solving the wrong problem

John Kelsey kelsey.j at ix.netcom.com
Sat Aug 6 16:30:15 EDT 2005


>From: "Perry E. Metzger" <perry at piermont.com>
>Sent: Aug 6, 2005 2:28 PM
>To: cryptography at metzdowd.com
>Subject: solving the wrong problem

>Frequently, scientists who know nothing about security come
>up with ingenious ways to solve non-existent problems. Take
>this, for example:

>http://www.sciam.com/article.cfm?chanID=sa003&articleID=00049DB6-ED96-12E7-AD9683414B7F0000

>Basically, some clever folks have found a way to "fingerprint" the
>fiber pattern in a particular piece of paper so that they know they
>have a particular piece of paper on hand. It is claimed that this
>could help stop forged passports.

>Unfortunately, the invention is wholely useless for the
> stated purpose.

A couple of these guys gave a talk at NIST recently.  The
thing is, I can think of a bunch of uses for the thing
they're doing.  This looks genuinely useful as a tool.
Whether they've worked out how to use the tool to best
effect is a different question.

The passport idea doesn't add much, as you pointed out.  The
reason is that the thing you care about there is that the
information on the passport hasn't been tampered with and
originated from the right source.  An identical copy of my
passport is no worse than the original.  

On the other hand, think about the uses of this technology
for paper bearer instruments.  Design travelers' checks that
include a 2D barcode with a BLS signature, bound to the
piece of paper, and you can print the damned thing on
regular paper if the readers are cheap enough.  Similar
things apply to stamps, tickets, etc.  If you can get
readers into peoples' homes, you can even allow home
printing of tickets, travelers' checks, etc., each bound to
a specific piece of paper.  Add a reader to your favorite
DVD player platform (I think it's the same basic hardware as
is used in a DVD player), and you can uniquely sign content
on a disc, and use the player's hardware to enforce only
playing content when the disc's biometric matches the signed
content.  You could use the technique to scan small bits of
flat surfaces of all your stuff (the basic technique works
on paper, plastic, and metal, at least; I'm not sure if it
works on wood or glass), record the biometrics and locations
of the scans, and provide this to the police when your house
gets burgled.  There are some wonderful potential uses for
this technology in making paper-based voting systems *much*
more secure.  And on and on.  If I were in the business of
producing tamper-resistant paper, I'd be scared to death.

...
>Anyway, I have a larger point.

>I read about such stuff every day -- wacky new ways of
>building "tamper proof tokens", "quantum cryptography", and
>other mechanisms invented by smart people who don't
>understand threat models at all.

Yes.  As I said, sometimes this stuff looks almost useless
(like quantum cryptography), other times it looks like it
may provide powerful tools, despite the fact that its
designers don't know much about how to use those tools yet.
The same is often true in cryptography, where we have some
very theoretical work which sometimes ends up having
enormous practical consequences.  

>We already have the term "snake oil" for a very different
>type of bad security idea, and the term has proven valuable
>for quashing such things. We need a term for this sort of
>thing -- the steel tamper resistant lock added to the
>tissue paper door on the wrong vault entirely, at great
>expense, by a brilliant mind that does not understand the
>underlying threat model at all.

In my consulting days, I used to use the term "padlocking
the screen door" for the related phenomenon of piling
security on one part of the system while ignoring the bigger
vulnerabilities.  But this is a bit different....

>Perry

--John Kelsey

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list