1 ao 8/03 university of minnesota 1 ao 8/03 university of minnesota providing security with insecure...
TRANSCRIPT
1AO 8/03 University of Minnesota
1AO 8/03 University of Minnesota
Providing securitywith insecure systems
Andrew OdlyzkoSchool of Mathematics and Digital Technology CenterUniversity of Minnesota
http://www.dtc.umn.edu/~odlyzko
2AO 8/03 University of Minnesota
• Basic question: What is the role of cryptography and security in society?– Why haven’t cryptography and security lived up to their
promise?– Is the future going to be any better?
• Main points: – Strong economic, social, and psychological reasons for
insecurity – Chewing gum and baling wire will continue to rule – Not absolute security but “speed bumps” – New design philosophy and new research directions
Motivation and Outline:
3AO 8/03 University of Minnesota
3
Half a century of evidence:
•People cannot build secure systems
•People cannot live with secure systems
4AO 8/03 University of Minnesota
Honor System Virus:
This virus works on the honor system.
Please forward this message to everyone you know and then delete all the files on your hard disk.
Thank you for your cooperation.
5AO 8/03 University of Minnesota
Major problem with secure systems:
• secretaries could not forge their bosses’ signatures
6AO 8/03 University of Minnesota
6
Proposed solution:
•Build messy, not clean
•(Lessons from past and now)
•(Related to “defense in depth,” “resilience.” …)
7AO 8/03 University of Minnesota
7
The dog that did not bark:
• Cyberspace is horribly insecure
• But no big disasters!!!
8AO 8/03 University of Minnesota
8
The Big Question:
•Why have we done so well in spite of insecurity?
•Will this continue?
•What can we learn?
9AO 8/03 University of Minnesota
Key point:
• security is not the goal, just an enabler
10AO 8/03 University of Minnesota
Civilian Cryptography of last 30 years:
• huge intellectual achievements, based on (and providing stimulus for) mathematics:
– integer factorization
– lattice basis reduction
– probability
– elliptic and hyperelliptic curves
– algebra
– …
• limited by human nature
11AO 8/03 University of Minnesota
Security pyramid:
algorithms
protocols
systems
users
12AO 8/03 University of Minnesota
Human vulnerabilities:
• Nigerian 419 scam
• “social engineering”
• ...
13AO 8/03 University of Minnesota
13
More general puzzle: Prosperity and appalling innumeracy
•confusing millions with billions
•most spreadsheets flawed
•peer-reviewed papers with incorrect statistical reasoning
14AO 8/03 University of Minnesota
Do not expect improvement: teaching people about security won’t help:
• growth in ranks of users of high tech
• proliferation of systems and devices
Improvements in usability of individual systems and devices to be counteracted by growth in general complexity
15AO 8/03 University of Minnesota
1980s: the “Golden Age” of civilian cryptography and security
16AO 8/03 University of Minnesota
1980s: the “Golden Age” of civilian cryptography and security
But also:
the “Golden Age” of fax, including fax signatures
17AO 8/03 University of Minnesota
1980s: the “Golden Age” of civilian cryptography and security
But also:
the “Golden Age” of fax, including fax signatures
Now : deposits of scanned, emailed checks!
18AO 8/03 University of Minnesota
Why does a fax signature work?
• Hard to do serious damage with a single forged fax• Fax usually just one of many elements of an
interaction (involving heterogeneous elements, such as phone calls, emails, personal meetings, ...)
The role of a fax signature has to be viewed in the context of the entire transaction. (And it is not used for definitive versions of large contracts, ...)
19AO 8/03 University of Minnesota
Search for definition of a digital signature hampered by lack of definition of ordinary signature:
validity of ordinary signature depends on a variety of factors (such as age of signer, whether she was sober, whether she had a gun pointed at her head, whether the contract is allowed by law, ...)
20AO 8/03 University of Minnesota
20
Human space vs. cyberspace in technologists’ view:
•separate
•cyberspace a new world
•cyberspace to compensate for defects of human space
21AO 8/03 University of Minnesota
21
Cold dose of reality:
•human space and cyberspace intertwined
•human space compensates for defects of cyberspace
22AO 8/03 University of Minnesota
The role of cyberspace is increasing, and attacks and other action in cyberspace are faster and more far-reaching than in physical
• Partial Solutions: Speed bumps
• Example: e-voting– Untrustworthy electronic systems compensated
by printed record of vote
23AO 8/03 University of Minnesota
Quantifiable benefits of (incomplete) security:
24AO 8/03 University of Minnesota
Advantages of messy: April 20, 2010 story about Apple
• Apple claim: “jailbreaking iPhone OS major source of instabilities, disruption of service”
• Does Apple want clean, modular OS?
• (incentives, incentives, …)
25AO 8/03 University of Minnesota
If you can barely keep your system running:
– how useful will it be to your opponent?
26AO 8/03 University of Minnesota
26
Contrarian lessons for the future:
• learn from spammers, phishers,
•build messy and not clean– create web of ties to other systems– permanent records
27AO 8/03 University of Minnesota
Speed of light vs. effective speed of change• "Internet time" a key misleading myth of the
bubble
• diffusion of information (even security holes) not instantaneous
• "hiding in plain sight"
28AO 8/03 University of Minnesota
28
Contrarian lessons for the future(cont’d, in detail):
• security through obscurity
• code obfuscation, “spaghetti code,”
• “least expressive languages”
• rely on bad guys’ human failings
• law and lawyers
29AO 8/03 University of Minnesota
29
Further data, discussions, and speculations in papers and
presentation decks at:
http://www.dtc.umn.edu/~odlyzko