Re: what are realistic threats?

• To: hallam@dxal18.cern.ch
• Subject: Re: what are realistic threats?
• From: szabo@netcom.com (Nick Szabo)
• Date: Wed, 28 Sep 1994 09:31:28 -0700 (PDT)
• Cc: mike@arl.mil, www-security@ns1.rutgers.edu
• In-Reply-To: <9409281135.AA17819@dxal18.cern.ch> from "hallam@dxal18.cern.ch" at Sep 28, 94 12:35:18 pm
• Reply-To: szabo@netcom.com (Nick Szabo)

Phill R-B:
> Quite so, this is precisely the sort of threat we should be worrying
> about. Worrying about the security of 512 bit RSA keys or the crackability
> of DES is the sort of think we can leave out on at this stage.

For many business purposes this is often true, but another reason 
not to worry much about traditional cryptography issues is that, 
legal issues aside, strong cryptography costs little more to implement 
or use than weak cryptography.  From the point of view of software 
engineering economics, it makes sense for anybody who uses crypto 
at all, to use the strongest algorithm.  There is no need for "levels 
of security" that use different strength algorithms, with detailed
cost tradeoffs.  "Bouncing the rubble" with stronger algorithms 
and longer keys lengths usually adds little or no significant 
cost to applications level security.  Strong crypto can give 
customers a greater sense of security even if it's not strictly 
necessary for a particular application.   Those who do need the 
strong security, such as the banks and billing services we hope will 
serve a global Internet commerce, can use the same algorithms instead 
of having to implement their own customized software at great cost.  
Everybody can use the _greatest_ common denominator.

For our purposes, the crypto community has bounced the rubble 
quite well when it comes to the basic public and private key
algorithms.  What they haven't solved, because it involves 
business needs and vague economic tradeoffs more than raw performance 
and mathematics, are issues like key distribution, certification 
structures, user interfaces (by what metaphors will users 
understand the security, or will they be left in the dark?), 
the practical and  legal meanings of digital signatures, and the 
like.  It is in these areas, rather than cryptanalysis, that the
most common and damaging attacks will come.

Alas, the vast majority of network security solutions
have been directed towards (a) military needs, and (b) needs within
a single organization.  Little work in academia, and
even relatively little in commercial MIS, has been directed towards
developing network security and transaction systems for use 
_between_ organizations that cooperate and compete in an economic 
manner, with the awareness that this is a quite distinct problem that 
may require quite different solutions than military or internal
commercial security.  EDI was the first primitive stab at at
an interorganizational transaction system.  With the 
combination of modern cryptographic protocols (public key
is just the tip of the iceberg) and practical business experience,
we will soon move well beyond EDI.  All the traditional 
computer and network security assumptions about certification 
structures, trusted authorities, key distribution, etc. need to 
be fundamentally rethought, and this could be a great forum in 
which to help undertake that task. 

One area I've been studying quite heavily recently, that begs
out to be applied to electronic commerce, is the discipline of
game theory.  It is full of useful lessons about how to design
structures that are incentive compatable: where all participants 
gain by following the protocol and transacting honestly.  In most 
cases it is attack for fraudulent gain, rather than a Byzantine 
attack (where the attacker's aim is to make everybody lose),
that is the most serious threat to commerce.  Traditional 
security has emphasized the Byzantine attack.  Despite the
sensationalism surrounding hackers out for joyrides,
the major concern for commerce becomes people attacking 
for their own gain rather than (as in military security) to 
wipe us out even if it costs them too.  Indications are that 
game theory applied to network security can help us not only 
greatly reduce the fraud in transaction systems, but might 
give birth to a wide variety of new and more lucrative 
ways of doing business.

I'll probably be writing more about game theory and
commercial internetwork security in the future.  Meanwhile I highly 
recommend to y'all a book that was recommended to me by economist 
Hal Varian: _Games, Strategies and Managers_ by John McMillan.  A 
very nice practical introduction to game theory and how to use 
it in business.

Nick Szabo				szabo@netcom.com

• Re: what are realistic threats?
• From: hallam@dxal18.cern.ch

• Previous: Re: what are realistic threats
• Next: re: what are realistic threats
• Index(es):
  • Index
  • Thread