[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)

Jerry Leichter leichter at lrw.com
Wed Nov 18 15:39:19 EST 2015 

>> The real problem is that people want to build all this stuff
>> without a self-destruct timer. Things that don't wear out, get
>> folded into infrastructure and forgotten rather than becoming
>> a routine part of infrastructure maintenance.
>> 
>> All of these IoT devices need dead-man switches to assure that
>> their software does in fact get updated occasionally as the
>> security issues get worked out.
> 
> You can’t be serious.  Forcing people to update their software on pain of having their devices stop working basically puts the ultimate power in the hands of the device vendors....
Indeed.  Consider expiration dates on drugs.  At one time, these were based on actual estimates of when the drugs would go bad.  Some drugs came with no expiration dates.

Then the drug makers discovered that (a) retailers and other distributers of drugs could not sell drugs past their expiration dates (often this is legally enforced, but in any case customers won't buy them; (b) even people who have the drugs at home will discard them when the expiration dates pass.  There are no binding definitions of what makes a drug "expired".  So the result is just what you would expect:  Expiration dates are placed closer and closer to the present, forcing distributers and customers to replace what may be perfectly good drugs with newer ones.

The US DoD, which buys drugs in huge quantities, did a study a number of years ago and determined that the could safely keep most drugs for twice the lifetime the manufacturers claimed, saving huge amounts of money.  The multiplier is probably significantly higher - it's rare to see drugs with an estimated lifetime of more then two years these days, even over-the-counter drugs that are simple, stable compounds.

We've already seen printer manufacturers include chips in their toner cartridges that declare the cartridge "used up" when there's still plenty of toner in there - which the printers will refuse to use.  Do we really want to encourage more of this kind of thing?

(Not to mention the blowback when a thermostat declares itself "obsolete" and shuts down in the middle of a blizzard and someone freezes to death.)

The IoT is introducing a huge variety of new risks which we don't now how to manage - but forced obsolescence is not the solution.
                                                        -- Jerry

More information about the cryptography mailing list