Posts

cryptographie, nombres aléatoires, random numbers

Cryptography: what are the random numbers for?

Hervé Debar, Télécom SudParis – Institut Mines-Télécom and Olivier Levillain, Télécom SudParis – Institut Mines-Télécom

The original purpose of cryptography is to allow two parties (traditionally referred to as Alice and Bob) to exchange messages without another party (traditionally known as Eve) being able to read them. Alice and Bob will therefore agree on a method to exchange each message, M, in an encrypted form, C. Eve can observe the medium through which the encrypted message (or ciphertext) C is sent, but she cannot retrieve the information exchanged without knowing the necessary secret information, called the key.

This is a very old exercise, since we speak, for example, of the ‘Julius Caesar Cipher’. However, it has become very important in recent years, due to the increasing need to exchange information. Cryptography has therefore become an essential part of our everyday lives. Besides the exchange of messages, cryptographic mechanisms are used in many everyday objects to identify and authenticate users and their transactions. We find these mechanisms in phones, for example, to encrypt and authenticate communication between the telephone and radio antennas, or in car keys, and bank cards.

The internet has also popularized the ‘padlock’ in browsers to indicate that the communication between the browser and the server are protected by cryptographic mechanisms. To function correctly, these mechanisms require the use of random numbers, the quality (or more precisely, the unpredictability) thereof contributes to the security of the protocols.

Cryptographic algorithms

To transform a message M into an encrypted message C, by means of an algorithm A, keys are used. In so-called symmetric algorithms, we speak of secret keys (Ks), which are shared and kept secret by Alice and Bob. In symmetric algorithms, there are public (KPu) and private (KPr) key pairs. For each user, KPu is known to all, whereas KPr must be kept safe by its owner. Algorithm A is also public, which means that the secrecy of communication relies solely on the secrecy of the keys (secret or private).

Sometimes, the message M being transmitted is not important in itself, and the purpose of encrypting said message M is only to verify that the correspondent can decrypt it. This proof of possession of Ks or KPr can be used in some authentication schemes. In this case, it is important never to use the same message M more than once, since this would allow Eve to find out information pertaining to the keys. Therefore, it is necessary to generate a random message NA, which will change each time that Alice and Bob want to communicate.

The best known and probably most widely used example of this mechanism is the Diffie-Helman algorithm.  This algorithm allows a browser (Alice) and a website (Bob) to obtain an identical secret key K, different for each connection, by having exchanged their respective KPu beforehand. This process is performed, for example, when connecting to a retail website. This allows the browser and the website to exchange encrypted messages with a key that is destroyed at the end of each session. This means that there is no need to keep it (allowing for ease of use and security, since there is less chance of losing the key). It also means that not much traffic will be encrypted with the same key, which makes cryptanalysis attacks more difficult than if the same key were always used.

Generating random numbers

To ensure Eve is unable obtain the secret key, it is very important that she cannot guess the message NA. In practice, this message is often a large random number used in the calculations required by the chosen algorithm.

Initially, generating random variables was used for a lot of simulation work. To obtain relevant results, it is important not to repeat the simulation with the same parameters, but to repeat the simulation with different parameters hundreds or even thousands of times. The aim is to generate numbers that respect certain statistical properties, and that do not allow the sequence of numbers to be differentiated from a sequence that would be obtained by rolling dice, for example.

To generate a random number NA that can be used in these simulations, so-called pseudo-random generators are normally used, which apply a reprocessing algorithm to an initial value, known as the ‘seed’.  These pseudo-random generators aim to produce a sequence of numbers that resembles a random sequence, according to these statistical criteria. However, using the same seed twice will result in obtaining the same sequence twice.

The pseudo-random generator algorithm is usually public. If an attacker is able to guess the seed, he will be able to generate the random sequence and thus obtain the random numbers used by the cryptographic algorithms. In the specific case of cryptography, the attacker does not necessarily even need to know the exact value of the seed. If they are able to guess a set of values, this is enough to quickly calculate all possible keys and to crack the encryption.

In the 2000s, programmers used seeds that could be easily guessed, that were based on time, for example, making systems vulnerable. Since then, to avoid being able to guess the seed (or a set of values for the seed), operating systems rely on a mixture of the physical elements of the system (e.g. processing temperature, bus connections, etc.). These physical elements are impossible for an attacker to observe, and vary frequently, and therefore provide a good seed source for pseudo-random generators.

What about vulnerabilities?

Although the field is now well understood, random number generators are still sometimes subject to vulnerabilities. For example, between 2017 and 2021, cybersecurity researchers found 53 such vulnerabilities (CWE-338). This represents only a small number of software flaws (less than 1 in 1000). Several of these flaws, however, are of a high or critical level, meaning they can be used quite easily by attackers and are widespread.

A prime example in 2010 was Sony’s error on the PS3 software signature system. In this case, the reuse of a random variable for two different signatures allowed an attacker to find the manufacturer’s private key: it then became possible to install any software on the console, including pirated software and malware.

Between 2017 and 2021, flaws have also affected physical components, such as Intel Xeon processors, Broadcom chips used for communications and Qualcom SnapDragon processors embedded in mobile phones. These flaws affect the quality of random number generation.  For example, CVE-2018-5871 and CVE-2018-11290 relate to a seed generator whose periodicity is too short, i.e. that repeats the same sequence of seeds quickly. These flaws have been fixed and only affect certain functions of the hardware, which limits the risk.

The quality of random number generation is therefore a security issue. Operating systems running on newer processors (less than 10 years old) have random number generation mechanisms that are hardware-based. This generally ensures a good quality of the latter and thus the proper functioning of cryptographic algorithms, even if occasional vulnerabilities may arise. On the other hand, the difficulty is especially prominent in the case of connected objects, whose hardware capacities do not allow the implementation of random generators as powerful as those available on computers and smartphones, and which often prove to be more vulnerable.

Hervé Debar, Director of Research and Doctoral Training, Deputy Director, Télécom SudParis – Institut Mines-Télécom and Olivier Levillain, Assistant Professor, Télécom SudParis – Institut Mines-Télécom

This article has been republished from The Conversation under a Creative Commons license. Read the original article.

The Alicem app: a controversial digital authentication system

Laura Draetta, Télécom Paris – Institut Mines-Télécom and Valérie Fernandez, Télécom Paris – Institut Mines-Télécom

[dropcap]S[/dropcap]ome digital innovations, although considered to be of general interest, are met with distrust. A responsible innovation approach could anticipate and prevent such confidence issues.

“Alicem” is a case in point. Alicem is a smartphone app developed by the State to offer the French people a national identity solution for online administrative procedures. It uses face recognition as a technological solution to activate a user account and allow the person to prove their digital identity in a secure way.

After its authorization by decree of May 13, 2019 and the launch of the experimentation of a prototype among a group of selected users a few months later, Alicem was due to be released for the general public by the end of 2019.

However, in July of the same year, La Quadrature du Net, an association for the defense of rights and freedoms on the Internet, filed an appeal before the Council of State to have the decree authorizing the system annulled. In October 2019, the information was relayed in the general press and the app was brought to the attention of the general public. Since then, Alicem has been at the center of a public controversy surrounding its technological qualities, potential misuses and regulation, leading to it being put on hold to dispel the uncertainties.

At the start of the summer of 2020, the State announced the release of Alicem for the end of the autumn, more than a year later than planned in the initial roadmap. Citing the controversy on the use of facial recognition in the app, certain media actors argued that it was still not ready: it was undergoing further ergonomic and IT security improvements and a call to tender was to be launched to build “a more universal and inclusive offer” incorporating, among other things, alternative activation mechanisms to facial recognition.

Controversy as a form of “informal” technology assessment

The case of Alicem is similar to that of other controversial technological innovations pushed by the State such as the Linky meters, 5G and the StopCovid app, and leads us to consider controversy as a form of informal technology assessment that defies the formal techno-scientific assessments that public decisions are based on. This also raises the issue of a responsible innovation approach.

Several methods have been developed to evaluate technological innovations and their potential effects. In France, the Technology Assessment – a form of political research that examines the short- and long-term consequences of innovation – is commonly used by public actors when it comes to technological decisions.

In this assessment method, the evaluation is entrusted to scientific experts and disseminated among the general public at the launch of the technology. The biggest challenge with this method is supporting the development of public policies while managing the uncertainties associated with any technological innovation through evidence-based rationality. It must also “educate” the public, whose mistrust of certain innovations may be linked to a lack of information.

The approach is perfectly viable for informing decision-making when there is no controversy or little mobilization of opponents. It is less pertinent, however, when the technology is controversial. A technological assessment focused exclusively on scholarly expertise runs the risk of failing to take account of all the social, ethical and political concerns surrounding the innovation, and thus not being able to “rationalize” the public debate.

Participation as a pillar of responsible innovation

Citizen participation in technology assessment – whether to generate knowledge, express opinions or contribute to the creation and governance of a project – is a key element of responsible innovation.

Participation may be seen as a strategic tool for “taming” opponents or skeptics by getting them on board or as a technical democracy tool that gives voice to ordinary citizens in expert debates, but it is more fundamentally a means of identifying social needs and challenges upstream in order to proactively take them into account in the development phase of innovations.

In all cases, it relies on work carried out beforehand to identify the relevant audiences (users, consumers, affected citizens etc.) and choose their spokespersons. The definition of the problem, and therefore the framework of the response, depends on this identification. The case of Linky meters is an emblematic example: anti-radiation associations were not included in the discussions prior to deployment because they were not deemed legitimate to represent consumers; consequently, the figure of the “affected citizen” was nowhere to be seen during the discussions on institutional validation but is now at the center of the controversy.

Experimentation in the field to define problems more effectively

Responsible innovation can also be characterized by a culture of experimentation. During experimentation in the field, innovations are confronted with a variety of users and undesired effects are revealed for the first time.

However, the question of experimentation is too often limited to testing technical aspects. In a responsible innovation approach, experimentation is the place where different frameworks are defined, through questions from users and non-users, and where tensions between technical efficiency and social legitimacy emerge.

If we consider the Alicem case through the prism of this paradigm, we are reminded that technological innovation processes carried out in a confined manner – first of all through the creation of devices within the ecosystem of paying clients and designers and then through the experimentation of the use of artifacts already considered stable – inevitably lead to acceptability problems. Launching a technological innovation without participation in its development by the users undoubtedly makes the process faster, but may cost its legitimization and even lead to a loss of confidence for its promoters.

In the case of Alicem, the experiments carried out among “friends and family”, with the aim of optimizing the user experience, could be a case in point. This experimentation was focused more on improving the technical qualities of the app than on taking account of its socio-political dimensions (risk of infringing upon individual freedoms and loss of anonymity etc.). As a result, when the matter was reported in the media it was presented through an amalgamation of face recognition technology use cases and anxiety-provoking arguments (“surveillance”, “freedom-killing technology”, “China”, “Social credit” etc.). Without, however, presenting the reality of more common uses of facial recognition which carry the same risks as those being questioned.

These problems of acceptability encountered by Alicem are not circumstantial ones unique to a specific technological innovation, but must be understood as structural markers of the contemporary social functioning. For, although the “unacceptability” of this emerging technology is a threat for its promoters and a hindrance to its adoption and diffusion, it is above all indicative of a lack of confidence in the State that supersedes the reality of the intrinsic qualities of the innovation itself.

This text presents the opinions stated by the researchers Laura Draetta and Valérie Fernandez during their presentation at the Information Mission on Digital Identity of the National Assembly in December 2019. It is based on the case of the biometric authentication app Alicem, which sparked controversy in the public media sphere from the first experiments.

Laura Draetta, a Lecturer in Sociology, joint holder of the Responsibility for Digital Identity Chair, Research Fellow Center for Science, Technology, Medicine & Society, University of California, Berkeley, Télécom Paris – Institut Mines-Télécom and Valérie Fernandez, Professor of Economics, Holder of the Responsibility for Digital Identity chair, Télécom Paris – Institut Mines-Télécom

This article was republished from The Conversation under the Creative Commons license. Read the original article here.

 

electromagnetic waves

Our exposure to electromagnetic waves: beware of popular belief

Joe Wiart, Télécom ParisTech – Institut Mines-Télécom, Université Paris-SaclayJoe Wiart, Exposition ondes électromagnétiques

This article is published in partnership with “La Tête au carré”, the daily radio show on France Inter dedicated to the popularization of science, presented and produced by Mathieu Vidard. The author of this text, Joe Wiart, discussed his research on the show broadcast on April 28, 2017 accompanied by Aline Richard, Science and Technology Editor for The Conversation France.

 

For over ten years, controlling exposure to electromagnetic waves and to radio frequencies in particular has fueled many debates, which have often been quite heated. An analysis of reports and scientific publications devoted to this topic shows that researchers are mainly studying the possible impact of mobile phones on our health. At the same time, according to what has been published in the media, the public is mainly concerned about base stations. Nevertheless, mobile phones and wireless communication systems in general are widely used and have dramatically changed how people around the world communicate and work.

Globally, the number of mobile phone users now exceeds 5 billion. And according to the findings of an Insee study, the percentage of individuals aged 18-25 in France who own a mobile phone is 100%! It must be noted that the use of this method of communication is far from being limited to simple phone calls — by 2020 global mobile data traffic is expected to represent four times the overall internet traffic of 2005.  In France, according to the French regulatory authority for electronic and postal communications (ARCEP), over 7% of the population connected to the internet exclusively via smartphones in 2016. And the skyrocketing use of connected devices will undoubtedly accentuate this trend.

 

electromagnetic waves

Smartphone Zombies. Ccmsharma2/Wikimedia

 

The differences in perceptions of the risks associated with mobile phones and base stations can be explained in part by the fact that the two are not seen as being related. Moreover, while exposure to electromagnetic waves is considered to be “voluntary” for mobile phones, individuals are often said to be “subjected” to waves emitted by base stations. This helps explains why, despite the widespread use of mobiles and connected devices, the deployment of base stations remains a hotly debated issue, often focusing on health impacts.

In practice, national standards for limiting exposure to electromagnetic waves are based on the recommendations of the International Commission on Non-Ionizing Radiation Protection (ICNIRP) and on scientific expertise. A number of studies have been carried out on the potential effects of electromagnetic waves on our health. Of course, research is still being conducted in order to keep pace with the constant advancements in wireless technology and its many uses. This research is even more important since radio frequencies from mobile telephones have now been classified as “possibly carcinogenic for humans” (group 2B) following a review conducted by the International Agency for Research on Cancer.

Given the great and ever-growing number of young people who use smartphones and other mobile devices, this heightened vigilance is essential. In France the National Environmental and Occupational Health Research Programme (PNREST) of the National Agency for Food, Environmental and Occupational Health Safety (Anses) is responsible for monitoring the situation. And to address public concerns about base stations (of which there are 50,000 located throughout France), many municipalities have discussed charters to regulate where they may be located. Cities such as Paris, which, striving to set an example for France and major European cities, signed such a charter as of 2003, are officially limiting exposure from base stations through a signed agreement with France’s three major operators.

Exposition ondes électromagnétiques, Joe Wiart

Hillside in Miramont, Hautes Pyrenees France. Florent Pécassou/Wikimedia

This charter was updated in 2012 and was further discussed at the Paris Council in March, in keeping with the Abeille law, which was proposed to the National Assembly in 2013 and passed in February 2015, focusing on limiting the exposure to electromagnetic fields. Yet it is important to note that this initiative, like so many others, concerns only base stations despite the fact that exposure to electromagnetic waves and radio frequencies comes from many other sources. By focusing exclusively on these base stations, the problem is only partially resolved. Exposure from mobile phones for users or their neighbors must also be taken into consideration, along with other sources.

In practice, the portion of exposure to electromagnetic waves which is linked to base stations is far from representing the majority of overall exposure. As many studies have demonstrated, exposure from mobile phones is much more significant.  Fortunately, the deployment of 4G, followed by 5G, will not only improve speed but will also contribute to significantly reducing the power radiated by mobile phones. Small cell network architecture with small antennas supplementing larger ones will also help limit radiated power.  It is important to study solutions resulting in lower exposure to radio frequencies at different levels, from radio devices to network architecture or management and provision of services. This is precisely what the partners in the LEXNET European project set about doing in 2012, with the goal of cutting public exposure to electromagnetic fields and radio frequency in half.

In the near future, fifth-generation networks will use several frequency bands and various architectures in a dynamic fashion, enabling them to handle both increased speed and the proliferation of connected devices. There will be no choice but to effectively consider the network-terminal relationship as a duo, rather than treating the two as separate elements. This new paradigm has become a key priority for researchers, industry players and public authorities alike. And from this perspective, the latest discussions about the location of base stations and renewing the Paris charter prove to be emblematic.

 

Joe Wiart, Chairholder in research on Modeling, Characterization and Control of Exposition to Electromagnetic Waves at Institut Mines Telecom, Télécom ParisTech – Institut Mines-Télécom, Université Paris-Saclay

This article was originally published in French in The Conversation France The Conversation