[Cryptography] What do we mean by Secure?

Kent Borg kentborg at borg.org
Mon Feb 9 09:16:58 EST 2015 

On 02/09/2015 08:02 AM, Arnold Reinhold wrote:
> Indeed, BMW had all the security components it needed in its remote 
> car unlock system, it just didn’t put them together properly. Sneer 
> all you want at “best practices” documents but they are a proven tool 
> to help change happen in large organizations.

I am sure BMW made a lot of stupid mistakes, and most of us would know 
better about many of them. Spotting mistakes among many is easy. But to 
make a secure, connected car, where all the right people have access and 
none of the wrong people have access is hard. (Who are all these 
different people? When is some individual the right person and when does 
he become the wrong person?) It just takes one teensie, little, gigantic 
hole and it is broken.

It really *is* a hard thing to build a secure connected car. No one has 
done it, and until we can hash out contradictory expectations about what 
the proper properties of this car are, it will remain impossible. (Does 
this car have an app? Oh, hell, now the boundaries of the system BMW has 
to defend probably just exploded. Does the AAA have access? Do the cops 
have access? Does your mechanic have access? Does the authorized BMW 
mechanic have access? Does some BMW engineer have access? Does the 
engine computer port have access? Does the handsfree bluetooth gizmo 
have access? Do the CAN-connected brakelights have access? Does the 
finance company have access? What are the security questions to recover 
access for the owner?)

Could BMW do better, could avoid a ton of stupid mistakes? Certainly 
they could. But they have to care about security and hire some people 
who know and not insist on selling a broken thing just because they can 
make millions doing so and they can't let Lexus get there first and 
everyone expects security problems anyway.

Handing BMW a binder labeled "best practices" would not solve their 
problems, but like the no-one-got-fired security trio (corporate 
firewall, current antivirus software, and current service packs) it 
might make them think they have solved their problems.

AES-256 and SHA1 are great, and assembling them sensibly into a larger 
program is tricky but very doable. Assembling that into a product that 
can remotely unlock your car doors--but only in the right 
circumstances--is a mess. (Yes, "Soooooo Hard.")

-kb

More information about the cryptography mailing list