"SSL stops credit card sniffing" is a correlation/causality myth

Ian G iang at systemics.com
Wed Jun 1 07:23:21 PDT 2005 

Hi Birger,

Nice debate!


On Wednesday 01 June 2005 13:52, Birger Tödtmann wrote:
> Am Mittwoch, den 01.06.2005, 12:16 +0100 schrieb Ian G:
> [...]
>
> > The point is this:  you *could*
> > turn off SSL and it wouldn't make much difference
> > to actual security in the short term at least, and maybe
> > not even in the long term depending on the economic
> > shifts.
>
> Which depends a bit on the scale of your "could switch of".  If some
> researchers start switching it off / inventing / testing something new,
> then your favourite phisher would not care, that's right.

Right.  That's the point.  It is not a universal
and inescapable bad to fiddle with SSL/PKI.

> [...]
>
> > But every time this good stuff is suggested, the
> > developers, cryptographers, security experts and
> > what have you suck air between their teeth in and
> > say you can't change SSL or PKI because of this
> > crypto blah blah reason.
> >
> > My point is you can change it.  Of course you
> > can change it - and here's why:  it's not being
> > economically used over here (listening), and
> > right over there (phishing), there is an economic
> > loss waiting attention.
>
> Maybe.  But there's a flip-side to that coin.  SSL and correlated
> technology helped to shift the common attack methods from sniffing (it
> was widely popular back then to install a sniffer whereever a hacker got
> his foot inside a network) towards advanced, in some sense "social
> engineering" attacks like phishing *because* it shifted the economics
> for the adversaries as it was more and more used to protect sensitive
> data-in-flight (and sniffing wasn't going to get him a lot of credit
> card data anymore).


OK, and that's where we get into poor use of
data.  Yes, sniffing of passwords existed back
then.  So we know that sniffing is quite possible
and on reasonable scale, plausible technically.

But the motive of sniffing back then was different.
It was for attacking boxes.  Access attack.  Not
for the purpose of theft of commercial data.  It
was a postulation that those that attacked boxes
for access would also sniff for credit cards.  But,
we think that to have been a stretch (hence the
outrageous title of this post) at least up until
recently.

Before 2004, these forces and
attackers were disconnected.  In 2004 they joined
forces.  In which case, you do now have quite a
good case that the installation of sniffers could be
used if there was nothing else worth picking up.
So at least we now have the motive cleared up,
if not the economic attack.

(Darn ... I seem to have argued your case for you ;-) )

> That this behaviour (sniffing) is a thing of the past does not mean it's
> not coming back to you if things are turned around: adversaries are
> strategically thinking people that adapt very fast to new circum-
> stances.

Indeed.  It also doesn't mean that they will come
and attack.  Maybe it is a choice between the
attack that is happening right now and the attack
that will come back.  Or maybe the choice is
not really there, maybe we can cover both if
we put our thinking caps on?

> The discussion reminds me a bit of other popular economic issues: Many
> politicians and some economists all over the world, every year, are
> coming back to asking "Can't we loosen the control on inflation a bit?
> "Look, inflation is a thing of the past, we never got over 3% the last
> umteenth years, lets trigger some employment by relaxing monetary
> discipline now."  The point is: it might work - but if not, your economy
> may end up in tiny little pieces.  It's quite a risk, because you cannot
> test it.  So the stance of many people is to be very conservative on
> things like that - and security folks are no exception.  Maybe fiddling
> with SSL is really a nice idea.  But if it fails at some point and we
> don't have a fallback infrastructure that's going to protect us from the
> sniffer-collector of the 90s, adversaries will be quite happy to bring
> them to new interesting uses then....

Nice analogy!  Like all analogies it should be taken
for descriptive power not presecription.

The point being that one should not slavishly stick
to an argument, one needs to establish principles.
One principle is that we protect where money is being
lost, over and above somewhere where someone
says it was once lost in the past.  And at least then
we'll learn the appropriate balance when we get it
wrong, which can't be much worse than now, coz
we are getting it really wrong at the moment.

(On the monetary economics analogy, if you said your
principle was to eliminate inflation, I'd say fine!  There
is an easy way to do just that, just use gold as money,
which has maintained its value throughout recorded
history, not just the last century!  The "targets" debate
has been echoing on for decades, and there is no
real end in sight.)

> > So I would suggest that listening for credit cards will
> > never ever be an economic attack.  Sniffing for random
> > credit cards at the doorsteps of amazon will never ever
> > be an economic attack, not because it isn't possible,
> > but because there always likely to be easier pickings
> > elsewhere.
>
> And exactly this "always likely to be easier pickings" has to be
> weighted very, very carefully.  The best thing to find out would be to
> make a poll within the black hat population.

That's one way.  Another way is to put the fixes into
browsers and trial it out there.  To some extent this
has been done - you can see for example Trustbar
and Petname as both similar attempts, and a very
different approach taken by Netcraft.  The results
are all positive.

What is needed is a series of experiments to try out
how different mechanisms work - there is no way that
you or I could predict the perfect way.  But we can't
push those experiments so far forward unless we can
convince the detractors of change to back off and
let some experimentation be done.

That is the problem with all these suggestions - they
do some "change" to the model of SSL/PKI.  And that
change is sometimes good sometimes bad and sometimes
completely dismissive - but they all get the same response
being <sucks> you can't change SSL! </teeth>

Consider petname.  *All* it does is allow someone to put
a name on a cert.  That's all.  But because it changes the
security model about how a cert is supposed to protect
users - in what might be thought of as a positive way -
this has received resistance.

That's what we are fighting against.  That's why I have
to go to such extraordinary lengths to show that it is
possible to change the model.

> > But don't get me wrong - I am not saying that we should
> > carry out a world wide pogrom on SSL/PKI.  What I am
> > saying is that once we accept that listening right now
> > is not an issue - not a threat that is being actively
> > dedended against - this allows us the wiggle room to
> > deploy that infrastructure against phishing.
> >
> > Does that make sense?
>
> Yes and no.  I think it is simply not relevant whether sniffing is a
> problem today but whether it will become one again tomorrow if you mess
> around with security mechanisms deployed right now.


Well, I'm establishing a point here - there is wiggle room,
room to manouvre.

This might mean SSL/PKI is reduced in strength.  *OR*
it might mean it is improved in strength.  I really don't
care, I'm interested in the results, not the way it was
achieved.

*OR* it might mean that SSL/PKI is bypassed totally.

For an example of the latter, look at Netcraft.  This is
quite serious - they are putting out a tool that totally
bypasses PKI/SSL in securing browsing.  Is it insecure?
Yes of course, and "it leaks my data like a seive" as
one PKI guy said.

Is it securing browsing?  Yes!  As recently reported,
60,000 downloads "within hours" for Firefox after it
got slashdotted.  The contradictions need to be
addressed, and more seriously than just rejecting
any change to SSL/PKI;  by rejecting the minor
changes by Trustbar and Petname, the way is
open for the really dramatic and major changes
like Netcraft.  And it's insecure to boot!


> > iang
> >
> > PS: nor does it matter whether I'm right or I'm wrong
> > about my prediction that sniffing will be an economic
> > attack or not - it's just a prediction about the future,
> > just a hypothetical estimate.
>
> But this very prediction is used as an argument by you.  If the
> estimation on the risks is not correct, your reasoning is falling apart.

Not really.  My point is that there is room to move.  You
can fiddle with the model.  Nobody's talking about removing
SSL/PKI, and I don't know why people keep assuming that
it is on the agenda.  There is simply too much code out
there to remove it.

What people are talking about is trying different things.  The
SSL/PKI people are pretty universally blocking those things
at the moment, for whatever reasons, but sadly, because
they are not taking the bigger picture seriously, they are
somewhat in danger of being bypassed totally by things like
Netcraft's plugin.  Or worse (yes, there is worse than Netcraft's
toolbar in the wings.)

> > What matters is now:  what attacks are happening
> > now.  Does phishing exist, and does it take a lot of
> > money?  What can we do about it?
>
> Right.  Phishing is a very big problem.  A huge problem.  So is
> unemployment in many countries.  But that's not a reason to relax
> monetary control.  It's a reason to find the structural problem behind
> it and fix it.  To make ends meet: phishing is not nessecarily a reason
> to fiddle with data-in-flight protective mechnisms like SSL, at least
> not in a big population.

So where is the structural problem in phishing?  On the
left is the phisher, on the right is the user.  Between them
is a wire, a browser, a PC, and a hook delivery mechanism.
Over in the distance is the other victim, the online bank.

So where's this structural problem and let's get in there
and fix it?

iang
-- 
Advances in Financial Cryptography:
   https://www.financialcryptography.com/mt/archives/000458.html

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cypherpunks-legacy mailing list