On the question of "improving systems," Jake works on Tor, which is a much more improvement-worthy system.
Posted by Adam at September 17, 2010 10:22 AM@ Iang,
With regards Adi Shamir's three rules,
1, Absolutely secure systems do not exist.
2, To halve your vulnerability, you have to double your expenditure.
3, Cryptography is typically bypassed, not penetrated.
I've never been very happy with them as anything other than a sound byte.
The first rule is a little trite, because "absolute" is unbounded. It's like saying a finite universe imposes no limitations...
Another way of looking at Adi's 2nd rule is as 1/(1-x) where x is the normalised value of your degree towards 100% or Absolute security. Thus it holds with his first rule.
But apart from my previous objection to the first rule I have a real objection to the second rule because it can be shown to be a poor assumption.
The vulnerability of a system increases with the number of attack vectors which rises with the number of interactions between the parts (ie complexity) of the system not the number of it's component parts.
At it's simplest the cost increase in systems is often better equated by the increase of complexity in a system which at the lower bound tends to be a half N^2-N but is often a more significant power law.
So if you add one more component the vulnerabiliy does not rise by 1 but the number of the existing components in the system, unless you excercise skill in segregating components through controled choke points etc to limit the complexity (which is one of the main ways EmSec / TEMPEST gets around the side channel issue with "clock the inputs and outputs").
As for his third rule it's the principle of low hanging fruit and it applies to the whole system not just the crypto algorithm.
Code cutters assume from this third rule that one AES implementation is the same as any other except in terms of performance and thus the code does not require further scrutiny.
But the rule glibly deals only with the abstract algorithm and ignores the very real issue of implementation of the algorithm. This blinds code cutters to the dangers of side channels which is where the best attack vectors are in existing systems.
The way to higher asurance systems is by managing complexity correctly in all parts of a system. The methods to achieving this are similar in ethos to that of increasing system availability. And although it has been known for many years to the likes of hardware and safety system engineers, it does not appear to be a concept known to many software system designers and code cutters (or for that matter a large number of security gurus).
Sadly it appears from their recent conferance in Orlando that the NSA are pandering to this view point and ignoring the work of their own alumni such as Brian Snow.
Posted by Clive Robinson at September 18, 2010 12:50 PM