Latest Essays
Page 73
A Plea for Simplicity
You can't secure what you don't understand.
Ask any 21 experts to predict the future, and they’re likely to point in 21 different directions. But whatever the future holds—IP everywhere, smart cards everywhere, video everywhere, Internet commerce everywhere, wireless everywhere, agents everywhere, AI everywhere, everything everywhere—the one thing you can be sure of is that it will be complex. For consumers, this is great. For security professionals, this is terrifying. The worst enemy of security is complexity. This has been true since the beginning of computers, and it’s likely to be true for the foreseeable future…
DVD Encryption Broken
A version of this article appeared as a guest commentary on ZDNet.
The scheme to protect DVDs has been broken. There are now freeware programs on the net that remove the copy protection on DVDs, allowing them to be played, edited, and copied without restriction.
This should be no surprise to anyone, least of all to the entertainment industry.
The protection scheme is seriously flawed in several ways. Each DVD is encrypted with something called Content Scrambling System (CCS). It has a 40-bit key. (I have no idea why. The NSA and the FBI shouldn’t care about DVD encryption. There aren’t any encrypted terrorist movies they need to watch.) It’s not even a very good algorithm. But even if the encryption were triple-DES, this scheme would be flawed…
Why Computers Are Insecure
A shortened version of this essay appeared in the November 15, 1999 issue of Computerworld as “Satan’s Computer: Why Security Products Fail Us.”
Almost every week the computer press covers another security flaw: a virus that exploits Microsoft Office, a vulnerability in Windows or UNIX, a Java problem, a security hole in a major Web site, an attack against a popular firewall. Why can’t vendors get this right, we wonder? When will it get better?
I don’t believe it ever will. Here’s why:
Security engineering is different from any other type of engineering. Most products, such as word processors or cellular phones, are useful for what they do. Security products, or security features within products, are useful precisely because of what they don’t allow to be done. Most engineering involves making things work. Think of the original definition of a hacker: someone who figured things out and made something cool happen. Security engineering involves making things not happen. It involves figuring out how things fail, and then preventing those failures…
Risks of Relying on Cryptography
Cryptography is often treated as if it were magic security dust: “sprinkle some on your system, and it is secure; then, you’re secure as long as the key length is large enough—112 bits, 128 bits, 256 bits” (I’ve even seen companies boast of 16,000 bits.) “Sure, there are always new developments in cryptanalysis, but we’ve never seen an operationally useful cryptanalytic attack against a standard algorithm. Even the analyses of DES aren’t any better than brute force in most operational situations. As long as you use a conservative published algorithm, you’re secure.”…
The Trojan Horse Race
1999 is a pivotal year for malicious software ( malware) such as viruses, worms, and Trojan horses. Although the problem is not new, Internet growth and weak system security have evidently increased the risks.
Viruses and worms survive by moving from computer to computer. Prior to the Internet, computers (and viruses!) communicated relatively slowly, mostly through floppy disks and bulletin boards. Antivirus programs were initially fairly effective at blocking known types of malware entering personal computers, especially when there were only a handful of viruses. But now there are over 10,000 virus types; with e-mail and Internet connectivity, the opportunities and speed of propagation have increased dramatically…
International Cryptography
Revised version.
One of the stranger justifications of U.S. export controls is that they prevent the spread of cryptographic expertise. Years ago, the Administration argued that there were no cryptographic products available outside the U.S. When several studies proved that there were hundreds of products designed, built, and marketed outside the U.S., the Administration changed its story. These products were all no good, they argued. Export controls prevent superior American products from getting into foreign hands, forcing them to use inferior non-U.S. products…
Web-Based Encrypted E-Mail
A version of this essay appeared on ZDNet.com.
The idea is enticing. Just as you can log onto Hotmail with your browser to send and receive e-mail, there are Web sites you can log on to to send and receive encrypted e-mail. HushMail, ZipLip, YNN-mail, ZixMail. No software to download and install…it just works.
But how well?
HushMail <http://www.hushmail.com> is basically a PGP or S/MIME-like e-mail application that uses Java (although oddly enough, HushMail is not compatible with either). The sender logs onto the HushMail Web site, and encrypts messages using a Java applet that is automatically downloaded onto his machine. Both the sender and receiver need to have HushMail accounts for this to work. Accounts can be anonymous…
NIST AES News
A version of this essay appeared on ZDNet.com.
AES is the Advanced Encryption Standard, the encryption algorithm that will eventually replace DES. In 1997, the U.S. government (NIST, actually), solicited candidate algorithms for this standard. By June 1998 (the submission deadline), NIST received fifteen submissions. NIST asked for comments on these algorithms, with the intention of pruning the list to five finalists. NIST held an AES conference in Rome in April (this was the second AES conference, the first was the previous August in California), the comment deadline was in June, and last Monday NIST announced the finalists…
Biometrics: Uses and Abuses
Biometrics are seductive. Your voiceprint unlocks the door of your house. Your iris scan lets you into the corporate offices. You are your own key. Unfortunately, the reality isn’t that simple.
Biometrics are the oldest form of identification. Dogs have distinctive barks. Cats spray. Humans recognize faces. On the telephone, your voice identifies you. Your signature identifies you as the person who signed a contract.
In order to be useful, biometrics must be stored in a database. Alice’s voice biometric works only if you recognize her voice; it won’t help if she is a stranger. You can verify a signature only if you recognize it. To solve this problem, banks keep signature cards. Alice signs her name on a card when she opens the account, and the bank can verify Alice’s signature against the stored signature to ensure that the check was signed by Alice…
Cryptography: The Importance of Not Being Different
Suppose your doctor said, “I realize we have antibiotics that are good at treating your kind of infection without harmful side effects, and that there are decades of research to support this treatment. But I’m going to give you tortilla-chip powder instead, because, uh, it might work.” You’d get a new doctor.
Practicing medicine is difficult. The profession doesn’t rush to embrace new drugs; it takes years of testing before benefits can be proven, dosages established, and side effects cataloged. A good doctor won’t treat a bacterial infection with a medicine he just invented when proven antibiotics are available. And a smart patient wants the same drug that cured the last person, not something different…
Sidebar photo of Bruce Schneier by Joe MacInnis.