[Cryptography] What do we mean by Secure?

ianG iang at iang.org
Sun Feb 8 06:44:00 EST 2015


On 8/02/2015 00:05 am, Bill Frantz wrote:
> On 2/6/15 at 3:10 PM, kentborg at borg.org (Kent Borg) wrote:
>
>> Ah, but then one would have to stop and figure out what one is trying
>> to do...damn! Can't I just ask for Wholesome Apple Pie and be done?
>
> The more I hear people talk about making thing secure, the more I hope
> they will explain what they mean by secure. What I mean, in the broadest
> sense, is "Bad Things Won't Happen". Now this is a bit over nebulous. :-)


Well, they often do, as we see.  The issue isn't so much that the result 
is nebulous, but that security is *individual*.

In the old days, we used to say, WYTM or what's your threat model?  The 
problem with this was it captured the above fallacy perfectly -- we were 
all searching for the one threat model to rule all others.

E.g., the threat model _du jour_ is for the state to shut down your 
system and therefore we have to now use the blockchain to secure our 
socks & undies drawer.  The threat model of the 1990s was that everyone 
would listen/MITM your traffic on the open net so you have to get some CIA.

Security is an individual attribute and is not easily aggregated.  Even 
with homogonous groupings like "USA middle class white dudes" there is 
sufficient variation to make any 'security policy' look daft.  E.g, 
those aforementioned guys care little about their iPhone photo 
collection, but their girlfriends are paranoid about them.

Something that snapchat made billions on, so they know more about 
security than us, by some market measure.  Which leads us to some form 
of aggregation history:  the 'security' products that have made a lot of 
money are these:  SSH, SSL, Skype, Facebook, Snapchat, Bitcoin.  (How, 
why and repeatability is an interesting MBA-business-case-study exercise.)

So I guess we need a different way of approaching the question.  Maybe 
we need to ask two questions not one:

    1. what would make *you* feel secure?
    2. how aggregatable is that over a larger population?

I'm assuming here that we can't for example construct a 
security-for-the-individual process/technique that scales & works. 
I.e., now we need to take you through the policy wizard, relax, this 
won't hurt a bit...


...
> The area of security structures to support a broader range of policies
> is where the work is needed.

I think ... people need to get a lot better at understanding that (1) 
security is something you have to do yourself, if you care.  If you 
don't care, then you're back to the firewalls & SSL & best practices 
approach;  but the evidence that you don't care is clear.

Which is rather tricky.  As others pointed out in previous threads, if 
you do care, then we hit limits to scale:  we don't have enough 
programmers to produce good security code, and we don't have enough CSO 
types to manage it well for enough companies.  Or, we're a bank, and our 
competitors have stopped caring and are shipping schlock, we have to 
respond and stop caring...

So the search is on to (2) turn security into an opportunity not a cost. 
  This is something that Apple do (I claim) and Microsoft have tried to 
do.  List above might also claim it as well.



iang


More information about the cryptography mailing list