Re: The economics of Cryto security

From: Ben Adida <ben_at_eecs_dot_harvard_dot_edu>
Date: Fri Apr 13 2007 - 13:22:48 CDT

Charlie,

This is an over-generalization and a misunderstanding of cryptographic
verification. You're comparing open-audit verification to DRM? Those two
things are diametrically opposed. Just because the two involve
"cryptography" doesn't mean the conclusions are transferable. Your other
examples are about secrecy, not about auditability.

Cryptographic verification of voting is mostly about auditability, not
about keeping secrets (of course we want to keep votes secret, but the
biggest thing we try to defend against is someone *flipping* votes,
altering the results of an election.)

In fact, in a cryptographically-verified election, anyone can write the
verification code, if they so choose. Any activist/political
organization could write its verification, or use a version from someone
else they trust. Using the published results (including extra
cryptographic checksums), they can then verify that the election was
tallied correctly. This is something they would run on their own
machines to check the election result.

In other words, the very people who care can write the code. This
precisely contradicts the thesis of the article, as it applies to
cryptographic auditing. The article remains interesting, but it just
*doesn't apply* to cryptographic *auditing*.

Yes, the odd thing is that cryptography can be used to provide openness,
not just secrecy. And in voting, we care specifically about the openness
of the audit.

It is incredibly sad to me to see this continuing disinformation
regarding cryptographic techniques for auditing. I've worked on
open-source software since 1998, on voting since 1997, and on
cryptographic techniques since 1998. In every category, there's a huge
amount of disinformation, but it usually comes from folks with
commercial interests that are threatened by the new technology.

I've *never* seen as much Fear, Uncertainty, and Doubt as I see now
regarding cryptographic auditing. And this time, it's being spread by
individuals in the community, not commercial entities. What a shame.

-Ben

charlie strauss wrote:
> Science magazine has a scholarly article discussing the woeful state of Information Security.
>
> http://www.sciencemag.org/cgi/content/full/314/5799/610
>
> The thesis of their article aligns with one of the many reasons I oppose entirely Basing (as opposed to merely augmenting) voting system on cryptographic security. Basically even if it were foolproof when implement right, such an implementation will never occur simply because the people responsible for Security are not the ones harmed by it's penetration nor are they legally liable.
>
> People charged with implementing security are more interested in selling you the belief it is secure than the actual security. To drill this home here's a roundup of the news in this area from JUST THE LAST 24 HOURS.
>
> The secure passwrod protected "self-destructing" memory stick preferred by EU govenrments turns out to not be secure at all, requiring no password:
> http://tweakers.net/reviews/683
> turns out 1) the password validation is done by software running on the PC not the stick 2) there is no physcial self destruction of the data.
>
>
> The basic concept used by Fidelity, Bank Of America, pentagoncredit union, and Yahoo's On-line banking credential system to prove to the user that they are looking at a bonified site (and not a phisher) has been show to be easily spoofed.
> http://paranoia.dubfire.net/2007/04/deceit-augmented-man-in-middle-attack.html
>
> Now one can also point to examples, where nominally people vested interest in security ought to be present and they still don't do the due dilligence to assure they are buying secure systems. This is relevant to voting since for example, because neither the clerks nor the vendors are creating the security protocols--they licesnse these.
>
> the Department Of Defense has a persistent cyber security problem
> http://www.washingtonpost.com/wp-dyn/content/article/2007/04/12/AR2007041201010.html
>
> And latest HDDVD protection system which was cracked day one. Since they had literally billions of dollars piracy they wanted to deter, it seems like the Movie studios had a vested interest in seeing that the format was slightly more robust. It took longer than that to crack the previous DVD CSS system. Last week the DVD folks announced the previous crack had been plugged by revoking the cracked encrytption key in future movie releases.. This week someone cracked it again, using the same approach as the previous time. And just for spite the people that cracked it, used the key found in the Xbox, making it diabolically hard for the HDDVD folks to revoke the Xbox keys. (risk the wrath of millions of xbox owners insufficiently tech-savvy to update their xboxes to a new key).
> http://forum.doom9.org/showthread.php?t=124294
>
> Toss onto this old revelations that
> 1) the basic hardware encrytption chip used in all ATMS is crackable and your PIN is actually written on magstripe of the debit.
> 2) if that were not enough, a surprisingly high number of buyers of ATMS never change the default password for total access to the machine.
>
> And it seems that it's best not to base security on crypto if your method requires that the implementors don't feel the pain of it being cracked. On the other hand a little splash of crypto on top of a robust system is probably not a bad thing if it can be done transparently and without complicating the operation.
>
>
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon Apr 30 23:17:07 2007

This archive was generated by hypermail 2.1.8 : Mon Apr 30 2007 - 23:17:16 CDT