NSA Patents a Way To Spot Network Snoops 161
narramissic writes "The National Security Agency has patented a technique for figuring out whether someone is messing with your network by measuring the amount of time it takes to send different types of data and sounding an alert if something takes too long. 'The neat thing about this particular patent is that they look at the differences between the network layers,' said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. But IOActive security researcher Dan Kaminsky wasn't so impressed: 'Think of it as — if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets. Sure, that's possible. Or perhaps you're routing through a slower path for one of a billion reasons.'"
Uh... (Score:3, Funny)
Or perhaps you're routing through a slower path for one of a billion reasons.
I knew taking that left turn at Albuquerque was a bad idea...
NSA patenting it because... (Score:4, Insightful)
They don't want any of US to have access to such technology when THEY slap the monitoring devices on our network.
Re:NSA patenting it because... (Score:4, Interesting)
how does that work anyway?
If the patent is filed by a US Government Agency is it not funded by the taxpayer and thus public domain in the US?
-nB
Re:NSA patenting it because... (Score:5, Insightful)
I was thinking the same thing...But in this world, it's more likely that they patented it so that some stupid patent troll won't get the opportunity to sue the gov't.
Re: (Score:2)
That's sort of true.
They can allow you to sue by laws passed previously. There are also some constitutional provisions on this. They wouldn't be able to back out of it. So in this case at least, unless the law that allows someone to sue for patent infringement specifically exempted the US government and it's agencies or entities, then you would already have permission to sue.
There is a constitutional problem here too. The constitution says no property can be taken without due process of the law or just comp
Re:NSA patenting it because... (Score:5, Interesting)
The NSA can not only file for patents, they can do so secretly.
From wikipedia:
The NSA has the ability to file for a patent from the U.S. Patent and Trademark Office under gag order. Unlike normal patents, these are not revealed to the public and do not expire. However, if the Patent Office receives an application for an identical patent from a third party, they will reveal the NSA's patent and officially grant it to the NSA for the full term on that date.
Re: (Score:3, Funny)
Re: (Score:3, Funny)
Fixed that for ya'.
Re: (Score:2)
ummm... if someone else creates an identical patent, doesn't that mean that it is obvious to someone who works in the field? A person having ordinary skill in the art is able to find the same way of solving the problem.
Lame.
Re: (Score:2)
Not really, they'd be notified if the patent infringed upon the previous NSA patent. Unfortunately due to the many overly broad patents out there, you might just be patenting something in the same general field.
Re:NSA patenting it because... (Score:4, Insightful)
Two people/companies eventually coming to a solution that is sufficiently similar to violate patents is a long way from "obvious to someone who works in the field". And, assuming that the two people who identified the solution are the leaders in their field (because they reached the idea before the other 6.7 billion of us), they could be described as having "extraordinary skill in the art".
There are a number of patents for designs that multiple developers reached independently and were awarded to the person who managed to file first (Edison seemed to have extraordinary luck in beating his competitors to the patent office). That doesn't necessarily make the solution obvious, just non-unique.
Re: (Score:2)
Re: (Score:2)
The way patents work is even if all of us 6.7 million run to the patent office, because we all had the same idea, the first would still get it (or Edison if he were still alive).
Well, if the law doesn't spare the "2nd" inventor the need to pay the patent license, I'd say fuck the patent system. The patent system was introduced so original inventors were encouraged to publicize their invention in an orderly fashion, enabling others (the licensees) to build upon that and achieve quicker innovation cycles themselves, while the original inventor also benefits because he gets to collect the license fees. In the end, the overall rate of innovation would increase and society as a whole sh
Re: (Score:2)
(Edison seemed to have extraordinary luck in beating his competitors to the patent office).
Well, he did work there for a time. I'm sure he developed a good understanding of how the system worked. And how it could be made to work.
Re: (Score:2)
How does this "promote the useful arts and sciences"?
I'd love to see this go to court. At no point does the government have a right to have its own intellectual property, and protection. (This does not include "classified information" which does not fall under "intellectual property" laws.)
Re: (Score:2)
It doesn't. It falls under "national security."
Re: (Score:2)
IIRC, any signicantly important patent can be issued secretly. If you apply for a patent on "an individualized (based on dental records) death beam from space" the DoD gets to look at it, and can ask that you get the same treatment.
Re: (Score:2)
If the Patent Office receives an application for an identical patent, I doubt the disclosure will ever happen. Far more likely the NSA will just have the applicant arrested for using "stolen" "national security secrets."
Re: (Score:2)
Why be so cynical?
It is much more likely that the patent office will simply deny the application with some bogus un-patentable mark and cite some prior art leading to an obviousness issue.
If the applicant makes a fuss about it, they will just warn them of the deal, instruct them that they can't talk about it. If the guy tries to goto court over it, the NSA just shows the judge their patent, tells him about the secret nature of it, and the judge dismisses the case for lack of standing or something.
It isn't l
Re: (Score:2)
That sounds a lot like:
Registrar: Which domain would you like?
Customer: 4jhh43gh.com
Registrar: 4jhh43gh.com? Let's see... *registers domain* Oh, sorry, that's just gone. Luckily, our agent knows exactly who owns it. Would you like to buy it for $1499?
Re: (Score:2)
Re: (Score:2)
From what I understand, they have a couple of honest people working at both places.
And what if they both quit?
Re: (Score:2)
Then honest people replace them.
Seriously, do you know how hard it is to keep a secret in government? The scale of the scam would simply be too big to orchestrate without someone bragging about it or trying to get revenge or something. Besides, the Government doesn't need a patent license for anything, all they need to do is determine what is a "just compensation" and just use it, then pay you what they think is "just". Actually, most governments have that ability and it's even supported by international la
Re:NSA patenting it because... (Score:5, Interesting)
From what I gather, you can apply for licenses to federally-owned patents. This is typically done through a "Technology Transfer" office. It seems that you have to be a business capable of bringing the invention to market. I suppose in this case you would have to be capable of implementing the software.
Some information about Technology Transfer here:
http://www.federallabs.org/home/faqs/ [federallabs.org]
Which includes a link to a listing of all federal research organizations and how to initiate Tech Transfer, which I'll repeat here:
http://www.federallabs.org/labs/results/?Agency=-1& [federallabs.org]
The relevant U.S. Codes appear to be collected here:
http://www.law.cornell.edu/uscode/html/uscode35/usc_sup_01_35_10_II_20_18.html [cornell.edu]
In particular, it seems "TITLE 35 > PART II > CHAPTER 18 > Section 209" applies.
But hey, IANAL. :)
Re: (Score:2)
It's actually easier even than that. I'm overseeing a DoE lab team that's been working for about a year to develop a new tool that our customer needs to use but does not exist. We have no desire to actually manufacture anything so we've been seeking out partners in industry all along the way to build the pieces for the prototypes. So, once we're finished, the industry folks will be responsible for building our units along with as many as they see fit to bring to market. The actual patents will sit with
Re:NSA patenting it because... (Score:4, Interesting)
And it wont work for most snooping technology.
a simple linux box with a listen only cable plugged into a small hub in a key location is undetectable by their system as it adds in ZERO delays.
WEll not zero but too small to be measured their way as it will be consistent across all traffic.
I call their system an epic fail for detection for everything but a remote redirect which is incredibly sloppy way of doing it.
Re:NSA patenting it because... (Score:4, Informative)
a simple linux box with a listen only cable plugged in
Would not alter the packet delay, but inserting
a small hub in a key location
to a network that didn't have one before would. And yes, the delay is noticeable, which is why proper network design limits the number of hubs as well as the length of the longest run in a single network segment.
Re: (Score:2)
Re: (Score:2)
Yeah. Zero works for me.
Re: (Score:2)
As long as it's not supposed to be a straight link from one end to the other? Also I assumed they would had wanted to use it for detection changes in data, because if someone snaps it up and then sends out some changed data it will indeed be noticed, right?
Re: (Score:2)
even THAT can be detected. this patent is bullshit anyway, and there's prior art
http://www.securityfriday.com/promiscuous_detection_01.pdf [securityfriday.com]
look at the date... august 2001
Averages (Score:5, Informative)
Of course there can be a billion reasons as to why some packets will take longer than others to reach their destinations.
However, if you do enough sampling over a period of time, you can make averages and see if some types/destinations of packets are possibly being messed with.
It's not perfect, but neither are averages in general, etc.
What makes it newsworthy is that such a simple idea was granted a patent.
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
I'd expect that it's been infested with middle management idiot-cousin fuckknuckles who attempt to justify their pitiful existence by proactively leveraging synergies to facilitate win win scenarios across all core competencies.
Presumably the NSA's owners (the USian taxpayers) will get a good return on their investment.
Re: (Score:2)
Re:Averages (Score:5, Funny)
Nah. What makes it newsworthy is that the snoops are patenting tools which can detect their own snoopage.
Counter-snooping this way is now a patent infringement as well as anything else, and the laws seem much tougher for that crime. Pursue 'em for one thing, nail 'em to the wall with another.
Well shit. (Score:2)
Re: (Score:3, Insightful)
So, if you slip your monitoring gear in on day 1, the only way it would be detectable is if you took it off, and the packets started going faster.
Re: (Score:3, Interesting)
as a network engineer, myself, I can only LAUGH at this.
there is SO much randomness in a network (ethernet is BUILT on the whole notion of 'randomness adds to efficiency' (csma/cd uses randomness to 'increase order' in a network) that this can't possibly do much.
it WOULD be a nice random number generator. take your 'output' and send it to something that generates heat, measure the heat and then do math on that.
that might work.
but this 'scheme' to detect active listeners? what a laugh. networks are simply
Re: (Score:2)
You still have csma/cd segments in your network? How quaint.
Re: (Score:2)
Seems very anti-internet protocol. Internet protocol was designed route dynamically. Basically this only detects something if something is not going through a known route. Averages must be taken from every known route or the alarm will go off all the time, so in a lot of cases it's not very practical. New routes are added all the time. All these points become moot when you start using encryption like you're suppose to.
Re: (Score:2)
Dan Kaminsky is a smart guy but he seems to have missed the ball on this one. The idea behind the invention is that more complex inline packet sniffers are effectively layer 3 or above switches and as such will introduce different delays for different types of traffic depending on the attacker's interests. For example, ICMP typically won't interest an attacker so the packets will get forwarded promptly. UDP and/or TCP/IP laden with VOIP or file data would require the eavesdropping switch to further process
Re: (Score:3, Informative)
In an all-switched network that has any chance of being secure, a hub is a snooping device.
Gov't patents (Score:4, Insightful)
This is another example of the broken patent system. No government should be able to patent something--that technology was funded by the taxpayer and should thus be owned by the taxpayer, meaning that it is public and thus not patentable.
Re:Gov't patents (Score:4, Insightful)
Re: (Score:2)
I was actually confused by that when I first saw the headline. I didn't even know that the government could patent something. It's just so completely broken and silly that I never even considered it.
There are many reasons why this is possible. First of all, the Government agencies all can patent processes/things and they have to follow the same rules as anyone else. One reason you want to provide this capability is to prevent Company A from developing said technology only to turn around and sell it to Country B.
Re: (Score:2)
Re:Gov't patents (Score:5, Interesting)
I killed my spent mod points to respond to this. I have no problems with the gov't patenting something, just as long as they don't use it to prevent people from using it in a positive manner. It's possible the gov't patented this so they could share the information with other people and not worry about some private company patenting the idea and then sueing everyone else for us it. Basically - patent to allow people to use it. In this case we don't have to look at the gov't for being evil, but maybe the gov't is protecting us from companies who like to create submarine patents?
Instead of looking at everything the gov't does and say "but it's evil because big brother did it", let's give them the benefit of the doubt.
Re: (Score:2)
It's possible the gov't patented this so they could share the information with other people and not worry about some private company patenting the idea and then sueing everyone else for us it. Basically - patent to allow people to use it.
If that's the intent, and the patent system is working as intended, then the patenting is superfluous. Publication of all the details (without restriction) is sufficient to prevent anyone else from patenting the idea, because the publication acts as demonstrable prior art with which to challenge any subsequent patent application. (This is also why anyone who wants to patent something usually has to hold off on publication until the patent process is already underway--a publication can be used to show that t
Re: (Score:2)
Patent examiners basically search issued patents and published patent applications. If you want to challenge a pending application based on prior art, here is the:
POOR MAN'S CHALLENGE TO A PENDING PATENT APPLICATION.
Make a copy of the reference you think anticipates the patent. Send a copy to the appl
Re: (Score:2)
Instead of looking at everything the gov't does and say "but it's evil because big brother did it", let's give them the benefit of the doubt.
Giving them the benefit of the doubt is how we got the Iraq War, Banking Deregulation, Trickle Down Economics, "Good Job Brownie", and etc, etc. The Government should always have to demonstrate that what they're doing is beneficial and not just "trust us."
Re: (Score:2)
And thats why we have elections. BTW naming all the bad the gov't does and not listing any of the good does not make your comments valid. If the gov't only did bad, well we know what happend the last time we got really pissed at our gov't.
Re:the last time we got really pissed at our gov (Score:2)
Or maybe in 1861 [wikipedia.org]? Because the idea you were referring to the American Revolution is a bit of a chuckle.
Re: (Score:2)
I don't know what GP was referring to but why is referring to the american revolution a chuckle in this context?
Because you don't see it happen? Well, then doesn't that prove his point that the government apparently does some things right?
Re: the idea of revolution (Score:2)
Re: (Score:2)
Well, GP didn't talk about a threat, maybe check your reading comprehension?
In fact, GP argued that the lack of tendencies towards a revolution in our spoiled society indicates that the government can't be *that* bad after all.
I'd chalk it up to miscommunication (Score:2)
If the gov't only did bad, well we know what happend the last time we got really pissed at our gov't.
My point was the last few times the gov't did really bad (Civil War the most notable) the revolt was shut down with extreme prejudice by said government. Arguing that "since we haven't had a revolution in a while it can't be all bad" is a little amusing, don't you think?
Re: (Score:2)
Nah, don't really think so.
The thing about revolutions (in the civil war sense) is that they usually happen despite (or even because) prior attempts have been shutdown violently. It takes quite a bit of pressure and wrongdoing to drive a society into violent resistance. The US is obviously nowhere near that point, I still don't see what's so amusing about his statement anyways...
Re: (Score:2)
Well, I'm following up on this exactly because your know-it-all attitude is annoying me.
Don't let my naivety stop you, feel free to elaborate on your armchair worldview a bit more.
Re: (Score:2)
Who decides what is a positive manner or not?
Re: (Score:2)
We do.
Re: (Score:2)
It's possible the gov't patented this so they could share the information with other people and not worry about some private company patenting the idea and then sueing everyone else for us it. Basically - patent to allow people to use it.
Couldn't they do the same thing by, say, publishing a paper?
Re: (Score:2)
Sorry, they lost "the benefit of the doubt" when the warrantless domestic wiretapping [wikipedia.org] started.
It's a bit naive to assume good will when evil has already been purported.
Re: (Score:2)
This is another example of the broken patent system. No government should be able to patent something--that technology was funded by the taxpayer and should thus be owned by the taxpayer, meaning that it is public and thus not patentable.
I fully agree, but at the same time, it also prevents some company to claim that it has the copyright of something that belongs to the "people".
Is there a lawyer in the house? (Score:2)
I was under the impression that anything produced by the government was in the public domain. Any lawyers here that can rebut or verify?
Re: (Score:2)
Patents are different than Copyrights.
But I agree with you, on the principle that the government has to waste resources to search and file a patent. Unless there is some standing order from higher up for government organizations to patent everything to block private patents of it. There appears to be no justification in the authorization of any funds to be used for paying patent lawyers or filing with the patent office.
Re: (Score:3, Funny)
What if it was funded by loans from China?
Re: (Score:2, Insightful)
Re: (Score:2, Funny)
Try a more recent tax form - proving you paid taxes more recently than 909 years ago is unlikely to impress them.
Re: (Score:2)
Re: (Score:2)
No government should be able to patent something--that technology was funded by the taxpayer and should thus be owned by the taxpayer, meaning that it is public and thus not patentable.
Actually, I'd be happy to let 'em patent stuff on one condition: that all monies from said patent licensing goes directly to pay our taxes. Not a fund to be raided like Social Security, but one SOLELY for taxpayer relief.
Re: (Score:2)
I know. I went to a military base and said I wanted to fly an F-22 for a while. It seems easy and a lot of fun. When they gave me trouble, I tried explaining that the F-22 was funded by the taxpayer (me) and thus I just wanted to get my share of its use.
Fundamentally, taxes are the price we pay to live in this country. Be
Tape Dispenser Plans Missing on NSA Website (Score:5, Funny)
Re: (Score:2)
To be fair, it was a very effective tape dispenser that dispensed tape very well.
Not to fear! It will soon be replaced by the NSA Red Stapler--as soon as they figure out their tape dispenser went missing that is.
A Billion here a Billion there, pretty soon... (Score:5, Funny)
How was the mountain of prior art missed? (Score:3, Informative)
The patent was filed May 24, 2005. Googling for 'computer slow spyware 2004' gives 127,000 hits.
Comparing types (Score:2, Insightful)
It is not just measuring speed of network it is apparently measure differences in speeds of different network layers, or types of network traffic. Network congestion affects generally all types of packets the same. Snooping presumably may take longer to identify certain types of packets.
Oh and a passive tap will only work with certain protocols, it can't work (or not easily) with Gigabit ethernet for example.
Re: (Score:2, Flamebait)
So... what? (Score:3, Funny)
"NSAapp: Latency change detected in segment AA23. No idea what it might mean. Send the intern."
Re: (Score:2)
I would think that if these were deployed as a sensor net of sorts that they could isolate faults pretty readily (whatever those faults may be...tap or otherwise).
Re: (Score:2)
Uh well that is some very valuable information, especially when deciding if you should actually send some information or not.
If you are aware the link has a 99% confidence level that it isn't being snooped on or a 75% confidence level you may greatly alter what information, however encrypted, secure, timely, or whatever its attributes. Some simple historical sampling of trends with some "intelligent" sorting on top would allow you to assign many different confidence levels to individual connections.
Comment removed (Score:5, Insightful)
Re: (Score:2, Interesting)
Re: (Score:2)
NSA secrets unveiled! (Score:3, Insightful)
How come I have the sneaky feeling, that if the NSA discovered anything really spectacular ... I wouldn't be reading about it on Slashdot?
"Cracking WPA2? No problem but it is patented by the NSA and documented by the USPTO" ... so you can read about it, but you have to license it from the NSA, if you want to use it.
That business model ought to work.
Government patents (Score:2)
False Positives (Score:2)
Re: (Score:2)
You mean Senator Joseph McCarthy's memory lives on?
Might work better in tightly controlled networks.. (Score:2)
Dan and packet delay (Score:2)
Dan Kaminsky's Blackhat US 2006 and 2007 talks (as I recall) metioned using techniques similar to this to detect protocol based bandwidth throttling, and used it to detect P2P traffic shaping. I would personlly say that this would work to detect a layer 2 man in the middle attack using something like ettercap. Or as Dan said, to detect some kind of inline intercept box on the network. In order to do that, you'd need to hoave a pretty good idea what the latency nubers should be to start with. In my exper
I'm going to patent a snooping device... (Score:3, Insightful)
This sounds familiar (Score:2)
This process sounds (like me) a lot like the NEWS plug-in for Azureus/Vuze. It measures network speed and latency and compares it to peers in order to try to detect filtering/shaping.
Re: (Score:3, Insightful)
Re:Huh? (Score:5, Interesting)
i remember a while back a firend of mine that workd for a college was tasked with trying to find a person who was sniffing peoples logins on the campus wifi.. what he ended up doing was sending out garbled truncated packets - turns out that windows boxes running things like etheral would get the truncated packet and then request the rest of the packet even though it wasn't addressed to them.. very clever way of finding the stupid ones.. luckly the person they where after was stupid
Re: (Score:2)
I don't see how a sniffer that can't transmit would in any way be detected. So long as it does not attenuate the signal so much that packets are being lost routinely (in the particular circumstances in which I used this cable, this was not apparently the case)
I think when people talk of snooping on traffic they are probably thinking of a passive receive-only device.
Re: (Score:2)
Re: (Score:2)
exactly. and clipping two wires is not "tricked out."
Re: (Score:2)
I remember that - it didn't work very well at all, but the principle that it was based on was similar.
Re: (Score:3, Funny)
siphoning off date...
What? They could hack a government agency but they couldn't figure out NTP? I call shenanigans.