Schneier on Security

Clive Robinson • September 18, 2017 3:01 PM

@ ALL,

A simple question for everyone,

Does any one who reads this blog still think that the security of our communications end point devices is enough to stop end run attacks around any security apps that run on them?

Clive Robinson • September 19, 2017 1:49 AM

@ Wael,

Elaborate, please.

OK, back in the Victorian England affordable, timely and efficient long distance communications became available to a significant part of the population not just thr Government. With first the “penny post” then later early electrical/electronic communications such as the telegraph. Eventually giving the telephone and radio.

It was recognised that a sealed letter offered some privacy to the users in the Postal System and to encorage usage the British Government put in place certain rules to protect the contents of peoples postal communications. In essence that letters would not be opened and read by officials. Part of which arose from Queen Vicoria’s assertion that she was not ammused by the unethical idea that corespondence should be spyed upon. A view Henry Stimson later expressed[1] more memorably, which had certainly since Queen Elisabeth the First been the founfation of what was layer called “The Great Game”.

The British in general appeared to believe that there mails were sacrosanct, but later not their telegraphs, hence the invention and proliferation of “Commercial Codes” which caused the telegraphers all sorts of problems. Hence legislation for the protection of communications arose and also regulation about how the cost of sending a telegraph would be worked out[2].

The result was what we now call “Common Carrier” legislation, which realy is a Faustian Bargin, in that communications was and is to this day spied upon[1].

Importantly the Victorian public realised there were “end points” not just for communications but for confidentiality / privacy / secrecy and that they were not the same. Hence the Commercial codes that offered not just privacy but cost reductions as well (think on it as early compression). In the main because they could see the telegraph’s reading their communications in order to not just work out the cost but convert them to the appropriate “line discipline” for transmission.

Thus the users especially businesses were warery of what came under anothers eye. And as is often told about feckless telephone opperators why the undertaker Almon Strouger and his nephew William designed the first automatic telephone dialing system, replacing the feckless operators.

It was this automation process that apparently took the untrusted humans out of the communications that has made most forget about the difference between a communications end point and a security end point. The result is that most trust their automated devices implicitly. Not just for communications but personall and business records. Thus what once required a personal assistant an office and filing cabinets with lockable draws and doors is in our pockets. Likewise excessive trust has been given by users as they don’t see untrustworthy humans in the process.

It’s fairly safe to say these days that when you buy a computer you are being at best misled if not directly lied to and spied upon. Because manufacturers and middle men hold title and control legaly of what the computer can and can not do, when and for how long before they decide to kill it off.

Lenovo, Microsoft and Amazon have all proved without doubt you have no ownership or control. Lenovo with it’s BIOS malware, Microsoft with it’s Win10 behaviour and Amazon with digital books and other content.

Yet the majority of users still trust their private thoughts and words to these devices, and delude themselves that they have control not the rapacious others commoditising the users intimate thoughts words and behaviours.

They get given at best half truths is not provably false stories about “security” and how an application can give them this.

It can not, because those computer manufactures can “reach out” via the communications and around any security or privacy application and see the plaintext of what the user enters into the computer or read off of it’s screen etc.

Thus it gived levels of control over the users in their masses that the likes of Stalin could not even have dreamt of and George Orwell could only dimly see.

Untill the general population wake up to this they are “Sleep walking into a dystopia they can not imagine”. But a few have felt the dystopia at the hands of authoritarian following state sponsored guard labour they call “Secret Police” or “Stasi”, not realising just how impotent such organisations used to be, compared to what technology has made them today.

In essence there is no meaningfull “ephemeral” any more what we do in public and our private thoughts and words are all recorded way beyond our control. Even those we can not ourselves remember are saved waiting to be used against us should we earn the ire of someone with control…

What we as “technologists” should be doing is looking at ways to make “ephemeral” real again and beyond the hands of those who seek to control by “fear” and “making examples of the innocent but unfortunate”.

How we do that is mainly by education not by technology. The one thing people have to realise is technology has no emotions –yet– it has no directing mind it exists as a force multiplier offering both increased benifit and harm, depending on who has temporary control. Giving up control for whatever reason is an abdication of responsibility and makes people critically dependent on others whims.

Unless people understand that they will not give up the “drug of the masses” that technology has become. Thus they will not take the steps required to control the technology they use. Becaise of the illusion of benifit technology gives, they will often demand proof of harm and that they are not in control before thay will change their behaviour, it’s this first hurdle we have to get over.

[1] https://www.theatlantic.com/international/archive/2013/06/gentlemen-reading-each-others-mail-a-brief-history-of-diplomatic-spying/276940/

[2] It’s why a telegraph “word” was defined as five letters followed by a space by the ITU, and why you see most telegraph/telex super-encryption machines producing “five letter groups” to the line.

Clive Robinson • September 19, 2017 5:51 AM

@ Winston Smith,

Most agree that the market, like democracy, works efficiently only when the populace is educated and makes educated choices.

Thus the main part of the problem “educated”. Not only should the populace be educated, it should be “honestly educated” as well.

Much of what children get taught outside of mathmatics and hard science can be, –and as far as I can see has been,– an opportunity for propaganda by the nation state and those working within it[1].

One of the problems with educating the young is you have to be dishonest because they don’t yet have sufficient information to understand the correct answer (it’s why few adults can actually say why the sky is blue and the clouds white).

Thus having started telling half truths, and leaving out information the education process can easily be bent to suit an agenda.

The problem is that around the age of eight children start realising that people lie, but by then harm has already been done. Trying to undo this harm is an uphill battle that many university level educators can give you war stories on. In fact even in the hard sciences this happens, and there is the old line of “Physics is taught as a succession of lies, each a little more accurate than the ones before” with the implicit rider that we have not yet stopped lying…

History is a very notable example of lies of ommission, it’s interesting to see how much gets left out and the selection process for the ommissions. It kind of tells you a lot about what “lies of ommission” are realy all about and why so much is classified as secret when the reality is it is anything but people hiding their failings etc.

Thus the question realy is how we as technologists correct the faux knowledge others have about technology that certain people with an agenda have promulgated.

[1] There is the Kow-Tow effect, in many academic areas where a person gets “eminence” and thus challenging them is “career suicide” untill after they are gone, or very rarely they have fallen. You can see this if you search the Internet for “Pure White and deadly”.

Clive Robinson • September 21, 2017 4:10 AM

@ Wael,

I say impossible, but I will listen to suggestions

Ephemeral may never have existed and may not exist in the “God sees everything” philosophical view point. After all I’m assured the echos of the Big Bang can still be heard in the cosmic microwave background. But from the more human asspect whilst we can hear the distant storm, we can not hear the individual waves. Because the combind signal is so complex and individual components are below the effective noise floor.

If we look back in history there is little or no record of the majority of creatures including humans. There had to be a cause for a record to be made and that record in turn had to persist or be kept for some reason.

Thus a model can be drawn up based on events and their cause-effect relationship.

1, An event happens and energy is converted into a force that in turn acts on other objects transporting the energy down through various forms to thermal energy (heat).

2, Such an energy transport is governed by the laws of thermo dynamics thus entropy, as energy moves fron an organised to disorganized state.

3, As part of the energy transport it may be in effect “paused” such as throwing an object up onto a shelf. Part of the kinetic energy gets turned into potential energy as the object now at rest waits on the shelf. It can be taken/drop down at some point in the future turning the potential energy back to kinetic energy.

4, Thus in effect the potential energy is a partial stored record of the object getting to where it is, by the fact the object is on the shelf.

5, However the potential energy stored does not record how the rest of the kinetic energy from the throw was transported down further, ultimately at some very distant time to minimal thermal energy levels I say impossible, but I will listen to suggestions(Universe heat death).

Thus the aim for “ephemeral” is to prevent any of the energy of an event getting converted to a potential energy being paused to create a record that is in a sufficiently “ordered state” to be of use to a third party at a future time.

Which brings us back to the “How?” question.

As I’ve noted before information has no tangible state, it is impressed onto either mass or energy to communicate or store the information. Thus it is the energy/matter that goes into making the record we should be looking at. When it comes to a record then it is only matter that pauses the downward energy transport by trapping it coherently if imperfectly for future use.

Thus the weasel word “coherent” which means the potential energy in the matter has to be sufficiently ordered that it can be used at a future point in time.

At which point you are probably thinking “encrypt everything and throw away the key” or some such. But that is not “ephemeral” because even though the information has been transformed it is still coherant thus still recorded.

It’s ensuring that the energy transport from organised to disorganised is not paused that is important. Thus stopping the information impressed on the energy being held in a coherant form.

If we look at “Quantum Cryptography” we can see a way to communicate information that guarantees there is only one recipient (on the assumption that our current laws of physics are correct).

Which leaves the question of ensuring it is the right not wrong recipient that gets the information.

Your thoughts so far?

Clive Robinson • September 21, 2017 5:08 AM

@ Wael,

On of the problems of “strap hanging” in public transport is the uncertainty of hitting a small target (key) with a larger object (finger) accurately enough so only the desired action occurs increases. Thus strange errors creep in…

As evidenced in my above where the cut and paste of your “impossible” statment has been accidently pasted befor “(Universe heat death).” in point 5 🙁

But re-reading the above I made a jump to QC without going through the steps between. So,

If we accept that a record is “potential energy” from the kinetic etc energy doing work via a force on an object with information impressed or encoded in it coherantly. We must accept that fundamentally it’s the matter that is important to the making of the record.

We talk about the duality of energy / matter but forget that whilst energy is in effect waves matter is in effect particles, and not all particles are divisible, so unlike waves indivisable particles can not leak partial information it’s all or nothing. Which is why there is only one recipient per bit of information.

The first idea to use this for recording information was back around 1970 with Stephen Wiesner’s “Quantum Bank Notes”. The idea spent something like thirteen years in limbo because it was “to far ahead” of what the peer review publishing process would tolerate.

I can not remember exactly what the tie up was from that to prompt Gilles Brassard into the idea of Quantum Cryptograhpy (but it’s probably up on the net somewhere).

Thus the idea of the quantum bank note comes full circle. Rather than using it to store a secret serial number, it can be used to store a message where each bit can only be read once. Thus ensuring that each bit of the message only has one recipient.

Clive Robinson • September 21, 2017 6:36 AM

@ Wael,

To follow on with the thinking.

As I said information can be regarded as intangible and without tangible form or state. What we see hear and touch are actually tangible objects of energy and matter subject to forces thus behaving in a way understandable under our current physical laws. The information is thus impressed on matter to store and modulated on energy to communicate. As processing involves both it requires work to be performed.

So as far as information is concerned we can,

1, Store it by impressing on matter.
2, Communicate it by modulating it on energy.
3, Process it by performing work on matter and energy.

Using indivisable particles to prevent information leakage we can,

1, Store information on Qbit state.
2, Communicate it by using photons as Qbits.
3, Process clasically Qbits in appropriate logic gates.

And under what appears never ending research potentialy process Qbits quantumly.

As we know Qbits do decoher very easily sometimes in pico seconds, thus Qbit storage is curently a very hard problem, but one we are certainly making progress on.

Thus we have in place the building blocks that can not leak information. Which I hope you will see as a first step on at least partially negating the first part of your,

I say impossible, but I will listen to suggestions

Clive Robinson • September 22, 2017 2:44 AM

@ Wael,

Wasn’t too bad… only a swap of the hands

Was that “left for right” or with another person…

I’ve never regarded major surgery as “Wasn’t too bad” 😉

The brain isn’t working at the moment.

Well maybe you should try “The Buccaneer” approach as a “hearty Swab” not an international plane swapper.

Clive Robinson • September 22, 2017 3:51 PM

@ Wael,

I meant “swab” not “swap”

I know hence the left-right joke, and it your tired brain missed that then the Buccaneer joke about a “hearty swab”.

But I guess you must have been realy tired as you missed both 😉

I trust that where ever you have landed you’ve had the chance to “re-coop” by the time you read this, and have hatched “a cunning plan”.

Clive Robinson • September 22, 2017 6:24 PM

@ Wael,

In the days of Buccaneers the ships were wood and sail, the major activity of the unskilled or those needed only to man the guns and sails was a form of makework such as “swabing the decks” with the likes of holy stones and buckets of salt water.

A “hearty swab” was one settled into the existence and possesed of a cheerful disposition.

Oh speaking of dishes eaten cold remember “not to count your chickens…” otherwise you may aquire to large a coop.