Providing security with insecure systems

Size: px

Start display at page:

Download "Providing security with insecure systems"

Beverly Campbell
8 years ago
Views:

1 Providing security with insecure systems Andrew Odlyzko School of Mathematics and Digital Technology Center 1

2 Motivation and Outline: Basic question: What is the role of cryptography and security in society? Why haven t cryptography and security lived up to their promise? Is the future going to be any better? Main points: Strong economic, social, and psychological reasons for insecurity Chewing gum and baling wire will continue to rule Not absolute security but speed bumps New design philosophy and new research directions 2

Main points: Strong economic, social, and psychological reasons for insecurity Chewing gum and baling

3 Security pyramid: users systems protocols algorithms 3

4 Half a century of evidence: People cannot build secure systems People cannot live with secure systems 4 4

5 Honor System Virus: This virus works on the honor system. Please forward this message to everyone you know and then delete all the files on your hard disk. Thank you for your cooperation. 5

6 Major problem with secure systems: secretaries could not forge their bosses signatures 6

7 Proposed solution: Build messy, not clean (Lessons from past and now) (Related to defense in depth, resilience. ) 7 7

8 The dog that did not bark: Cyberspace is horribly insecure But no big disasters!!! 8 8

9 The Big Question: Why have we done so well in spite of insecurity? Will this continue? What can we learn? 9 9

10 Key point: security is not the goal, just an enabler 10

11 Civilian Cryptography of last 30 years: huge intellectual achievements, based on (and providing stimulus for) mathematics: integer factorization lattice basis reduction probability elliptic and hyperelliptic curves algebra limited by human nature 11

mathematics: integer factorization lattice basis reduction

12 Human vulnerabilities: Nigerian 419 scam social engineering... 12

13 More general puzzle: Prosperity and appalling innumeracy confusing millions with billions most spreadsheets flawed peer-reviewed papers with incorrect statistical reasoning 13 13

14 Do not expect improvement: teaching people about security won t help: growth in ranks of users of high tech proliferation of systems and devices Improvements in usability of individual systems and devices to be counteracted by growth in general complexity 14

systems and devices Improvements in usability of individual

15 1980s: the Golden Age of civilian cryptography and security 15

16 1980s: the Golden Age of civilian cryptography and security But also: the Golden Age of fax, including fax signatures 16

17 1980s: the Golden Age of civilian cryptography and security But also: the Golden Age of fax, including fax signatures Now : deposits of scanned, ed checks! 17

18 Why does a fax signature work? Hard to do serious damage with a single forged fax Fax usually just one of many elements of an interaction (involving heterogeneous elements, such as phone calls, s, personal meetings,...) The role of a fax signature has to be viewed in the context of the entire transaction. (And it is not used for definitive versions of large contracts,...) 18

interaction (involving heterogeneous elements, such as phone calls, emails, personal meetings,.

19 Search for definition of a digital signature hampered by lack of definition of ordinary signature: validity of ordinary signature depends on a variety of factors (such as age of signer, whether she was sober, whether she had a gun pointed at her head, whether the contract is allowed by law,...) 19

on a variety of factors (such as age of signer, whether she was sober,

20 Human space vs. cyberspace in technologists view: separate cyberspace a new world cyberspace to compensate for defects of human space 20 20

21 Cold dose of reality: human space and cyberspace intertwined human space compensates for defects of cyberspace 21 21

22 The role of cyberspace is increasing, and attacks and other action in cyberspace are faster and more far-reaching than in physical Partial Solutions: Speed bumps Example: e-voting Untrustworthy electronic systems compensated by printed record of vote 22

23 Quantifiable benefits of (incomplete) security: 23

24 Advantages of messy: April 20, 2010 story about Apple Apple claim: jailbreaking iphone OS major source of instabilities, disruption of service Does Apple want clean, modular OS? (incentives, incentives, ) 24

25 If you can barely keep your system running: how useful will it be to your opponent? 25

26 Contrarian lessons for the future: learn from spammers, phishers, build messy and not clean create web of ties to other systems permanent records 26 26

27 Speed of light vs. effective speed of change "Internet time" a key misleading myth of the bubble diffusion of information (even security holes) not instantaneous "hiding in plain sight" 27

28 Contrarian lessons for the future (cont d, in detail): security through obscurity code obfuscation, spaghetti code, least expressive languages rely on bad guys human failings law and lawyers 28 28

29 Further data, discussions, and speculations in papers and presentation decks at:

Cybersecurity and its limitations

Cybersecurity and its limitations Andrew Odlyzko Digital Technology Center http://www.dtc.umn.edu/~odlyzko Motivation and outline: Basic question: Why haven t cryptography and security lived up to their