[Cryptography] What do we mean by Secure?
Kent Borg
kentborg at borg.org
Mon Feb 9 09:16:58 EST 2015
On 02/09/2015 08:02 AM, Arnold Reinhold wrote:
> Indeed, BMW had all the security components it needed in its remote
> car unlock system, it just didn’t put them together properly. Sneer
> all you want at “best practices” documents but they are a proven tool
> to help change happen in large organizations.
I am sure BMW made a lot of stupid mistakes, and most of us would know
better about many of them. Spotting mistakes among many is easy. But to
make a secure, connected car, where all the right people have access and
none of the wrong people have access is hard. (Who are all these
different people? When is some individual the right person and when does
he become the wrong person?) It just takes one teensie, little, gigantic
hole and it is broken.
It really *is* a hard thing to build a secure connected car. No one has
done it, and until we can hash out contradictory expectations about what
the proper properties of this car are, it will remain impossible. (Does
this car have an app? Oh, hell, now the boundaries of the system BMW has
to defend probably just exploded. Does the AAA have access? Do the cops
have access? Does your mechanic have access? Does the authorized BMW
mechanic have access? Does some BMW engineer have access? Does the
engine computer port have access? Does the handsfree bluetooth gizmo
have access? Do the CAN-connected brakelights have access? Does the
finance company have access? What are the security questions to recover
access for the owner?)
Could BMW do better, could avoid a ton of stupid mistakes? Certainly
they could. But they have to care about security and hire some people
who know and not insist on selling a broken thing just because they can
make millions doing so and they can't let Lexus get there first and
everyone expects security problems anyway.
Handing BMW a binder labeled "best practices" would not solve their
problems, but like the no-one-got-fired security trio (corporate
firewall, current antivirus software, and current service packs) it
might make them think they have solved their problems.
AES-256 and SHA1 are great, and assembling them sensibly into a larger
program is tricky but very doable. Assembling that into a product that
can remotely unlock your car doors--but only in the right
circumstances--is a mess. (Yes, "Soooooo Hard.")
-kb
More information about the cryptography
mailing list