocols assisted by random number generators that are not random and have proved that and poisson standards of civil used in civil society by influencing the the

Grenier see the i there we found 26 ITF draft standards co-authored by and say stuff from 1975 they did the 1st in 1975 and then stop for 7 or more years it 2 thirds all of these out some of them became standards update the date from 2009 and to the now so they had to they 8 or so idea of documents from 1975 to 2009 and all the rest states from 2009 there is something fishy going on you know so I'll show you 2 examples Lake uh well that's here let's start here uh 1 of these drafts was called extended random this is 80 protocol extension of the TLS protocol so when it was introduced in 2008 it was not approved because the engineer said at the idea of the civilian said no yes we know that should be doing you tell us that this is some it that that's something you show and its efficient but we don't know what we don't see it can explain they couldn't the say we needed industry needed and so we looked a bit back and then we solve this extended random dated back to another effort as early as 2006 so the and is able run program started much earlier than with fault and the author is NASA information as assurance technical chief and a is Margaret salt our and is it was her who introduced both of these both unsuccessfully so in 2008 so tool Midas of cryptographers Ferguson and uh issue morph found another thing I do of it as a a random number generator you know for the encryption you need random numbers fall encryption process if the rock uh random numbers are marked random it's no real encryption can vary engineer so that was these elliptic curve random in you see there are always in the 2 coasts around they introduced this as a standard and that was pretty because there were critics said like Schumer from Ferguson um what does this do it's not even faster than any other random generators and so on they didn't could make out for what you this so recently a group of cryptographers led by Matthew from Johns Hopkins University and but those numbers tried this with the RSA should be used to be safe refuse flows through everywhere on the machines and the they tried to he CTR together with the extended random extension and there were really surprised they

could crack the elliptic curve random number generators took them to a 3 hours when the extended random protocol extension was added decryption was sped up 5 4 foot with a factor of 65 thousand so it took them 2 seconds to break the and encryption about 3 hours so that this suggests a need you what it's always the

same um pattern protocol extensions that are somewhat how useful elliptic curves and a block chaining mode called very low catalog count them uh count loan to last day counter mode the uh all elements under suspicion here would criticize before as we know here we have Ferguson warning off off-color counter mode

to use it in real-time protocols real-time protocols means bankrupt voice over IP telephony uh well it became and this standard national interests at Institute of Standards and Technology in the use a nevertheless in 2007 and in thousand there was an NSA drafted the i TF

suggesting dialog counter mode floor s RTP this is nothing but an encrypted real-time protocol so you know you you you just start understanding how they do it elliptic curves algoritm and always involved 1st comes an NSA led new standard because they're leading the deleting the security groups and the National Institute of Standards and Technology in the USA and we let me recall when I started analyzing the it's a surveillance documents in I bake 1999 I've found all relevant documents by using 1 to Rome for search and you know which term it was it was lawful because every document had lawful interception on it there 2 there is some similar there are some similarities here because all these elements introduced by NSA staffers a priestess effective so it's searched for effective and I found but so

here we have this turned out in the ETSI in 2011 I couldn't make we couldn't make sense out of it because it doesn't make sense it's the

Britain's breaking scheme at the uh at the exchange level so when both parties stopped to generate a common session key the this mechanism comes in and you see that they're showing 2 with handsets here that's plain wrong that's plane deception really it

is 1 hand said can be a tablet a smartphone whatever communicating via HTTP S with some websites and that's the way that only but that was 1 . we couldn't explain then in 2011 and now we can explain it off that Edward Snowden's the the entire process really lie the on the end on them on a random number generators that produce no random numbers the was introduced

this was introduced so the 3rd Generation Partnership Project this is very closely related to the European Telecoms Standards Institute this is their workgroup name allies lawful interception in autumn by as early as autumn 2010 by the Secretary of this group this guy's name is Ian Cooper and he's from the National technical assistance whenever this is a gchq unit this guy's the Secretary of this group so move these are part of the discussion difficulties can arise when airline mechanism and mechanisms are not engineered into systems at the early stage I I think that explains all you have to do it very early on so the process will function neatly that's mystical plane as he wrote it and by the way anybody in here wants this documents of the whole set here and you can look it up there is much more in it than I can show you and I would appreciate if some people that are really good intrapersonal not the the ringing crypto as I do would it be would like to analyze it said all UK government developed the number the exchange form what which supports S. LRI requirements this is the UK method there was the with discussions in in in this group walk which met method the should apply so it has additional benefits such as lower latency it's quick it's fast you can do it on on is entrusted of scale that's the effect

50 of this measure I will then propose uh this is the

the ETSI the breaking shakes shame and somewhat those the use uh the procedures all of the time yeah well up what the sites In these people should be put on those of a year and then they start breaking their encryption this is all about mobile networks of of nothing else it's all mobile and um so the the the my K I basically seem off x 0 resembles traditional law enforcement methods the British method bad not to resemble civilian methods it's military-style because they break any key that appears on the net and story and if you manage to get into the key change when the key exchange yeah mechanism start that's when you go to

a website that uses HTTP as there will be a session key and that will be drafted thereafter and this will be composed of parts of bowls elements of both secrets swallows on the website and on their hands so both that's what we learned then both approaches seems to rely on non ran dom numbers generated the by a a random number generator yeah the by 2000 said 10 and that was all already in use other than the documents of this guy is called from a UK perspective as as of as it seems that have been introduced around 2000 as a as early as they 2008 or 2009 the corresponds nicely with all the avenues from that time the NSA but after you const beta center construction started similar mechanism amusement MIT mechanisms of a being deployed in US mobile networks and that was 1 friend don't break breakthrough reported by change spam for what he is the authority on the NSA he wrote the 1st book on the NSA the puzzle palace in 1988 and if pamphlet says so it is so at least in the past it was always according to his reporting so there was a the

breakthrough and at the same time the handsets turned over the entire mobile markets has turned around the which is not nowadays there just these handsets around so apparently what the NSA and the cheap and gchq do they use some kind of bond but the people principle do you know this but but the a K 5 is adenylyl the facilitator this people as to differently creates into different chambers of his body and a case of a pack of defense or attack these 2 liquids that upper say harmless each 1 is harmless but if you mix them and put them into a combustion and jammers the whole thing gets 100 great since use hot and explodes a similar mechanism happens at the happens at the standardization level extended random we can make much of the fit but they and we don't know what it is useful for it's just another extension foot TLS OK um we don't know what to make out of it the dual DCT the RBG alarm yes another random number generator on proposed to be very fast at ease and this Foster said uh well what should we do if that combined them and that but that's how the work because it's not so easy to smuggle entirely flawed standards into a collegium where there are first-class cryptographers sin so um we have here the these things are slim they're lean and they're pretty fast even if the processes come match the bigger these 1 on the bigger machines why because they have these they have linked critical they have lead security and going randomness this is fast if you use Fred so that is not a really crypto it will be faster than real encryption that's natural so this is the scheme 2 different

factors combined so the don't despair backlash but right now I can only recommend don't use on mobile handsets to do http S don't delete if you and I will customers you have the my say stream the British Xin implemented in the network so what you all it your secret part of the key will be compromised immediately sport as long as it is it as if it is valid nobody seemed to be a reserve well it's a long-term strategy nobody to wean for a decade or more so they were entirely free to do what they want all initial tactical of bull run is the and essays program tool Poisson photography to influence photography uh in the development development of of cryptographic methods in standards committees all around wherever they can the British counterpart is called Etude that's apparently what we saw in its so industry started addressing this now the you have you can bet that there is that these you guys already last lost some of the capabilities we can tell which capabilities possibly number of fiber-optic cables they had access to it have gone dark in between right industry is really worried because the NSA

scandal is trying to well influence the business in a negative way because the if if trust is gone you won't move as you on the net you move before freely and and openly and unsuspectingly I'm afraid this time is really over you got to defend yourself

each future steps to regain last capabilities that's the good news will be pretty

difficult because now there is suspicion that was not that did not exist before do not expect at which we neither they had a reason to call these 2 programs on breaking critical Bull run and that you run was the 1st battle in and in the American Civil War that she was the 1st battle in the British Civil War much earlier so even the other side expected a long process and we should know that when trying to address this the so what can you do that right now there is nothing

that make you can make you entirely secure but well this is different browsers connections hardware creating new identifiers and they already have difficulties to cope with the existing identifiers they have difficulties breaking make case on an industrial scale storing them and whenever there is the key so service the new secrets to to some user they have to redo the process that it's my hypothesis why they built the Utah Data Center In bluff stable and all the efforts of the chooses CHQ with the new headquarters in Cheltenham there is something fishy still inside all or most of the mobile handset and the 1st and foremost aspect is the Android system because there's always go after this is the the operating

systems that have the most of the market share of 1st that's only natural 1st they went the windows hello afterwards the went after the mobile windows which is called and read so In the NSA runs linux so you choose you should use it to

I'll tell you when uh somebody came up right after the bull run program surface for the 1st time people came up in there in the kernel programming circles around leanest told and said all my i we have this you will you see the RBG In the current low we'll through all the all moles Linares really got angry read the specifications and use all the Linux operating system uses 7 6 or 7 different random number generators and does not rely on 1 that is possibly in built into the hardware that is my suspicion these I don't think it's a it's the same dual you see the RBG but now let but managed a breakthrough sound what somehow around by the end of 2008 2 thousand start beginning of 2009 because then all the data flow that came in and it's still on the handsets we don't know exactly where it's it's because it's very hard

to tell you can't look into their hardware of these tiny things easily it's a long long process to region near that but I don't do which now don't do it on mobile machines while you can delete but don't expect in a security than tools like tall tales and travel without TIR encrypt every make e-mail traffic when possible let's not make this complicated 100 secure 100 % security is neither society nor possible and every step you choose to add up the of just a bit of security to your communications complicates the processes so you can start slowly fading

out if you use some of these methods because your profiles we'll

start getting blurred so these books are not wizards but bureaucrats and every stamped take spend years it the last effort I remember was the indices Clipper chip into that in 1995 well that was scrapped and the Clipper Chip was

nothing but a piece of hardware that should have been built in into every machine it would increase its nicely in between but the NSA will be able to open it easily so

that did not work because industry didn't wanted it took them it took them years to regain this position so that's more or less very quickly what the gist of what I can tell you I will I repeat everybody or once a documents of them with you with me and thank if you want to take a look at them you can bit into the ongoing so in a standards committee that is concerned with surveillance they call it lawful interception that's where you can reach me and all the everything I told you I've described in everything epically here on

the blog I'm doing for a war effort adopt AT described everything and it it is in german I just did it

in English here to spare said

certain people the troubles of translating it we have a good at-bat them occluded interpretation they they don't get this is they they just don't get it imagine there analysts opined that the in somewhere in data centers they are not allowed to

talk freely to anybody but to those who will rule of sport the same security clearances then then they have no ideas about have not that's no ideas about um well coded speech social elect the can't

interpret them because you just need to look at I R a t i r i e a r P a that intelligence Advanced Research Project Projects Agency agency this is nothing but the NSA research agency and the Freud it's full of projects that are about automatic interpretation of contents the intercepted so don't despair are this is just the bad face but it will turn around and I'll tell you the black budget in the US is about 50 billions that's about the same as the yearly revenue just of Google we have not counted in Facebook we have not counted in Microsoft and they are all interested to make the systems more secure because there no business will go down if they don't do so the thank you that's from me and if there are any questions so I will be here the outside world if you if you want to us personally I'll be available around here all the days of you can as either no events in English or like we can switch to german so it's no problem face and times and Italy what the we Eric um 1st

of all thanks a lot I appreciate what you're doing because you obviously researched the Lord and studies in and you put yourself into the public light here to explain of what to do so pressure some what you taught basically 2 to fight a war and I want us a question about it because I don't want to fight a war basically that's not the society and want to live I would like to ask you to describe a utopia that won't where you would like to live with which is mines which is not like a dystopian like 1984 we have seen it is supposed to vote where there is privacy which is possible where you can and analyze private data in a secure way but not destroyed all kinds of 1 I maintain maps and other services that we want to have that the reason why we buy the smartphones because you want to use the new world describe how it can be that's my question how can we do it in a positive way this

is only the question this is a really a difficult question nobody of FASyS against e-commerce nobody's is of of us is against electronic banking because it's use useful but

um don't do it from mobile the you know much more secure on a bigger machine with a real operating system on it because there are more factors in it more randomness tendency in tendency more randomness but you need to start you need to stop narrow and appointees and industry have the same interests here and it's at the end their interests it's against the interests of the secret services so we are not in such a weak position but you know industries always and a bit cause shows uh and uh they don't want to talk openly but I would appreciate it if we had people from banks from e-commerce websites here we don't want to destroy anything we like these things where the with technical affinity so why why would we destroy the

snow what we got to destroy and I'm afraid there is some kind of war we we're going to fight because it already has started and we did not stop it the other side is started Bull Run indeed cheated as similar wall they choose these words deliberately they know what they are doing so we must defend ourselves on all possible levels what I told you is just the simple aah roundup of of possible measures measures let's say parts of a possible strategy nothing else the tactics after you because you must defend the net everybody

otherwise we will be done and industry will be done as well because if nobody trusts online banking nobody will do it uh I was this was that sufficient

that you and I the and the through here and and there on 2 and a half and Yemeni but they need to fucking secure it to the united expensive sorry but the we know business will prove more expensive the fact that they will not take from me as I don't see any more questions thank you thank

you in the