(612) 823-1098 bruce schneier · counterpane systems, 101 east minnehaha parkway, minneapolis, mn...
TRANSCRIPT
![Page 1: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/1.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 1
CRYPTOGRAPHY AND COMPUTER SECURITY :CURRENT TECHNOLOGY AND FUTURE TRENDS
Bruce [email protected]
http://www.counterpane.com
Counterpane Systems
101 East Minnehaha Parkway, Minneapolis, MN 55419
(612) 823-1098
Fax: (612) 823-1590
HOPE
9 August 1997
New York, NY
![Page 2: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/2.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 2
INTRODUCTION
![Page 3: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/3.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 3
Cryptography can do some really cool stuff.
¥ It can protect privacy.
Ð It separates the security of a message from the security of the media.
¥ It can provide for anonymity.
¥ It can authorize someone.
¥ It can facilitate trust.
¥ It can allow for digital credentials (authentication).
¥ It can validate the integrity of information.
¥ It can ensure the fairness of financial transactions.
¥ It can provide an audit trail for later dispute resolution.
¥ Cryptography stops lying and cheating.
![Page 4: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/4.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 4
None of it is new.
¥ Everybody used to have privacy: electronic communications such as telegraph and telephone have reduced it significantly.
¥ Physical recognitionÑface, voice, handwritingÑused to provide authentication.
¥ Cryptography allows us to take existing business and social constructs from the real world and move them to cyberspace.
¥ Cryptography makes levels of security and privacy that were only available to very few available to everybody.
¥ Cryptography is a technological equalizer.
![Page 5: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/5.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 5
All of it is increasingly important.
¥ More/faster computers and networks; more interconnectivity
Ð ÒTo a first approximation, every computer is attached to every other computer.Ó
¥ Remote access, autonomous agents, distributed processing
¥ Stored content of real value
¥ Communications of real value
¥ Commerce of real value
¥ Relationships forming and existing in cyberspace
![Page 6: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/6.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 6
Unfortunately, most of the security products out there are not secure.
¥ Almost no real products use cryptography.
¥ Those that do usually incorporate it in at the last minute
¥ And companies donÕt hire cryptographic engineers; they think they can do it themselves.
¥ The products are also inflexible, hard to use, and buggy.
Ð People disable security systems in order to get work done.
¥ Existing solutions donÕt scale.
¥ Products donÕt usually solve the correct problem.
Ð Sometimes they solve a slightly different problem.
Ð Sometimes they are based on incorrect trust assumptions.
¥ Products sometimes cause more security problems than they solve.
¥ Operating systems are much more complex and buggy; this undermines the security of anything built on top of it.
![Page 7: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/7.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 7
People buy the stuff because they donÕt know any better.
¥ No ÒFDAÓ for computer security products
¥ Poor education among corporate buyers
¥ Active disinformation campaign by government
Ð NSA has to deal with the Òequities issue,Ó whether to protect ours or to attack theirs.
![Page 8: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/8.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 8
This situation will get worse before it improves.
¥ The important stuff is handled electronically.
Ð Manual processing is for the unimportant stuff.
Ð More financial processing will move to cyberspace.
Ð More medical information will move to cyberspace.
Ð Judicial and law enforcement officials will depend more heavily on computer databases.
Ð Companies will depend more heavily on networks and databases.
¥ Newer technology is less secure, not more.
Ð Complex systems
Ð Poorly-understood effects of new technologies
Ð The rush to market
![Page 9: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/9.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 9
This situation will get worse (cont.)
¥ The best (cheapest, fastest, easiest) media is the most insecure.
Ð Internet, cellular, video on demand, automated stock trading
Ð Security adds complexity and decreases performanceÑsomewhat.
¥ Telecommunications services continue to diversify.
Ð More avenues of possible attack.
¥ More mobile solutions.
¥ Changes in cyberspace are coming faster and faster.
¥ Security goes against philosophy of the net.
¥ Security slows down progress.
![Page 10: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/10.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 10
THREATS IN THE DIGITAL WORLD
![Page 11: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/11.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 11
The unchanging nature of attacks
¥ Attacks against digital systems will be the same as attacks against their analog analogues.
¥ Criminals will attack commerce systems for financial gain.
¥ Privacy violations by marketers, criminals, police.
![Page 12: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/12.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 12
The changing nature of attacks
¥ Automation
Ð Marginal profitability of each success acceptable
Ð Marginal probability of success acceptable
Ð Ease of casual privacy violations
¥ Action at a distance
Ð Difficulty of tracing attacker
Ð Difficulty of prosecution
Ð Jurisdiction shopping
¥ Propagation of successful techniques
Ð Hacker newsgroups, bulletin boards, mailing lists
Ð Only the first needs skill; the rest can use software.
![Page 13: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/13.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 13
Adversaries
¥ Hackers: informal and institutional
¥ Insiders
¥ Lone criminals
¥ Commercial espionage
¥ Press
¥ Organized crime
¥ Terrorists
¥ National intelligence
![Page 14: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/14.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 14
Criminal attacks
¥ ÒHow can I acquire the maximum financial return by attacking the system?Ó
¥ Forgery, misrepresentation, replay, repudiation
¥ Generally opportunistic
¥ Minimum necessary resources
¥ Focuses on low-tech flaws
¥ Focuses on the weakest systems
¥ Medium risk tolerance: willing to risk job or jail time.
![Page 15: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/15.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 15
Electronic commerce
¥ Fraud has been attempted against all commerce systems:
¥ Weighted scales, shaved coinage, counterfeit currency, fake stock certificates,
¥ Check, credit card, and ATM fraud.
¥ Electronic commerce will be no different.
Ð Ease of automation
Ð Difficulty of isolating jurisdiction
Ð Speed of propagation
¥ Audit is essential.
Ð Preventing crime is a lot harder than detecting crime.
Ð Detecting crime is not enough, you have to prove it in court.
¥ Traditionally, fraud prevention has been reactive.
¥ We need to be proactive.
![Page 16: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/16.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 16
Identity Theft
¥ As more identity recognition goes electronic, identity theft becomes easier.
¥ As more systems require electronic identity recognition, identity theft becomes more profitable.
¥ We have lived for 30 years in the fiction that ÒmotherÕs maiden nameÓ is good enough.
¥ We will never get back to that point again.
¥ Secure electronic commerce should not rely on electronic identity alone or security.
![Page 17: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/17.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 17
Privacy violations
¥ Targeted attack
Ð Spying, stalking, industrial espionage
Ð Cryptography can only protect up to the point where non-cryptographic attacks become cheaper.
Ð End-to-end cryptography can protect absolutely against non-invasive attacks.
¥ Data harvesting
Ð Generating a database of qualified Òprospects.Ó
Ð Even moderate levels of cryptography, if ubiquitous, make the collection problem intractable.
Ð Cryptography can protect absolutely.
![Page 18: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/18.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 18
Publicity attacks
¥ ÒHow can I get the most publicity by attacking the system?Ó
¥ Attacker typically skilled, has access to significant resources and large amounts of time, but has few financial resources.
¥ Low risk tolerance: attacker willing to risk publicity, but probably not jail time.
![Page 19: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/19.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 19
Electronic vandalism
¥ Form of publicity attack
¥ Example: defacing web pages
¥ No profit motive
¥ Directed against ÒdeservingÓ targets: political, corporate, etc.
![Page 20: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/20.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 20
Denial of service
¥ Example: flooding e-mail servers
¥ Almost impossible to protect against
¥ Cyberspace is designed for communication
¥ Only workable solution is to detect attacker and prosecute
![Page 21: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/21.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 21
Legal attacks
¥ ÒHow can I discredit the system to prove my clientÕs innocence?Ó
¥ Attacker does not need to discover flaws; he just has to discredit the system in the eyes of a judge and jury.
¥ Attacker can use the discovery process to demand details of target system.
¥ Attacker has all the resources of the publicity attack, plus significant financial support.
¥ Can be a well funded attack.
![Page 22: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/22.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 22
Information warfare
¥ Terrorism
¥ Covert operations
¥ Against individuals, companies, countries
¥ Against particular systems or parts of infrastructure
¥ Attack could originate from foreign soil
Ð Jurisdiction problem.
¥ High risk tolerance: willing to risk life and limb
¥ Possibly very well funded
![Page 23: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/23.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 23
Attackers have it easier
¥ Attackers cheat.
¥ And the odds are in their favor.
Ð An attacker needs to find one successful attack.
Ð A defender needs to protectt against every possible attack.
¥ They can use techniques defenders never considered.
¥ They donÕt have to follow the defenderÕs threat model.
![Page 24: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/24.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 24
WHAT CRYPTOGRAPHY CAN AND CANÕT DO
![Page 25: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/25.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 25
Basic Tools of Cryptography
¥ Symmetric encryption
Ð Provides secrecy among parties who share a common key.
¥ Message authentication codes
Ð Provides integrity checking and authentication
¥ Public-key encryption
Ð RSA allows someone to receive secret messages from people he hasnÕt met yet.
Ð Diffie-Hellman key exchange establishes a secret over an insecure channel.
¥ Digital signature schemes
Ð Establishes integrity, authenticity, and non-repudiation.
¥ Secure hash functions
Ð Used to reduce a message to a fixed size for signature.
![Page 26: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/26.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 26
Security problems solved by cryptography
¥ Privacy of stored data, messages, and conversations
¥ Secure electronic commerce
¥ Transaction non-repudiation
¥ User and data authentication
¥ E-mail security (encryption and authentication)
¥ Secure software updates
¥ Multi-party control
¥ Secure audit logs
![Page 27: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/27.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27
Why cryptography canÕt really solve any of them
¥ The realities of the system often prevent cryptography from being applied where it is required.
¥ Implementation much harder than stringing these tools together.
¥ Mistakes are often added elsewhere in the process.
¥ ThereÕs lots of good cryptography out there; the problem is figuring out how to use it properly.
¥ Given any set of security criteria, it is possible to design a system that meets the criteria and is still insecure.
¥ ÒBuzzword compliantÓ is not enough.
![Page 28: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/28.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 28
Non-cryptographic parts of the solution
¥ Trust management
Ð Trust is a complex social phenomenon, and cannot be solved with a single Òcertificate.Ó
Ð There is no global name space in the world.
Ð There is no single level of assurance in the world.
Ð Certificates are useless without some sort of liability.
¥ Access control
Ð Authentication is not the same thing as authorization.
Ð Authentication is automatic; authorization requires thought.
![Page 29: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/29.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 29
Non cryptographic parts of the solution (cont.)
¥ Human-computer transferance
Ð Computer security works in the digital realm; transferring things from people to the digital world is very difficult.
Ð There is no assurance that what you see is what you get.
Ð There is no assurance that what you get actually works.
¥ Human-computer interactions
Ð Security works better when it is visible to user.
Ð On the other hand, user doesnÕt want to see security.
Ð People find security intrusive.
Ð People work around security measures.
Ð People canÕt make intelligent security decisions.
¥ Passwords
Ð People canÕt choose, remember, or keep good secrets.
![Page 30: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/30.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 30
Non cryptographic parts of the solution (cont.)
¥ Secure perimeters
Ð Tokens: smart cards, access tokens, electronic wallets, dongles, hardware meters.
Ð Tamperproof hardware is impossible.
Ð Tamper resistant hardware is mostly impossible.
Ð Tamper-evident hardware might work, sometimes.
Ð Many systems rely on this anyway
Ð Any system where the device and the secrets within the device are under the control of different people has a fundamental security flaw.
![Page 31: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/31.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 31
Non cryptographic parts of the solution (cont.)
¥ Key-escrow/key-recovery/GAK
Ð It is easy to implement key backup, because it is in the interest of the user.
Ð It is very difficult to implement GAK (Government Access to Key), because it is contrary to the interests of the user and must survive a hostile user.
¥ Relationships
Ð Systems can leverage relationships between the parties.
Ð An ongoing relationship reduces the incentive to attack the system, and increases the liklihood of detection.
Ð Reputation can be important
Ð Anonymous systems are much riskier.
¥ Protocols that rely on the Òethics of strangersÓ
![Page 32: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/32.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 32
The problem of testing security
¥ Flaws can be, and are, everywhere.
Ð Areas of vulnerability include threat model, system design, implementation, user interface.
Ð Two secure subsystems can interact to create new flaws.
¥ These flaws are common, and invisible
Ð Security is orthogonal to functionality.
Ð There is no such thing as a comprehensive security checklist.
Ð Often the only feedback available to developers is the discovery ( sometimes via the media) that they failed.
Ð No amount of beta testing can ever uncover a security flaw.
![Page 33: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/33.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 33
The problem of testing security (cont)
¥ Experienced security testing can discover flaws.
Ð Testing for any given weakness is easy.
Ð Testing for all known weaknesses is very hard.
Ð Testing for all possible weaknesses is impossible.
¥ Workable solutions
Ð Hire experiences cryptosystem and security designers.
Ð Test the system against a comprehensive attack list.
¥ Cryptography doesnÕt have to be perfect, but the risks have to be manageable.
Ð ÒA secure computer is one that has been insured.Ó
![Page 34: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/34.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 34
Needs for Privacy
¥ Most businesses (and governments) donÕt need long-term security
¥ Mailing lists, business plans, negotiations, product research
¥ Commerce privacy needs are moderate.
¥ Financial information might need to be secure for a decade.
¥ Exceptions are embarrassments: personal, political, or business.
![Page 35: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/35.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 35
Needs for Authentication
¥ Authenticating sessions versus authenticating transactions
¥ Strength depends on application and transaction value
¥ Need for audit trail depends on application
¥ Audit trail must not only determine who committed fraud; it must be able to convince a jury that the person committed fraud, while at the same time not compromising the future security of the system.
![Page 36: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/36.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 36
EVALUATING CRYPTOGRAPHIC PRODUCTS
![Page 37: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/37.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 37
Security requirements
¥ Security requirements depend both on the value of what is being protected and the anticipated attacks.
¥ Most businesses donÕt need long-term security.
¥ Authentication needs depend heavily on the application.
¥ Electronic commerce needs depend on the value of the transaction: moderate privacy, moderate to strong authentication, good audit.
¥ Questions to ask
Ð How valuable is the data or service being protected?
Ð To whom it is valuable to?
Ð Who does the system require me to trust?
Ð What is the skill/time/resources necessary to attack the system?
Ð What would the cost of compromise be, including loss of time and manpower, loss of reputation, costs to fix already-fielded systems?
![Page 38: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/38.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 38
Soundness of the cryptography
¥ Algorithms
Ð Key length
Ð Look for published algorithms that are generally considered to be secure: DES, IDEA, RC4, RC5, Blowfish, MD5, SHA, RSA, ElGamal, DSS.
Ð If the algorithms are ÒProprietary,Ó they are probably lousy.
¥ Protocols
Ð Look for published protocols that are generally considered to be secure: ESP, AH, SKIP, Photuris, SSH, S/WAN, SSL, PGP, S/MIME, SET, etc.
Ð Avoid in-house proprietary designs that are unpublished.
![Page 39: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/39.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 39
Soundness of the cryptography (cont.)
¥ Specifications
Ð Look for detailed specifications of the system. Any good security system can be published without adversely affecting security.
¥ Look for an attack analysis.
Ð What is the cheapest attack?
Ð What is the Òlow-skillÓ attack?
Ð What attacks are outside the scope of the system?
Ð What security assumptions is the system based on?
Ð What happens if any of those assumptions are wrong?
Ð What sorts of upgrade or disaster recovery plan does the system have?
¥ Look for security analyses by reputable cryptographers. Ask the manufacturer to provide copies of them. Be wary if there arenÕt any.
![Page 40: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/40.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 40
Compliance to standards
¥ Standards not only improve a productÕs security, but increase its potential interoperability.
¥ Commonality of public-key infrastructure allows certificate infrastructure to be used for a variety of applications.
Ð X.509 is the current standard
Ð But there is lot of room for improvement.
Ð Watch SDSI/SPKI.
¥ E-mail encryption standard allows different mail programs to communicate securely with each other.
Ð PGP vs S/MIME
![Page 41: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/41.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 41
Compliance to standards (cont.)
¥ IP security
Ð The IETF is standardizing on a suite of protocols: ESP and AH.
¥ Transport layer security
Ð The IETF is working on TLS, based on SSL 3.0.
¥ Tokens
Ð This is currently a mess.
Ð Cryptoki has problems.
Ð Many proprietary products that donÕt work with most applications.
¥ APIs
Ð There are many; no one is clearly better.
Ð It is probably impossible to make any one API suitable to everyone.
![Page 42: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/42.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 42
Legal restrictions
¥ Many countries have restrictions on cryptography: import, export, and use.
Ð The U.S. government does not restrict the use of encryption, but has strong restrictions on its export.
Ð There are three basic exportable types of encryption: home-grown, badly flawed cryptography, 40-bit cryptography, and escrowed cryptography.
Ð The State Department is allowing the export of 56-bit DES if the exporter agrees to implement key escrow in short order.
Ð More companies are implementing key escrow in order to gain export approval for their products. In many circumstances, these are suitable for corporate use.
![Page 43: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/43.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 43
Legal restrictions (cont.)
¥ U.S. regulations (cont.)
Ð The U.S. has no restrictions on access-control or authentication systems; they only restrict products that use cryptography to provide privacy.
Ð Additional allowances are made for financial institutions.
Ð This is all in major flux right now.
¥ Patent issues
Ð Public-key cryptography
Ð Algorithm patents
Ð Other patents
![Page 44: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/44.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 44
Ease of use
¥ Security vs. Functionality
Ð Security often favors moving cryptography close to the application to maximize control.
Ð Functionality often favors moving cryptography away from the application to maximize transparency.
![Page 45: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/45.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 45
Product availability
¥ The current products on the market are very immature
Ð Inflexible, unforgiving, and hard to use
Ð Buggy
Ð Limited technical support
Ð Poor integration with existing systems
¥ Hardware and software manufacturers seem to think it is possible to design a product and then build security in as an afterthought.
¥ Many buyers are forced to develop custom software.
¥ This can only get better.
Ð The Internet enforces standards
Ð Cryptography is migrating into end-user applications
¥ Beware government attempts to limit the availability of strong cryptography.
![Page 46: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/46.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 46
DEVELOPMENTS TO WATCH
![Page 47: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/47.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 47
Developments to watch
¥ Technologies
Ð Tamper-resistant hardware
¥ Chips
¥ Tokens
¥ Electronic wallets
Ð Biometrics
¥ Fingerprints
¥ Keyboard latency
¥ Etc.
![Page 48: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/48.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 48
Developments to watch (cont.)
¥ Trust management
Ð Transfer of trust
Ð Certificate issuance
Ð Certificate storage and retrieval
Ð Cross use of certificates
Ð Certificate revocation
¥ Internet standards
Ð TCP/IP, WWW, e-mail, telnet, rlogin, etc.
Ð Will it allow the richness of human interaction: anonymity, aliases, trust, reputations?
![Page 49: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/49.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 49
Developments to watch (cont.)
¥ Human/computer interface
Ð User friendly key-management
Ð ÒInvisibleÓ security
¥ Legal infrastructures to support cryptography
Ð Digital signature acts
¥ Existing attempts often misguided
Ð Vehicles for electronic commerce
Ð Criminal statutes to prosecute digital criminals
¥ Laws are better when they are technologically invariant.
Ð Solutions to the jurisdiction problem
¥ Government cryptography restrictions
Ð Export/import/use control
Ð Government access to key (GAK) requirements
![Page 50: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/50.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 50
Developments to watch (cont.)
¥ Advances in cryptography
Ð New algorithms
¥ NISTÕs Advanced Encryption Standard (AES)
¥ Elliptic Curve Cryptography
¥ Quantum cryptography
Ð New attacks
¥ More computers, faster computers, more efficient computation, fundamental advances in cryptanalysis
¥ Quantum cryptanalysis
Ð New infrastructures
¥ Certificate management: issuance, retrieval, storage, revocation
¥ Will they propagate the same mistakes?
![Page 51: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/51.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 51
Conclusions
¥ ÒThe problem with bad cryptography is that it looks just like good cryptography.Ó
¥ Successful attacks are often kept secret.
Ð Unless attackers publicize
¥ We need to be proactive.
Ð Understand the real threats to a system
Ð Design systems with strong cryptography
Ð Build cryptography into systems at the beginning
Ð Build systems that scale
¥ Perfect solutions are not required, but systems that can be broken completely are unacceptable.
![Page 52: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/52.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 52
Conclusions (cont.)
¥ It is prudent to prepare the worst.
Ð Systems fielded today could be in place 20 years from now.
Ð Things will get worse before it gets better.
Ð Things will get better.
¥ The social problems are much harder than the mathematics.
¥ ÒIf you think cryptography can solve your problem, then you donÕt understand your problem and you donÕt understand cryptography.Ó
![Page 53: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/53.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 53
FURTHER READING
¥ Cryptography
Ð B. Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, 1996.
Ð A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997.
Ð D. Stinson, Cryptography: Theory and Practice, CRC Press, 1995.
![Page 54: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/54.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 54
FURTHER READING (cont.)
¥ Network Security
Ð S. Garfinkel and G. Spafford, Practical UNIX and Internet Security, OÕReilly and Associates, 1996.
Ð C. Kaufman, R. Perlman, and M. Speciner, Network Security, Prentice-Hall, 1995.
Ð W. Stallings, Network and Internetwork Security, Prentice-Hall, 1995.
Ð W. Cheswick and S. Bellowin, Firewalls and Internet Security, Addison-Wesley, 1994.
![Page 55: (612) 823-1098 Bruce Schneier · Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 27 Why cryptography canÕt really solve any of them ¥ The realities](https://reader033.vdocuments.site/reader033/viewer/2022042222/5ec848159dabfa79a0030c5c/html5/thumbnails/55.jpg)
Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 55
FURTHER READING (cont.)
Ð B. Schneier, E-Mail Security, John Wiley & Sons, 1995.
Ð S. Garfinkel, PGP: Pretty Good Privacy, OÕReilly and Associates, 1995.
¥ Electronic Commerce
Ð P. Wayner, Digital Cash, AP Professional, 1995.
¥ Privacy
Ð E. Alderman and C. Kennedy, The Right to Privacy, Aldred A. Knoph, 1995.
Ð A. Cavourian and D. Tapscott, Who Knows, Random House of Canada, 1995.