Schneier on Security

Clive Robinson • August 7, 2019 1:20 PM

@ Bruce,

When I say that smartphone security equals national security, this is the kind of thing I am talking about.

But do you say “smartphone security is nonexistent” as well?

Have we learned nothing from the Greek Olympics?

@ ALL,

Speaking of device insecurity, that “Xmas gift that keeps giving” has given/spawned again…

@Callmelate… Got in first on the squid page with it, so a hat tip in his direction. You can read more at,

https://www.infosecurity-magazine.com/news/new-intel-swapgs-flaw-spells-bad/

Again this attack is technically below the CPU level in the computing stack, so there is not realy anything the layers at the ISA layer or above such as software can do to properly solve the problem, just another dirty, ineffective, inefficient hack…

Due to fourty odd years of intense marketing “Specmanship” anything much above a 16bit Microcontroler these days is going to have these low level problems over and over, again and again ad nauseam 🙁

Just remember as I’ve said for years and years there is a trade to be made in all cases thus we have “Efficiency-v-Security” as a basic rule of thumb. It is possible to try to design secure and moderatly efficient systems, but the chances are you will fail and fail badly. Because “efficiency” means “greater bandwidth” which means “more usable side channels” and other issues. As we are only just starting in trying to eliminate time based side channels we are not realy paying attention to other types of side channels…

The short and the long of it is, your only solution to this, that has any hope of working, is to move your security endpoint off of your communications end point device. To do this with consumer devices realy means one device for your communications end point and a second device issolated by an energy gap. Anything less is just not going to work to keep your privacy.

Clive Robinson • August 14, 2019 5:57 AM

@ Wael,

efficiency has broader meanings: it could also mean power consumption efficiency, for one.

Which also means greater bandwidth.

Part of being a more efficient power supply is the ability to follow as closely as possible the changes in the load. Which means as short a time duration as possible and as f=1/t the smaller the interval of time the higher the frequency thus band width.

So much so in fact with some modern computer power supplies it is possible to see key presses in the powersupply loop control. An aspect of security many don’t think about. Likewise some large flat pannel displays used for televisions etc, you can see in the mains input to a house, sufficient information to identify the program or video being watched…

Anything that has an effect on the time domain has an effect on the frequency domain and thus the bandwidth of some part of the system.

… the reality is not only do you have “back doors” and such: you have missing walls, chief! How much would a backdoor weaken a house that’s missing a couple of walls?

That depends on the person who designed the house, but in a fiscally dependent market where costs have to be ruthlessly reduced, the wolf would not have to even huff or puff, just wave a paw as the cards fall down.

And in essence that is the first and currently perhaps the most significant problem…

Whilst it is entirely possible to do “smart cost reduction”[1] you usually need an external driver such as regulation / legislation to make it happen.

Without doubt the telecommunications sector is in a mess, it’s been in one type of free fall after another since the 1980’s. Thus mobile phones are in a similar mess as cars were in the 1950-70s. But worse software generally does not have a significant physical asspect on the manufacture of a phone. You would be hard pressed to tell the difference in weight between one type of storage chip and another with the same form factor and pin out but twice or four times the storage capacity. Likewise the price is actually not that much different after a short period of time with older parts actially getting more expensive. Similar applies to CPU and other chips.

Which means product differentiation falls on the marketing execs… Which currently boils down to how much functionality can be shoveled in, in the time it takes to get a mobile to market. Thus quantity is high, quality is low, and interaction and complexity sky rocket, none of which is good for stability let alone security. Hence you could say under you building theme that mobile phones are a wooden house with a fatal termite problem, just waiting for kids to hurt themselves when exploring.

But worse, due to the likes of Google and Co there is the idea of “collect it all” alied with “process it all” to be “sold to all”. That is they have created a market in “data theft”. It does not matter if they call it a “test harness”, a “support system”, “product improvment” or any other name such as “telemetry”, it’s purpose is to spy on the user and what they do for the product producers profit.

Which brings us onto the notion of “segregation” which you delightfully describe with,

So just take the computing element and wrap it in some aluminum foil or put it in a heavy-gauge pressure cooker for maximum security.

Whilst that works as people have demonstrated the problem is that both mobile phones and computers are of little benifit without communications. And in the modern consumer world that’s “flick with the finger over the screen maximum effort” otherwise Jo Average won’t use it…

Which is the second problem, way to many communications paths, protocols and interaction between them (all in the name of convenience).

As I’ve pointed out in the past communications paths need to be “mandated choke points” where security can be applied fairly ruthlessly. In the process they break down the over all complexity and interaction and make effective auditing possible.

In non consumer equipment where security actually gets mentioned on the pre-product specification features list segregation is a key tool in the designers box. However it has significant costs when the product is designed because you have to “double up” at the very least on core components for each segregated sub component. Which obviously has a knock on effect in terms not just of cost put physical real estate and power consumption. Whilst a military back pack comms-set might have bomb proof security it’s neither light nor convenient and has very limited functionality.

Which brings us back to convenience again most people want something convenient and discreet with long battery life with upgrades ever year or so. It all flies in the face of security, so I can not see security getting into consumer communications and computing products without legislation. Currently neither politicians or large corporates who lobby and bribe politicians want consumers to have any kind of privacy, so unless public out cry gets to a point where politicos have to act then it’s not going to happen. Worse as we have seen with the work of Diane the Fink politicians will talk loud and long making the right soothing noises come up with a bill title that is pure PR then put hooks in the initial drafts such that at the last minute additions can be made that have the exact opposit effect of what the consumers want…

Thus currently privacy is only going to happen for those that accept the fact that they will need to learn quite a lot that few are prepared to teach. Such as new apparently antisocial behaviours (OpSec etc) and apparently arcane techniques (shielding etc) and methods (codes and ciphers). But more importantly ensure that those they communicate with do likewise.

And this is a problem in that those that practice the mechanics of privacy will be different, and any differences in individuals will be by basic human instinct be treated tribalistic ways[2]. Especially by outsiders with power who will cry “Conspiricy to commit…” etc.

[1] The example I usually quote is the vehicle industry. As a lemon market they were spiraling downwards and following the rule of “Rob Peter to pay Paul” money got spent on marketing whims not engineering advancement. However a few to many deaths and as with the Victorians and exploding boilers public out cry said something had to be done about it. The result was legislation that actually changed the costs metric of vehicle design and very probably actually saved the US vehicle manufacturing for several years. Unfortunately legislation can also work the other was as the glut of Sports Utility Vehicles shows.

[2] A clasic example of the “tyranny of tribalism” is “social media” unlike many I don’t use “facecrook”, “Whatsapp” or even “Email”. I know that they are entirely irrelevant to living and functioning in society as should anyone who is over fourty years old. However there are those that insist that you have to have them and get extreamly unpleasant if you say “they are unnecessary”. The reason for their nastyness is two fold, firstly you are an afront to their self belief of authority, secondly you are a caltrap on their road of convenience. I find such people generally vexatious and best avoided as they are developing a cult of personality and that can only go one way, and to over use an old saying “that ain’t pretty”.