Author: Dan McGarry

An Immodest Proposal

Dan McGarry1 Comment

When I stop to think about it, the prospect of improving communications here in Vanuatu seems an almost insurmountable problem. At the best of times, it feels like a labour of love. At other times it’s more reminiscent of wading chest deep through a vat of Jell-o.

Everything moves at an infuriatingly slow pace, a pace made worse by a general inclination to stay on the well-trodden path. Now, this desire to stick to so-called safe ground is born of bitter experience. In all aspects of our development, available resources are as tiny as the logistical problem is large. The cost of failure is disproportionately high, too. Mistakes made by headstrong or naive advisors sometimes take us years to recover from.

And yet…. And yet there are times when this risk-averse behaviour comes at a cost higher than failure. One sometimes wishes that our leaders would be just a little bolder, that they would accept that nothing in this world is certain, and that gambling on good odds is sometimes the best alternative. It’s difficult, to say the least, to find a balance between folly and commitment, especially when the political landscape can change at the drop of a hat.
Read more “An Immodest Proposal”

Ghost in the Machine

Dan McGarry

In the most recent RISKS mailing list digest, Peter Neuman includes a brief article by Adi Shamir describing a method of exploiting minor faults in math logic to break encryption keys in a particular class of processor.

Titled Microprocessor Bugs Can Be Security Disasters, the article makes an interesting argument. In fairly concise terms, Shamir outlines an approach that quickly circumvents much of the hard work in breaking private keys, no matter how heavily encrypted. He uses the RSA key encryption method in his example, probably out of humility. With even my limited knowledge of mathematics, I was able to follow the broad strokes of the approach.

Put most simply, if you know there is a math flaw in a particular kind of processor, then you can exploit that by injecting ‘poisoned’ values into the key decryption process. By watching what happens to that known value, you can infer enough about the key itself that you can, with a little more math, quickly break the private key.

And of course, once you’ve got someone’s private key, you can see anything that it’s been used to encrypt.

This is in some ways a new twist on a very old kind of attack. Code breakers have always exploited mechanical weaknesses in encryption and communications technology. During the Second World War, code breakers in the UK learned to identify morse code transmissions through the radio operator’s ‘hand’ – the particular rhythm and cadence that he used. This sometimes gave them more information than the contents of the communications themselves. Flaws in the Enigma coding machines allowed the Allies to break the device some time before Alan Turing and his early computers got their ‘Bombe’ computer working efficiently:

One mode of attack on the Enigma relied on the fact that the reflector (a patented feature of the Enigma machines) guaranteed that no letter could be enciphered as itself, so an A could not be sent as an A. Another technique counted on common German phrases, such as “Heil Hitler” or “please respond,” which were likely to occur in a given plaintext; a successful guess as to a plaintext was known at Bletchley as a crib. With a probable plaintext fragment and the knowledge that no letter could be enciphered as itself, a corresponding ciphertext fragment could often be identified. This provided a clue to message keys.

These days, computing processors and encryption are used in almost every aspect of our lives. The risks presented by this new class of attack are outlined in fairly plain English by Shamir:

How easy is it to verify that such a single multiplication bug does not exist in a modern microprocessor, when its exact design is kept as a trade secret? There are 2^128 pairs of inputs in a 64×64 bit multiplier, so we cannot try them all in an exhaustive search. Even if we assume that Intel had learned its lesson and meticulously verified the correctness of its multipliers, there are many smaller manufacturers of microprocessors who may be less careful with their design. In addition, the problem is not limited to microprocessors: Many cellular telephones are running RSA or elliptic curve computations on signal processors made by TI and others, FPGA or ASIC devices can embed in their design flawed multipliers from popular libraries of standard cell designs, and many security programs use optimized “bignum packages” written by others without being able to fully verify their correctness. As we have demonstrated in this note, even a single (innocent or intentional) bug in any one of these multipliers can lead to a huge security disaster, which can be secretly exploited in an essentially undetectable way by a sophisticated intelligence organization.

I’m surprised that I haven’t seen much concern voiced about this class of attacks. Maybe I just hang out with an insufficiently paranoid crowd….

The Right Tools for the Job – II

Dan McGarry2 Comments

I was in Pentecost island last week, visiting some members of my extended family in Lalwari, a village located almost in the clouds in the island’s mountainous spine. The village is only accessible by footpath, meaning that day-to-day life is almost entirely without automation of any kind.

Half an hour’s walk down a muddy mountain trail lies Ranwadi School. It recently received nearly a million Australian dollars in upgrades. The school has always been a beacon to PENAMA province’s brightest students. Now, due to strong support, solid administration and high quality resources, Ranwadi is stronger than ever.

I walked down to the school one rainy morning to provide assistance with a computer that had been acting up. A spyware infection had damaged some system files and the machine could no longer start. I spent about an hour re-installing the operating system software on the machine, and everything was fine.

Well, it should have been, anyway….

Read more “The Right Tools for the Job – II”

Network Neutrality

Dan McGarry1 Comment

There was a story recently in the newspaper concerning a perceived need to ‘invent a new Internet’. It explained that the increasing use of music and video content was threatening to fill up our Internet connections, potentially bringing the whole system grinding to a halt. There’s been a lot of buzz about this recently, most of it deriving from telecommunications carriers and media companies in the US and elsewhere.

On the face of it, the arguments being presented are fairly straightforward. We’re changing the way we use the Internet, that much is true. We don’t rely nearly so much as we did on plain text spiced up with a few images. These days, Internet-based services provide tons of animation, music, videos, games, etc. All of this is designed to make information more compelling, more accessible to everyone.

Even as recently as last year, we in Vanuatu could only dream about downloading a TV show and watching it at our leisure, or listening live to a sporting event through Internet radio. For most of the population, this is still a dream, but it’s undeniable that our Internet services have improved vastly in a fairly short period of time. With the advent of affordable computers and Internet services on the horizon, the future holds a great deal of promise.

Read more “Network Neutrality”

The Wisdom of Crowds

Dan McGarry

The successful development of Vanuatu in this day and age is contingent on improvement in communications. In geographic terms, the majority of Vanuatu has little or no access to even basic communications services. In terms of population, the situation is better, but not by a lot.

We’ve known about this problem for a long time. We also have a very clear understanding of the limitations we face. Those of us who are devoted to solving technical problems in Vila, Santo and the islands have an intimate and detailed knowledge of the problems that can afflict us. Those working in development in more general terms have become adept at working around the shortcomings that poor communications place on us.

It’s clear as well that most – if not all – of the stakeholders in this game have some pretty clear ideas about how these problems can be addressed. It’s therefore difficult to understand why these issues continue to dog us as they do.

Read more “The Wisdom of Crowds”

Getting Out of the Way

Dan McGarry

I’ve got a friend visiting right now, a colleague of mine from my previous life in the world of software start-ups and corporate manoeuvring. For about as long as the World Wide Web has been around, we’ve been part of a community of explorers, people who defined the Web, extended it and made its strengths our own. From the mid 1990s through the so-called Dot-Com Boom, we had the sense that we were pioneers, marking trails across a new and exciting space. The frontier seemed to have infinite possibilities.

Human history shows us that after the explorers come the missionaries, and after the missionaries come the colonists. Carpet baggers, speculators, misfits and refugees seeking a better future away from the centre of things – these are among the first to arrive. Then come the homesteaders. Then come government, roads, taxes and schools. Before long, the landscape begins to look like the one they left behind.

In this version of events, those who get least mention are those who were there first. Those who, rather than shape the world in their own image, adapted to the shape of the world until it was impossible to tell where one began and the other ended.

This column’s purpose is neither to re-hash the history of Vanuatu nor to moralise about past actions. It is nonetheless useful to understand the shape of human trends, and to understand the forces that drive them. This is especially important because of Vanuatu’s nearly unique position as a country whose family- and village-based culture and ways have remained more or less intact.

Read more “Getting Out of the Way”

Network Effects

Dan McGarry1 Comment

Let me tell you a story:

Sese is worried. Her son Kaltaso has his heart set on getting a new toy for Christmas. She’s not quite sure what it does, exactly, but it’s the latest thing overseas. At least, that’s what Kal says. He tells her all his online friends have them, that it’s really fun to link them on the Internet and play together.

The toy is expensive, but not too expensive. Sese has talked it over with her husband, and he agrees that it’s good for the boy to spend time online with friends from around the world. If this toy helps with this, then it’s worth it. But there’s a problem: It’s not for sale anywhere in Vanuatu, let alone here on Pentecost.

Sese knows that you can buy things online, but she doesn’t have a bank account yet, let alone a credit card. So she sends an SMS to her cousin-sister Lily in Port Vila, asking for help. Lily works as an administrator for one of the online banking operations that opened up after the fibre optic link was installed. She knows about these things.

Lily texts back, saying that she’s checked on eBay and found exactly what Kal wants, at about 30% less than anywhere else. She’ll just send the cash from her PayPal account. She knows Sese doesn’t have a lot of cash so she asks if Sese could send 20 kilos of kava on the next ship. One of Lily’s boys is going to be circumcised soon, so it will save her a lot of expense. Kava costs about 40% less if you get it straight from the island.

Sese checks with her family, then writes to Lily to say that she’ll put the kava on Wednesday’s ship. But Lily has to promise not to say a word to anyone. Kal chats online all the time with Lily’s second born son, and if he gets word about the gift, it will spoil the surprise.

This little story is fiction, of course. It’s a description of how things could be in two or three years, if we do just a few little things.

Read more “Network Effects”

Riding the Tide

Dan McGarry

For almost a month now, the Vanuatu IT Users Society has been conducting demonstrations of the One Laptop Per Child Project’s XO laptop. These demos have led to numerous conversations about computers, the Internet and access to information. What affect is this going to have on the Vanuatu way of life?

Most people assume that as a geek, I see technology as a Good Thing, one of the miracles of the modern age. That’s not always the case.

The professional life of an ICT professional is fraught with dangers. They’re not personal dangers, of course. There are few safer things to do than plunking down in front of a computer for several hours each day. The risks a geek faces are risks of responsibility. Every choice we make has implications, some of which can be quite serious, especially in places where resources are limited.

Read more “Riding the Tide”

Black Smoke and Storm Clouds

Dan McGarry

Every weekday morning, in every street in Port Vila, we see a steady stream of people walking into town. On the road beside them, innumerable buses and cars drive by, belching black smoke into their faces. Just as regularly, we see complaints in the local media about this smoke. But nothing ever gets done about it.

Police and inspection officials don’t enforce the laws, and the drivers don’t make any real effort to clean up their act. Everybody knows they should. Everybody knows that this pollution causes health problems. Even the simplest metrics, like the dirt it leaves on our clothing, on our skin and under our nails, makes it impossible to deny that there’s a problem. And yet we do nothing.

Why? The answer is simple….

Read more “Black Smoke and Storm Clouds”