AO 8/03 - PowerPoint PPT Presentation

About This Presentation
Title:

AO 8/03

Description:

Providing security with insecure systems Andrew Odlyzko School of Mathematics and Digital Technology Center University of Minnesota http://www.dtc.umn.edu/~odlyzko – PowerPoint PPT presentation

Number of Views:89
Avg rating:3.0/5.0
Slides: 30
Provided by: University484
Category:
Tags: 1980s

less

Transcript and Presenter's Notes

Title: AO 8/03


1

Providing security with insecure systems
Andrew Odlyzko School of Mathematics and Digital
Technology Center University of
Minnesota http//www.dtc.umn.edu/odlyzko
1 AO 8/03
University of Minnesota
2
Motivation and Outline
  • Basic question What is the role of cryptography
    and security in society?
  • Why havent cryptography and security lived up to
    their promise?
  • Is the future going to be any better?
  • Main points
  • Strong economic, social, and psychological
    reasons for insecurity
  • Chewing gum and baling wire will continue to rule
  • Not absolute security but speed bumps
  • New design philosophy and new research directions

3
Half a century of evidence
  • People cannot build secure systems
  • People cannot live with secure systems

4
Honor System Virus
  • This virus works on the honor system.
  • Please forward this message to everyone you
    know and then delete all the ?les on your hard
    disk.
  • Thank you for your cooperation.

5
Major problem with secure systems
  • secretaries could not forge their bosses
    signatures

6
Proposed solution
  • Build messy, not clean
  • (Lessons from past and now)
  • (Related to defense in depth, resilience. )

7
The dog that did not bark
  • Cyberspace is horribly insecure
  • But no big disasters!!!

8
The Big Question
  • Why have we done so well in spite of insecurity?
  • Will this continue?
  • What can we learn?

9
Key point
  • security is not the goal, just an enabler

10
Civilian Cryptography of last 30 years
  • huge intellectual achievements, based on (and
    providing stimulus for) mathematics
  • integer factorization
  • lattice basis reduction
  • probability
  • elliptic and hyperelliptic curves
  • algebra
  • limited by human nature

11
Security pyramid
users
systems
protocols
algorithms
12
Human vulnerabilities
  • Nigerian 419 scam
  • social engineering
  • ...

13
More general puzzle Prosperity and appalling
innumeracy
  • confusing millions with billions
  • most spreadsheets flawed
  • peer-reviewed papers with incorrect statistical
    reasoning

14
Do not expect improvement teaching people about
security wont help
  • growth in ranks of users of high tech
  • proliferation of systems and devices
  • Improvements in usability of individual systems
    and devices to be counteracted by growth in
    general complexity

15
1980s the Golden Age of civilian cryptography
and security

16
1980s the Golden Age of civilian cryptography
and security
  • But also
  • the Golden Age of fax, including fax
    signatures

17
1980s the Golden Age of civilian cryptography
and security
  • But also
  • the Golden Age of fax, including fax
    signatures
  • Now deposits of scanned, emailed checks!

18
Why does a fax signature work?
  • Hard to do serious damage with a single forged
    fax
  • Fax usually just one of many elements of an
    interaction (involving heterogeneous elements,
    such as phone calls, emails, personal meetings,
    ...)
  • The role of a fax signature has to be viewed
    in the context of the entire transaction. (And
    it is not used for definitive versions of large
    contracts, ...)

19
Search for definition of a digital signature
hampered by lack of definition of ordinary
signature
  • validity of ordinary signature depends on a
    variety of factors (such as age of signer,
    whether she was sober, whether she had a gun
    pointed at her head, whether the contract is
    allowed by law, ...)

20
Human space vs. cyberspace in technologists
view
  • separate
  • cyberspace a new world
  • cyberspace to compensate for defects of human
    space

21
Cold dose of reality
  • human space and cyberspace intertwined
  • human space compensates for defects of cyberspace

22
The role of cyberspace is increasing, and attacks
and other action in cyberspace are faster and
more far-reaching than in physical
  • Partial Solutions Speed bumps
  • Example e-voting
  • Untrustworthy electronic systems compensated by
    printed record of vote

23
Quantifiable benefits of (incomplete) security
24
Advantages of messy April 20, 2010 story about
Apple
  • Apple claim jailbreaking iPhone OS major source
    of instabilities, disruption of service
  • Does Apple want clean, modular OS?
  • (incentives, incentives, )

25
If you can barely keep your system running
  • how useful will it be to your opponent?

26
Contrarian lessons for the future
  • learn from spammers, phishers, ?
  • build messy and not clean
  • create web of ties to other systems
  • permanent records

27
Speed of light vs. effective speed of change
  • "Internet time" a key misleading myth of the
    bubble
  • diffusion of information (even security holes)
    not instantaneous
  • "hiding in plain sight"

28
Contrarian lessons for the future(contd, in
detail)
  • security through obscurity
  • code obfuscation, spaghetti code, ?
  • least expressive languages
  • rely on bad guys human failings
  • law and lawyers

29
Further data, discussions, and speculations in
papers and presentation decks at http//www.dtc.
umn.edu/odlyzko
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "AO 8/03" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!