Peter Gutmann (computer scientist)

From Wikipedia, the free encyclopedia

For other persons of the same name, see Peter Gutmann.

Peter Gutmann is a computer scientist in the Department of Computer Science at the University of Auckland, Auckland, New Zealand. He has a Ph.D. in computer science from the University of Auckland. His Ph.D. thesis and a book based on the thesis were about a cryptographic security architecture.[1] He is interested in computer security issues, including security architecture, security usability (or more precisely the lack thereof), and hardware security, he has discovered assorted flaws in publicly released cryptosystems and protocols. He is the developer of the cryptlib open source software security library and contributed to PGP version 2. He is also known for his analysis of data deletion on electronic memory media, magnetic and otherwise, and devised the Gutmann method for erasing data from a hard drive more or less securely.

Having lived in New Zealand for some time, he has written on such subjects as wetas, which are peculiar to New Zealand, and the Auckland power crisis of 1998, during which the electrical power system failed completely in the central city for five weeks. See, for instance, Auckland: Your Y2K beta test site on Gutmann's Homepage. He has also written on his career as an "arms courier" for New Zealand, detailing the difficulty faced in complying with customs control regulations with respect to cryptographic products (once classed as "munitions").

Contents

[edit] Criticism of GSM security

In a letter on 6 Dec 1999 he wrote:

>James Moran, the fraud and security director of the GSM Association in Dublin, >says that "nowhere in the world has it been demonstrated --an ability to >intercept a call on the GSM network. That's a fact.... To our knowledge >there's no hardware capable of intercepting." Given that there are a number of companies who sell GSM interception gear (and who have been selling it for quite some time, several used to advertise it quite openly on the web), this security director is, to take a line from the Deep Crack book, "either lying, or incompetent, or both". It's interesting to note that all the vendors who advertised their stuff online have now restricted access, presumably to maintain the myth that "there's no hardware capable of intercepting" (aka security by Ostrich Algorithm :-).

[edit] Criticism of Windows Vista

 Please help improve this section by expanding it.
Further information might be found on the talk page or at requests for expansion. (August 2007)

His white paper "Cost Analysis of Windows Vista Content Protection", in which he described the content protection specification as "the longest suicide note in history",[2] generated considerable public interest since it was first posted in 2006. He discussed this with Steve Gibson in episode #74 of the Security Now! podcast on 2007-01-11.[3]

[edit] Criticism of Peter Gutmann's analysis of Vista DRM

Peter Gutmann's Vista criticism came under fire after his speech at the USENIX Security Symposium in August 2007.[4] George Ou (ZDNet) challenged Gutmann's claims that Vista Content Protection causes so much additional CPU utilization that it increases power consumption and causes global warming.[5] Gutmann responded by pointing out that Ou never make any attempt to obtain the USENIX slides he was criticising, and even boasted in his blog about this lack of fact-checking.[6]. But if you read the actual criticism from Ed Bott and George Ou, they never attacked the slides and only criticize what Guttmann has published in his original paper.

According to Ou, Gutmann doesn't run Windows Vista, and stated in his paper:

Can others confirm this? I don't run Vista yet, but if this is true then it would seem to disconfirm Microsoft's claims that the content protection doesn't interfere with playback and is only active when premium content is present.

This statement has recently been removed from Gutmann's website but can still be read in an older PDF version of the paper. Ou created this story by locating an old version of the writeup written before Vista was released [7] (at which point Gutmann couldn't possibly have been running Vista since it wasn't available yet), comparing it to a version written some time after Vista was released, and declaring the change to be a coverup (Ou has not verified whether Gutmann actually runs Vista or not).

George Ou later reported that Gutmann relied on web forum postings for several of his key assertions such as excessive CPU and memory consumption in Vista’s Media Foundation Protected Pipeline (mfpmp.exe) and AudioDG (Windows Audio Device Graph Isolation) process. Ou's tests showed that the web forum data Gutmann relied on were not repeatable. Furthermore, CPU utilization was wrongly attributed to mfpmp.exe when in fact it was actually accounting for all the CPU consumption in mfpmp.exe and Windows Media Player 11 combined. However, an examination of the writeup indicates that no such claim as made by Ou actually exists in the body of the writeup. Instead, an appendix marked as containing "informal comments, thoughts, and other odds and ends" contains a summary of user-submitted reports of problems and a request for further information from readers [2]. While the single test that Ou performed on his own machine eight months later couldn't repeat this, numerous web forum users could, and provided screenshots to demonstrate it. Ou's "key assertions" in the paper are in fact a request to readers for further information in an appendix marked as containing "informal comments and odds and ends", and have never appeared in the body of the writeup.

Ed Bott challenged some of Peter Gutmann's other claims.[8] However, like Ou he did this without ever seeing the USENIX material, choosing instead (apparently deliberately) to target an extremely old and out-of-date version of the writeup.[9] Gutmann's response also points out other odd behaviour from the ZDNet bloggers, including implications of Ou sending him obscenity-laced private email and complaining to his university administration about him.[6] However, Ou maintains that he never sent any obscene emails to Peter Gutmann. Gutmann responded by posting samples of the emails that Ou said he'd never sent.[6] Ou also claimed and that he only challenged what Peter Gutmann has admittedly said and posted on his website, making the debate on the USENIX slides a red herring, although Ou admits he was responding to a write up in PCWorld of the USENIX talk (see link to comment on the Macalope blog). However both the contents of Ou's own blog [5] and the text of his emails ("It is a known fact that this moron flew halfway around the world [to USENIX] declaring that Vista causes global warming because it consumes more power") make it clear that he's referring specifically to the USENIX talk.

[edit] See also

[edit] Bibliography

[edit] References

  1. ^ Peter Gutmann. (2000). The Design and Verification of a Cryptographic Security Architecture, PhD thesis
  2. ^ a b Peter Gutmann (2006-12-26). "A Cost Analysis of Windows Vista Content Protection". Retrieved on 2007-01-28.
  3. ^ "Security Now! episode #74: Peter Gutmann on Vista DRM", podcast transcription, Security Now!, 2007-01-11. Retrieved on 2007-08-31. 
  4. ^ "Windows Vista Content Protection: Threat-modelling the attempt to seal an open architecture"
  5. ^ a b George Ou. "Claim that Vista DRM causes full CPU load and global warming debunked!", ZDNet Blogs, 2007-08-13. Retrieved on 2007-08-31. 
  6. ^ a b c "Windows DRM: A Response to the Disinformation"
  7. ^ A Cost Analysis of Windows Vista Content Protection |date=2007-01-24
  8. ^ Ed Bott. "Busting the FUD about Vista's DRM", ZDNet Blogs, 2007-08-14. Retrieved on 2007-08-31. 
  9. ^ "A Cost Analysis of Windows Vista Content Protection"

[edit] External links

Languages