[Cryptography] What do we mean by Secure?

[Kevin W. Wall]

Apologies for jumping in a bit late. Had a bad flu over the weekend.
Hopefully, it's not too late to jump in and be ignored!

On Sun, Feb 8, 2015 at 6:44 AM, ianG <iang at iang.org> wrote:
> On 8/02/2015 00:05 am, Bill Frantz wrote:
>>
>> On 2/6/15 at 3:10 PM, kentborg at borg.org (Kent Borg) wrote:
>>
>>> Ah, but then one would have to stop and figure out what one is trying
>>> to do...damn! Can't I just ask for Wholesome Apple Pie and be done?
>>
>>
>> The more I hear people talk about making thing secure, the more I hope
>> they will explain what they mean by secure. What I mean, in the broadest
>> sense, is "Bad Things Won't Happen". Now this is a bit over nebulous. :-)
>
> Well, they often do, as we see.  The issue isn't so much that the result is
> nebulous, but that security is *individual*.

True, but in general security is not (directly) paid up front by the
individual, so that the individual doesn't generally get what she / he
wants except generally at great expense because customizable security
does not scale well.

> In the old days, we used to say, WYTM or what's your threat model?  The
> problem with this was it captured the above fallacy perfectly -- we were all
> searching for the one threat model to rule all others.
>
> E.g., the threat model _du jour_ is for the state to shut down your system
> and therefore we have to now use the blockchain to secure our socks & undies
> drawer.  The threat model of the 1990s was that everyone would listen/MITM
> your traffic on the open net so you have to get some CIA.
>
> Security is an individual attribute and is not easily aggregated.  Even with
> homogonous groupings like "USA middle class white dudes" there is sufficient
> variation to make any 'security policy' look daft.  E.g, those
> aforementioned guys care little about their iPhone photo collection, but
> their girlfriends are paranoid about them.

I hope you are not advocating throwing out threat models as being completely
useless. The generally help an organization think about security issues
clearly and in my experience are a lot better than then single PowerPoint
block diagram (or a UML diagram if draw by a *real* engineer :) with a
large, red box labled "security" or "encryptor", etc. I see threat models
as somewhat analogous to doing requirements analysis, which, with agile
is also getting a bad rap in software development. Of course, ever since
the term "analysis paralysis" became a catch phrase of IT management in
the 1980s or so, deep thinking of any type related to software development
has gone out of vogue. I do understand time-to-market concepts, but more
often it seems to only minimize time-to-failure.

> Something that snapchat made billions on, so they know more about security
> than us, by some market measure.  Which leads us to some form of aggregation
> history:  the 'security' products that have made a lot of money are these:
> SSH, SSL, Skype, Facebook, Snapchat, Bitcoin.  (How, why and repeatability
> is an interesting MBA-business-case-study exercise.)
>
> So I guess we need a different way of approaching the question.  Maybe we
> need to ask two questions not one:
>
>    1. what would make *you* feel secure?

Is that "you" collectively, as in some majority, or "you" as each
individual? Because if you are hoping for the latter, I tihnk that's
a pipe dream. Besides the scaling issues of how many security flavors
are supportable and how would we ever insure that they are not in
some manner in conflict with each other, the main reason that it will
never happen is economics. Security, in it's essense is about risk
management and since it is the corporation that is providing the funds
(at least initially) to secure said application(s), they get how to
spend the money as well as how much to spend on security.

Without some sort of crude threat model, most organizations (at least
those that I've dealt with) have not even done enough analysis to
understand how to put a value on their data that they claim they want
to protect. (So, typically InfoSec teams suggest somewhere in the
ballpark of $100/record where "record" usually roughly corresponds
to how many customers accessible by said application and the $100
is an approximate amount of what it will cost a company to buy
identity fraud insurance per person per year.)

>    2. how aggregatable is that over a larger population?

Exactly. And not only do we need to ensure whether that it will
scale properly, but also that their are not any inherent conflicts
or other undesirable issues caused by all the different indivual
"policies" and the fact that these policies overall would be
changing dynamically as individual users come and go. Of course,
suitably restricted, you might be able to give the users very
limited choices and get by, but the general case likely is not
easily solvable. (IIRC, even Lampson's access matrix was unable
to show which transistions to the AM were "safe" when the AM
was not static. By comparision, this seems a lot harder if we
allow it to be perfectly general.)

>
> I'm assuming here that we can't for example construct a
> security-for-the-individual process/technique that scales & works.

Yep; I'd bet that's a safe assumption.

> I.e., now we need to take you through the policy wizard, relax,
> this won't hurt a bit...

:) And even that wouldn't work because some would end up having their
data breached because of decisions that you didn't allow or consider
in the policy wizard so you end up with a class action suit or your
company's reputation goes down the toilet, etc.

> <...deleted...>
> I think ... people need to get a lot better at understanding that (1)
> security is something you have to do yourself, if you care.  If you don't
> care, then you're back to the firewalls & SSL & best practices approach;
> but the evidence that you don't care is clear.
>
> Which is rather tricky.  As others pointed out in previous threads, if you
> do care, then we hit limits to scale:  we don't have enough programmers to
> produce good security code,

Honestly, we don't have enough programs to produce GOOD code period,
let alone good security code.

Regards,
-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.