Category Archives: Cell Phone (iPhone, Android, windows mobile)

Cell Phone (iPhone, Android, windows mobile), Network (Protocol, Topology & Standard), System

Internet traffic governance by firewall (Great wall), what circumstances China still under external Cyber attack?

270 Comments

http://img.photobucket.com/albums/v704/chanpicco/chanpicco070/China-Firewall_zpsutjpv0vx.jpg

The surveillance program in China running in visible level. China government defined traffic monitoring scheme, the People live in China entitled to benefits of citizenship must accept this policy.A well known secret indicated that a giant (Great wall) monitoring the inbound and outbound internet traffic continuously. Sounds great! From technical point of view, workstation located in China is under government protection. The benefits is that overall hit rate with cyber attacks will become lower. We are not a politicians for not going to speculate the reason to establish this security facility. But it looks that there is no perfect defence mechanism in the world. The Internet Security Threat Report on June 2016 provides the following parameters.

Web sites for remote control

  • 3,637 foreign IP addresses through the backdoor arrived to the territory.
  • 6,618 websites encountered cyber attack causes hacker remote control.

Remark: Among them, foreign suspicious IP address is located mainly in the United States, China, Hong Kong and South Korea and other countries or regions.

  • Foreign countries IP address relies on backdoor might came from Russia . They are execute web server remote control. The total suspected IP addresses are 1,667.
  • Website implanted backdoors, ranks in high volume.
  • Besides, implanted backdoor attack IP address covered US and Hong Kong area. The total statistic are 1129 came from US and 808 came from Hong Kong.

Reference: Internet stats for 2016

China, as a country, has the most internet users; with an estimated 640 million internet users, the number of internet users in China is twice the number of the entire U.S population.

What’s the reason?

Major Factor:

1. Enterprise firm Site to Site VPN connection bypass Great Wall governance: If there is security weakness occurs in their server system and network backbone. Hackers are able to relies on those vulnerabilities of the system  activate the cyber attacks.

2. Remote Proxy services bypass Great Wall

A terminology so called internet censorship circumvention, the method is establish a encryption tunnel, the tunnel end point of connection is the foreign countries proxy gateway. It is a onion network, if one of the proxy server not in service, the proxy services application will search another available gateway.
Since the network datagram was encrypted by TLS/SSL. The version update in frequent. From certain point of view, great wall might not decrypt the network traffic and such a way let him go!

3. Layer 2 Tunneling Protocol (L2TP) bypass Great Wall

The PPTP/L2TP/SOCKS5 protocols are provided for devices lacking compatibility with the Private Internet Access application or OpenVPN protocol. PPTP/L2TP/SOCKS5 should be used for masking one’s IP address, censorship circumvention, and geolocation. As far as I know, Great wall have capability to deny this network traffic.

4. Flaw found in ASN.1 compiler – for more details refer below url for reference.

https://www.linkedin.com/pulse/flaw-found-communications-industry-yet-determined-1-picco

China’s intelligence mobile phone has high growth rate. Since it is intelligence device, it is a mobile computing device. From technical point of view, it looks a workstation with Internet connection feature. China Mobile Phone Users reached 1.306 Billion in 2015. It is hard to guarantee 1.306 Billion mobile phone are compliance. That mean OS is the latest version, anti-virus installed with update pattern. To be honest it is not easy! With so many people dependent on mobile devices to communicate and work, mobile network security is more important than ever.

Additional information – SCMP regarding China Firewall

http://www.scmp.com/news/china/policies-politics/article/1922677/china-blocks-vpn-services-let-users-get-round-its-great

Any other? Is your turn to input. Be my guest!

Cell Phone (iPhone, Android, windows mobile), Network (Protocol, Topology & Standard)

The important thing is to never stop questioning (Albert Einstein)

225 Comments

http://img.photobucket.com/albums/v704/chanpicco/chanpicco071/sat-China_zpsfc8frkuz.jpg

The important thing is to never stop questioning, said Dr. Einstein. View the breaking news today.China has launched the world’s first quantum communications satellite into orbit. Watch TV News program noticed that a group of scientist find a way apply the quantum physics to traditional cryptography replacing RSA cryptosystem. The testing go to final stage in 2015. Competitions everywhere today including employees, business partners, countries. Life is not easy! World looks demanding now! Let’s review in short form in regards to RSA cryptosystem weakness.

RSA cryptosystem weakness:

  • The RSA cryptosystem can be very weak if you do not choose your primes carefully.
  • If the two corresponding ciphertexts are intercepted.
  • If you send the same message to more people with the same RSA encryption exponent e , then the plaintext can always be obtained easily from the intercepted ciphertexts.

Quantum Cryptography benefits:

  • Quantum entanglement – particles can share the same quantum state irrespective of their spatial distance from each other. The entanglement state discard when parameters change.
  • Quantum cryptography would be used in practice to produce one time pads that could be used to securely encrypt any message.

What is the key factors (built a quantum communications satellite):

Avoid eavesdropping – Being monitored

Cyber attack – Being attacked by hackers

Questioning about unknown factors?

In what Layer of the Earth’s Atmosphere install this satellite?

Answer: Exosphere – up to 10,000 km above the Earth

http://img.photobucket.com/albums/v704/chanpicco/chanpicco070/orbit-v4_zpsgkk97mbq.gif

Is there any external interfere to this layer? For instance, SUNSPOT & X-rays?

It was protected by atmosphere. Atoms are no longer gravitationally bound to the Earth and get knocked away by solar wind. As such, without interference caused by Sunspot suspend the network communications. (Remark: Satellite interfere by sunspot periodically. The result is that the satellite will lost electronic communications in short period of time.)

Does it compatible with mobile phone?

Yes, it is compatible with 4G mobile network and provides hack proof communication channel. I believed that it achieves independence from the use of fixed line or existing mobile networks through super fast Ka-band satellite backhaul.

The objective is that avoid eavesdropping on mobile phone. For instance, NSA tapped Angela Merkel’s mobile phone. The scandal expose to public in 2014.

Germany opens inquiry into claims NSA tapped Angela Merkel’s phone

https://www.theguardian.com/world/2014/jun/04/germany-inquiry-nsa-tapping-angela-merkel-phone

Interim summary:

The space of technology development is to infinite. But like Dr Einstein said, the important thing is to never stop questioning.

http://img.photobucket.com/albums/v704/chanpicco/chanpicco070/questioning_zpsyrbxvutm.jpg

Cell Phone (iPhone, Android, windows mobile)

The crypto key change of modern technology world – Mobile computing devices (BYOD)

256 Comments

The scandal of NSA hacking tools and surveillance program. Who’s the hero protect world wide privacy? The the largest market research firm (MarketsandMarkets) forecasts the global BYOD market to grow from $71.93 billion in 2013 to $266.17 billion in 2019. You might have question? How to protect your personal data privacy? Even though law enforcement especially NSA couldn’t cracked under normal circumstance?

The trend of security technology

A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key—a word, number, or phrase—to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys. As times go by, the encryption algorithm becomes more complex. Many encryption algorithm (3DES, AES, AES 256) appears in the world.

Steal crypto Key

If the hacker engage a side-channel attack,he must through brute force or by exploiting a weakness in the underlying algorithm. Since the crypto key store on hard drive. The simple idea is that extract the key and certificate in the disk.

In order to avoid steal crypto keys and certificates, Apple establish defensive mechanism.

Apple secure key store in the chipset. The Apple processor contains an on-board, AES cryptograhic key called the Global ID (GID) that is believed to be shared across all the current ‘iDevices’. This GID key is used to un-wrap the keys that decrypt the corresponding boot firmware code stored in system non-volatile memory .

Chipset architecture shown as below:

http://img.photobucket.com/albums/v704/chanpicco/chanpicco071/Apple-A8_zpskwb6hxx4.jpg

Microsoft’s struggle for balance and control (windows OS includes windows phone)

If the encryption key is stored in the operating system itself rather than using a hardware. It’s possible for hacker extract the keys and certificates. BitLocker disk encryption requires a TPM. TPM stands for “Trusted Platform Module”. It’s a chip on your computer’s motherboard that helps enable tamper-resistant full-disk encryption.

BitLocker Drive Encryption is built into the Windows 10 operating system and uses … TPM v1.2 Chip

http://img.photobucket.com/albums/v704/chanpicco/chanpicco071/MS-TPM_zpsbdjwbvbn.jpg

TPM version 1.2 Chip – A very generic description of the TPM is that it performs RSA encryption, decryption, and signing in the hardware.

Atmel AT97SC3204T Trusted Platform Module

http://img.photobucket.com/albums/v704/chanpicco/chanpicco071/TPM-block_zpstyneydlm.jpg