Page 500

Risks of Data Portability

Peter Swire and Yianni Lagos have pre-published a law journal article on the risks of data portability. It specifically addresses an EU data protection regulation, but the security discussion is more general.

…Article 18 poses serious risks to a long-established E.U. fundamental right of data protection, the right to security of a person’s data. Previous access requests by individuals were limited in scope and format. By contrast, when an individual’s lifetime of data must be exported ‘without hindrance,’ then one moment of identity fraud can turn into a lifetime breach of personal data.

They have a point. If you’re going to allow users to download all of their data with one command, you might want to double- and triple-check that command. Otherwise it’s going to become an attack vector for identity theft and other malfeasance.

Tags: , , , ,

Posted on October 24, 2012 at 1:27 PMView Comments

Stoking Cyber Fears

A lot of the debate around President Obama’s cybsersecurity initiative centers on how much of a burden it would be on industry, and how that should be financed. As important as that debate is, it obscures some of the larger issues surrounding cyberwar, cyberterrorism, and cybersecurity in general.

It’s difficult to have any serious policy discussion amongst the fear mongering. Secretary Panetta’s recent comments are just the latest; search the Internet for “cyber 9/11,” “cyber Pearl-Harbor,” “cyber Katrina,” or—my favorite—”cyber Armageddon.”

There’s an enormous amount of money and power that results from pushing cyberwar and cyberterrorism: power within the military, the Department of Homeland Security, and the Justice Department; and lucrative government contracts supporting those organizations. As long as cyber remains a prefix that scares, it’ll continue to be used as a bugaboo.

But while scare stories are more movie-plot than actual threat, there are real risks. The government is continually poked and probed in cyberspace, from attackers ranging from kids playing politics to sophisticated national intelligence gathering operations. Hackers can do damage, although nothing like the cyberterrorism rhetoric would lead you to believe. Cybercrime continues to rise, and still poses real risks to those of us who work, shop, and play on the Internet. And cyberdefense needs to be part of our military strategy.

Industry has definitely not done enough to protect our nation’s critical infrastructure, and federal government may need more involvement. This should come as no surprise; the economic externalities in cybersecurity are so great that even the freest free market would fail.

For example, the owner of a chemical plant will protect that plant from cyber attack up to the value of that plant to the owner; the residual risk to the community around the plant will remain. Politics will color how government involvement looks: market incentives, regulation, or outright government takeover of some aspects of cybersecurity.

None of this requires heavy-handed regulation. Over the past few years we’ve heard calls for the military to better control Internet protocols; for the United States to be able to “kill” all or part of the Internet, or to cut itself off from the greater Internet; for increased government surveillance; and for limits on anonymity. All of those would be dangerous, and would make us less secure. The world’s first military cyberweapon, Stuxnet, was used by the United States and Israel against Iran.

In all of this government posturing about cybersecurity, the biggest risk is a cyber-war arms race; and that’s where remarks like Panetta’s lead us. Increased government spending on cyberweapons and cyberdefense, and an increased militarization of cyberspace, is both expensive and destabilizing. Fears lead to weapons buildups, and weapons beg to be used.

I would like to see less fear mongering, and more reasoned discussion about the actual threats and reasonable countermeasures. Pushing the fear button benefits no one.

This essay originally appeared in the New York Times “Room for Debate” blog. Here are the other essays on the topic.

Tags: , , , , , , , , ,

Posted on October 19, 2012 at 7:45 AMView Comments

Analysis of How Bitcoin Is Actually Used

Quantitative Analysis of the Full Bitcoin Transaction Graph,” by Dorit Ron and Adi Shamir:

Abstract. The Bitcoin scheme is a rare example of a large scale global payment system in which all the transactions are publicly accessible (but in an anonymous way). We downloaded the full history of this scheme, and analyzed many statistical properties of its associated transaction graph. In this paper we answer for the rst time a variety of interesting questions about the typical behavior of account owners, how they acquire and how they spend their Bitcoins, the balance of Bitcoins they keep in their accounts, and how they move Bitcoins between their various accounts in order to better protect their privacy. In addition, we isolated all the large transactions in the system, and discovered that almost all of them are closely related to a single large transaction that took place in November 2010, even though the associated users apparently tried to hide this fact with many strange looking long chains and fork-merge structures in the transaction graph.

The paper has been submitted to the 2013 Financial Cryptography conference.

EDITED TO ADD (10/30): Some commentary.

Tags: ,

Posted on October 18, 2012 at 6:11 AMView Comments

Genetic Privacy

New report from the Presidential Commission for the Study of Bioethical Issues.

It’s called “Privacy and Progress in Whole Genome Sequencing.” The Commission described the rapid advances underway in the field of genome sequencing, but also noted growing concerns about privacy and security. The report lists twelve recommendations to improve current practices and to help safeguard privacy and security, including using deidentification wherever possible.

Here are four news articles.

Tags: ,

Posted on October 17, 2012 at 6:23 AMView Comments

Studying Zero-Day Attacks

Interesting paper: “Before We Knew It: An Empirical Study of Zero-Day Attacks In The Real World,” by Leyla Bilge and Tudor Dumitras:

Abstract: Little is known about the duration and prevalence of zeroday attacks, which exploit vulnerabilities that have not been disclosed publicly. Knowledge of new vulnerabilities gives cyber criminals a free pass to attack any target of their choosing, while remaining undetected. Unfortunately, these serious threats are difficult to analyze, because, in general, data is not available until after an attack is discovered. Moreover, zero-day attacks are rare events that are unlikely to be observed in honeypots or in lab experiments.

In this paper, we describe a method for automatically identifying zero-day attacks from field-gathered data that records when benign and malicious binaries are downloaded on 11 million real hosts around the world. Searching this data set for malicious files that exploit known vulnerabilities indicates which files appeared on the Internet before the corresponding vulnerabilities were disclosed. We identify 18 vulnerabilities exploited before disclosure, of which 11 were not previously known to have been employed in zero-day attacks. We also find that a typical zero-day attack lasts 312 days on average and that, after vulnerabilities are disclosed publicly, the volume of attacks exploiting them increases by up to 5 orders of magnitude.

Tags: , ,

Posted on October 16, 2012 at 6:12 AMView Comments

Apple Turns on iPhone Tracking in iOS6

This is important:

Previously, Apple had all but disabled tracking of iPhone users by advertisers when it stopped app developers from utilizing Apple mobile device data via UDID, the unique, permanent, non-deletable serial number that previously identified every Apple device.

For the last few months, iPhone users have enjoyed an unusual environment in which advertisers have been largely unable to track and target them in any meaningful way.

In iOS 6, however, tracking is most definitely back on, and it’s more effective than ever, multiple mobile advertising executives familiar with IFA tell us. (Note that Apple doesn’t mention IFA in its iOS 6 launch page).

EDITED TO ADD (10/15): Apple has provided a way to opt out of the targeted ads and also to disable the location information being sent.

Tags: , , ,

Posted on October 15, 2012 at 1:21 PMView Comments

Master Keys

Earlier this month, a retired New York City locksmith was selling a set of “master keys” on eBay:

Three of the five are standard issue for members of the FDNY, and the set had a metal dog tag that was embossed with an FDNY lieutenant’s shield number, 6896.

The keys include the all-purpose “1620,” a master firefighter key that with one turn could trap thousands of people in a skyscraper by sending all the elevators to the lobby and out of service, according to two FDNY sources. And it works for buildings across the city.

That key also allows one to open locked subway entrances, gain entry to many firehouses and get into boxes at construction jobs that house additional keys to all areas of the site.

The ring sold to The Post has two keys used by official city electricians that would allow access to street lamps, along with the basement circuit-breaker boxes of just about any large building.

Of course there’s the terrorist tie-in:

“With all the anti-terrorism activities, with all the protection that the NYPD is trying to provide, it’s astounding that you could get hold of this type of thing,” he said.

He walked The Post through a couple of nightmare scenarios that would be possible with the help of such keys.

“Think about the people at Occupy Wall Street who hate the NYPD, hate the establishment. They would love to have a set. Wouldn’t it be nice to walk in and disable Chase’s elevators?” he said.

Or, he said, “I could open the master box at construction sites, which hold the keys and the building plans. Once you get inside, you can steal, vandalize or conduct terrorist activities.”

The Huffington Post piled on:

“We cannot let anyone sell the safety of over 8 million people so easily,” New York City Public Advocate Bill de Blasio said in a statement. “Having these keys on the open market literally puts lives at risk. The billions we’ve spent on counter-terrorism have been severely undercut by this breech [sic].”

Sounds terrible. But—good news—the locksmith has stopped selling them. (On the other hand, the press has helpfully published a photograph of the keys, so you can make your own, even if you didn’t win the eBay auction.)

I found only one story that failed to hype the threat.

The current bit of sensationalism aside, this is fundamentally a hard problem. Master keys are only useful if they’re widely applicable—and if they’re widely applicable, they need to be distributed widely. This means that 1) they can’t be kept secret, and 2) they’re very expensive to update. I could easily imagine an electronic lock solution that would be much more adaptable, but electronic locks come with their own vulnerabilities, since the electronics are something else that can fail. I don’t know if a more complex system would be better in the end.

Tags: ,

Posted on October 15, 2012 at 7:02 AMView Comments

← Earlier EntriesLater Entries →

Sidebar photo of Bruce Schneier by Joe MacInnis.