Sorry for the delay this is Bruce Schneiers talk at RSA on Why Security has so Little to do with Security.
There is no such thing as absolute security!
Security involves trade-offs:
- If no airplanes flew – 9/11 couldn’t have happened.
- Air port security has trade offs – tax dollars, time, “calmness”)
- Gated communities offere more security but less privacy vs. buying home alarm system costs money and convenience.
- We are not wearing bullet proof vests… we don’t want to spend the money or fashion tradeoff.
We make decisions every day about these trade-offs
Additional security depends on the risk and the effectiveness of the counter measure. People are security consumers the right question is ‘it worthit.’
- People RARELY perform this analysis explicitly
- People succumb to fear and uncertainty
- People beleive falus promieces
- peopel regularly do things that compromise their security
- people don’t do what they say
Security trade offs can be financial, social and non-security
The Barrier model doen’t quite work…There are legitimate users and attachers are bounced. Failures in this model are that the good guys get bounced or the- bad guys in. When system fails most likely fail against legitimate users!!!
Threat = Attacker -> Goals -> Attacks
There are multiples of all these criminals and hobbiest hackers
Attackers – can also be legitimate users (they can get a lot of information about systems to find out how they work – 9/11 they flew airlines).
Attacks divert to other targets…(go attack someone else)
Assets are owned by someone else. -> Trade offs are made by the asset owner. They don’t make the decision.
Security system (access control tarmack, passengers)
ASSETS (airplane)
Perceived Risks + Other considerations “everything else” [ social/moral | technological | legal | economic ]
The owner of the asset around which risks can be mitigated.
Owner -> Policy -> Trusted people -> Trusted systems – security systems to protect assets.
There are things we can not do to protect assets:
- Banks – strip search everyone who comes into bank.
- House – put landminds in lawn
Legitimate users influence owners:
- We can’t put cameras in dressing rooms.
- Government – wanted to ban laptops on airplanes (legitimate users forced decision)
Trusted people influence: –
Urin test for federal employees in Regan years. They said no.
The effectiveness of security system…minor component in complex decision graph.
Look at the sum of the stuff pointing at the owner. Every security decision affects multiple players and the party who gets to make the decision will make one thats’ benificial to him.
Every security decision affects multiple players… Look at Guns on airplanes .. pilots, flight attendants, citizens legislators
If they don’t want to buy it they are not ‘irrational’ it is rational within their world view…
Every player has his own unique perspective, his own trade-offs and his own risk analysis. You have to evaluate security options based on the positions of the players. Often security decisions are made for non-security reasons. The major security issues have nothing to do with security technology.
Detecting counterfeit money there is no incentive to detect it. I as a customer if we find it in our wallet just want to spend it the merchant if they find it will not report it as long as they can deposit it.
Look at KAL 007 the last western flight to get shot down over Russian.
- The reason was that the prior time a western airline flew over Russian airspace general in charge lost his charge. So this general did not want that to happen to him. The agenda general who decides to shoot plane down (I need to save my career.)
Look at salesclerks and credit card verification.
- They never check – they don’t care it is not their agenda. Make transaction go through with minimal stress. Owner of store more likely to check.
Look at Tylenol poisonings and random stupid crimes
- Security is the science of tamper resistant packaging. They are silly security measures but they address the real problem (public no longer trusts over the counter drugs).
Look at banning things on airplanes.
- Didn’t ban matches and lighters – cigaret lobby got to congress.. better the knitting needle lobby
SECURITY PROXIES are a way we address risk.
Proxies are players who acts in the interest of other players
(airline security:TSA…airlines not alowd to compete on everyone – more secure airlines, background checks – less secure airlines – no lines)
Proxies are a necessary aspect of the security because people arn’t proficient at risk management. Proxies are not going to make the same risk management decisions that the people they represent would have…
Home building inspectors
They ultimately work for the real estate business if deny to many timse they won’t have business…They are Mercenaries. If you hire them make sure you pay them….turn around and attack people who hire them.
DVD region encoding
- There are secret features to defeat…manufactures as proxies…manufactures want the cheat codes piss of media companies.
Government regulatory bodies
- yes safety but also their jobs (my comment: embedded autonomy)
Banks’ verification of signature on checks
- They don’t do this – why check? No security problem until customer complains. Push security onto the consumer. Bank to centralize security – checks signatures? distirubuting it is cheaper then…
Banks’ verification of balance in account
Compare – bank security of overdrafts – they will spend a lot to deal with that kind of fraud.
Cell phone security against eavesdropping
- Ridiculous that they don’t have encription. Phone companies don’t care – voice privacy not affect bottom line. In who’s agenda is voice privacy? the customers.
Cell phone security against third-party batteries
- Third party batteries they care – security device ‘security of their revenue’
Security is never an isolated good. It always makes sence in the context of a greater system. That system is more important then security. Security is a secondary consideration ( it is an after thought). Understanding the context is just as important understanding the security.
The context of the interent today is a lot of spying stuff. Fighting the context won’t help…must work with the context.
Subscribe to Crypto-Gram: Free Monthly Security Newsletter
Questions:
About Proxie diversion: NSA protects us by snooping on us. NSA – protect ours and attack theres. Equities issue If you are in the NSA and tell Microsoft about major flaws…If you don’t then do you tell them — you can spy on chinese etc. defend good guys or attack bad guys. NSA eaves dropping on Americans. Police start making these decisions you get security that looks like a police state – powers of investigation and who. That is the way they think… This is a good example of proxie divergence. Important that the POLICE don’t run the countyr. somone above the police making the decisions above them civilian control of intelligence – pull the proxie back a bit.
Someone in government today [elected official]…their agenda in getting re-elected is measures to incent proxies properly understanding it we might be able to correct for it. Elections are about fundraising. Clever electoral reform systems…try to deal with proxie problem recognize them and then figuring out risk…I act as a proxie for corporation and vendors. What are the METRICS for measureing risk.
Regulations not most of my data is not controled by me company X (Choicepoint) the have controle over it but I am not a costomer…
The delta value is extreme. underprotected….
Regulation to choice point to take security more serioiusly. Does it work? is it effective? Increasing the cost to the company – make it more expensive to ignore security – vendors SOX is good for us there is more money to spend more money on security.