Entries Tagged "decoys"

Page 1 of 1

Lessons from Biological Security

Nice essay:

The biological world is also open source in the sense that threats are always present, largely unpredictable, and always changing. Because of this, defensive measures that are perfectly designed for a particular threat leave you vulnerable to other ones. Imagine if our immune system were designed to deal only with a single strain of flu. In fact, our immune system works because it looks for the full spectrum of invaders ­ low-level viral infections, bacterial parasites, or virulent strains of a pandemic disease. Too often, we create security measures ­ such as the Department of Homeland Security’s BioWatch program ­ that spend too many resources to deal specifically with a very narrow range of threats on the risk spectrum.

Advocates of full-spectrum approaches for biological and chemical weapons argue that weaponized agents are really a very small part of the risk and that we are better off developing strategies ­ like better public-health-response systems ­ that can deal with everything from natural mutations of viruses to lab accidents to acts of terrorism. Likewise, cyber crime is likely a small part of your digital-security risk spectrum.

A full-spectrum approach favors generalized health over specialized defenses, and redundancy over efficiency. Organisms in nature, despite being constrained by resources, have evolved multiply redundant layers of security. DNA has multiple ways to code for the same proteins so that viral parasites can’t easily hack it and disrupt its structure. Multiple data-backup systems are a simple method that most sensible organizations employ, but you can get more clever than that. For example, redundancy in nature sometimes takes the form of leaving certain parts unsecure to ensure that essential parts can survive attack. Lizards easily shed their tails to predators to allow the rest of the body (with the critical reproductive machinery) to escape. There may be sacrificial systems or information you can offer up as a decoy for a cyber-predator, in which case an attack becomes an advantage, allowing your organization to see the nature of the attacker and giving you time to add further security in the critical part of your information infrastructure.

I recommend his book, Learning from the Octopus: How Secrets from Nature Can Help Us Fight Terrorist Attacks, Natural Disasters, and Disease.

Posted on June 27, 2013 at 6:34 AMView Comments

Telex Anti-Censorship System

This is really clever:

Many anticensorship systems work by making an encrypted connection (called a “tunnel”) from the user’s computer to a trusted proxy server located outside the censor’s network. This server relays requests to censored websites and returns the responses to the user over the encrypted tunnel. This approach leads to a cat-and-mouse game, where the censor attempts to discover and block the proxy servers. Users need to learn the address and login information for a proxy server somehow, and it’s very difficult to broadcast this information to a large number of users without the censor also learning it.

Telex turns this approach on its head to create what is essentially a proxy server without an IP address. In fact, users don’t need to know any secrets to connect. The user installs a Telex client app (perhaps by downloading it from an intermittently available website or by making a copy from a friend). When the user wants to visit a blacklisted site, the client establishes an encrypted HTTPS connection to a non-blacklisted web server outside the censor’s network, which could be a normal site that the user regularly visits. Since the connection looks normal, the censor allows it, but this connection is only a decoy.

The client secretly marks the connection as a Telex request by inserting a cryptographic tag into the headers. We construct this tag using a mechanism called public-key steganography. This means anyone can tag a connection using only publicly available information, but only the Telex service (using a private key) can recognize that a connection has been tagged.

As the connection travels over the Internet en route to the non-blacklisted site, it passes through routers at various ISPs in the core of the network. We envision that some of these ISPs would deploy equipment we call Telex stations. These devices hold a private key that lets them recognize tagged connections from Telex clients and decrypt these HTTPS connections. The stations then divert the connections to anti­censorship services, such as proxy servers or Tor entry points, which clients can use to access blocked sites. This creates an encrypted tunnel between the Telex user and Telex station at the ISP, redirecting connections to any site on the Internet.

EDITED TO ADD (8/1): Another article.

EDITED TO ADD (8/13): Another article.

Posted on July 19, 2011 at 9:59 AMView Comments

Marine Worms with Glowing Bombs

More security stories from the natural world:

During chase scenes, movie protagonists often make their getaway by releasing some sort of decoy to cover their escape or distract their pursuer. But this tactic isn’t reserved for action heroes—some deep-sea animals also evade their predators by releasing decoys—glowing ones.

Karen Osborn from the Scripps Institute of Oceanography has discovered seven new species of closely related marine worms (annelids) that use this trick. Each species pack up to four pairs of “bombs” near their heads—simple, fluid-filled globes that the worms can detach at will. When released, the “bombs” give off an intense light that lasts for several seconds.

My two previous posts on the topic.

Posted on August 28, 2009 at 6:12 AMView Comments

P2P Privacy

Interesting research:

The team of researchers, which includes graduate students David Choffnes (electrical engineering and computer science) and Dean Malmgren (chemical and biological engineering), and postdoctoral fellow Jordi Duch (chemical and biological engineering), studied connection patterns in the BitTorrent file-sharing network — one of the largest and most popular P2P systems today. They found that over the course of weeks, groups of users formed communities where each member consistently connected with other community members more than with users outside the community.

“This was particularly surprising because BitTorrent is designed to establish connections at random, so there is no a priori reason for such strong communities to exist,” Bustamante says. After identifying this community behavior, the researchers showed that an eavesdropper could classify users into specific communities using a relatively small number of observation points. Indeed, a savvy attacker can correctly extract communities more than 85 percent of the time by observing only 0.01 percent of the total users. Worse yet, this information could be used to launch a “guilt-by-association” attack, where an attacker need only determine the downloading behavior of one user in the community to convincingly argue that all users in the communities are doing the same.

Given the impact of this threat, the researchers developed a technique that prevents accurate classification by intelligently hiding user-intended downloading behavior in a cloud of random downloading. They showed that this approach causes an eavesdropper’s classification to be wrong the majority of the time, providing users with grounds to claim “plausible deniability” if accused.

Posted on April 9, 2009 at 7:07 AMView Comments

Shoplifting on the Rise in Bad Economy

From the New York Times:

Police departments across the country say that shoplifting arrests are 10 percent to 20 percent higher this year than last. The problem is probably even greater than arrest records indicate since shoplifters are often banned from stores rather than arrested.

Much of the increase has come from first-time offenders like Mr. Johnson making rash decisions in a pinch, the authorities say. But the ease with which stolen goods can be sold on the Internet has meant a bigger role for organized crime rings, which also engage in receipt fraud, fake price tagging and gift card schemes, the police and security experts say.

[…]

Shoplifters also seem to be getting bolder, according to industry surveys.

Thieves often put stolen items in bags lined with aluminum foil to avoid detection by the storefront alarms. Others work in teams, with a decoy who tries to look suspicious to draw out undercover security agents and attract the attention of security cameras, the police said.

“We’re definitely seeing more sprinters,” said an undercover security guard at Macy’s near Oakland, Calif., referring to shoplifters who make a run for the door.

A previous post listed the most frequently shoplifted items: small, expensive things with a long shelf life.

EDITED TO ADD (1/13): Maybe shoplifting isn’t on the rise after all.

Posted on December 29, 2008 at 2:52 PMView Comments

Bank Robber Hires Accomplices on Craigslist

Now this is clever:

“I came across the ad that was for a prevailing wage job for $28.50 an hour,” said Mike, who saw a Craigslist ad last week looking for workers for a road maintenance project in Monroe.

He said he inquired and was e-mailed back with instructions to meet near the Bank of America in Monroe at 11 a.m. Tuesday. He also was told to wear certain work clothing.

“Yellow vest, safety goggles, a respirator mask…and, if possible, a blue shirt,” he said.

Mike showed up along with about a dozen other men dressed like him, but there was no contractor and no road work to be done. He thought they had been stood up until he heard about the bank robbery and the suspect who wore the same attire.

EDITED TO ADD (11/7): He was arrested.

Posted on October 2, 2008 at 12:18 PM

Iraqi Election Security

This is so ridiculous I have trouble believing it’s true:

Election security chiefs in Iraq will set up decoy polling centres in an attempt to outwit insurgents who have vowed to target voters with suicide bombs and mortar rounds on Sunday.

Everyone has to vote, right? This means one of two things will happen. One, everyone will know about the decoy sites, and the insurgents will know to avoid them. Or two, no one will know about the decoy sites, voters will flock to them, and it won’t matter to the insurgents that they are decoys.

Posted on January 30, 2005 at 2:00 AMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.