Robin Wilton's esoterica

A further update on the HMRC story. The following passage is from the BBC news site's article.

"Shadow Chancellor George Osborne said: "Let us be clear
about the scale of this catastrophic mistake - the names, the addresses
and the dates of birth of every child in the country are sitting on two
computer discs that are apparently lost in the post, and the bank
account details and National Insurance numbers of ten million parents,
guardians and carers have gone missing.

"They simply can not be trusted with people's personal information," added Mr Osborne.

Liberal Democrat Acting Leader Vince Cable said it was now the Treasury and not the Home Office that was "not fit for purpose".

"Why does HMRC still use CDs for data transmission in
this day and age? The ancient museum pieces it is currently using for
computing must be replaced."

I can more readily understand George Osborne's point than Vince Cable's. After all, the technology to secure the exchange of digital data pre-dates the invention of the CD by some decades. The issue is less one of why the data was being transferred on CD and more one of why it was being exchanged in clear.

Several of the politicians commenting on this have chosen to use it as an opportunity for sceptical comment on the plans for a National Identity Register, but I think that's slightly missing the point. Yes, competent governance of such a register should be a critical metric of its successful operation, but there's also the far wider picture of the government's strategy on data sharing.

Surely the most direct lesson of this particular episode is that, when government bodies exchange sensitive personal data about citizens, we cannot currently reliably assume that those exchanges are protected by technical or procedural measures commensurate with the risk of a breach.

The chairman of the HMRC (Her Majesty's Revenue and Customs), Paul Gray, has resigned following the news that 15 million benefit claimants' details were compromised by the loss of some computer disks in transit. Apparently the disks were transported "in breach of rules governing data protection" - though it's not clear whether the breach was in transporting the data at all, or in the manner in which it was transported. Mr Gray is acknowledged, by the head of the Civil Service 'First Division Association' as having been in no way personally responsible for the data breach, but as the senior civil servant in the organisation he has recognised that ultimate accountability rests with him.

Several resonances here:

- First, it takes the resignation of a senior civil servant to make one realise just how rare it is for someone in a prominent public position to accept responsibility to such an extent that they feel they have to resign. I mean, there's the occasional politician who is either making a 'grand geste' (I think of Michael Heseltine's 1986  resignation over the Westland question) or just can't stand their boss a moment longer (Geoffrey Howe springs to mind), but I have to think right back to Lord Carrington, who felt that he had failed as Foreign Secretary when the Argentines invaded the Falkland Islands 25 years ago, to come up with a political 'resignation on principle'.

More recently, of course, Sir Ian Blair has repeatedly rejected calls for his resignation. 

-Second, I have to wonder what the HMRC's 'data transfer' procedures are like, particularly compared to, say, the means by which the Audit Commission collects employee salary data from local authorities and passes it to its subcontractors for processing. You might also remember this breach at Torbay Council, in which the strong implication was that the procedure for sending the data to the Audit Commission had been breached because the CD concerned was 'sent in the general post' rather than being sent registered or recorded delivery.

Back in the early 90s, as a Systems Engineer on assignment to Technical Support, I was given responsibility for a line of hardware crypto products. One of my duties was to run a training course for field SEs to introduce them to the ins and outs of the new technology. I held forth enthusiastically on the new device range, extolling the virtues of its tamper-resistance, and going into detail about a new, hardware-enforced method for introducing asymmetry into otherwise symmetric key-pairs. (By analogy... this last feature meant that you could, as it were, give your cleaner a 'copy' of your front door key, but restricted so that it could only lock the front door and not unlock it. Clever stuff.).

Anyway, at one point I made some remark about how this could 'guarantee' that a given person (and only that person) had sent a particular message, and one of my wise old colleagues, the late Stan Peachey, uttered a polite but distinct snort of demurral. "Only if you trust the hardware to enforce the rules correctly... and not really even then". To a young and eager technophile, this was practically blasphemous. How could technology not be the conclusive answer? He was right, of course. After all, if someone has managed to subvert the manufacturing process of the chip, or its microcode, all your subsequent trust may be founded not so much on silicon as on sand (ho ho).

Far-fetched? Well, a couple of recent news stories describe phenomena which look strikingly like a flawed production process for crypto products, albeit in different ways.

One is a warning from Adi Shamir about the potential significance of the most minute inaccuracies in large-number calculations. He points out that in many instances, the manufacturers of hardware may rely on other suppliers for specific mathematical routines, without necessarily having the skill or the inclination to determine whether those work correctly.

The other is Bruce Schneier's piece about inconsistencies in the implementation of random number generation using elliptic curve functions. He notes that the elliptic curve-based random number generator which just happens to have been championed by the NSA just happens to have a set of constants built into it which just happen to have a fatally-weakening relationship with another set of numbers.

Of course, one huge problem is that the apparently suspect parties in incidents like this (in this case, the NSA) won't say anything about whether the apparent inconsistency is real, intentional, harmful, or just an illusion brought on by too many hours of staring into Hilbert space.

All this bears a striking similarity to the long debates about whether the S-boxes in the DES algorithm included a similar NSA-introduced trapdoor. The S-boxes are matrices which describe the pattern of bit-swaps which the algorithm uses to 'shuffle the deck' in a non-random way. Anyone who has made bobbin lace, or rung church bells, will be familiar with such patterns. Anyway, the point was that everyone could see how the S-boxes were laid out, but no-one could work out why... or what the effect was of arranging them in any other way.

Then, in the late 80s/early 90s, Shamir (again) and Biham started to publish papers on a technique called 'differential cryptanalysis', in which a slight but consistent difference is introduced between pairs of 'known plaintexts', which are then fed through the algorithm. The resulting pairs of outputs are then statistically analysed and inferences made about the likely encryption keys. Well, it turned out that a consequence of re-arranging the S-boxes in any way was to greatly increase the algorithm's vulnerability to differential cryptanalysis. In other words, it could be assumed (and was later confirmed) that the algorithm's commercial designers - and the NSA - were aware, in the mid-70s, of crucial design parameters which did not become apparent to anyone else for another 10-15 years.

As it turned out, in this instance the mystery design feature actually contributed to the strength of the algorithm... but that fact first emerged only through third-party analysis; the NSA, then as now, were conspicuously silent.