Is cryptography where security took the wrong branch?

Ian Grigg iang at systemics.com
Mon Sep 1 15:59:09 EDT 2003 

Hadmut Danisch wrote:

> The reason I was asking is: I had a dispute with someone who
> claimed that cryptography is by far the most important discipline
> of information and communication security, and that its transition
> from an art to a science was triggered by Shannon's paper in 1949
> and the Diffie/Hellman paper in 1976 (discovery of public key
> systems).

It depends on what the context is.  If we are talking
about "military security" then commsec is of some use, as
things like tactical security don't really "need" the
benefit of hard crypto, it's just a nice-to-have.  E.g.,
the presence of a radio signal is generally most of the
short term importance of tactical comms.  The rest of
it tends to be chit-chat which is hard to analyse in
real time anyway...  In this sense, commsec means radio
silence more than anything else.

If we are talking about "government security" then it
is of high use, because pretty much everything about
government is about talking and documents, and the time
aspect of tactical comms is not present.

Within the academic notion of infosec & commsec, it
would be fair to say that it's the most important, but
that's by absence, really.  There's isn't much else to
study if one is confined to academic research into the
security of data!

> Reality is different: While Firewalls, Content Filters (Virus/Spam/
> Porn filters), IDS, High availability systems, etc. become more and
> more important, encryption and signatures, especially based on PKIs,
> don't seem to get more relevant (except for HTTPS/TLS).

If we are talking about Internet security, then by far
the biggest problems are viruses, hacked hosts, identity
theft and DOS.

Snooping is next to non-existant but has a reputation
for being rampant.  Active attacks on comms - MITM, etc
- are basically a theoretical issue only, but are seen
by many theoreticians as "must-protects".

This discord is seen by the fact that a real snooping
event or, heaven forbid, an active MITM, is a newsworthy
event, whereas the real threats - hacked credit card
databases - are somewhere between boring and embarressing.
(I'm waiting with interest to see if there is much report
of WEP kits being used out in the world for aggressive
entries.)

So, part of the problem is that cryptography people have
been concentrating on the wrong things (wrong threat model)
for so long that they have earnt a reputation of being
"mostly harmless."


> There was an interesting speech held on the Usenix conference
> by Eric Rescorla (http://www.rtfm.com/TooSecure-usenix.pdf,
> unfortunately I did not have the time to visit the conference)
> about cryptographic (real world) protocols and why they failed
> to improve security.


That's a scary talk!  I see a lot of familiar
stuff, but it seems that whilst Eric courts the
dark side of real security, he holds back from
really letting go and getting stuck into SSL.

For example, he states that 28% of wireless
networks use WEP, and 1% of web servers use SSL,
but doesn't explain why SSL is a "success" and
WEP is a "failure" :-)

On the plus side, he balances the conventional
(SSL is the model) with the new view (SSH is the
model) quite well.  It's good news that the SSH
model is starting to receive some respect.  The
analysis of threat model failure is good.

One thing he doesn't stress is design by committee
v. design by small focused team.  Much of SSL and
SSH's strengths are that they were designed and
deployed quickly and cheaply (and insecurely!) so
as to tap into real needs real quickly.  I would
suggest that any security protocol designed by a
committee has a low survivability rating.

( Hmm, I wonder who designed WEP?  :-)

> From the logfiles I've visited I'd estimate
> that more than 97% of SMTP relays do not use TLS at all, not
> even the oportunistic mode without PKI.

Right.  But, doing TLS over SMTP relays seems a
complete waste of time.  Basically doing node-to-
node encryption for an end-to-end protocol isn't
attractive, neither at the protocol level nor at
the administrator level.  [Ref: Eric's book.]

> I actually know many companies who can live pretty well and secure
> without cryptography, but not without a firewall and content filters.
> But many people still insist on the claim that cryptography is by far
> the most important and only scientific form of network security.

Yep.  It's just not fun to admit that being hidden
in the crowd is a valid form of security.  Or,
controlling the guest list is solves most of the
trouble at parties.


> <provocation>
> Is cryptography where security took the wrong branch?
> </provocation>

A large part of the problem, IMHO, is that cryptography
in the popular domain is treated as a discipline of science
and not of engineering.  This is mostly prevalent on the
Internet, where there is a sense of self-taught, non-
commercial application of cryptography.  My time in (or
close to) a telco taught me the difference, as there,
they have an engineering focus on cryptography, and really
understand what it means to calculate the cost of the
solution.

For them, leaving a weakness was just another risk
calculation, whereas so much stuff that happens on the
net starts from "we must protect against everything"
and then proceeds to design the set of "everything"
for ones convenience.

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list