“Cryptography can be used to secure my data. Therefore, if I use cryptography my data is secure.”
I think Bruce Schneier described it best (paraphrased): Cryptography is like having a really strong front door on your house… 2 foot thick steal, blast proof, the whole 9 yards. A thief isn’t going to try and break through your front door… they’ll just climb through a window!
Security is about the whole system; not just the crypto. xkcd summed it up nicely:
Update 7/22/2008: The issue may be more complex than it first looks (of course, the media always over-simplifies things). Click HERE to read an insider’s account of the situation.
Okay, THIS is funny because of the glaring security mistakes made by San Francisco’s Department of Technology (or Department of Ignorance, after this one). From the New York Times:
A disgruntled city computer engineer has virtually commandeered San Francisco’s new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail…
Prosecutors say Childs, who works in the Department of Technology… tampered with the city’s new FiberWAN (Wide Area Network), where records such as officials’ e-mails, city payroll files, confidential law enforcement documents and jail inmates’ bookings are stored.
Officials also said they feared that although Childs is in jail, he may have enabled a third party to access the system by telephone or other electronic device and order the destruction of hundreds of thousands of sensitive documents.
This is like security 101… you never give this much power to any single person. On critical systems like this, you always have check-and-balances, outside security code reviews, and strict audits. The S.F. DoT was basically driving around without insurance and got in an accident… I don’t feel sorry for them. It’s really sad how ignorant the world is about security (sigh).
There was an interesting article this last Friday at the New Scientist about how the contents of encrypted VOIP conversations could still be deduced via traffic analysis. The short version is that many spoken words have a signature to them even when they are encrypted. This signature is related to the size of the data packets used to represent the sound data. Many phonemes in a word have a distinct encoded data size… by analyzing the packet sizes you can deduce the phonemes and thus the spoken word.
This got me thinking I should write about the complex problem of securing a video stream. There are many aspects to securing a video stream: integrity, authenticity, and privacy being the most important. I’m not going to spend time talking about integrity and authenticity, because those are somewhat simpler problems to solve (integritiy = digital signatures, authenticity = digital certificates). The main focus of this post is about privacy; keeping an eavesdropper from deducing the contents of a video stream.
There’s a good article up on Microsoft TechNet about truths in computer security that never change. I’ve only listed the laws here, but the actual article has a good explanation of each one.
Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more.
Law #5: Weak passwords trump strong security.
Law #6: A computer is only as secure as the administrator is trustworthy.
Law #7: Encrypted data is only as secure as the decryption key.
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all.
Law #9: Absolute anonymity isn’t practical, in real life or on the Web.
Law #10: Technology is not a panacea.
Back when I worked at Intel in their System Software group, we were working on an embedded OS kernel that would run on the chipset and help provide firmware based security for the enterprise.This technology was called Active Management Technology (AMT). The OS was host to various embedded security applications that monitored and controlled the system. We were also working with another team that was developing a secure hypervisor that would provide an isolated environment for the user OS (like Windows, Linux, etc). All of this was designed to allow an enterprise IT department more control over its machines and help isolate malware infected computers from the network. It also allows IT to more easily manage and repair systems remotely. Click on the link above if you want to read more.
Anyways, a few months ago, Intel made this music video promoting the technology:
Researchers at IBM and Aesec Corp released a paper looking at Multics Operating System security and the penetration analysis that was done by the Air Force in the 1970′s. Multics received a B2 security rating from the NSA (A1 being the highest rating), which is a rating far above todays operating systems commonly in use (Windows NT is rated as C2). What’s interesting to me is that Multics (even after its security enhancements) was deemed unacceptable for systems in an open environments (i.e. being connected to a network like the Internet).
As the alarmism and hype about terrorism continues to be blown out of proportion, it’s nice to see scholars of political science laying out the facts. One such person is Ohio State University professor John Mueller; an expert in national security issues. I find this except from a review of his latest book “Overblown: How Politicians and the Terrorism Industry Inflate National Security Threats, and Why We Believe Them (2006)” to be very enlightening:
Mueller’s book is filled with statistics meant to put terrorism in context. For example, international terrorism annually causes the same number of deaths as drowning in bathtubs or bee stings. It would take a repeat of Sept. 11 every month of the year to make flying as dangerous as driving. Over a lifetime, the chance of being killed by a terrorist is about the same as being struck by a meteor. Mueller’s conclusions: An American’s risk of dying at the hands of a terrorist is microscopic. The likelihood of another Sept. 11-style attack is nearly nil because it would lack the element of surprise. America can easily absorb the damage from most conceivable attacks. And the suggestion that al Qaeda poses an existential threat to the United States is ridiculous. Mueller’s statistics and conclusions are jarring only because they so starkly contradict the widely disseminated and broadly accepted image of terrorism as an urgent and all-encompassing threat.
And here’s an appropriate comic to follow:
Here’s an interesting essay by Bruce Schneier discussing the psychology of security and how humans evaluate risk. It discusses many fascinating research studies regarding human decision making, and helps illuminate why people have a perception of security that is so different from the reality of security.