Europe, thy network is vanity

http://security.itworld.com/4361/040517euechelon/page_1.html

"The European Union is to invest €11 million (US $13 million) over the next four years to develop a secure communication system based on quantum cryptography, using physical laws governing the universe on the smallest scale to create and distribute unbreakable encryption keys, project coordinators said Monday.
Advertisement

If successful, the project will produce the cryptographer's holy grail -- absolutely unbreakable code -- and thwart the eavesdropping efforts of espionage systems such as Echelon, which intercepts electronic messages on behalf of the intelligence services of the U.S., Britain, Canada, New Zealand and Australia.

"The aim is to produce a communication system that cannot be intercepted by anyone, and that includes Echelon," said Sergio Cova, a professor from the electronics department of Milan Polytechnic and one of the project's coordinators. "We are talking about a system that requires significant technological innovations. We have to prove that it is workable, which is not the case at the moment." Major improvements in geographic range and speed of data transmission will be required before the system becomes a commercial reality, Cova said."


---

this is pocket change, really, so it's not as stupid as it looks at first glance.

let's ignore the E.U. BS spin here. I'll come to that later.

oh yeah... this idea was first implimented for commerical use a year ago by an American company.

http://www.magiqtech.com/

I can think of about a million better ways to invest your security money than quantum cryptography, even if you are a government.

the assumption is that NSA has broken RSA and other public-key protocols.

well, guess what.

in addition to having an army of mathmaticians and cryptographers, the NSA has been recruiting physicists like mad lately, even before this announcement. And they already had quite a stock.

theoretically, quantum cryptography is unbreakable.

well, theoretically, communism is a great idea.

it's not the theory most of the time, it's the execution and implimentation. Same with regular crypto.

there are already public crypto people pouring over quantum crypto schemes to come up with attacks on the implimentation in the public world.. you can bet the NSA is already moving like mad to do the same.

what good is your system if it is theoretically unbreakable under certain conditions, but someone with smarts can always get it to violate those conditions?

here's one- quantum cryptography, as currently devised, is vunerable to man the middle attacks.

I can't eavesdrop without messing up the photon stream.. but I can record the photon stream and retransmit an identical stream. You would never even know I was there.

also, just as public key algorithms rest on a set of assumptions, quantum crypto algorithms do too.

quantum crypto rests on what we have observed to be a stronger assumption than that you can't factor very large primes or the discrete logarithm at a certain rate, which we have no mathematical proof of.

but if someone finds some wiggle room in quantum theory, you are back to square one. And people will start looking a LOT harder. People knew remarkably little about factoring large primes until it became important to do so because of public-key cryptography.

also, one of the things is, NOT EVERYTHING IS QUANTUM ENCRYPTED!!!

you can't send quantum crypto messages at the present time over anything but special fiber optic cable dedicated lines.

and you will probably never be able to send quantum crypto over the Net.

the quantum crypto part will most likely involve exchanging keys for a conventional symmetric crypto algorithm to take over from the quantum crypto.

so, the keys are probably more secure... but the conventional symmetric algorithm itself is not any stronger.

you always attack the weak spot, and the part that uses the conventional algorithm is the weak spot.

a good symmetric crypto algorithm is theoretically stronger than a public key one.

but if you're assuming NSA can break RSA, why wouldn't they also have symmetric breaks?

but let's assume the crypto is unbreakable.

your computers aren't. The quantum routers's computers can be broken. The computers the messages are passed to are Swiss cheese.

the Europeans could do more to resist national-level survelliance by mandating that the type-safe computer language Objective Caml, one of the few quality French products in IT, is encouraged for use as a replacement for the C and C++ languages wherever possible.

This would protect against almost all of the most common attacks that subvert a computer from a remote location.


finally... both European and U.S. data networks are not even close to being properly secure in the first place.

if someone really wants this to work against Echelon, you need to start encrypting everything every citizen does on the Net. You have to give people encrypted cell phones. etc....


getting people to encrypt things is hard. There was a brilliant article on this called "Why Johnny Can't Encrypt." Basically, most encryption software sucks and is hard to use, although this is changing rapidly.

better designed, easy to use software that automatically encrypts everything as transparently as possible with conventional stuff would be great, but that won't be funded.

if you don't do this, information starts a-leakin'. A casual e-mail to a loved one can be packed full of choice info that can be inferred if the loved one's loved one is someone important.

everyone encrypted is not something the EU wants. In fact, it's already talking about a key-escrow system for anyone using the national quantum crypto network they propose to create. Meaning, the government gets your digital keys you transmit, so they can read your mail. In the name of stopping criminals and terrorists, of course.

luckily, the U.S already had this fight. the NSA's attempts at key escrow schemes were stomped into the ground, and didn't even make an attempted return with the Patriot Act. Strangely, they made the same arguments the EU is making now.

in some places like Britain, you can actually be forced to incriminate yourself by being given a 5 year jail term if you refuse to give up your crypto key to the government.

this key escrow is a bad idea from a civil liberties standpoint (for self-obvious reasons) and a security standpoint (someone/some people have to hold the keys, and the NSA just has to bribe that person and they can read everything) but it wouldn't stop the E.U. who feel they must control their citizens.

ok.

as for the statement, "Economic espionage has caused serious harm to European companies in the past,"

oh fucking really?

you mean like the harm that's done to the U.S. every year by E.U. countries who use their own crappy knock-off Echelon-like networks and even employ veteran national intelligence agents to go up to the hotels of prominent American businessmen staying in European motels and ransack their rooms for any useful data or blueprints?

France's technology programs would collapse if they couldn't steal technology from other more productive countries. The only other people on a level with the French in economic intelligence are our good buddies the Israelis. They at least have the excuse they're surrounded and need every weapon tech they can get, lame as it is.

and by "Economic Intelligence, causing harm to European countries," do you mean the multiple times the N.S.A revealed to U.S. companies and the world that the Europeans were bribing the hell out of some very unsavoury people in order to illegally get preferential treatment on contracts?

Or the numerous times the N.S.A. let U.S companies know everything E.U. competitors were doing... after they found out the E.U. companies had bugged the U.S. company in preperation for a bid and rhe NSA wanted to level the playing field?

the thing that galls European citizens about Echelon more than anything else is that they might have to compete on economics as opposed to outright theft.

this entire message will be inspected by the French and their puny Echelon-like system... just watch. I don't give a shit.

De Gaulle Vichy Collaboration Lockheed Martin EU F-22 blueprints Crusader Stryker Comanche toolings machine tools Cisco source code VASICs NMR MRI Algeria revolution Assassination L'ecole Sorbonne INRI impregnate-French-women-with-long-hard-American-dicks
CAD/CAM 7th generation fourth generation
jujubre-is-the-last-heterosexual-Frenchman-and-he's been-eyeing-Pierre-sorta-funny-lately SCADA hacking
Oringina Coca Cola trade secret patent copyright adaptive design human factors confidential secret TOP SECRET secret Orange Purple Red Yellow Blue HAARP

wow, what a hater.

"wow, what a hater."

Wow, what a substantive, ironclad rebuttal!

LOL cajones!

"Wow, what a substantive, ironclad rebuttal!"

Glad you liked it, anything else Buddha?

"Glad you liked it, anything else Buddha?"

No, thank you. That will be all. Dismissed.