Me at TED

Okay, it's not TED. It's one of the independent regional TED events: TEDxPSU. My talk was "Reconceptualizing Security," a condensation of the hour-long talk into 18 minutes.

Posted on October 29, 2010 at 2:31 PM • 14 Comments

Comments

dried_squidOctober 29, 2010 3:37 PM

What I'm taking away from the 18 minutes is -
{ feelings, real world }
add
{ feelings, model, real world }.
To make myself feel better, I should keep a watchful eye on the currency of the model, and the veracity of my real world.

In short, things change, so keep on trucking.

I'm a boob in everyday life, but I enjoyed the development of the talk. I also keep thinking about how the Internet has made security, privacy, and user-friendly such dynamic partners.

PS. I have no relation to any living cephalopods.

Sasha van den HeetkampOctober 29, 2010 6:16 PM

One model, is to drop the contemporary and abstract model of security all together and replace it with a model of elasticity and fluidity similar in physics, to describe the limitations of matter. Because if security can be broken, it clearly cannot exist as an absolute at all, in a law nor model. And thus the very existence of something called a trade-off, seems to be absurd.

In that sense, security seems to fit the realm of metaphysics and folklore, meaning: I can predict it's not going to rain, or perform a rain dance to appease the rain god, however I cannot be certain it doesn't start to rain, let alone pour. I can be correct to a great degree, but circumstances might prove me wrong. Trade-off in that sense, means taking chances. But if one is willing to take chances, why not take chances without those rituals? It's about control and fear. Our minds are inadequate to deal with all variables, moreover, the more more variables you process the more angst, there are millions and millions of bodily cells and one of them could go haywire any moment. if you could calculate all variables that could induce alls sorts of diseases at any moment in time, or even sudden death for your own body, you probably would die of fear instead. So where is that trade-off in this subject? being (willfully) ignorant? Not much of a trade-off I guess.

Security is simply the conceptualized utopia of a model in mind, and not in reality. We can prove a computer system is "insecure", but we can also prove that osmium will melt or even evaporate at a certain (usually fixed but very high) degree, while our mental image of osmium is that of one of the hardest metals.

To give up the model of security is to give up the model of Santa, ghouls, fairies, leprechauns and other mythology. It's strikingly similar to the faith meme: only for those who feel insecure there is a God of security to comfort them in their (mostly unheard) prayers that amount to nothing but a false sense of an incomplete model.

Simply put: security deals with curing and preventing symptoms to an otherwise incomplete or flawed model. But hey, it's the best we can do.

SpaceHoboOctober 30, 2010 2:25 AM

I don't think it detracts from your overall point that the psychological benefits of the mother/baby RFID system are high and the practical security benefits are rare/unproven/possibly nil, but I am not certain that the true goal of that system is to prevent kidnapping.

I don't have any data handy, but all the midwives I've spoken with in the UK have said that the hardest part of their job in large hospitals was keeping the babies straight. Even dramatic differences in things like skin tone are negligible soon after birth, in many cases, and ultimately one baby looks like another. Couple this with a practice for large crèches (now on the wane) for newborns, where nurses care for many children while the mother sleeps, and you have a situation tailor-made for baby mix-ups.

I am led to understand that this problem is nowhere near as bad now, as we no longer as a society believe that the best thing to do is take a newborn baby from its mother immediately after birth.

ThomasOctober 30, 2010 5:27 AM

@SpaceHobo
"... and you have a situation tailor-made for baby mix-ups."

A normal plastic bracelet will suffice to counter that threat, you don't need an RFID one.

My concern is that the actual security measures (in this case, decent conditions for staff so they're not likely to switch babies (maliciously or accidentally)) are expensive, while RFID tags are cheap.

Come next budget crunch guess which where the 'savings' will come from.

You might end up with people feeling safer than they are, rather than the other way around.

Clive RobinsonOctober 30, 2010 6:14 AM

@ Sasha van der Heetkamp,

"Because if security can be broken, it clearly cannot exist as an absolute at all, in a law nor model. "

That is an incorrect assumption for a couple of reasons that can be shown with two pots of paint and a bucket in the physical world or a One Time Pad in the information world.

If you take one pot of paint that is a shade of blue and one that is a shade of red and mix them thoroughly in a bucket you will realise that it is not possible to reverse the process and find the exact shades of blue and red you started with as any two shades with the same difference are equiprobable. You need to know one original shade to find the other original shade.

Likewise with the One Time Pad you have a plain text and a key text of the same or longer length as the plain text and you apply a mixing process of some kind (usually for simplicity the XOR but any reversable process such as add and subtract in a field will do). The result is you end up with a cipher text of the same length as the key text.

It is easy to see that any and all messages that have the same length or shorter than the cipher text are equiprobable. To get either the original plain text or original key text from the cipher text you must know the other original.

Thus if you destroy the only copies of the original plain & key texts, neither text is recoverable from the cipher text. From that point onwards the ciphertext is by the definition of secure used, secure.

However this does not preclude "end run" attacks in a real system such as simply duplicating either original text unknown to the person who makes the cipher text. Or simply constructing a plausable plain text at whim and using it to make a fake key text from the cipher text which you then present as the original key text for nefarious reasons.

The "end run" attack is why there are certain rules about the making and use of One Time Pad systems. And the "construction on a whim" substitution attack is why all stream ciphers (of which the OTP is one) must contain a reliable Message Authentication Code the doing of which is a very hard problem.

Thus I'll assume that the definition of secure you are thinking of pertains more to the "non specific", generalised human view of the physical world rather than the "specific" meaning cryptographers ascribe to their work in the information world.

SteveOctober 31, 2010 8:07 PM

Dr Schneier sounds different than I expected. I guess I expected the Voice of God. Of course, in a rational universe, maybe this is how God would sound.

RHNovember 1, 2010 5:25 PM

@Sasha:
Similar to my argument regarding Science as Religion. I believe science is a religion, and it fits all of the requirements (as I define them). The difference between science and other religions is that Science currently has the best track record with its predictions (by a good margin).

Likewise, you are correct. There is no way to prove that an Oracle does not exist which always coughs up the correct plaintext. However, security's track record shows it is highly unlikely that such an Oracle would exist.

SteveNovember 1, 2010 7:57 PM

@RH "I believe science is a religion, and it fits all of the requirements (as I define them)."

I believe you are a pumpkin, as you fit all the requirements (as I define them).

As long as one gets to define the terms to one's own liking, one can prove anything. Which comes very close to defining religion, now that I think of it.

mashiaraNovember 2, 2010 6:55 AM

I can't think of a religion that is willing, ever eager to change their fundamental "truths" (as long as the experiment is sound and reproducible), in fact I would go on to say that one of *the* defining factors for a religion is belief in something that cannot be tested or continued belief in face of evidence.

Reminds me of a quote but I can't remember the attribution and for some reason Google is not helping me: "I don't like facts, they get in the way of truth"

Clive RobinsonNovember 2, 2010 8:37 AM

@ Mashiara,

It think you will find the phrase is,

"Never let facts get in the way of the truth"

And it goes back before Darwin as far as I can tell.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..