[Cryptography] What do we mean by Secure?
ianG
iang at iang.org
Sun Feb 8 06:44:00 EST 2015
On 8/02/2015 00:05 am, Bill Frantz wrote:
> On 2/6/15 at 3:10 PM, kentborg at borg.org (Kent Borg) wrote:
>
>> Ah, but then one would have to stop and figure out what one is trying
>> to do...damn! Can't I just ask for Wholesome Apple Pie and be done?
>
> The more I hear people talk about making thing secure, the more I hope
> they will explain what they mean by secure. What I mean, in the broadest
> sense, is "Bad Things Won't Happen". Now this is a bit over nebulous. :-)
Well, they often do, as we see. The issue isn't so much that the result
is nebulous, but that security is *individual*.
In the old days, we used to say, WYTM or what's your threat model? The
problem with this was it captured the above fallacy perfectly -- we were
all searching for the one threat model to rule all others.
E.g., the threat model _du jour_ is for the state to shut down your
system and therefore we have to now use the blockchain to secure our
socks & undies drawer. The threat model of the 1990s was that everyone
would listen/MITM your traffic on the open net so you have to get some CIA.
Security is an individual attribute and is not easily aggregated. Even
with homogonous groupings like "USA middle class white dudes" there is
sufficient variation to make any 'security policy' look daft. E.g,
those aforementioned guys care little about their iPhone photo
collection, but their girlfriends are paranoid about them.
Something that snapchat made billions on, so they know more about
security than us, by some market measure. Which leads us to some form
of aggregation history: the 'security' products that have made a lot of
money are these: SSH, SSL, Skype, Facebook, Snapchat, Bitcoin. (How,
why and repeatability is an interesting MBA-business-case-study exercise.)
So I guess we need a different way of approaching the question. Maybe
we need to ask two questions not one:
1. what would make *you* feel secure?
2. how aggregatable is that over a larger population?
I'm assuming here that we can't for example construct a
security-for-the-individual process/technique that scales & works.
I.e., now we need to take you through the policy wizard, relax, this
won't hurt a bit...
...
> The area of security structures to support a broader range of policies
> is where the work is needed.
I think ... people need to get a lot better at understanding that (1)
security is something you have to do yourself, if you care. If you
don't care, then you're back to the firewalls & SSL & best practices
approach; but the evidence that you don't care is clear.
Which is rather tricky. As others pointed out in previous threads, if
you do care, then we hit limits to scale: we don't have enough
programmers to produce good security code, and we don't have enough CSO
types to manage it well for enough companies. Or, we're a bank, and our
competitors have stopped caring and are shipping schlock, we have to
respond and stop caring...
So the search is on to (2) turn security into an opportunity not a cost.
This is something that Apple do (I claim) and Microsoft have tried to
do. List above might also claim it as well.
iang
More information about the cryptography
mailing list