[Cryptography] PRISM-Proofing and PRISM-Hardening

ianG iang at iang.org
Wed Sep 18 04:05:46 EDT 2013

On 17/09/13 23:52 PM, John Kemp wrote:
> On Sep 17, 2013, at 2:43 PM, Phillip Hallam-Baker <hallam at gmail.com

>> I am sure there are other ways to increase the work factor.
> I think that "increasing the work factor" would often result in
> switching the kind of "work" performed to that which is easier than
> breaking secrets directly.

Yes, that's the logical consequence & approach to managing risks. 
Mitigate the attack, to push attention to easier and less costly 
attacks, and then start working on those.

There is a mindset in cryptography circles that we eliminate entirely 
the attacks we can, and ignore the rest.  This is unfortunately not how 
the real world works.  Most of risk management outside cryptography is 
about reducing risks not eliminating them, and managing the interplay 
between those reduced risks.  Most unfortunate, because it leads 
cryptographers to strange recommendations.

> That may be good. Or it may not.

If other attacks are more costly to defender and easyish for the 
attacker, then perhaps it is bad.  But it isn't really a common approach 
in our security world to leave open the easiest attack, as the best 
alternative.  Granted, this approach is used elsewhere (in warfare for 
example, minefields and wire will be laid to channel the attack).

If we can push an attacker from mass passive surveillance to targetted 
direct attacks, that is a huge win.  The former scales, the latter does not.

> "PRISM-Hardening" seems like a blunt instrument, or at least one which
> may only be considered worthwhile in a particular context (technical
> protection) and which ignores the wider context (in which such technical
> protections alone are insufficient against this particular adversary).

If I understand it correctly, PRISM is or has become the byword for the 
NSA's vacuuming of all traffic for mass passive surveillance.  In which 
case, this is the first attack of all, and the most damaging, because it 
is undetectable, connects you to all your contacts, and stores all your 
open documents.

 From the position of a systems provider, mass surveillance is possibly 
the most important attack to mitigate.  This is because:  we know it is 
done to everyone, and therefore it is done to our users, and it informs 
every other attack.  For all the other targetted and active attacks, we 
have far less certainty about the targetting (user) and the 
vulnerability (platform, etc).  And they are very costly, by several 
orders of magnitude more than mass surveillance.


More information about the cryptography mailing list