What Price Insularity? Dialogs about Computer Security Failings
description
Transcript of What Price Insularity? Dialogs about Computer Security Failings
![Page 1: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/1.jpg)
What Price Insularity?Dialogs about Computer Security Failings
Fred B. Schneider
Department of Computer ScienceCornell University
Ithaca, New York 14853U.S.A.
Joint work with Deirdre Mulligan, Aaron Burstein
![Page 2: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/2.jpg)
2
di·a·logue
Variant(s): also di·a·log /'dI-&-"log, -"läg/Function: nounEtymology: Middle English dialoge, from Anglo-French dialogue, from Latin dialogus, from Greek dialogos, from dialegesthai to converse, from dia- + legein to speak -- …
… 2 a : a conversation between two or more persons; … b :
an exchange of ideas and opinions <organized a series of dialogues on human rights> c : a discussion between representatives of parties to a conflict that is aimed at resolution <a constructive dialogue between loggers and environmentalists>
Merriam Webster Online Dictionary
![Page 3: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/3.jpg)
3
Surprised?
Trustworthiness problems invariably involve solutions with both technical and policy dimensions.– Neither dimension can be ignored.
– Neither dimension provides the whole solution.
– Separation of concerns is inappropriate.
– Interactions are fine grained.
– “System” is larger than you might think.
![Page 4: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/4.jpg)
4
Dialog:
ID Fraud and ID Theft
ID fraud: abuse information to impersonate and charge purchases to the victim.
ID theft: abuse information to create new accounts and use these for purchases or other actions attributed to the victim.
![Page 5: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/5.jpg)
5
ID Fraud and ID Theft:
The Way of the World
Seller rolls losses into cost of doing business.– All customers pay for the crime.
Costs to victim:– Loss of reputation.– Lost time to correct the record.
What’s wrong with this picture?
![Page 6: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/6.jpg)
6
ID Fraud and ID Theft:
Reality: Credit Cards
Modern credit card transactions (1951 -):
In person:– charge plate, acnt num, and
signature
By phone:– acnt num and past
signature
Over the network:– acnt num
![Page 7: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/7.jpg)
7
ID Fraud and ID Theft:
Identification and Authentication
Identifier: label associated with an individual.
Authenticator: Establishes confidence that speaker is who it purports to be.
Authentication is based on:– Something [not easily forged that] you have.– Something [secret that] you know.– Something [that is a hard to forge characteristic] you
are.
![Page 8: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/8.jpg)
8
ID Fraud and ID Theft:
Identification → Authentication
Modern credit card transactions (1951 -):
In person:– charge plate, acnt num,
and in-person signature
By phone:– acnt num and past
signature
Over the network:– acnt num
2 factor authentication !!!!
0 factor authentication !!!!
![Page 9: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/9.jpg)
9
ID Fraud and ID Theft:
Solution to Managing Losses
Create incentives for better security.
![Page 10: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/10.jpg)
10
ID Fraud and ID Theft:
Managing Losses
Create incentives for better security. Cap cardholder liability at $50.00.
– Losses passed thru to merchants– Use on-line fraud detection
Requires “matching” privacy issues
– Add verification numbers to cards Authenticator today; identifier tomorrow!
![Page 11: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/11.jpg)
11
ID Fraud and ID Theft:
Cultural Disconnects
Failures to distinguish between identifiers and authenticators:– Social security numbers– Mother’s maiden name
Hide problems from relevant principals.– If only credit card users knew…
Manage the wrong risks.– Pain of repairing your credit history?
![Page 12: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/12.jpg)
12
ID Fraud and ID Theft:
Fixing the Problem
Distinguish identifiers and authenticators.
How to manage all those PINs? Cost of re-programming systems.
Create accountability on the Internet.
Requires redesign of the Internet. Loss of privacy.
![Page 13: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/13.jpg)
13
ID Fraud and ID Theft:
Fixing the Problem
Make it difficult to steal identifiers (qua authenticators)– Incentivize / enable use of:
encryption, access control, trusted computing, …
authenticate both sides of transaction (people + machines),
intrusion detection, …
![Page 14: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/14.jpg)
14
ID Fraud and ID Theft:
Incentivizing a Solution
Institutions have little to gain but have much to contribute.
Individuals have much to gain but have little to contribute.
Government: Fosters the greater good when parties lack incentives / power to compel appropriate behavior.
![Page 15: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/15.jpg)
15
Dialog:
Security Investment
Systems today are not secure.– Technology does exist to make them more secure.– (Ultimately research will be needed, too.)
To build systems with better security has costs:– Increased development time.– Fewer features.– More and/or better developers.
Incentives for investment in security are needed.
![Page 16: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/16.jpg)
16
Security Investment:
Clean Slate vs Reality
“Ideal” incentive scheme:– economically efficient.– apportions profits according to risk.– apportions costs according to benefit.
Supply chain realities:– producers / consumers / users– “surprise” implications of software universality
![Page 17: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/17.jpg)
17
Security Investment:
Bridging the Gap
A gap:– Self-interests of individuals.– Interests of greater society.
A bridge:– Avoid legal costs.– Avoid fines and damages.
Agent of change: accusations by– the government.– the private sector.
![Page 18: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/18.jpg)
18
Security Investment:
Liability for Software?
Law 101: “Negligence involves 5 elements:– Duty– Breach– Cause in fact– Proximate cause– Damages
… but two can be problematic for software.
![Page 19: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/19.jpg)
19
Security Investment:
Liability versus Duty
Duty as: Expectations for performance.– Unable to specify security performance…– Unable to measure security
performance…
Duty as: Extent to which best practices employed in development:– Correspondence between process and
results is tenuous.
![Page 20: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/20.jpg)
20
Security Investment:
Damages
Damages can be disclaimed for use in certain (all?) settings.… breach of duty becomes moot.
The “Lloyds of London” conundrum:– What if nobody is willing to produce software
for a given market? Consumers must choose: abuse existing software
or don’t build systems
![Page 21: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/21.jpg)
21
Security Investment:
Trustworthiness Metrics
Absence of– Metrics for evaluating trustworthiness– Specifications for describing trustworthiness
is a significant impediment to use of traditional incentives for deploying more secure systems.
![Page 22: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/22.jpg)
22
Dialog:
Digital Rights Management
new media + new medium = new $$$$
Ineffective technical means to protect e-content– Computers are universal (!)
DMCA (1998). Illegal to:– Circumvent technological protection measures– Traffic in tools for same
SONY / XCP protection measures
![Page 23: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/23.jpg)
23
Avoiding Unintended Consequence
Externalization– SONY creates problem– Consumers put at risk– Non-consumers put at risk
DMCA chilling effect on independent review… a Law of Unintended Consequence.
![Page 24: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/24.jpg)
24
Abandoning a Legacy
Protect e-content from redistribution. vs Compensate producers of e-content.
Existing business are the legacy systems nightmare of the law.– New content -vs-– Repackaging old content
![Page 25: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/25.jpg)
25
Some Lessons to Learn
Dialog 1 (id Theft)– Evolution (comm) without revolution (auth).– Exposing vs hiding ($ loss) problems.– Addressing proximate vs actual problems
Dialog 2 (Investing in Security)– RoI driver vs unsolved technical problem (metrics).
Dialog 3 (Digital Rights Management)– Technical limitations could be overcome by new laws– Extant business models impede legal “upgrades”
![Page 26: What Price Insularity? Dialogs about Computer Security Failings](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813d4c550346895da705ff/html5/thumbnails/26.jpg)
26
Other Examples = Current Events
E-voting Digital rights management (DRM) Trusted computing platforms Network neutrality