Entries Tagged "history of security"
Page 11 of 12
The Multics Operating System
Multics was an operating system from the 1960s, and had better security than a lot of operating systems today. This article from 2002 talks about Multics security, and the lessons learned that are still relevant today.
Security Analysis of a 13th Century Venetian Election Protocol
I love stuff like this: “Electing the Doge of Venice: Analysis of a 13th Century Protocol,” by Miranda Mowbray and Dieter Gollmann.
This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science. For example it gives some opportunities to minorities while ensuring that more popular candidates are more likely to win, and offers some resistance to corruption of voters. The most obvious feature of this protocol is that it is complicated and would have taken a long time to carry out. We will advance a hypothesis as to why it is so complicated, and describe a simplified protocol with very similar features.
Venice was very clever about working to avoid the factionalism that tore apart a lot of its Italian rivals, while making the various factions feel represented.
Real-World Trojan Horse
Here’s a clip from an Australian TV programme called “The Chaser”. A Trojan Horse (full of appropriately attired soldiers) finds its way past security everywhere except the Turkish consulate.
At least they remember their history.
We're All a Little Nervous in a Post-1748 World
In 1748, the painter William Hogarth was arrested as a spy for sketching fortifications at Calais.
1933 Article on Crooked Gambling Technology
Fun reading. In every generation, criminals are near the leading edge in applying new technology to steal things.
Rudyard Kipling As a Security Author
A review of Kim:
Kipling packed a great deal of information and concept into his stories, and in “Kim” we find The Great Game: espionage and spying. Within the first twenty pages we have authentication by something you have, denial of service, impersonation, stealth, masquerade, role- based authorization (with ad hoc authentication by something you know), eavesdropping, and trust based on data integrity. Later on we get contingency planning against theft and cryptography with key changes.
Cheyenne Mountain Retired
Cheyenne Mountain was the United States’ underground command post, designed to survive a direct hit from a nuclear warhead. It’s a Cold War relic—built in the 1960s—and retiring the site is probably a good idea. But this paragraph gives me pause:
Keating said the new control room, in contrast, could be damaged if a terrorist commandeered a jumbo jet and somehow knew exactly where to crash it. But “how unlikely is that? We think very,” Keating said.
I agree that this is an unlikely terrorist target, but still.
Architecture and Security
You’ve seen them: those large concrete blocks in front of skyscrapers, monuments and government buildings, designed to protect against car and truck bombs. They sprang up like weeds in the months after 9/11, but the idea is much older. The prettier ones doubled as planters; the uglier ones just stood there.
Form follows function. From medieval castles to modern airports, security concerns have always influenced architecture. Castles appeared during the reign of King Stephen of England because they were the best way to defend the land and there wasn’t a strong king to put any limits on castle-building. But castle design changed over the centuries in response to both innovations in warfare and politics, from motte-and-bailey to concentric design in the late medieval period to entirely decorative castles in the 19th century.
These changes were expensive. The problem is that architecture tends toward permanence, while security threats change much faster. Something that seemed a good idea when a building was designed might make little sense a century—or even a decade—later. But by then it’s hard to undo those architectural decisions.
When Syracuse University built a new campus in the mid-1970s, the student protests of the late 1960s were fresh on everybody’s mind. So the architects designed a college without the open greens of traditional college campuses. It’s now 30 years later, but Syracuse University is stuck defending itself against an obsolete threat.
Similarly, hotel entries in Montreal were elevated above street level in the 1970s, in response to security worries about Quebecois separatists. Today the threat is gone, but those older hotels continue to be maddeningly difficult to navigate.
Also in the 1970s, the Israeli consulate in New York built a unique security system: a two-door vestibule that allowed guards to identify visitors and control building access. Now this kind of entryway is widespread, and buildings with it will remain unwelcoming long after the threat is gone.
The same thing can be seen in cyberspace as well. In his book, Code and Other Laws of Cyberspace, Lawrence Lessig describes how decisions about technological infrastructure—the architecture of the internet—become embedded and then impracticable to change. Whether it’s technologies to prevent file copying, limit anonymity, record our digital habits for later investigation or reduce interoperability and strengthen monopoly positions, once technologies based on these security concerns become standard it will take decades to undo them.
It’s dangerously shortsighted to make architectural decisions based on the threat of the moment without regard to the long-term consequences of those decisions.
Concrete building barriers are an exception: They’re removable. They started appearing in Washington, D.C., in 1983, after the truck bombing of the Marines barracks in Beirut. After 9/11, they were a sort of bizarre status symbol: They proved your building was important enough to deserve protection. In New York City alone, more than 50 buildings were protected in this fashion.
Today, they’re slowly coming down. Studies have found they impede traffic flow, turn into giant ashtrays and can pose a security risk by becoming flying shrapnel if exploded.
We should be thankful they can be removed, and did not end up as permanent aspects of our cities’ architecture. We won’t be so lucky with some of the design decisions we’re seeing about internet architecture.
This essay originally appeared (my 29th column) in Wired.com.
EDITED TO ADD (11/3): Activism-restricting architecture at the University of Texas. And commentary from the Architectures of Control in Design Blog.
Indexes to NSA Publications Declassified and Online
In May 2003, Michael Ravnitzky submitted a Freedom of Information Act (FOIA) request to the National Security Agency for a copy of the index to their historical reports at the Center for Cryptologic History and the index to certain journals: the NSA Technical Journal and the Cryptographic Quarterly. These journals had been mentioned in the literature but are not available to the public. Because he thought NSA might be reluctant to release the bibliographic indexes, he also asked for the table of contents to each issue.
The request took more than three years for them to process and declassify—sadly, not atypical—and during the process they asked if he would accept the indexes in lieu of the tables of contents pages: specifically, the cumulative indices that included all the previous material in the earlier indices. He agreed, and got them last month. The results are here.
This is just a sampling of some of the article titles from the NSA Technical Journal:
“The Arithmetic of a Generation Principle for an Electronic Key Generator” · “CATNIP: Computer Analysis – Target Networks Intercept Probability” · “Chatter Patterns: A Last Resort” · “COMINT Satellites – A Space Problem” · “Computers and Advanced Weapons Systems” · “Coupon Collecting and Cryptology” · “Cranks, Nuts, and Screwballs” · “A Cryptologic Fairy Tale” · “Don’t Be Too Smart” · “Earliest Applications of the Computer at NSA” · “Emergency Destruction of Documents” · “Extraterrestrial Intelligence” · “The Fallacy of the One-Time-Pad Excuse” · “GEE WHIZZER” · “The Gweeks Had a Gwoup for It” · “How to Visualize a Matrix” · “Key to the Extraterrestrial Messages” · “A Mechanical Treatment of Fibonacci Sequences” · “Q.E.D.- 2 Hours, 41 Minutes” · “SlGINT Implications of Military Oceanography” · “Some Problems and Techniques in Bookbreaking” · “Upgrading Selected US Codes and Ciphers with a Cover and Deception Capability” · “Weather: Its Role in Communications Intelligence” · “Worldwide Language Problems at NSA”
In the materials the NSA provided, they also included indices to two other publications: Cryptologic Spectrum and Cryptologic Almanac.
The indices to Cryptologic Quarterly and NSA Technical Journal have indices by title, author and keyword. The index to Cryptologic Spectrum has indices by author, title and issue.
Consider these bibliographic tools as stepping stones. If you want an article, send a FOIA request for it. Send a FOIA request for a dozen. There’s a lot of stuff here that would help elucidate the early history of the agency and some interesting cryptographic topics.
Thanks Mike, for doing this work.
Sidebar photo of Bruce Schneier by Joe MacInnis.