Financial Cryptography

January 28, 2010

the most magical question of all -- why are so many bright people fooling themselves about the science in information security?

It has been clear for a long time that information security was more about perception than any other factor than was good for it, a concept I tried to turn into a theory in the market for silver bullets, based on some solid thinking by others on the economics of insufficient information. Here are some random snippets that seem to anecdotally support that security is dominated by perception.

Gunnar reports on Google who were apparently subject to a cyber-attack by China. I didn't notice, probably because it doesn't pass the laugh test, but he collects all this security-blog-o-sphere stuff into a nice package:

Of course cyberattacks and the other issues raised by Google as rationale have been around for a long time, so why did they choose now as the time to threaten to pull out? ... First, we know that Google has been getting its butt kicked by Baidu.com. Baidu's search market share in 3Q09 was 77%. ... Google was in need of some positive PR to correct its worsening image (especially in Europe, where concerns about privacy are mounting on a daily basis). Google.cn is the goat that would be sacrificed ... It's no surprise than NSA is getting interested in the story. One doesn't need to know much about US politics to realize that framing this as a national security issue is going to make Google's case for US government's pressure on China much stronger ... No wonder Google has been hiring all those smart policy types with government experience ...

While Google is bandying around the phrase "national security" as a commercial weapon, Bruce Schneier is earning lots of airmiles by talking not about security but about what he calls *magical thinking*: TSA rules to make you safer from the last attack:

Of course not, the attacks are designed to get through whatever we're doing. The liquid bombers used liquid so now we screen liquids. This is a powder bomber using powders. They will look at what we do and do something different. There's sort of a bit of magical thinking about the last hour, its not a more dangerous hour, its the hour this guy happened to choose. I am not sure why the next guy can't choose the first hour or a different material or maybe even not an airplane. Focusing on the tactic might make us feel a little better but its not going to make us any safer.

Or, what military types refer to as fighting the last war, or, building the Maginot Line. Which would support the notion that the real enemy that TSA is fighting is the home front, and perception is the weapon of choice.

Adam has a nice collection of the latest TSA madness, including this quote:

'It became necessary to destroy the town to save it,' a TSA major said today. He was talking about the decision by allied commanders to shock and awe the public regardless of civilian casualties, to rout al Qaeda.

Which I can't tell if it is a spoof or not, but it seems to be on point. Here is more evidence of the perceptional nature of security: news that Microsoft's browser had a flaw in it has finally caused governments to sit up and do the unthinkable: warn people not to use a Microsoft product.

Nobody would ever notice if a government said "we don't use Linux because of security issues" or "we don't permit Apple because of ..." Microsoft's browbeating of the press and governments has been so successful that for 2 decades, nobody dare say "don't use Microsoft." Remember "Nobody every got fired for buying IBM?"

Which unfortunately has been a great loss to Microsoft (as it was to IBM) because it hid the danger from them, too, until 1992. Now they are facing the long-term decline, shackled with their chains of past insecurity. Perception-wise, they will probably never be able to shake off the the real public opinion, now that it's shifted, even with the great work listed at bottom.

Too late for their future shareholders, but maybe their past shareholders had the right idea? Markus Kuhn reports on a placebo bomb detector for the BBC, and discovered it is testably indistinguishable with any other random appliance purchased at the local Dixon's (consumer electronics store):

There is no way in which this device could be programmed to distinguish the many different substances that the ADE651 manufacturer claimed it could, not to mention that any useful interaction with such an LC circuit would require a transmitter antenna, a power source, and lots of other components that the ADE651 appears to lack.

These things sell for around 40,000 sterling each, in quantity, and the Iraqi government swears by them. OK, whatever. Compelling proof ... that the power of the placebo is essential to unlock the minds of the (human) bomb detectors that do the real job? You be the judge. What has not as yet been answered to me is why the TSA has not purchased them -- if they are America's department for magical thinking, why not purchase such things?

The devices contain no power source (”powered by the user’s static electricity”, no battery), resemble very much a dowsing rod, and generally leave much to be desired regarding a plausible operating principle or performance in repeatable double-blind trials. There are several such military dowsing rods on the market.

And they won't contribute to global warming! So real security (where "real" means, we have evidence that this is how people think, act and purchase) is as much about placebo devices as anything else. Here's the most magical question of all: why is an entire generation of crypto/security/geeks fixated on the technical workings of a device? Insisting that it operate to lab specs? When all the evidence from the field indicates that it doesn't matter much if at all?

Here's another outstanding example: Last month there was a series of crypto break news in GSM phones. Here's a summary from emergentchaos's Mordaxus.

Orr Dunkelman, Nathan Keller, and Adi Shamir have released a paper showing that they've broken KASUMI, the cipher used in encrypting 3G GSM communications. KASUMI is also known as A5/3, which is confusing because it's only been a week since breaks on A5/1, a completely different cipher, were publicized. So if you're wondering if this is last week's news, it isn't. It's next week's news.

(Except it's last month's news.) OK, joking aside, so what? GSM phones use encryption to stop the papparazzi recording your love-chat, stop neighbours hearing your shopping list, and spoofers stealing GSM minutes. As long as they do that, why aren't we happy with a 40 bit crypto response to the 20 bit crypto threat?

(In 1994 numbers, etc, just add water for 16 years of crypto-flation.)

It will be interesting to see the response from the GSM Association. They have the opportunity to show leadership. If they recognize that this is a real problem, reassure us that it's not a catastrophe, and show that they're taking it seriously, then this can be an all-around good thing for them and us.
We're all adults (well, okay, most of us are adults and act like adults some of the time), and if we know that there will be an upgrade in a few years, then that's great. We lived through the WEP issues. We are living through the SSL evil proxy issues. This is less acute than either of those. But we need to have some assurance that in a few years, we'll just get wireless devices with a safety net.

I don't mean to pick on mordaxus here, but this typifies an entire security industry: absolute obsession with an apparent security rating (measured in bits of crypto strength) and an almost willful blindness to the environment of choice. Let's list how safe we are because of GSM's fine security design:

All phones provide the complete and perfect location and relationship tracking device for all citizens [one, two, three, four], and we told on great authority that we should be worried when they aren't so good at tracking, according to Kuhn's colleague Richard Clayton,
the conversation is only encrypted over the airwaves to the nearest base station (which has minimal security in it, if those "buy your own base-station" adverts are correct),
Phones are probably programmable over the air via various techniques (undocumented, elusive, insert your conspiracy theory here about advice to take out your battery when attending a secret meeting, etc etc), and
The entire infrastructure doesn't really have a lot of security, and that's purposeful.

What is the "real problem" that Mordaxus expects them to spot? What catastrophe? It's not as if we need to speculate here, we actually have real evidence: We know that when they were broken 12 years ago by Lucky Green ... nothing happened. It didn't change our security situation one iota.

Their challenge is to have a response before this news metastasizes into a common perception that 3G crypto is worthless.

Right. If we have no security argument, we also are left arguing on perception.

There are some out there that think they can use psychology to assess our current security thinking. Perhaps they can answer the most magical question of all: why are the world's top security sellers so quick to damn a crypto algorithm that has lost of few bits, like MD5, when the world's top security buyers are happily purchasing Placebo devices with 5km ratings? Or Cell-phones with 40 bit crypto? And, apparently happy with their choice?

Let's face it. Security thought as a science is failed, it is all marketing, all perception, all religion. The good news is that this meme seems to be finally getting some traction in the scientific community: "So Long, and no thanks for the Externalities: The Rational Rejection of Security Advice by Users" by Cormac Herley, who works for, of all people, Microsoft Research. Finally, we have the paper that says what we all knew:

It is often suggested that users are hopelessly lazy and unmotivated on security questions. They chose weak passwords, ignore security warnings, and are oblivious to certificates errors. We argue that users’ rejection of the security advice they receive is entirely rational from an economic perspective. The advice offers to shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort. Looking at various examples of security advice we find that the advice is complex and growing, but the benefit is largely speculative or moot. For example, much of the advice concerning passwords is outdated and does little to address actual threats, and fully 100% of certificate error warnings appear to be false positives.

Read that if you think there is a place for science in information security. On the other hand, if you think information security is something else, better off to go read something on creative journalism, public relations, politics, marketing, ...

Posted by iang at 02:34 PM | Comments (8) | TrackBack (0)

Mark Miller	Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control	Software Engineering, Rights
Philipp Gühring	Concepts against Man-in-the-Browser Attacks	Software Engineering Risk (Security) Threats
Ian Grigg	The Market for Silver Bullets	Economics Risk (Security)

1. Buy a Mac	$599 ... And $1099 defeats keyloggers
2.	Check the SSL Domain Name bottom right.
3. Install Petnames and/or Trustbar	help yourself against phishing (no-one else will...)
4. Write Passwords Down	In a safe place... (use common sense)

7 Finance	Enhyper .. Blogshares .. Stakeout .. FC on Finance ..
6 Value	epointsystem .. Bob's Gold Price .. Linkdump .. Beyond Money (Tom Greco) .. Digital Money (Dave Birch) .. FC on Value ..
5 Governance	Perilocity .. ICANN Watch .. Discourse .. Mason on e-signatures and e-evidence .. FC on Governance .. on Digital Signing .. Dispute Resolution and Negotiation
4 Accounting	Ledgerism .. FC on Accounting
3 Rights	ERights .. CACert .. Digital Identity Forum .. FC on Rights .. on Identity .. and Identity Cost ..
2 Software Engineering	Pelle Talk .. Jabber .. WebFunds .. Gunnar Peterson .. FC on SoftEng ..
1 Crypto	FC on Crypto ..

Meta	Refs on Security .. FC Knowledgebase .. FC meta .. FC teams&HR .. FC pennies
Conf & Pubs	WEIS .. Dave Birch's Digital Money and Identity and Privacy .. IACR calendar .. FC Conferences ..
Risks & Sec	(Adam, Arthur, Chris, Mordaxus) Emergent Chaos .. Adi Shamir's 3 laws .. Kerckhoffs' 6 principles .. Tao of Security .. Not Bad For a Cubicle .. CAcert .. Ping's Usable Security .. Gunnar Peterson's 1 Raindrop .. FC Cost of Identity .. FC risks&sec .. FC threats
Econ	Anderson's Econ & Sec .. Econ in 1 Lesson, Mises, Hayek .. Unenumerated Nick on Law .. WEIS Biblio .. FC econ .. FC stats
The registry of transcendent financial cryptogrophers	Dave Birch .. Todd Boyle .. Stefan Brands .. Graeme Burnett .. James Donald .. Amir Herzberg .. Bob Hettinga .. Iang .. Simon Lelieveldt .. Stephen Mason .. Mark Miller .. Dani Nagy .. James Nesfield .. Frank Trotter .. Pelle .. Twan van der Schoot .. Nick Szabo .. Anne & Lynn Wheeler .. Rachel Willmer .. Zooko ..