[Cryptography] Tamper-evident cryptographic systems
dan at geer.org
dan at geer.org
Sat Mar 22 08:16:29 EDT 2014
| <snip>
| Perry resurrected this list after a long hiatus with the challenge to =
| develop new systems secure again such attacks. I think we have some =
| idea how to accomplish this kind of thing. But ... one thing we really =
| must learn from the Snowden experience is that even apparently secure =
| systems can be attacked by a well-funded, motivated attacker. You can't =
| just introduce a new system and walk away saying "it's done". You also =
| need an active defense.
| <snip>
| So ... how might one build "tamper evident cryptographic systems"? Are =
| there collections of sensitive signals of possible attacks that can be =
| tracked to provide an early warning - even if no individual signal has a =
| sufficiently low false positive/false negative rate? Are there ways to =
| construct "honey pots" that will attract attackers to systems specially =
| configured to notice they are there?
| <snip>
| Suggestions?
For me, the pinnacle goal in security engineering, the ne plus ultra,
the goal beyond which there is no other, is this:
No Silent Failure
I, for one, would readily settle for many more failures if such
failure rate is hedged with their never being silent. With this,
I break conclusively with Postel's Rule.
--dan
More information about the cryptography
mailing list