300 likes | 355 Views
Summary and Critical Analysis by Peter Dargie. Beyond Fear Scheneier. Beyond Fear. Author: Bruce Schneier Notable Cryptographer from the American University in Washington, DC. Early work in field of Hash Functions and Stream Ciphers
E N D
Summary and Critical Analysis by Peter Dargie Beyond FearScheneier
Beyond Fear • Author: Bruce Schneier • Notable Cryptographer from the American University in Washington, DC. • Early work in field of Hash Functions and Stream Ciphers • Applied his computer science based knowledge of security to security problems facing the corporate world, government agencies and military organizations.
Beyond Fear cont. • Schneier applies a systematic and almost algorithmic approach developed in his career as a cryptographer to evaluate security systems • His goal for the reader is to “come away with a better sense of the ideas and concepts that make security systems succeed or fail”
What is Security? • Security is the defence of a system in the face of an attacker • It is any mechanism applied by an individual to safeguard against attack • ie. In the Soviet Bloc, a bear snare under the gas pedal is commonplace anti-auto theft security
Security is About Prevention • Security is about “preventing adverse consequences from the intentional and unwarranted actions of others” • Although attackers, defenders, and strategies of security have changed over time, the threats have not • “There has not been a new crime invented in 6 thousand years” • Computerized society has introduced new guises for ancient crimes.
Effectiveness is Hard to Measure • We only hear about security when it fails • We will never know how many terrorist attacks were prevented prior to 9/11 • If the attacks had failed, was it a result of diligent security, or another unknown factor?
Good Security is Invisible • This makes the study and implementation of security difficult • Prior to 9/11 calls for reductions in national security spending were widespread • Post 9/11, questions were raised as to why governments were not spending more • Good security must realize that most people are good, and that the system exists to deal with a few “bad apples” • Computerized security fails in this regard. Everyone is equally suspect and thus systems are slow and inefficient • ie. Al-Qaeda cannot be allowed to dictate how we live our lives by as a society succumbing to knee-jerk solutions
Evaluating Security: 5 Key Steps • What assets are being protected? • What are the risks to these assets? • How well does the proposed security solution mitigate these risks? • What other risks does the proposed solution cause? • What are the costs and trade-offs of this security solution? Mathematically, is S4 + S5 ≤ S3 ?
Threat Vs. Risk • Threat: Potential way an attacker can infiltrate a system • Risk: Likelihood and seriousness of a threat being actualized. • During a visit to Japan, Steven Hawking was asked to not mention the potential for a collapse of the Universe as it might affect stock market futures. What is the RISK of this scenario?
Security Involves Trade-offs • There is no such thing as absolute security • Extreme trade-offs are simple, but they are not realistic security solutions • Worried about credit card fraud? Don’t own a credit card! • People perceive risk differently and as a result responses and trade-offs are subjective
Trade-offs are Subjective • Most shoplifting occurs in fitting rooms • Removal of fitting rooms would dramatically reduce shoplifting losses, but would the reduced losses outweigh the loss of business • Insurance is a risk management tool. It allows you to pass risk along to a third party for a fee. But is this trade-off worth while?
Power and Agenda • Security decisions are difficult because they almost always involve many parties with subjective perceptions of risk • The decisions of one party result in externalities which effect security systems of other parties • Credit card security involves at least four parties including the customer, bank, credit card company, government all of which who desire different security focuses
Common Mistakes • “People exaggerate spectacular but rare risks, and downplay common risks” • “More people die from pigs every year than sharks which shows you how good we are at evaluating risk”
Common Mistakes cont. • People underestimate risks they willingly take and overestimate risk in situations they cannot control • Planes are safer per passenger mile than cars • People overestimate risks that are in the media • Endless car crashes never make the evening news, however, a single plane crash is global news • People make security decisions based on perceived risks rather than actual risks
Computerized Society • The public tends to underestimate and neglect risks they do not understand. • As society becomes more intertwined with computerized devices, people are increasingly dependent on that which they do not understand. • This can lead to poor security decisions
How Systems Fail • In an electronic world systems have added links of complexity. • Money is no longer purely tangible. It is now binary information and cannot simply be locked in a 50 tonne vault. • Security is only as strong as the weakest link. • A criminal chooses the path of least resistance • Security is binary, it either works or it fails.
How Systems Fail Cont. • 1. Passive Failure • The system does not take action when it should. • Face scanners fail to identify a terrorist, a cipher is developed to de-crypt sensitive information • 2. Active Failure • The system takes action when it should not. • Face scanners identifies an honest citizen, the security system bars the owners access
Countermeasures • All countermeasures have value, but there is no perfect countermeasure. • Securing Data requires combinations of physical security (securing the server rooms), security in transmission (cryptography), a system which identifies those who should have access, and any number of other countermeasures including honey pots which lure attackers away from the real data.
Modern Systems • In 1994 Citibank’s system was hacked by a group from Russia. Millions of dollars were lost. • Prior to the crime Citibank’s security was considered the model of prime electronic security. But how can one know for sure? Simply because there has never been a theft; does this mean the security system is working or simply no one has ever attacked the system? In an computerized world it is almost impossible to know. • “There are no scratches on the vault door”
Computerized Systems Are Useless Without Response • No security system can keep attackers out forever. That isn't the idea behind good security. • Good security gives PEOPLE time to respond before failure. • What good is a burglar alarm if no-one responds?
Boy Who Cried Wolf • Technology will inventively fail frequently. It will most often fail actively as it cannot absorb a wide array of sensory inputs. • Ultimately people become desensitized to the alarms and the security system loses all merit. • i.e. Car alarms
Technology Vs. Security • Technology is an enabler. Technological security can only ever play catch-up. • Technology creates security imbalances, it is a form of leverage. • A malicious rumour by a fourteen year old, spread on the internet resulted in accounts valued in the hundreds of millions being wiped out. Technology enhances anonymity and amplifies actions.
Technology is Brittle Security • Technology tends to be a brittle measure of security. • A brittle system fails poorly. Any fracture causes the system to fail entirely. • Systems are slow to adapt and work well against repeated attacks of similar nature, but generally fail against novel and innovated attacks.
Technology is Brittle Security • In 1999 Ahmed Ressam attempted to cross into the United States from Canada with a bomb in his trunk. He possessed fake identification which cleared to computer systems of the border agency. • He almost crossed, however the customs agent searched his vehicle because she perceived that something was wrong • Computers cannot adapt to various sensory inputs
Technology Fails At the Seams • When computerized security fails, it generally fails at the seams. • Creation: Does a single programmer know everything about the system? Did a programmer save the source code? • Implementation: Who was involved in the implementation? What information did they posses about how the security measure’s functionality. • Maintenance: How is the system maintained? When it fails who updates the system? Who has access and who does not?
I-A-A cont. • Computers are ultimately fallible in I-A-A processes. The operational mechanisms of a machine are linear and non creative. • The coding of a machine is subject to alteration • The best I-A-A device is a human being in a box of bullet proof glass
In the end... • “You can’t win. You cant break even. You can’t get out of the game.” • Ultimately in the world of technology security boils down to three things: • Things we know • Things we don't know • Things we don't know that we don't know
In the end... • Technology does • many things well. • However, in the • world of security it creates more problems than it solves. • Ultimately security in the computerized world falls to people.