Comments: memes in infosec I - Eve and Mallory are missing, presumed dead

I would like to listen to your thoughts on Strict Transport Security - do you think its a waste of time?

Posted by anonymouse at August 1, 2010 04:15 PM

@ Iang,

The WWII Mindset is a bit of a cop out, the problem arises from Shannon's original channel model which is still taught today as part of information theory.

Shannon was only dealing with the channel in his work and deliberately left out the issue of end points.

And there are several reasons why he might have done this but two are pertinent,

1, Where is the end point?
2, How can you prevent an "end run" around it?

Back in the 90's I was trying to get across to people that the end point is never where it actualy should be which is "inside your head".

The problem is how do you know that something past the end point of the encrypted channel has not been subverted.

Back in 2000 with Win95 still being the predominant OS even security experts where having a real hard time accepting that IO drivers etc could be easily subverted. And an even harder time accepting that IO hardware could be likewise subverted. 10 years later however it is taken as read that any mutable component in an end system is fair game for attackers these days.

After looking at the issue on and off for a number of years prior to that I had concluded three things,

1, The end point really should be in the head.
2, All transactions (not sessions) should be authenticated.
3, The human brain was not equipped to do it.

Thus I looked at a way of putting the end point on the other side of the human brain.

That is the human became part of the communications channel and the end point was an "out of band" "side channel" most easily done by a token.

This brought forward a number off issues,

1, The token must be effectively immutable.
2, The token must be fully independent of the primary communications channel.
3, The token must be always available.
4, The token must be easy to use.

My original idea due to all of the above (plus some other considerations) was to use "call back" on a mobile phone where the banks IVR system would call you back and read out to you what you had typed in to be authenticated and if you said yes would give you a confirmation number to type in at the PC.

I built a working prototype which worked as advertised however in the early part of 97 it became clear that the IVR systems where not a solution that was going to be taken up.

So the second design used the Mobile Network Short Message Service and again worked in the prototype. However a limited trial in 97 showed there where issues to do with SMS being a secondary service on the networks and thus not a reliable or timely service.

And due to issues with smart phones I would advise anybody thinking about using mobile phones as side channel tokens to walk away you are entering a world of hurt (as some banks are starting to find out).

In late 97 early 98 I switched my attention to "key ring" tokens as these where becoming usable (think credit card sized calculator) and reasonably affordable (sub 10USD).

These however had an issue in that they involved way to much typing by the user.

By the end of 98 I had started developing a system using "OCR Proof" graphics which looked like it might significantly reduce the user entry problems. But as we now know attackers out source the problem to China and other countries where people will do the conversion for a few cents in real time no questions asked.

Thus the problem remains any end point not in or on the other side of the human is going to be a vulnerable end point. The human limitations appear to limit the viability of moving the end point to their brain or beyond...

Posted by Clive Robinson at August 10, 2010 07:32 AM

@Clive

Shannon describes in his seminal paper "A Mathematical Theory of Communication" [1948 Bell Systems Technical Journal 22 pp379-423], a "channel" as (p381), quoting:

"3. The /channel/ is merely the medium used to transmit the signal from transmitter to receiver. It may be a pair of wires, a coaxial cable, a band of radio frequencies, a beam of light, etc."

This description of channel is broad enough to capture anything between the transmitter and /a/ receiver.

Also note that Shannon states that the information measure of a message is determined by the messages possibly sent by the sender. In the information measure or "entropy" of a message the information available at a receiver's side doesn't play any role whatsoever. No concept of an "endpoint" there.

Moreover, in his paper "Communication Theory of Secrecy Systems" [same journal July 1948, p379], Shannon writes "/Perfect Secrecy/" is defined by requiring of a system that after a cryptogram is intercepted by the enemy the /a posteriori/ probabilities of this cryptogram representing various messages be identical the same as the /a priori/ probabilities of the same messages before the interception."

Again, only the "nature" of the transmitter determines the information measure of the messages sent.

If information at a node can be accessed, in principle or practically, that in itself constitutes a channel by Shannon's definition!

This means that the rather narrow interpretation of a channel you describe doesn't fit with the generalised and abstract notion of a channel as defined by Shannon and doesn't do justice to his theory.

I my opinion the problem you so eloquently describe is not about endpoints or channels, but about a crypto system attaining perfect secrecy or failing to do so.

A crypto system with perfect secrecy, by definition, defies myriads of parallel and simultanuous enemies. But if the message is of a finite length, there is a finite possibility that one of those enemies guesses the plain text message in a finite amount of time. But does that enemy then "know" the plain text message? Guessing a solution "THE ENEMY ATTACKS AT DOWN" is under perfect secrecy as probable as "ROMEO LOVES JULIA". It reminds me of Jorge Louis Borge's parable of "The Library of Babel".

Posted by Twan at August 13, 2010 05:03 PM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x55a9d0909a08) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.