Pages

20170224

"Secrets & Lies" by Bruce Schneier

  • Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, palpable security that you or I might find useful in our lives, involves people: things people know, relationships between people, people and how they relate to machines. Digital security involves computers: complex, unstable, buggy computers.
  • Security is a chain; it’s only as secure as the weakest link.
  • Security is a process, not a product.
  • Any real-world system is a complicated series of interconnections. Security must permeate the system: its components and connections.
  • This book argues that in order to understand the security of a system, you need to look at the entire system--and not at any particular technologies.
  • computers interact to form networks, and networks interact to form even larger networks, and...you get the idea.
  • Once you start conceptualizing systems, it’s possible to design and build on a more complex scale.
  • Machines are simple: a hammer, a door hinge, a steak knife. Systems are much more complicated; they have components, feedback loops, mean times between failure, infrastructure.
  • Second, systems interact with each other, forming even larger systems.
  • The Internet has intertwined itself with almost every major system in our society
  • Third, systems have emergent properties. In other words, they do things that are not anticipated by the users or designers.
  • And fourth, systems have bugs. A bug is a particular kind of failure. It’s an emergent property of a system, one that is not desirable.
  • Bugs are unique to systems. Machines can break, or fail, or not work, but only a system can have a bug.
  • Theory works best in ideal conditions and laboratory settings.
  • Real-world systems don’t lend themselves to theoretical solutions; thinking they do is old-school reductionist.
  • Digital security tends to rely wholly on prevention: cryptography, firewalls, and so forth. There’s generally no detection, and there’s almost never any response or auditing.
  • Security is never black and white, and context matters more than technology.
  • People are, on the whole, honest; they generally adhere to an implicit social contract. The general lawfulness in our society is high; that’s why it works so well.
  • Cyberspace crime includes everything you’d expect from the physical world: theft, racketeering, vandalism, voyeurism, exploitation, extortion, con games, fraud. There is even the threat of physical harm: cyber stalking, attacks against the air traffic control system, etc.
  • Where there’s money, there are criminals.
  • In the United States, persona data do not belong to the person whom the data are about, they belong to the organization that collected it.
  • Wherever data can be exploited, someone will try it, computers or no computers.
  • Nothing in cyberspace is new.
  • Automation is an attacker’s friend.
  • Computers excel at dull, repetitive tasks.
  • There’s the so-called salami attack of stealing the fractions of pennies, one slice at a time, from everyone’s interest-bearing accounts; this is a beautiful example of something that just would not have been possible without computers.
  • Fast automation makes attacks with a minimal rate of return profitable. Attacks that were just too marginal to notice in the physical world can quickly become a major threat in the digital world.
  • Credit card databases have a mind-boggling amount of information about individuals’ spending habits: where they shop, where they eat, what kind of vacations they take--it’s all there for the taking.
  • The news here is not that the data are out there, but how easily they can be collected, used, and abused.
  • As technology pundits like to point out, the Internet has no borders or natural boundaries. Every two points are adjacent, whether they are across the hall or across the planet.
  • Since on the Internet every computer is equidistant from every other computer, you have to worry about all the criminals in the world.
  • The third difference is the ease with which successful techniques can propagate through cyberspace.
  • The Internet is also a perfect medium for propagating successful attack tools. Only the first attacker has to be skilled; everyone else can use his software.
  • Computer-based attacks mean that criminals don’t need skill to succeed.
  • Fraud has been attempted against every commerce system ever invented.
  • In fact, a hacker with the right combination of skills and morals could probably take down the Internet.
  • Digital content has no magic immunity from counterfeiters. In fact, it’s unique in that it can be copied perfectly.
  • It’s far easier, and can be much more profitable, to get a bunch of credit cards in someone else’s name, run up large bills, and then disappear. It’s called identity theft, and it’s a high-growth area of crime.
  • Users look at brands, and they return to the sites they trust. A brand has real value, and it’s worth stealing.
  • Eventually, people will realize that it doesn’t make sense to write laws that are specific to a technology. Fraud is fraud, whether it takes place over the U.S. mail, the telephone, or the Internet. A crime is no more or less of a crime if cryptography is involved.
  • Good laws are written to be independent of technology.
  • There are two types of privacy violations--target attacks and data harvesting--and they are fundamentally different. In a target attack, an attacker wants to know about Alice. Data harvesting is the other type of privacy violation. This attack harnesses the power of correlation.
  • Data harvesting is worthwhile only because it can be automated; it makes no sense to sort through an entire neighborhood's trash cans to cull a demographic.
  • Invisible identification tags are printed on virtually all color xerographic output, from all of the manufacturers.
  • The surveillance infrastructure is being installed in our country under the guise of “customer service.”
  • Individual privacy is being eroded from a variety of directions. Most of the time, the erosions are small, and no one kicks up a fuss. But less and less privacy is available, and most people are completely oblivious of it.
  • Traffic analysis is the study of communication patterns. Not the content of the messages themselves, but characteristics about them.
  • Often the patterns of communication are just as important as the contents of communication.
  • ECHELON is a code word for an automated global interception system operated by the intelligence agencies of the United States, the United Kingdom, Canada, Australia, and New Zealand, and led by the National Security Agency (NSA).
  • Surveillance data is only useful when it is distilled to a form that people can understand and act upon.
  • One last note: In a world where most communications are unencrypted, encrypted communications are probably routinely recorded. The mere indication that the conversers do not want to be overheard would be enough to raise an alarm.
  • Many companies ignore security vulnerabilities unless they are made public.
  • Many alarms have a heartbeat back to the monitoring station, and call the police if the signal is interrupted.
  • One of the characteristics of denial-of-service attacks is that low-tech is often better than high-tech: Blowing up a computer center works much better than exploiting a Windows 2000 vulnerability.
  • The adversaries are the same as they are in the physical world: common criminals looking for financial gain, industrial spies looking for a competitive advantage, hackers looking for secret knowledge, military-intelligence agencies looking for, well, military intelligence.
  • I define a hacker as an individual who experiments with the limitations of systems for intellectual curiosity or sheer pleasure; the word describes a person with a particular set of skills and not a particular set of morals.
  • Hackers are as old as curiosity, although the term itself is modern.
  • Today’s computer hackers are stereotypically young (twenty-something and younger), male, and socially on the fringe. They have their own counterculture: hacker names or handles, lingo, rules. And like any subculture, only a small percentage of hackers are actually smart. The real hackers have an understanding of technology at a basic level, and are driven by a desire to understand. The rest are talentless poseurs and hangers-on, either completely inept or basic criminals. Sometimes they’re called lamers or script kiddies.
  • The problem starts with the hackers who write hacking tools. These are programs--sometimes called exploited-that automate the process of breaking into systems.
  • Once an exploit is written and made available, any wannabe hacker can download it and attack computers on the Internet.
  • A fine line exists between writing ode to demonstrate research and publishing attack tools; between hacking for good and hacking as a criminal activity.
  • Insiders can be impossible to stop because they’re the exact same people you’re forced to trust.
  • Most computer security measures--firewalls, intrusion detection systems, and so on--try to deal with the external attacker, but are pretty much powerless against insiders.
  • The line where investigative techniques stop being legal and start being illegal is where competitive intelligence stops and industrial espionage starts.
  • Industrial espionage attacks have precise motivations: to gain an advantage over the competition by stealing competitor's’ trade secrets.
  • Even if stealing a rival's technology costs you half a million dollars, it could be one-tenth the cost of developing the technology yourself.
  • Organized crime’s core competencies haven’t changed much this century: drugs, prostitution, loan sharking, extortion, fraud, and gambling.
  • One person’s terrorist is another person’s freedom fighter.
  • There are actually very few terrorists. Their attacks are acts of war more than anything else, and probably should be in the “infowarrior” category. And since terrorists generally consider themselves to be personally in a state of war, they have a very high risk-tolerance.
  • A major national intelligence organization is the most formidable adversary around.
  • National intelligence is based on gathering information that the country should not know.
  • If the adversary learns what the intelligence organization knows, some of the benefit of that knowledge is lost.
  • An infowarrior is a military adversary who tries to undermine his target’s ability to wage war by attacking the information or network infrastructure.
  • More and more, commercial computer systems are being used for military applications. This means that all of the vulnerabilities and attacks that work against commercial computers may work against militaries.
  • But when push comes to shove and work needs to get done, security is the first thing that gets thrown out the window.
  • In the United States, individuals don’t own the data about themselves.
  • It’s impossible to tell everyone in the United States a secret without it leaking to the government of China. Therefore, if the United States wants to keep a secret from the Chinese, it has to keep it a secret from almost all Americans as well.
  • People don’t want their personal pasts made public.
  • The CIA mandates that the identities of spies remain secret until the spy is dead and all the spy’s children are dead.
  • In the U.S. military, data is either Unclassified, Confidential, Secret, or Top Secret. Rules govern what kind of data falls into what classification, and different classifications have different rules for storage, dissemination, and so forth.
  • Data at the Top Secret level or above is sometimes divided by topic, or compartment. The designation “TS/SCI,” for “Top Secret/Special Compartmented Intelligence,” indicates these documents. Each compartment has a codeword.
  • These compartments are a formal codification of the notion of “need to know.” Just because someone has a certain level clearance doesn’t mean he automatically gets to see every piece of data at that clearance level. He only gets to see that data he needs to know to do his job.
  • Security in the real world doesn’t fit into little hierarchical boxes.
  • There are two different types of anonymity. The first is complete anonymity. The person initiating the communication is completely anonymous: No one can figure out who it is, and more importantly, if the person initiates another communication, the recipient doesn’t know it came from the same person.
  • The second type of anonymity is more properly called pseudo anonymity. It’s anonymous in that no one knows who you are, but it is possible to link different communications from the same pseudonym.
  • Both types of anonymity are hard in cyberspace, because so much of the infrastructure is identifying.
  • Superficial anonymity is easy, but true anonymity is probably not possible on today’s Internet.
  • Anonymity is more expensive because extra risks are associated with an anonymous system.
  • Computerized patient data is bad for privacy. But it’s good for just about everything else, so it’s inevitable.
  • The government, and the FBI in particular, likes to paint privacy (and the systems that achieve it) as a flagitious tool of the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, money launderers, and child pornographers.
  • Export laws limit what kind of encryption U.S. companies can export.
  • A balance exists between privacy and safety. Laws about search and seizure and due process hinder law enforcement, and probably result in some criminals going free. On the other hand, they protect citizens against abuse by the police.
  • Privacy is the first thing jettisoned in a crises, and already the FBI is trying to manufacture crises in an attempt to seize more powers to invade privacy.
  • Authentication is about the continuity of relationships, knowing who to trust and who not to trust, making sense of a complex world.
  • When thinking about authentication, keep in mind these two different types. The first one is session authentication. The other is transaction authentication.
  • Integrity isn’t concerned with the origin of the data--who created it, when, or how--but whether it has been modified since its creation.
  • Accuracy has to do with a datum’s correspondence to the flesh-and-blood world; integrity is about a datum’s relation to itself over time.
  • In the physical world, people use the physical instantiation of an object as proof of integrity.
  • Information is power.
  • Throughout human history, we’ve used context to verify integrity; the electronic world has no context.
  • Audit is vital wherever security is taken seriously.
  • Audit is there so that you can detect a successful attack, figure out what happened after the fact, and then prove it in court.
  • Traditionally, fraud prevention has been reactive.
  • This notion of fixing a security flaw after it becomes a problem won’t work on the Internet.
  • It’s not enough to react to fraud after it’s been demonstrated to work; we have to be proactive and deal with fraud before it happens.
  • Security is a process, not a product.
  • The main idea behind cryptography is that a group of people can use private knowledge to keep written messages secret from everyone else.
  • Even today, the National Security Agency (NSA) is the single largest consumer of computer hardware and the single largest employer of mathematicians in the world.
  • Algorithms, like locks, can be standardized.
  • The public nature of the algorithm doesn’t affect security, because each different group of users chooses its own secret key.
  • These algorithms are called symmetric because the sender and receiver must share the same key. The key is a string of random bits of some length.
  • Common algorithms are DES and triple-DES, RC4 and RC5, IDEA, and Blowfish.
  • The problem is distributing the keys. For this system to work, Alice and Bob need to agree on a secret key before exchanging any secret messages.
  • And assuming you want pairwise security, the number of keys needed grows with the square of the number of users.
  • Alice and Bob need to keep their keys secret until they need to talk with one another and they need to make sure that no one gets their keys, either before they use them, while they are using them, or after they have used them.
  • If an attacker can take a ciphertext message and recover the plaintext, this is called a ciphertext-only attack.
  • A known-plaintext attack is more likely: The analyst has a copy of the plaintext and the ciphertext, and can then recover the key.
  • Probable known plaintexts are also called cribs.
  • Even more powerful is a chosen-plaintext attack. Here the analyst gets to chose the message that will be encrypted. Then she gets the encrypted message and recovers the key.
  • If an algorithm is used in products, it will be reverse engineered.
  • It is good design to assume the enemy knows the details of your algorithm, because eventually they will.
  • There is no secrecy in the algorithm, it’s all in the key.
  • For a standard English message, the unicity distance is K/6.8 characters, where K is the key length in bits.
  • You can think of a MAC as a tamper proof coating on a message.
  • One-way hash functions are like digital fingerprints: small pieces of data that can serve to identify much larger digital objects. They are public functions; no secret keys are involved.
  • Given two prime numbers, it’s easy to multiply them together to find the product. But given a single product, it can be impracticable to factor the number and recover the two factors.
  • For now, I just want to point out that no one uses public key encryption to encrypt messages. All operational systems use a hybrid approach that uses both kinds of cryptography. The reason is performance. What Alice really does, when she wants to send a message to Bob, is to use a symmetric algorithm to encrypt the message with a random key that she creates out of thin air (called a session key). She encrypts the random key with Bob’s public key, and then sends both the encrypted key and the encrypted message to Bob. When Bob receives the encrypted message and key, he does the reverse. He uses his private key to decrypt the random symmetric key, and then uses the random symmetric key to decrypt the message.
  • Nobody uses public-key cryptography to directly encrypt messages. Everyone uses this hybrid approach.
  • Like public-key encryption, digital signatures use a pair of keys, the public key and the private key. You still can’t derive one key from the other. But this time we’re going to reverse them.
  • Digital signatures can be used to convince a third party, which solves the non repudiation problem: Alice cannot send a message to Bob, and then later deny ever sending it.
  • Random numbers are the least-talked-about cryptographic primitive, but are no less important than the others. Almost every computer security system that uses cryptography needs random numbers--for keys, unique values in protocols, and so on--and the security of those systems is often dependent on the randomness of those random numbers. If the random number generator is insecure, the entire system breaks.
  • What we really need out of a random number generator is not that the numbers be truly random, but that they be unpredictable and irreproducible. If we can get those two things, we can get security.
  • One of the easiest ways to compare cryptographic algorithms is key length.
  • A short key is bad, but a long key is not automatically good.
  • If the key is n bits long, then there are 2^N possible keys.
  • On the average, a computer would have to try about half the possible keys before finding the correct one.
  • All of these brute-force cracks scale linearly; twice the computers can try twice the number of keys. But the difficulty of a brute-force crack is exponential with respect to the key length: Add one key bit, and a brute-force crack is twice as hard.
  • The nice thing about brute-force attacks is that they work against any algorithm.
  • Hash functions should have a length equal to twice the key length in the table.
  • Cryptography is a branch of mathematics. Mathematics is theoretical; mathematics is logical.
  • Security is rooted in the physical world. The physical world is not logical. It is not orderly
  • No matter how good the cryptographic theory is, when it is used in a system, it intersects with practice.
  • Despite what I said last chapter, key length has almost nothing to do with security.
  • Entropy is a measure of disorder; or, more specifically in the context of cryptography, it is a measure of uncertainty. The more uncertain something is, the more entropy in that thing.
  • Just because an algorithm accepts 128-bit keys does not mean it has 128 bits of entropy in the key.
  • The “128 bits” is simply a measure of the maximum amount of work required to break the algorithm and recover the key; it says nothing about the minimum.
  • You see, a smart brute-force password-cracking engine isn’t going to try every possible key in order. It’s going to try the most likely ones first, and then try the rest in some likelihood order. This is called a dictionary attack.
  • One-time pads are the simplest of all algorithms, and were invented early on in the 20th century. The basic idea is that you have a pad of key letters. You add one key letter to each plaintext letter, and never repeat the key letters. (That’s the “one-time” part.) This system works with any alphabet, including a binary one. And it’s the only provably secure algorithm we’ve got. It’s also pretty much useless. Because the key has to be as long as the message, it doesn’t solve the security problem.
  • Any product that claims to use a one-time pad is almost certainly lying. And if they’re not, the product is almost certainly unusable and/or insecure.
  • The six tools I discussed in the previous chapter--symmetric encryption, message authentication codes, public-key encryption, one-way hash functions, digital signature schemes, and random number generators--comprise the cryptographer’s toolbox.
  • A protocol is nothing more than a dance. It’s a series of predetermined steps, completed by two or more people, designed to complete a task.
  • Everyone involved in the protocol must know the steps.
  • The Internet is insecure, so cryptography is needed to secure it. Hence, you’re seeing cryptographic protocols stapled onto almost every Internet protocol.
  • Just as there are different attacks against algorithms, there are different attacks against protocols. The simplest are passive attacks: Just listen to the protocol going by, and see what you can learn. Often, you can learn a lot by eavesdropping.
  • In a military setting, for example, you can learn a lot from traffic analysis: who talks to whom, at what time, and for how long.
  • More complex attacks are known as active attacks: inserting, deleting, and changing messages. These can be much more powerful.
  • One powerful attack is the man-in-the-middle attack.
  • Security is hard; while you can show that a particular algorithm is weak, you can’t show that one algorithm you don’t know how to break is more secure than another.
  • The problem is this: Anyone, no matter how unskilled, can design a cryptographic primitive that he himself cannot break. This is an important point.
  • There’s no way to prove the security of a primitive; it’s only possible to either demonstrate insecurity or fail trying. This is called proving the null hypothesis. The best any security company can say is: “I don’t know how to break this algorithm/protocol/whatever, and neither does anyone else.”
  • Anyone who creates his or her own cryptographic primitive is either a genius or a fool. Given the genius/foot ratio for our species, the odds aren’t very good.
  • Public primitives are designed to be secure even though they are public; that’s how they’re made. So there’s no risk in making them public. If a primitive is only secure if it remains secret, then it will only be secure until someone reverse engineers and publishes it.
  • In cryptography, security comes from following the crowd.
  • By following the crowd, you can leverage the cryptanalytic expertise of the worldwide community, not just a few weeks of some unnoteworthy analyst's time.
  • It’s hard enough making string cryptography work in a new system; it’s just plain lunacy to use new cryptography when viable, long-studied alternatives exist.
  • Historically, computer security has three aspects: confidentiality, integrity, and availability.
  • Confidentiality is not much more than the privacy we talked about in Chapter 5. Computer security has to stop unauthorized users from reading sensitive information.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)