[148979] in cryptography@c2.net mail archive
[Cryptography] On threat models and progress
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Thu Jan 9 15:54:55 2014
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
Date: Thu, 9 Jan 2014 15:38:13 -0500
To: "cryptography@metzdowd.com List" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4463334167405374458==
Content-Type: multipart/signed; boundary="Apple-Mail=_943E1CF9-428F-49D1-9E0C-67C95FB02027"; protocol="application/pkcs7-signature"; micalg=sha1
--Apple-Mail=_943E1CF9-428F-49D1-9E0C-67C95FB02027
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
If you look at any of the classic texts on computer security from 20+ =
years ago - sometimes even more recently - you'll find some interesting =
assumptions about threat models. They're "interesting" because they =
seems so obvious at the time - but none are valid any more.
1. Once an opponent gets physical access to the machine, all bets are =
off. But machines with valuable information in them live in secure data =
centers, and we have thousands of years of experience in protecting =
physical assets. So there's no point worrying about attacks based on =
physical access.
Of course, today valuable data is on machines people carry with them - =
and as the recent information about NSA techniques shows, even the =
machines that go into data centers may not be secure because they were =
sabotaged before they ever got there.
2. Denial of service attacks are impractical to defend against, but =
they don't matter because no attacker would have much reason to carry =
them out (with an exception perhaps made even back then in military =
settings, though the military wasn't nearly as vulnerable then), and =
besides they are expensive and difficult to organize. Along the way, we =
discovered such motives - whether simple playing around, or to make a =
political point, or as a means of extortion. We also learned that DoS =
is actually quite easy to carry out in a networked world full of =
botnets, at levels far beyond what anyone could have imagined back then. =
On the other hand, when the need arose, it turned out we actually =
*could* defend against them.
3. There's no way to close timing channels, but you can arbitrarily =
reduce their rate to the point where they don't matter. Everything =
about this statement remains true, except for those crucial words "to =
the point where they don't matter". We still have no way to completely =
close such channels, but we can get them down to very small data rates. =
Unfortunately, "to the point where they don't matter" was based on a =
model where the timing channel was being used to exfiltrate data from a =
secure data center. If you can only exfiltrate a bit per second, it's =
difficult to get very much useful information from a terabyte database =
out. (Oh, there were always special cases - getting the name of a spy =
out might only take a minute once you've found it in the database.) =
Today, however, the database is likely backed up somewhere else, in =
encrypted form - and thus is "safe". Except that now the key can be =
exfiltrated in a couple of minutes through that very slow timing =
channel.
-- Jerry
--Apple-Mail=_943E1CF9-428F-49D1-9E0C-67C95FB02027
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIO5DCCBJ0w
ggOFoAMCAQICEDQ96SusJzT/j8s0lPvMcFQwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0
d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA5MTBa
Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNh
bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0
dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0
aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmF
pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJk
xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/K2m2q
L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7bUMSAs
vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMe
oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4H0MIHxMB8GA1UdIwQYMBaAFK29mHo0tCb3
+sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAIMAYGBFUdIAAwRAYDVR0fBD0wOzA5oDegNYYz
aHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDUGCCsG
AQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG
9w0BAQUFAAOCAQEAAbyc42MosPMxAcLfe91ioAGdIzEPnJJzU1HqH0z61p/Eyi9nfngzD3QWuZGH
kfWKJvpkcADYHvkLBGJQh5OB1Nr1I9s0u4VWtHA0bniDNx6FHMURFZJfhxe9rGr98cLRzIlfsXzw
PlHyNfN87GCYazor4O/fs32G67Ub9VvsonyYE9cAULnRLXPeA3h04QWFMV7LmrmdlMa5lDd1ctxE
+2fo8PolHlKn2iXpR+CgxzygTrEKNvt3SJ/vl4r7tP7jlBSog7xcLT/SYHFg7sJxggzpiDbj2iC0
o6BsqpZLuICOdcpJB/Y7FLrf3AXZn9vgsuZNoHgm5+ctbn9fxh6IFTCCBRowggQCoAMCAQICEG0Z
6qcZT2ozIuYiMnqqcd4wDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJV
VDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29y
azEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZp
cnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwwHhcNMTEwNDI4MDAwMDAwWhcNMjAw
NTMwMTA0ODM4WjCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ
MA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENP
TU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJKEhFtLV5jUXi+LpOFAyKNTWF9mZfEyTvefMn1V0HhMVbdC
lOD5J3EHxcZppLkyxPFAGpDMJ1Zifxe1cWmu5SAb5MtjXmDKokH2auGj/7jfH0htZUOMKi4rYzh3
37EXrMLaggLW1DJq1GdvIBOPXDX65VSAr9hxCh03CgJQU2yVHakQFLSZlVkSMf8JotJM3FLb3uJA
AVtIaN3FSrTg7SQfOq9xXwfjrL8UO7AlcWg99A/WF1hGFYE8aIuLgw9teiFX5jSw2zJ+40rhpVJy
ZCaRTqWSD//gsWD9Gm9oUZljjRqLpcxCm5t9ImPTqaD8zp6Q30QZ9FxbNboW86eb/8ECAwEAAaOC
AUswggFHMB8GA1UdIwQYMBaAFImCZ33EnSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBR6E04AdFvG
eGNkJ8Ev4qBbvHnFezAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADARBgNVHSAE
CjAIMAYGBFUdIAAwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VU
Ti1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmRFbWFpbC5jcmwwdAYIKwYBBQUHAQEE
aDBmMD0GCCsGAQUFBzAChjFodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVROQWRkVHJ1c3RDbGll
bnRfQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3
DQEBBQUAA4IBAQCF1r54V1VtM39EUv5C1QaoAQOAivsNsv1Kv/avQUn1G1rF0q0bc24+6SZ85kyY
wTAo38v7QjyhJT4KddbQPTmGZtGhm7VNm2+vKGwdr+XqdFqo2rHA8XV6L566k3nK/uKRHlZ0sviN
0+BDchvtj/1gOSBH+4uvOmVIPJg9pSW/ve9g4EnlFsjrP0OD8ODuDcHTzTNfm9C9YGqzO/761Mk6
PB/tm/+bSTO+Qik5g+4zaS6CnUVNqGnagBsePdIaXXxHmaWbCG0SmYbWXVcHG6cwvktJRLiQfsrR
eTjrtDP6oDpdJlieYVUYtCHVmdXgQ0BCML7qpeeU0rD+83X5f27nMIIFITCCBAmgAwIBAgIQbDkx
1BIhYvJPPyuqUq3TXjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy
ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExp
bWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBF
bWFpbCBDQTAeFw0xMzEyMTIwMDAwMDBaFw0xNDEyMTIyMzU5NTlaMCExHzAdBgkqhkiG9w0BCQEW
EGxlaWNodGVyQGxydy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcxkWWIpx9
1jeZsY58KmdNT9YcnXrfzFTzt0FGBkQ+kHKX1CqirfmGXSK2dGGZG1pkcnQYC/xYjWV/EuKM+34v
mvrmqpYqP6ZcvTE5xEHhcjSQTVGtFRH/ysswm6ckEIhlQ+szhGMkE9DGiMN+ExoDdGXW0vkjIxvm
YlZtI4ohw0plXB5jBz+JXR+uWovnvRrYVNujXV8P1f4oGHEiqS++ThsDkdrwgUAuVt3Vd+AR2b9u
4p7BBg2ifK+nnpB9Qvp8nJu4byIs86J07k5NVjprMUrZ4zpA1GuVIavFwntDIVueGRpi4jwtr/OE
NQOOfJ+n8hp2rs0LfrRWH+dRQW5jAgMBAAGjggHgMIIB3DAfBgNVHSMEGDAWgBR6E04AdFvGeGNk
J8Ev4qBbvHnFezAdBgNVHQ4EFgQUGC6zwEozq6+Xt9SC3MUWhApg0oUwDgYDVR0PAQH/BAQDAgWg
MAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUCMBEGCWCGSAGG
+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEBATArMCkGCCsGAQUFBwIBFh1odHRw
czovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBXBgNVHR8EUDBOMEygSqBIhkZodHRwOi8vY3JsLmNv
bW9kb2NhLmNvbS9DT01PRE9DbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3Js
MIGIBggrBgEFBQcBAQR8MHowUgYIKwYBBQUHMAKGRmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NP
TU9ET0NsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcnQwJAYIKwYBBQUHMAGG
GGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAbBgNVHREEFDASgRBsZWljaHRlckBscncuY29tMA0G
CSqGSIb3DQEBBQUAA4IBAQBDmBD7c/0z1sApyjMF3WMva4b2Kid9frR+p1+BhKtTOYXQ1NOYF5bb
Qm/c0mEQ0JGaNA64x2ujfjnfwaKt9BPa4FP2Ffvvod5uu8pasxuOR07iODBx8b78vqXOS4fUsdE+
Ial+ALtsAQcjdh8TRWN+myFcSf0qQH/7k3IODp2eVy4i4mHEDvHwMoUWaIsUACOoHgpxbqHqDyXg
c7uey1TH1F+CjcSzyycEP8dAzxuh7npov0IWFniY/y6Qm/ZSeTPU6CpzH29t/IZiJUfzgfzYQnR1
DED4ZMBQ8BjAZdpdqz7F00Vudwsojrj7qqreBVN1D7MAjpoevnq0r5qjomM0MYIDqzCCA6cCAQEw
gagwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xp
ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEGw5MdQSIWLyTz8rqlKt014w
CQYFKw4DAhoFAKCCAdcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MTQwMTA5MjAzODE3WjAjBgkqhkiG9w0BCQQxFgQUy940IP0p69kIl8A5rezpXN/dLXEwgbkGCSsG
AQQBgjcQBDGBqzCBqDCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl
cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMT
MENPTU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQbDkx1BIh
YvJPPyuqUq3TXjCBuwYLKoZIhvcNAQkQAgsxgauggagwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD
QSBMaW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1
cmUgRW1haWwgQ0ECEGw5MdQSIWLyTz8rqlKt014wDQYJKoZIhvcNAQEBBQAEggEAtKqklc9PQGTx
UrBLgJdobIi73QZI5CbEVDiPpCfVZkCnI7blcwvQ1/a5mkVNG0es6reuHL7nuO33ruCqzVCpeUuA
AjRCJ2VABibHiPKHH8tD62fqSFykPLkqUiTVe60DDqMjAOthDOHHplRCzLDe75z7ai9MKBgGeQT1
WCPyYLWqee0ny46YvpSaDDsoJUIEDGmre6671/1goKfHoVF6tJoS6fHRdP/Zxf9Ia+7BOn7/JK8p
PSFDyxHVhBcqgNXCogNRfFBknQWD/08pFWTCvkONA/pxxLIFx3X+jDUW+WSS4YCzX6RG+Jol1+YK
iGzq/S8yMQYfKw6lD1YIl4DqSwAAAAAAAA==
--Apple-Mail=_943E1CF9-428F-49D1-9E0C-67C95FB02027--
--===============4463334167405374458==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4463334167405374458==--
