Providing security
with insecure systems
Andrew Odlyzko
School of Mathematics and
Digital Technology Center
University of Minnesota
http://www.dtc.umn.edu/~odlyzko
1
AO 8/03
University of Minnesota
Motivation and Outline:
• Basic question: What is the role of cryptography
and security in society?
– Why haven’t cryptography and security lived up to their
promise?
– Is the future going to be any better?
• Main points:
– Strong economic, social, and psychological reasons for
insecurity
– Chewing gum and baling wire will continue to rule
– Not absolute security but “speed bumps”
– New design philosophy and new research directions
2
AO 8/03
University of Minnesota
Half a century of evidence:
•People cannot build secure
systems
•People cannot live with secure
systems
3
AO 8/03
3
University of Minnesota
Honor System Virus:
This virus works on the honor system.
Please forward this message to
everyone you know and then delete all
the files on your hard disk.
Thank you for your cooperation.
4
AO 8/03
University of Minnesota
Major problem with
secure systems:
•
secretaries could not forge
their bosses’ signatures
5
AO 8/03
University of Minnesota
Proposed solution:
•Build messy, not clean
•(Lessons from past and now)
•(Related to “defense in depth,”
“resilience.” …)
6
AO 8/03
6
University of Minnesota
The dog that did not bark:
• Cyberspace is horribly insecure
• But no big disasters!!!
7
AO 8/03
7
University of Minnesota
The Big Question:
•Why have we done so well in
spite of insecurity?
•Will this continue?
•What can we learn?
8
AO 8/03
8
University of Minnesota
Key point:
•
security is not the goal, just
an enabler
9
AO 8/03
University of Minnesota
Civilian Cryptography of last 30 years:
• huge intellectual achievements, based on (and
providing stimulus for) mathematics:
– integer factorization
– lattice basis reduction
– probability
– elliptic and hyperelliptic curves
– algebra
– …
• limited by human nature
10
AO 8/03
University of Minnesota
Security pyramid:
users
systems
protocols
algorithms
11
AO 8/03
University of Minnesota
Human vulnerabilities:
• Nigerian 419 scam
• “social engineering”
• ...
12
AO 8/03
University of Minnesota
More general puzzle: Prosperity
and appalling innumeracy
• confusing millions with billions
• most spreadsheets flawed
• peer-reviewed papers with
incorrect statistical reasoning
13
AO 8/03
13
University of Minnesota
Do not expect improvement: teaching
people about security won’t help:
• growth in ranks of users of high tech
• proliferation of systems and devices
Improvements in usability of individual
systems and devices to be counteracted
by growth in general complexity
14
AO 8/03
University of Minnesota
1980s: the “Golden
Age” of civilian
cryptography and
security
15
AO 8/03
University of Minnesota
1980s: the “Golden Age” of
civilian cryptography and security
But also:
the “Golden Age” of fax,
including fax signatures
16
AO 8/03
University of Minnesota
1980s: the “Golden Age” of
civilian cryptography and security
But also:
the “Golden Age” of fax, including
fax signatures
Now : deposits of scanned,
emailed checks!
17
AO 8/03
University of Minnesota
Why does a fax signature work?
• Hard to do serious damage with a single forged fax
• Fax usually just one of many elements of an
interaction (involving heterogeneous elements, such
as phone calls, emails, personal meetings, ...)
The role of a fax signature has to be viewed in the
context of the entire transaction. (And it is not used
for definitive versions of large contracts, ...)
18
AO 8/03
University of Minnesota
Search for definition of a digital
signature hampered by lack of
definition of ordinary signature:
validity of ordinary signature depends on a
variety of factors (such as age of signer,
whether she was sober, whether she had a gun
pointed at her head, whether the contract is
allowed by law, ...)
19
AO 8/03
University of Minnesota
Human space vs. cyberspace
in technologists’ view:
• separate
• cyberspace a new world
• cyberspace to compensate for
defects of human space
20
AO 8/03
20
University of Minnesota
Cold dose of reality:
•human space and cyberspace
intertwined
•human space compensates
for defects of cyberspace
21
AO 8/03
21
University of Minnesota
The role of cyberspace is increasing, and
attacks and other action in cyberspace are
faster and more far-reaching than in physical
• Partial Solutions: Speed bumps
• Example: e-voting
– Untrustworthy electronic systems compensated
by printed record of vote
22
AO 8/03
University of Minnesota
Quantifiable benefits of (incomplete) security:
23
AO 8/03
University of Minnesota
Advantages of messy: April 20,
2010 story about Apple
• Apple claim: “jailbreaking iPhone OS major
source of instabilities, disruption of service”
• Does Apple want clean, modular OS?
• (incentives, incentives, …)
24
AO 8/03
University of Minnesota
If you can barely keep
your system running:
–
how useful will it be to your
opponent?
25
AO 8/03
University of Minnesota
Contrarian lessons for the
future:
• learn from spammers, phishers,

• build messy and not clean
– create web of ties to other systems
– permanent records
26
AO 8/03
26
University of Minnesota
Speed of light vs. effective
speed of change
• "Internet time" a key misleading myth of the
bubble
• diffusion of information (even security holes)
not instantaneous
• "hiding in plain sight"
27
AO 8/03
University of Minnesota
Contrarian lessons for the future
(cont’d, in detail):
• security through obscurity
• code obfuscation, “spaghetti code,” 
• “least expressive languages”
• rely on bad guys’ human failings
• law and lawyers
28
AO 8/03
28
University of Minnesota
Further data, discussions, and
speculations in papers and
presentation decks at:
http://www.dtc.umn.edu/~odlyzko
29
AO 8/03
29
University of Minnesota
Descargar

Document