CRYPTO-GRAM July 15, 2010 by Bruce Schneier Chief Security Technology Officer, BT schneier@schneier.com http://www.schneier.com A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. For back issues, or to subscribe, visit <http://www.schneier.com/crypto-gram.html>. You can read this issue on the web at <http://www.schneier.com/crypto-gram-1007.html>. These same essays and news items appear in the "Schneier on Security" blog at <http://www.schneier.com/blog>, along with a lively comment section. An RSS feed is available. ** *** ***** ******* *********** ************* In this issue: The Threat of Cyberwar Has Been Grossly Exaggerated Internet Kill Switch News Third SHB Workshop Schneier News Data at Rest vs. Data in Motion Reading Me ** *** ***** ******* *********** ************* The Threat of Cyberwar Has Been Grossly Exaggerated There's a power struggle going on in the U.S. government right now. It's about who is in charge of cyber security, and how much control the government will exert over civilian networks. And by beating the drums of war, the military is coming out on top. "The United States is fighting a cyberwar today, and we are losing," said former NSA director -- and current cyberwar contractor -- Mike McConnell. "Cyber 9/11 has happened over the last ten years, but it happened slowly so we don't see it," said former National Cyber Security Division director Amit Yoran. Richard Clarke, whom Yoran replaced, wrote an entire book hyping the threat of cyberwar. General Keith Alexander, the current commander of the U.S. Cyber Command, hypes it every chance he gets. This isn't just rhetoric of a few over-eager government officials and headline writers; the entire national debate on cyberwar is plagued with exaggerations and hyperbole. Googling those names and terms -- as well as "cyber Pearl Harbor," "cyber Katrina," and even "cyber Armageddon" -- gives some idea how pervasive these memes are. Prefix "cyber" to something scary, and you end up with something really scary. Cyberspace has all sorts of threats, day in and day out. Cybercrime is by far the largest: fraud, through identity theft and other means, extortion, and so on. Cyber-espionage is another, both government- and corporate-sponsored. Traditional hacking, without a profit motive, is still a threat. So is cyber-activism: people, most often kids, playing politics by attacking government and corporate websites and networks. These threats cover a wide variety of perpetrators, motivations, tactics, and goals. You can see this variety in what the media has mislabeled as "cyberwar." The attacks against Estonian websites in 2007 were simple hacking attacks by ethnic Russians angry at anti-Russian policies; these were denial-of-service attacks, a normal risk in cyberspace and hardly unprecedented. A real-world comparison might be if an army invaded a country, then all got in line in front of people at the DMV so they couldn't renew their licenses. If that's what war looks like in the 21st century, we have little to fear. Similar attacks against Georgia, which accompanied an actual Russian invasion, were also probably the responsibility of citizen activists or organized crime. A series of power blackouts in Brazil was caused by criminal extortionists -- or was it sooty insulators? China is engaging in espionage, not war, in cyberspace. And so on. One problem is that there's no clear definition of "cyberwar." What does it look like? How does it start? When is it over? Even cybersecurity experts don't know the answers to these questions, and it's dangerous to broadly apply the term "war" unless we know a war is going on. Yet recent news articles have claimed that China declared cyberwar on Google, that Germany attacked China, and that a group of young hackers declared cyberwar on Australia. (Yes, cyberwar is so easy that even kids can do it.) Clearly we're not talking about real war here, but a rhetorical war: like the war on terror. We have a variety of institutions that can defend us when attacked: the police, the military, the Department of Homeland Security, various commercial products and services, and our own personal or corporate lawyers. The legal framework for any particular attack depends on two things: the attacker and the motive. Those are precisely the two things you don't know when you're being attacked on the Internet. We saw this on July 4 last year, when U.S. and South Korean websites were attacked by unknown perpetrators from North Korea -- or perhaps England. Or was it Florida? We surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There's a power struggle going on for control of our nation's cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military's expansive cyberspace definition of "war," we feed our fears. We reinforce the notion that we're helpless -- what person or organization can defend itself in a war? -- and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime. If, on the other hand, we use the more measured language of cybercrime, we change the debate. Crime fighting requires both resolve and resources, but it's done within the context of normal life. We willingly give our police extraordinary powers of investigation and arrest, but we temper these powers with a judicial system and legal protections for citizens. We need to be prepared for war, and a Cyber Command is just as vital as an Army or a Strategic Air Command. And because kid hackers and cyber-warriors use the same tactics, the defenses we build against crime and espionage will also protect us from more concerted attacks. But we're not fighting a cyberwar now, and the risks of a cyberwar are no greater than the risks of a ground invasion. We need peacetime cyber-security, administered within the myriad structure of public and private security institutions we already have. This essay previously appeared on CNN.com. http://www.cnn.com/2010/OPINION/07/07/schneier.cyberwar.hyped/ Hyperbole: http://www.washingtonpost.com/wp-dyn/content/article/2010/02/25/AR2010022502... or http://tinyurl.com/yecwrzv http://www.wired.com/threatlevel/2009/06/cyberthreat/ http://www.amazon.com/exec/obidos/ASIN/0061962236/counterpane/ http://www.wired.com/dangerroom/2010/04/pentagon-networks-targeted-by-hundre... or http://tinyurl.com/y6zw5sl http://www.computerworld.com/s/article/9174682/Senators_ramp_up_cyberwar_rhe... or http://tinyurl.com/yfat7kl http://www.wired.com/dangerroom/2010/04/top-officer-fears-cyberwar-hearts-ka... or http://tinyurl.com/y54ufmz http://www.salon.com/news/opinion/glenn_greenwald/2010/03/29/mcconnell http://www.guardian.co.uk/technology/2010/mar/04/internet-hi-tech-crime or http://tinyurl.com/ya4wryz http://www.wired.com/threatlevel/2008/01/feds-must-exami/ http://www.businessweek.com/the_thread/techbeat/archives/2009/02/fearing_cyb... or http://tinyurl.com/26feftb http://www.wired.com/threatlevel/2009/04/conficker-war-r/ http://www.computerworld.com/s/article/9173967/Cyberattacks_an_existential_t... or http://tinyurl.com/yd3z5a9 http://thehill.com/opinion/op-ed/70319-no-line-between-cyber-crime-and-cyber... or http://tinyurl.com/yka5cuk http://techcrunch.com/2007/10/18/cyberwar-china-declares-war-on-western-sear... or http://tinyurl.com/39dht45 http://news.softpedia.com/news/Germany-Attacks-China-For-Starting-The-Cyber-... or http://tinyurl.com/2fgdhbz http://www.independent.co.uk/news/world/australasia/operation-titstorm-hacke... or http://tinyurl.com/yk458ro http://www.schneier.com/essay-280.html http://www.wired.com/dangerroom/2010/05/cyber-command-we-dont-wanna-defend-t... or http://tinyurl.com/38gzkz5 Cyberattacks: http://www.wired.com/threatlevel/2007/08/cyber-war-and-e/ http://www.csoonline.com/article/443579/georgia-cyber-attacks-from-russian-g... or http://tinyurl.com/2enpbrm http://www.csoonline.com/article/499778/georgia-cyberattacks-linked-to-russi... or http://tinyurl.com/2c4t8cp http://www.cbsnews.com/stories/2009/11/06/60minutes/main5555565.shtml http://www.wired.com/threatlevel/2009/11/brazil_blackout/ http://www.schneier.com/essay-227.html Good article: http://www.economist.com/node/16481504?story_id=16481504 Earlier this month, I participated in a debate: "The Cyberwar Threat has been Grossly Exaggerated." Marc Rotenberg of EPIC and I were for the motion; Mike McConnell and Jonathan Zittrain were against. We lost. We lost fair and square, for a bunch of reasons -- we didn't present our case very well, Jonathan Zittrain is a way better debater than we were -- but basically the vote came down to the definition of "cyberwar." If you believed in an expansive definition of cyberwar, one that encompassed a lot more types of attacks than traditional war, then you voted against the motion. If you believed in a limited definition of cyberwar, one that is a subset of traditional war, then you voted for it. http://intelligencesquaredus.org/index.php/past-debates/cyber-war-threat-has... or http://tinyurl.com/2fapxhf http://intelligencesquaredus.org/wp-content/uploads/Cyber-War-060810.pdf or http://tinyurl.com/23hoxly http://www.vimeo.com/12464156 http://finance.yahoo.com/news/The-Threat-of-Cyber-War-is-bw-2992953718.html?x=0&.v=1http://eon.businesswire.com/portal/site/eon/permalink/?ndmViewId=news_view&newsId=20100610005671&newsLang=en or http://tinyurl.com/295ofod http://www.npr.org/templates/story/story.php?storyId=127861446 http://www.circleid.com/posts/20100609_cyber_threats_yes_but_is_it_cyberwar/ or http://tinyurl.com/2cqwnch http://www.businesswire.ca/portal/site/ca-fr/permalink/?ndmViewId=news_view&newsId=20100610005669 or http://tinyurl.com/233u6uz http://jldugger.livejournal.com/38537.html http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articl... or http://tinyurl.com/26p5ezm http://www.theatlantic.com/science/archive/2010/06/the-cyber-war-threat-deba... or http://tinyurl.com/2cxmpmh Last month the Senate Homeland Security Committee held hearings on "Protecting Cyberspace as a National Asset: Comprehensive Legislation for the 21st Century." Unfortunately, the DHS is getting hammered at these hearings, and the NSA is consolidating its power. http://hsgac.senate.gov/public/index.cfm?FuseAction=Hearings.Hearing&Hearing_ID=f56ace2f-7ac6-49ff-80e3-652371bb6fa6 or http://tinyurl.com/2c7hqxs North Korea was probably not responsible for last year's cyberattacks. Good thing we didn't retaliate. http://www.networkworld.com/news/2010/070610-north-korea-not-responsible-for... or http://tinyurl.com/279sx59 http://www.scmagazineus.com/cyber-retaliation-debate-is-north-korea-guilty-o... or http://tinyurl.com/2cxfbwk ** *** ***** ******* *********** ************* Internet Kill Switch Last month, Sen. Joe Lieberman, I-Conn., introduced a bill that might -- we're not really sure -- give the president the authority to shut down all or portions of the Internet in the event of an emergency. It's not a new idea. Sens. Jay Rockefeller, D-W.Va., and Olympia Snowe, R-Maine, proposed the same thing last year, and some argue that the president can already do something like this. If this or a similar bill ever passes, the details will change considerably and repeatedly. So let's talk about the idea of an Internet kill switch in general. It's a bad one. Security is always a trade-off: costs versus benefits. So the first question to ask is: What are the benefits? There is only one possible use of this sort of capability, and that is in the face of a warfare-caliber enemy attack. It's the primary reason lawmakers are considering giving the president a kill switch. They know that shutting off the Internet, or even isolating the U.S. from the rest of the world, would cause damage, but they envision a scenario where not doing so would cause even more. That reasoning is based on several flawed assumptions. The first flawed assumption is that cyberspace has traditional borders, and we could somehow isolate ourselves from the rest of the world using an electronic Maginot Line. We can't. Yes, we can cut off almost all international connectivity, but there are lots of ways to get out onto the Internet: satellite phones, obscure ISPs in Canada and Mexico, long-distance phone calls to Asia. The Internet is the largest communications system mankind has ever created, and it works because it is distributed. There is no central authority. No nation is in charge. Plugging all the holes isn't possible. Even if the president ordered all U.S. Internet companies to block, say, all packets coming from China, or restrict non-military communications, or just shut down access in the greater New York area, it wouldn't work. You can't figure out what packets do just by looking at them; if you could, defending against worms and viruses would be much easier. And packets that come with return addresses are easy to spoof. Remember the cyberattack July 4, 2009, that probably came from North Korea, but might have come from England, or maybe Florida? On the Internet, disguising traffic is easy. And foreign cyberattackers could always have dial-up accounts via U.S. phone numbers and make long-distance calls to do their misdeeds. The second flawed assumption is that we can predict the effects of such a shutdown. The Internet is the most complex machine mankind has ever built, and shutting down portions of it would have all sorts of unforeseen ancillary effects. Would ATMs work? What about the stock exchanges? Which emergency services would fail? Would trucks and trains be able to route their cargo? Would airlines be able to route their passengers? How much of the military's logistical system would fail? That's to say nothing of the variety of corporations that rely on the Internet to function, let alone the millions of Americans who would need to use it to communicate with their loved ones in a time of crisis. Even worse, these effects would spill over internationally. The Internet is international in complex and surprising ways, and it would be impossible to ensure that the effects of a shutdown stayed domestic and didn't cause similar disasters in countries we're friendly with. The third flawed assumption is that we could build this capability securely. We can't. Once we engineered a selective shutdown switch into the Internet, and implemented a way to do what Internet engineers have spent decades making sure never happens, we would have created an enormous security vulnerability. We would make the job of any would-be terrorist intent on bringing down the Internet much easier. Computer and network security is hard, and every Internet system we've ever created has security vulnerabilities. It would be folly to think this one wouldn't as well. And given how unlikely the risk is, any actual shutdown would be far more likely to be a result of an unfortunate error or a malicious hacker than of a presidential order. But the main problem with an Internet kill switch is that it's too coarse a hammer. Yes, the bad guys use the Internet to communicate, and they can use it to attack us. But the good guys use it, too, and the good guys far outnumber the bad guys. Shutting the Internet down, either the whole thing or just a part of it, even in the face of a foreign military attack would do far more damage than it could possibly prevent. And it would hurt others whom we don't want to hurt. For years we've been bombarded with scare stories about terrorists wanting to shut the Internet down. They're mostly fairy tales, but they're scary precisely because the Internet is so critical to so many things. Why would we want to terrorize our own population by doing exactly what we don't want anyone else to do? And a national emergency is precisely the worst time to do it. Just implementing the capability would be very expensive; I would rather see that money going toward securing our nation's critical infrastructure from attack. Defending his proposal, Sen. Lieberman pointed out that China has this capability. It's debatable whether or not it actually does, but it's actively pursuing the capability because the country cares less about its citizens. Here in the U.S., it is both wrong and dangerous to give the president the power and ability to commit Internet suicide and terrorize Americans in this way. This essay was originally published on AOL.com News. http://www.aolnews.com/opinion/article/opinion-3-reasons-to-kill-the-interne... or http://tinyurl.com/249mora http://www.opencongress.org/bill/111-s3480/show http://www.pcmag.com/article2/0,2817,2365393,00.asp http://www.networkworld.com/columnists/2009/041309-backspin.html http://www.engadget.com/2010/06/24/the-internet-kill-switch-and-other-lies-t... or http://tinyurl.com/2cxd7wz Text of bill: http://www.govtrack.us/congress/billtext.xpd?bill=s111-3480 ** *** ***** ******* *********** ************* News Dating recordings by power line fluctuations: http://www.theregister.co.uk/2010/06/01/enf_met_police/ In at least three U.S. states, it is illegal to film an active duty policeman: http://www.schneier.com/blog/archives/2010/06/filming_the_pol.html Doesn't the DHS have anything else to do than patrol the U.S./Canada border? http://www.americanthinker.com/blog/2010/06/homeland_security_cracks_down.ht... or http://tinyurl.com/24874ay Hot dog security: http://www.schneier.com/blog/archives/2010/06/hot_dog_securit.html The Atlantic on stupid terrorists: http://www.theatlantic.com/magazine/archive/2010/05/the-case-for-calling-the... or http://tinyurl.com/342mnth Reminds me of my own "Portrait of the Modern Terrorist as an Idiot": http://www.schneier.com/essay-174.html Security risks of remote printing to an e-mail address: http://www.schneier.com/blog/archives/2010/06/remote_printing.html AT&T's iPad security breach: http://www.schneier.com/blog/archives/2010/06/atts_ipad_secur.html Cheating on tests, by the teachers: http://www.nytimes.com/2010/06/11/education/11cheat.html Buying an ATM skimmer: http://krebsonsecurity.com/2010/06/atm-skimmers-separating-cruft-from-craft/ or http://tinyurl.com/2a633yv http://krebsonsecurity.com/2010/06/sophisticated-atm-skimmer-transmits-stole... or http://tinyurl.com/2foc85z The New York Times Room for Debate blog did the topic: "Do We Tolerate Too Many Traffic Deaths?" http://roomfordebate.blogs.nytimes.com/2010/05/27/do-we-tolerate-too-many-tr... or http://tinyurl.com/337ltvq In an article on using terahertz rays (is that different from terahertz radar?) to detect biological agents, we find this quote: "High-tech, low-tech, we can't afford to overlook any possibility in dealing with mass casualty events.... You need multiple methods of detection and response. Terrorism comes in many forms; you have to see, smell, taste and analyze everything." He's got it completely backwards. I think we can easily afford not to do what he's saying, and can't afford to do it. The technology to detect traces of chemical and biological agents is neat, though. And I am very much in favor of research along these lines. http://www.globalsecuritynewswire.org/gsn/nw_20100614_3990.php Popsicle machines as a security threat: http://www.schneier.com/blog/archives/2010/06/popsicle_makers.html Long, but interesting, profile of WikiLeaks's Julian Assange. http://www.newyorker.com/reporting/2010/06/07/100607fa_fact_khatchadourian or http://tinyurl.com/236khrd http://www.guardian.co.uk/media/2010/jun/21/wikileaks-founder-julian-assange... or http://tinyurl.com/2boptpw http://www.abc.net.au/tv/bigideas/stories/2010/06/08/2920615.htm http://www.huffingtonpost.com/2010/06/11/daniel-ellsberg-wikileaks-assange_n... This is only peripherally related, but Bradley Manning -- an American soldier -- has been arrested for leaking classified documents to WikiLeaks. http://www.wired.com/threatlevel/2010/06/leak/ http://www.csmonitor.com/USA/Military/2010/0607/Soldier-arrested-in-WikiLeak... or http://tinyurl.com/33alldt http://www.huffingtonpost.com/2010/06/07/bradley-manning-us-intell_n_602582.... or http://tinyurl.com/2w4ouw8 http://news.bbc.co.uk/2/hi/technology/10265430.stm http://www.washingtonian.com/blogarticles/people/capitalcomment/15873.html or http://tinyurl.com/28fvmjj http://www.theatlanticwire.com/opinions/view/opinion/Behind-the-Arrest-of-Al... or http://tinyurl.com/2eqko6o http://abcnews.go.com/Politics/Media/us-soldier-arrested-iraq-allegedly-leak... or http://tinyurl.com/2fvs3rq http://motherjones.com/mojo/2010/06/wikileaks-iraq-video-leaker-arrest http://en.wikinews.org/wiki/US_intelligence_analyst_arrested_over_Wikileaks_... or http://tinyurl.com/29usply The TacSat-3 "hyperspectral" spy satellite is operational. http://www.theregister.co.uk/2010/06/11/artemis_goes_active/ Security trade-offs in crayfish: http://www.sciencedaily.com/releases/2010/06/100615191751.htm It's not that this surprises anyone, it's that researchers can now try and figure out the exact brain processes that enable the crayfish to make these decisions. Hacker scare story: "10 Everyday Items Hackers Are Targeting Right Now." http://www.foxnews.com/scitech/2010/06/11/everyday-items-hackers-targeting-r... or http://tinyurl.com/23afrcv And Richard Clarke thinks hackers can set your printer on fire. http://www.amazon.com/exec/obidos/ASIN/0061962236/counterpane/ This rant about baby terrorists, from Congressman Louie Gohmert of Texas, is about as dumb as it gets: http://www.schneier.com/blog/archives/2010/06/baby_terrorists.html Space terrorism? Yes, space terrorism. This article, by someone at the European Space Policy Institute, hypes a terrorist threat I've never seen hyped before. The author waves a bunch of scare stories around, and then concludes that "the threat of 'Space Terrorism' is both real and latent," then talks about countermeasures. Certainly securing our satellites is a good idea, but this is just silly. http://www.espi.or.at/images/stories/dokumente/Perspectives/espi%20perspecti... or http://tinyurl.com/2ae7wnk Cryptography success story from Brazil. The moral, of course, is to choose a strong key and to encrypt the entire drive, not just key files. http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/ Cryptography failure story: by Russian spies. "Ricci said the steganographic program was activated by pressing control-alt-E and then typing in a 27-character password, which the FBI found written down on a piece of paper during one of its searches." http://news.cnet.com/8301-13578_3-20009101-38.html http://www.computerworld.com/s/article/9178762/Russian_spy_ring_needed_some_... or http://tinyurl.com/2bf5vsg http://www.darkreading.com/insiderthreat/security/encryption/showArticle.jht... or http://tinyurl.com/34kokkh Vigilant citizens: 1950 vs. today: http://www.schneier.com/blog/archives/2010/07/vigilant_citize.html Secret stash: hiding objects in everyday objects. http://yitingcheng.webs.com/psecretstash2010.htm Tracking location based on water isotope ratios: http://news.sciencemag.org/sciencenow/2010/06/scienceshot-this-beer-knows-wh... or http://tinyurl.com/2bd5doo http://pubs.acs.org/stoken/presspac/presspac/full/10.1021/jf1003539

From the National Academies in 2009: "Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities." It's 390 pages. http://books.nap.edu/openbook.php?record_id=12651&page=R1

"Don't Commit Crime": the sign is from a gas station in the U.K. http://www.schneier.com/blog/archives/2010/07/dont_commit_cri.html This is a really interesting philosophical essay: "Does Surveillance Make Us Morally Better?" http://www.philosophynow.org/issue79/79westacott.htm Long and interesting article on the Toronto 18, a terrorist cell arrested in 2006. Lots of stuff I had not read before. http://www3.thestar.com/static/toronto18/index.html The measures used to prevent cheating during college tests remind me of casino security measures. http://www.nytimes.com/2010/07/06/education/06cheat.html TSA blocks access to websites with "controversial opinions." I wonder if my blog counts. http://www.cbsnews.com/8301-31727_162-20009642-10391695.html The TSA reversed itself. Or, at least, they now claim that isn't what they meant. http://www.cbsnews.com/8301-31727_162-20009804-10391695.html Serial killers are now terrorists. Try to keep up. http://www.schneier.com/blog/archives/2010/07/serial_killers.html The Chaocipher is a mechanical encryption algorithm invented in 1918. No one was able to reverse-engineer the algorithm, given sets of plaintexts and ciphertexts -- at least, nobody publicly. On the other hand, I don't know how many people tried, or even knew about the algorithm. I'd never heard of it before now. Anyway, for the first time, the algorithm has been revealed. Of course, it's not able to stand up to computer cryptanalysis. http://www.ciphermysteries.com/2010/07/03/the-chaocipher-revealed http://www.mountainvistasoft.com/chaocipher/ActualChaocipher/Chaocipher-Reve... Hemingway authentication scheme from 1955, intended as humor: http://www.schneier.com/blog/archives/2010/07/hemingway_authe.html On an Android phone, it's easy to access someone else's voicemail by spoofing the caller ID. This isn't new; what is new is that many people now have easy access to caller ID spoofing. The spoofing only works for voicemail accounts that don't have a password set up, but AT&T has no password as the default. http://news.slashdot.org/story/10/06/29/1840241/Hack-ATampT-Voicemail-With-A... Burglar detection through video analytics: http://www.schneier.com/blog/archives/2010/07/burglary_detect.html Random numbers from quantum noise. It's not that we need more ways to get random numbers, but the research is interesting. http://www.technologyreview.com/blog/arxiv/25355/?nlid=3170 I don't think it's a good idea to give Russian intelligence the source code to Windows 7. http://www.zdnet.co.uk/news/security/2010/07/08/microsoft-opens-source-code-... or http://tinyurl.com/2w8moaq ** *** ***** ******* *********** ************* Third SHB Workshop Last month I attended SHB 2010, the Third Interdisciplinary Workshop on Security and Human Behaviour, at Cambridge University. This is a two-day gathering of computer security researchers, psychologists, behavioral economists, sociologists, philosophers, and others -- all of whom are studying the human side of security -- organized by Ross Anderson, Alessandro Acquisti, and me. SHB 2010: http://www.cl.cam.ac.uk/~rja14/shb10/ The program: http://www.cl.cam.ac.uk/~rja14/shb10/schedule10.html Ross Anderson's summaries of the talks and discussions: http://www.lightbluetouchpaper.org/2010/06/28/security-and-human-behaviour-2... or http://tinyurl.com/2ekv6w3 The first SHB workshop: http://www.schneier.com/blog/archives/2008/06/security_and_hu.html The second SHB workshop: http://www.schneier.com/blog/archives/2009/06/second_shb_work.html ** *** ***** ******* *********** ************* Schneier News None this month. Summers are always slow. ** *** ***** ******* *********** ************* Data at Rest vs. Data in Motion For a while now, I've pointed out that cryptography is singularly ill-suited to solve the major network security problems of today: denial-of-service attacks, website defacement, theft of credit card numbers, identity theft, viruses and worms, DNS attacks, network penetration, and so on. Cryptography was invented to protect communications: data in motion. This is how cryptography was used throughout most of history, and this is how the militaries of the world developed the science. Alice was the sender, Bob the receiver, and Eve the eavesdropper. Even when cryptography was used to protect stored data -- data at rest -- it was viewed as a form of communication. In "Applied Cryptography," I described encrypting stored data in this way: "a stored message is a way for someone to communicate with himself through time." Data storage was just a subset of data communication. In modern networks, the difference is much more profound. Communications are immediate and instantaneous. Encryption keys can be ephemeral, and systems like the STU-III telephone can be designed such that encryption keys are created at the beginning of a call and destroyed as soon as the call is completed. Data storage, on the other hand, occurs over time. Any encryption keys must exist as long as the encrypted data exists. And storing those keys becomes as important as storing the unencrypted data was. In a way, encryption doesn't reduce the number of secrets that must be stored securely; it just makes them much smaller. Historically, the reason key management worked for stored data was that the key could be stored in a secure location: the human brain. People would remember keys and, barring physical and emotional attacks on the people themselves, would not divulge them. In a sense, the keys were stored in a "computer" that was not attached to any network. And there they were safe. This whole model falls apart on the Internet. Much of the data stored on the Internet is only peripherally intended for use by people; it's primarily intended for use by other computers. And therein lies the problem. Keys can no longer be stored in people's brains. They need to be stored on the same computer, or at least the network, that the data resides on. And that is much riskier. Let's take a concrete example: credit card databases associated with websites. Those databases are not encrypted because it doesn't make any sense. The whole point of storing credit card numbers on a website is so it's accessible -- so each time I buy something, I don't have to type it in again. The website needs to dynamically query the database and retrieve the numbers, millions of times a day. If the database were encrypted, the website would need the key. But if the key were on the same network as the data, what would be the point of encrypting it? Access to the website equals access to the database in either case. Security is achieved by good access control on the website and database, not by encrypting the data. The same reasoning holds true elsewhere on the Internet as well. Much of the Internet's infrastructure happens automatically, without human intervention. This means that any encryption keys need to reside in software on the network, making them vulnerable to attack. In many cases, the databases are queried so often that they are simply left in plaintext, because doing otherwise would cause significant performance degradation. Real security in these contexts comes from traditional computer security techniques, not from cryptography. Cryptography has inherent mathematical properties that greatly favor the defender. Adding a single bit to the length of a key adds only a slight amount of work for the defender, but doubles the amount of work the attacker has to do. Doubling the key length doubles the amount of work the defender has to do (if that -- I'm being approximate here), but increases the attacker's workload exponentially. For many years, we have exploited that mathematical imbalance. Computer security is much more balanced. There'll be a new attack, and a new defense, and a new attack, and a new defense. It's an arms race between attacker and defender. And it's a very fast arms race. New vulnerabilities are discovered all the time. The balance can tip from defender to attacker overnight, and back again the night after. Computer security defenses are inherently very fragile. Unfortunately, this is the model we're stuck with. No matter how good the cryptography is, there is some other way to break into the system. Recall how the FBI read the PGP-encrypted email of a suspected Mafia boss several years ago. They didn't try to break PGP; they simply installed a keyboard sniffer on the target's computer. Notice that SSL- and TLS-encrypted web communications are increasingly irrelevant in protecting credit card numbers; criminals prefer to steal them by the hundreds of thousands from back-end databases. On the Internet, communications security is much less important than the security of the endpoints. And increasingly, we can't rely on cryptography to solve our security problems. This essay originally appeared on DarkReading. I wrote it in 2006, but lost it on my computer for four years. I hate it when that happens. http://www.darkreading.com/blog/archives/2010/06/data_at_rest_vs.html As several readers have pointed out, I overstated my case when I said that encrypting credit card databases, or any database in constant use, is useless. In fact, there is value in encrypting those databases, especially if the encryption appliance is separate from the database server. In this case, the attacker has to steal both the encryption key and the database. That's a harder hacking problem, and this is why credit card database encryption is mandated within the PCI security standard. Given how good encryption performance is these days, it's a smart idea. But while encryption makes it harder to steal the data, it is only harder in a computer security sense, not in a cryptography sense." ** *** ***** ******* *********** ************* Reading Me The number of different ways to read my essays, commentaries, and links has grown recently. Here's the rundown: You can read my writings daily on my blog. http://www.schneier.com/ These are reprinted on my Facebook page. http://www.facebook.com/bruce.schneier They are also reprinted on my LiveJournal feed. http://syndicated.livejournal.com/bruce_schneier/ You can follow them on Twitter. http://twitter.com/schneierblog/ You can subscribe to the RSS feed: http://www.schneier.com/blog/index.rdf Or you can subscribe to the alternative RSS feed, if you prefer excerpts instead of full text: http://www.schneier.com/blog/index.xml Finally, you can read the same writing aggregated once a month and e-mailed directly to you: Crypto-Gram. http://www.schneier.com/crypto-gram.html I think that about covers it for useful distribution formats right now. ** *** ***** ******* *********** ************* Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. You can subscribe, unsubscribe, or change your address on the Web at <http://www.schneier.com/crypto-gram.html>. Back issues are also available at that URL. Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and friends who will find it valuable. Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety. CRYPTO-GRAM is written by Bruce Schneier. Schneier is the author of the best sellers "Schneier on Security," "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an inventor of the Blowfish, Twofish, Threefish, Helix, Phelix, and Skein algorithms. He is the Chief Security Technology Officer of BT BCSG, and is on the Board of Directors of the Electronic Privacy Information Center (EPIC). He is a frequent writer and lecturer on security topics. See <http://www.schneier.com>. Crypto-Gram is a personal newsletter. Opinions expressed are not necessarily those of BT. Copyright (c) 2010 by Bruce Schneier. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE