[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)

Tue Dec 1 09:59:17 EST 2015

At 05:49 PM 11/30/2015, dan at geer.org wrote:
>> Say you have thousands of such systems or even millions of them out in
>> the field, all happily dialing home and getting new instructions, all
>> that protected by an RSA key or an elliptic curve signature key.  How
>> do you keep that safe for a stupid amount of time?
>
>The sad truth is, you probably can't... Your design must accept that as a constraint.
>
>See point #5 in
>
>http://geer.tinho.net/geer.blackhat.6viii14.txt

"Embedded systems, if having no remote management interface and thus
out of reach, are a life form and as the purpose of life is to end,
an embedded system without a remote management interface must be so
designed as to be certain to die no later than some fixed time. 
Conversely, an embedded system with a remote management interface
must be sufficiently self-protecting that it is capable of refusing
a command.  Inevitable death and purposive resistance are two
aspects of the human condition we need to replicate, not somehow
imagine that to overcome them is to improve the future."

Re: "thousands of such systems or even millions of them out in
the field, all happily dialing home and getting new instructions"

Indeed, these statements crystallize the hubris and conceit of all
centralized systems.  A component which is designed to spend its
life waiting for or executing instructions from some central
authority is certain to face being cut off at some point in its
life.  Its innate docility makes it easy prey for any other source
of instructions.

One of the fundamental theorems of distributed computational
systems has to do with avoiding *deadlock*, whereby every
component is waiting for instructions from somewhere else,
and everything grinds to a halt.  Centralization -- where
no component is capable of independent action -- puts the
"dead" into deadlock.

"Live" distributed systems require the ability to ask for
*forgiveness* rather than *permission* (computer scientists
call this "speculation"); but forgiveness requires a level
of sophistication and agency far beyond that currently
envisioned in the internet-of-things.

The U.S. Army after Vietnam tried valiantly to decentralize,
so that small squads could operate for semi-extended periods
of time without requiring communications and/or directions
from above.

However, thanks to ubiquitous satellite communications, we now
have a "situation room" (perhaps in the White House), where the
center can see and *direct* every trigger pull.  Moore's Law
and police bodycams will soon allow "situation rooms" in every
city to see and direct every police trigger pull.

Perhaps Singer & Cole's "Ghost Fleet" describes a dystopian
future a lot closer than we thought.

http://www.ghostfleetbook.com/

---
BTW, "an embedded system with a remote management interface
(aka "back door") must be sufficiently self-protecting that
it is capable of *refusing a command*" describes the situation
of FBI Comey's iPhone perfectly.  Mr. Comey and Mr. Vance
and Ms. Theresa May want every iPhone to salute "yes, sir/ma'am"
to their authority, but how much independent thought and agency
are you willing to give to your iPhone?  How much of the law
and the Constitution can we teach our iPhones?  Do we really
want to have to have a discussion with our iPhones about what
the meaning of "is" is?