Comments: QC - another hype cycle

Are you sure of this terminology? Back in my networking days, the term "vampire tap" referred to a method of adding an ethernet tranceiver by clamping onto and biting into the cable, and was widely practiced with the old thicknet (10Base-5, which preceded 10Base-2 thinnet, which preceded 10Base-T twisted pair) because it was such a pita (and also disruptive) to cut the cable and attach connectors.

Perhaps in appropriating the term the financial industry has switched the analogy from the bite to the sucking of blood.

Posted by Ray at April 29, 2004 06:25 AM

I think you are probably right in both those points. I certainly saw the use of the term "vampire" being used as a tap along a stretch of fiber, but there is a problem: the techniques are not written up in any authoritive terms, presumably because they are borderline criminal.

It's all anecdotal, passed hand to hand, and defies confirmation. Until someone comes up with more hard facts such as catching someone in the act, or proving the existance of tapping and finding a tap, the documents that are written by the, um, "professional document writers" present themselves as the only quotable commentary. As almost all writing on the subject is from the FUD pov (to sell something to those who are fearful and incapable of dealing with it through normal means) the writings don't really provide any solid detailed evidence of what's going on, they only support the notion that something is going on. E.g., any detail mentioned might be true, or might not.

It could be that the term has been adopted as a business technique across any technology (fiber, ethernet, 802.11b...). Or, maybe the eavesdropper did it on an ethernet and the copy editor decided to call it a fiber.

Posted by iang at April 29, 2004 06:37 AM

-------- Original Message --------
Subject: EU to use QC as a response to Echelon
Date: Tue, 18 May 2004
From: Ivan Krstic
To: Metzdowd Crypto
CC: Ian Grigg

/. reports:
"An article on Security.ITWorld.com[1] seems to outline a coming information arms race. The European Union has decided to respond to the Echelon project [2] by funding research into supposedly unbreakable quantum cryptography that will keep EU data out of Echelon's maw. Leaving aside the question of whether such a thing is possible, the political implications are troubling, indicating a widening rift within the Western world. Interestingly, the UK is part of the EU, but its intelligence services are among Echelon's sponsors."

[1] - http://security.itworld.com/4361/040517euechelon/page_1.html
[2] - http://www.echelonwatch.org/

This goes back to my discussion with Ian Grigg. Ian establishes: "Effectively, if you can sell a solution to the finance industry, you have it made. It doesn't matter what it is, only that it is a solution." This hits home, as the ITWorld article states that "Banks, insurance companies and law firms could be potential clients, Monyk said, and a decision will have to be made as to whether and how a key could be made available to law enforcement authorities under exceptional circumstances."

So not only will they pour untold resources into something that they can arguably accomplish today, and cheaply [3] -- but ironically, they'll hand keys to authorities on request [4]. Brilliant - the bargain becomes - hide from Echelon, and instead trust that its EU counterpart won't look at your data. No, really, we promise.

In discussing QC, furthermore, Ian makes the following statement: 'Engineers want to deal in the technical realities, and marketing wants to deal in the sellable properties, but there is no intersection between these. The result is that you won't easily be able to put the engineer and the marketeer together. One side or the other will win, and you will get either an unsold crypto box, or a sold "solution" that migrates out of the crypto field. The integrity of the marketeer and the integrity of the crypto engineer have nought in common, and one must give.'

I'm still not buying this. This is based on stereotypes, not unlike "all computer experts wear thick glasses, play D&D, are asocial and mortally afraid of women". Sure - some combination of small pieces of the stereotype may apply to a large percentage of the affected population, but the corollary to the stereotype is that in a 6bn people world, "a large percentage of the population" still leaves you with many, many people that fall generously outside of it. Someone like Prof. Rivest is a good example - he certainly knows what he's talking about, and he's "commercially active", be it with RSA Inc., or a venture (Peppercoin, which he did with Micali if I'm not mistaken). Or this mailing list, for instance: I'd say many members would have the knowledge and common sense to start a company tomorrow where engineering and marketing work together in a beneficial way, and where - in this particular case of QC - good, reliable non-QC solutions could be designed, implemented, tested and marketed reasonably quickly. Why hasn't it been done yet? What's the wait?

Ian concludes shrewdly that "the countervailing factor to all the above doom & gloom is that open source bypasses a lot of the marketing and engineering dysfunctionalism, which is why probably most important crypto in the future will be in software, in open source, and initially crummy (a la skype, SSH, etc) only to be repaired and improved when the demand has been shown." The 'initially crummy' status reminds me of Peter Gutmann's not-so-old analysis of several vpn/encrypted tunneling solutions which revealed large problems, and I'm sure many of the programs involved are fixed (or are getting fixed, redesigned, etc) as a result. I agree with Ian - OSS might prove to be a dominant driving force to "get things right" when it comes to crypto, but it's important to keep in mind that we're still years away from removing the "it must be open because it's bad/worthless" stigma in the eyes of I/T decisionmakers. That, however, is a story unto itself.

Finally, the appeal of QC is simply not very clear to me: expanding on my previous post, I feel that the "QC as panacea to crypto ills" approach is really just a very, very refined form of security through obscurity. When you go deep down enough in physics, no one really understands what's happening - so saying "QC is absolutely unbreakable" amuounts to saying "QC is absolutely unbreakable with today's physics", which I find no stronger an argument than "[insert algorithm here] is exceedingly difficult to break with today's mathematics". The former, however, involves much more money, and rests on a silly premise - that when it comes to very strong crypto, someone wanting the data will actually undertake an effort to break it. Guess what? Rubber-hose cryptanalysis, extortion, or bribery are much more effective. I posit that with the advent of anything stronger than XOR encryption, humans became easier to break than the algorithms. If the NSA really cares what the shiny new EU QC system hides, how long do you think it'll take them to put one of their own into the key designation facility? Come on, people - I understand that toys are cool; go and buy an iPod. There is much more useful science to be conducted with these funds - and if you can't think of any, there's always Oxfam.

Cheers,
Ivan.

[3] - This group has plenty of crypto experts, of which I am not one. Will someone please tell me if I'm simply mistaken about this? Maybe I have a horribly deluded understanding of reality here, but how is well-done software crypto on a rotating key schedule worse than QC?
[4] - The article only says they're considering it, but I'll bet money they will go forward with it.

Posted by Ivan at May 18, 2004 04:41 AM

Perhaps I am missing something. What functionally differentiates these quantum entryptors from link encryptors?

Posted by Steve at May 19, 2004 07:37 PM

You mean in terms of privacy? Nothing. The only difference that I can see is that the listener is detected. Whether that is worthwhile is .. open to debate.

Posted by Iang at May 19, 2004 07:38 PM

If the tap is in a switching office or some other easily accessible location, perhaps. But if the eavesdropper really wishes to mess with the target they might be able to find some long stretch of fiber under open country and bury the vampire there. Since a time-domain-reflectometer, the most common test instrument for detecting fiber problems will probably not detect it, good luck!

Posted by Steve at May 21, 2004 05:36 AM

Right. In order to find the advantage of QC over link encryptors we have to figuratively split hairs. That is, the attacker has to dig up a stretch of fiber, open it up, split out the one fiber of interest, and put the tap on it.

This is an implausible attacker. If you have this attacker, and you haven't already link-encrypted or better, end-encrypted, you are a market that deserves to be sold QC. I would like that customer list, because I have a bridge for sale.

Posted by Iang at May 21, 2004 07:56 AM
MT::App::Comments=HASH(0x56153e972160) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.