Monday, December 7, 2015

Security, Privacy and Data Gathering

Back in 1977 I went to an IEEE meeting at Cornell where there was a big flap by NSA and others over the release of the Rivest et al crypto schemes. At the time I had the opportunity to watch over some Eastern Europeans who were in DC but in Ithaca, there they were. Surprise, no.

Out of those meetings came a way to combine the then crypto scheme approved by NIST and the new RSA scheme. Namely one could use DES as a shared key system but use RSA to send the keys in a secure manner and then cycle through various DES keys using RSA. Works fairly well and even then was doable whereas today it is dirt cheap.

The second issue was authentication. Namely the problem of assuring from whom the message came from. Today we use certificates but then and I assume still now we use complex systems as we had developed then. Our application in the late 70 was the deployment of sensors using seismometers to check for Soviet nuclear testing. We wanted to have authenticated data and not Soviet spoofs.

Today we look for patterns as to who is talking to whom. Assuming people do not try to confuse others then this may be possible over big data systems. However for a couple of decades now we have seen the development of anonymizers. Now MIT researchers announced their latest scheme.

They state:

If an adversary has infiltrated the server, however, he or she can see which users are accessing which memory addresses. If Charlie’s message is routed to one address, but both Alice’s and Bob’s messages are routed to another, the adversary, again, knows who’s been talking. So instead of using a single server, Vuvuzela uses three. Corresponding to the three servers, every message sent through the system is wrapped in three layers of encryption. The first server peels off the first layer of encryption before passing messages on to the second server. But it also randomly permutes their order. So if, for example, Alice’s message arrived at the first server before Bob’s, and Bob’s arrived before Charlie’s, the first server will pass them to the second in the order Bob, Alice, Charlie, or Charlie, Bob, Alice, or the like. The second server peels off the second layer of encryption and permutes the message order yet again. Only the third server sees which messages are bound for which memory addresses. But even if it’s been infiltrated, and even if the adversary observed the order in which the messages arrived at the first server, he or she can’t tell whose message ended up where. The adversary does, however, know that two users whose messages reached the first server within some window of time have been talking. And even that is more information than Vuvuzela’s designers want to give away.

Namely they flush everything they have across the net and confuse any adversary. Cute, but I suspect this is but one of many such schemes. Hiding in plain sight, hiding in noise, etc all follow a similar path.

Thus the questions which this poses are:

1.  In encryption, any junior engineer could implement an AES/RSA system which would be quite difficult to break. In fact a "whack a mole" feature one could argue would make it unbreakable. In fact such a system would be outside the transmission path, and thus one could care less about iPhone encryption, you do not rely upon it.

2. Authentication is critical. If two adversaries desire to speak then they must be certain as to whom each is. This is an authentication problem and one cannot expect to use Certificates here. Yet there also a large collections of options.

3. Patterning is the means of looking at data flows and trying to see what they infer as to the actions of parties. Systems like the one above demonstrate that the complexity of this can be increased exponentially. In fact it can be made almost fool proof.

Thus the screams and moans as to making all systems open is just that; scream and moans. Any adversary already has a wealth of tools, many most likely funded by Government contracts and in the public literature.

Remember 1977! When RSA came out you could guess who was in the audience. Today, different faces but same result.