Schneier on Security
A blog covering security and security technology.
« Fighting Misuse of the Patriot Act |
| Data Mining for Terrorists »
March 8, 2006
The Analog Hole
Nice essay on the human dimension of the problem of securing information. "Analog hole" is a good name for it.
Along the same lines, here's a story about the security risks of talking loudly:
About four seats away is a gentleman (on this occasion pronounced 'fool') with a BlackBerry mobile device and a very loud voice. He is obviously intent on selling a customer something and is briefing his team. It seems he is the leader as he defines the strategy and assigns each of his unseen team with specific tasks and roles.
Customer products, names, preferences, relationships and monies are being broadcast to everyone within earshot. The strategy for the conference call is discussed, and the specific customer now identified by name and company, and openly described as a BlackBerry nut!
Posted on March 8, 2006 at 12:48 PM
• 24 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Reminds me of those audible safety warnings: mind the gap...beware the hole.
The last line really sums up the underlying problem:
"In the end, though, your supersecret deal sheet is something that you probably shouldn’t be reading on a plane, or discussing on your cell phone."
In the real world, I don't think most people think about the security implications of their actions. Though, when it comes to the real world, I think we all do things that we know are a bad idea, but are out of our hands.
For example, I administer a handful of machines for a bank. They're secure from the bank's perspective because access is limited to those people who have justification to access them. My interface to those machines is my laptop, which is administered by another company. The security of the data on my systems is the lowest common denominator of the security on my systems and the security of our desktop machines.
"To defeat the airplane shoulder surfer, for example, you could use a privacy filter to minimize your screen’s effective viewing angle."
Maybe shoulder surfing defense is the application that will finally bring PC video goggles to the mass market. I've been waiting to get my mitts on a pair of these for a looong time. Think stereo...
But there are some examples of good practice. For example, when you check into a large hotel they normally write down your room number on the cardboard slip that comes with the card-key.
I'm sorry, but the use of 'analog hole' is inaccurate in that article. (see http://en.wikipedia.org/wiki/Analog_hole) The analog hole refers to the capability of converting an analog signal, which was originally digital, back to digital despite a one-time hit in signal quality. The important bit here is that the signal is back in digital form and it can be mass-transmitted with no further quality loss. The analog hole does *not* refer to the fact that the analog transmission channel cannot isolate the intended recipient from the unintended/unauthorized. The recording execs would love that problem solved as well (e.g. speakers that can be heard only by your ears, etc.). Right now they just ban public playbacks, etc.
"But there are some examples of good practice. For example, when you check into a large hotel they normally write down your room number on the cardboard slip that comes with the card-key."
Of course, if people don't know WHY they are doing these processes, it doesn't help. A couple weeks ago I checked into a hotel, the guy wrote the number down on the cardboard, then said it out loud. Good job.
@ Koray Can
It is IMHO excatly the analog hole. Encryption or DRM don't work well when the e-book or security doc is printed off and left on the bus! So at the moment lots are talking about DRM for music, but that is not the limits of this issue.
Bottom line is that someone needs to read/use the information that is in some sence secured. They are by requiments a Trusted party. In real life, people will let you down sometimes, so you better have a plan for lost documents, stolen laptops and loud mouths at the pub. Lets not forget faxes to the wrong number or documents sent to the wrong printer (yea, you keep secrets from other staff members).
As for music and the analog hole. A good sound box with a mic and speaker will give more than ample sound quality with the compression currenlty used, and the poor earphones/soundcards etc. Because for DRM the person that is allowed to read/view/hear the content is not a trusted party and so DRM must fail.
Agreed. When I first read "Analog Hole" here, I assumed it was to do with breaking DRM through analog interfaces, which is truly a "hole" in DRM Security.
For the kind of scenario as talking loudly over the phone, I would use the term "Human Factors", particularly where the behaviour of a person reduces the end-to-end security of a system. There are usually multiple human factors involved in such cases - in this situation, the phone user had low awareness, probably no security training, and should have used a more secure transport.
Admittedly, the "human factors" is borrowed from the aviation world where it is becoming a frequently used term.
The point that information can leak in "analog" modes quite apart from digital ones is of course well known, and has been understood for millennia, even before digital modes existed. But the common point about the examples given by Udell is that they all concern activities that would once have been performed in a private office in order to maintain confidentiality.
Nowdays, nearly every office (except the very old ones!) is open plan, totally eliminating any possibility of confidentiality. (Not to mention also lowering productivity, raising energy costs and increasing fire hazards and burglary losses, and all for saving about a thousand bucks in carpentry expenses per employee.)
Even in the case of public telephones, they were once provided with hoods or cabinet doors to prevent casual eavesdropping and block out traffic noise; now they rarely do, making them difficult to use as well as eliminating privacy. But that doesn't matter, because rich people (or these days, anybody with a job at all) use cellphones -- but just try getting some privacy with a cellphone. Nevermind idiots discussing corporate strategies in a departure lounge, how often do you see a colleague at work getting a confidential call, and frantically run around looking for a private place to talk? Around here, if all the "meeting rooms" happen to be taken, they often end up heading out the same door as the smokers, because the last place you would want to conduct confidential business is *inside* the *office*!!!
Even in the rare instance that someone had some research to do whilst travelling, on a train you could expect to be in a compartment with only two or three other persons, and a solid wall at your back. Today, even the trains are open plan, not just the planes.
It is no wonder people today are so obsessed about privacy; so much has already been stolen.
I think you're quibbling over semantics here. True, Udell is using the term in a broader (but closely related) meaning compared to the conventional usage. So what?
I don't think I am. Udell must have just discovered that shared access media could be sniffed (analog or digital). That doesn't give him the right to abuse well established terminology. I brought it up becase Bruce thought it was a nice name, too.
Maybe shortening the name for the risk to A-Hole would help get the point across?
>Of course, if people don't know WHY they are doing
> these processes, it doesn't help. A couple weeks ago
> I checked into a hotel, the guy wrote the number
> down on the cardboard, then said it out loud. Good
Regardless of what the people training them to write down the room numbers had in mind, I think they simply write the numbers down so you don't forget them. Makes sense if you're still a bit disoriented from travelling or have other stuff to worry about.
This is also the reason why they often write down the gate number on you boarding pass. After spending an hour browsing books you might forget where you should be in five minutes...
"That doesn't give him the right to abuse well established terminology."
No, it is the devil-may-care English language which gives him that right. Or, as Humpty Dumpty put it:
"When I use a word, it means just what I choose it to mean, neither more nor less."
I read "Analog Hole" as a pun. Think of "pie hole". My "analog hole" has a bunch of teeth in it and generates analog signals.
you're gonna blab on your cellphone, at least identify your company and give me enough information to long or short it confidently, otherwise stfu.
If I were charged with writing the headline, I'd probably go with "analog leakage".
I'm not Bruce's headline writer, which is probably a good thing.
This type of thing is not new and MIL types have been warned since the begining of the last century that "Lose Talk Costs Lives", and most of them understand this.
I guess the real problem is peoples (employees) state of mind when working these days.
Once upon a time people had loyalty to their "life long" employer, had an interest over and above their pay packet and excersised due caution most of the time. In return the employer valued the employee and looked after them.
However in the mid 80's with Thatcherisum in the UK (and else where)
a head long rush started to "be on the ball", "break the target" "go for the burn" etc. etc.
In the process companies lost respect for their employees and not unexpectadly the reverse started to happen.
Now a lot of employees feel continuously under threat of job loss, and with the employers set them silly dead lines etc, there is no time for them to think, let alone ask the question "Who's listening / looking".
Employers have to realise that security is not only expensive it takes time and requires an appropriate mind set. Also that the ROI on security (like insurance) is a mater of faith untill it's to late...
This is a very important, very old, problem.
Years back, while riding the subway one day, somebody dropped into the seat next to me, and pulled out a memo to read. The memo was from our competitor to a major client, indicating the precise areas where this competitor could offer better service, in the interests of taking over a major chunk of our business.
Crowded subway seats are no place to read stuff that should be confidential. It was a matter of seconds to note and memorize key details and contacts, and place a few phone calls the next morning inside my own company.
@Koray Can: "That doesn't give him the right to abuse well established terminology."
i'll tell my father-in-law to dispose of his monogrammed shirts since DVD is also a well established term.
Great article - fine example of how people just can't shut the hell up.
It seems to me that the Analog Hole is often an issue of situational awareness on the part of the user. As security people, we are all aware of how frustrating the human factor can be when implementing a reasonable security system. I think we're all still struggling with this problem.
Another aspect to consider is risk management. Again, as security people, we tend to be very sensitive to leaks of sensitive information, but will non-security people make the same observations? Judging from the way my wife rolls her eyes at me when I start looking for security cameras when I enter a new building, I suspect the majority of people are not as sensitive to these issues. Working under the assumption that most people won't be looking for sensitive information in a public space, what is the level of risk associated with the Analog Hole? (I know that hoping people don't notice something is security through obscurity, but as long as it is not the only layer of security utilized it still has some value.)
Ultimately it's up to the data owner to accept the risk of his or her actions. Maybe it's worth potentially exposing confidential information if it will greatly increase the probability of making a big sale. Only the data owner knows for sure.
I'm probably giving too much credit to the average user, but my point is that in some instances the potential benefit of using sensitive information in public might outweigh the risk of its compromise.
On any given airplane or train, the likelyhood might be slim, but there might have been employees of his customer on board and able to hear. Then where would Mr. A-hole be?
"I just thought I could get the work done quicker if I took that customer database home on my laptop. How was I to know it would get stolen from the back seat of my car while I shopped at the stuff-mart?"
"I just discussed the customer sales angle on the train on the way to a meeting with another customer. How was I to know someone else would hear me?"
Security is about people, processes, and technology. Unfortunately for the security folks, people without good security habits require access to sensitive data to do their jobs. If those people aren't properly trained in and repeatedly reminded about good security habits, this scenario will be repeated over and over simply for the sake of "convenience".
I think that airplanes and other transit situations are mistakenly considered low-risk venues for disclosure, because supposedly no one in the lounge or the cabin or the train car knows who you are. In fact, of course, such venues tend to concentrate the kinds of people who would be interested in one another's confidential information.
The hotel-key thing is something of a tradeoff -- although the separate piece of paper works well for the initial approach to the room, it generally gets discarded at that point. Secure, yes, but how many of us have stepped in a hotel elevator at the end of a long day and evening, only to realize that the room number is long gone from short-term memory?
It's ok as long as your father-in-law doesn't post articles on "infoworld".com, specifically referring to "Digital Video Disc"s. Udell referred specifically to the RIAA's own term, and misused it.
@Bill P. Godfrey
"analog leakage" doesn't work either when you think about it. i propose we take the obscure synonym for "gap", which is "lacuna" and combine it with "analog" to get........
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.