Superconductor

Most businesses aren't as enthusiastic about using information security technologies as many security experts would like them to be. As a general rule, businesses tend to make informed decisions, so maybe there's a reason for this lack of enthusiasm. A recent meeting at which I was the only non-economist in the room gave me an interesting insight into this, at least for some industries.

According to the economists at this meeting, the consensus of lots of research is that the value of information is only about 1 percent of the value of the finished product that it's used to create. So if you make widgets that you sell for $1 each, then all of your business' information is worth about only $0.01 of that $1. If that's the case, then we would certainly expect a fairly small level of resources to be allocated to protecting its confidentiality, integrity and availability.

I would expect that estimate of 1 percent to vary a lot from industry to industry. Some day, when I actually have some free time, I may track down some of the economics papers that make that estimate to see if my suspicion is right.

I recently received an email that asked me if the electric field and magnetic field of a propagating electromagnetic wave are always in phase. I vaguely recalled that you have something like

E = c B

in some situations, so the first thing that I did to check to see if this made sense was to compare the units of E to the units of cB. After all, if the units don't work out then something's wrong.

This led me to think about how the strength of encryption is probably the only place in the entire field of information security where it's easy to quantify something. In the case of encryption, the usual metric is the size of an ideal symmetric algorithm for which there no attack that's better that just trying all possible keys to see which one's the right one. By that metric, for example, encryption with either the 3DES or with 2,048-bit RSA provides 112 bits of security because cracking such a key takes about the same amount of effort as trying all possible 112-bit keys.

This metric isn't really that meaningful, of course, because there's always a better way for an adversary to beat a system than trying to beat encryption. The amount of work needed to crack a single 3DES key is huge. It's the sort of thing that takes much more that a person's lifetime on the world's most powerful supercomputers to do.

Key management is nowhere near as strong, so it's always better for an attacker to try to beat the key management that's used instead of trying to get billions of years of computing time somehow. But if we don't worry about the strength of key management and focus just on the strength of encryption, we find that we have a nice, clean way to measure the strength of that particular security mechanism.

After figuring out whether or not the electric field and magnetic field of a propagating electromagnetic wave are always in phase, I then thought about if there's any other part of information security where it's relatively easy to create a metric for the effectiveness of technologies that give the same level of information that the strength of encryption does. My conclusion was that there isn't one, but if you have a good one, I'd be happy to hear about it.

In a recent post I gave examples of elliptic curves for each of the cases that Mazur's theorem allows. One of these is particularly interesting. It's the curve

y² + xy – 5y = x³ – 5x²

Over the rationals this has that E_tors = Z₂ x Z₄ = <(10,20),(1,2)> = {(1,2), (10,-25), (0,5), (0,0), (-5/4,25/8), (5,0), (10,20), O}.

Note that one of these points, (-5/4,25/8), doesn't have integer coordinates. Doesn't that violate the Nagell-Lutz theorem, which tells us that torsion points need to have integer coordinates?

Not really, and here's why.

Here's one form of the Nagell-Lutz theorem:

Let y² = x³ + ax + b be an elliptic curve over the rationals with integer coefficients and let D = 4 a³ + 27 b². Then if P = (x_P,y_P) is a rational point of finite order then P has integer coordinates and either y_P = 0 or y_P²|D.

Note that this only applies to elliptic curves of the form E: y² = x³ + ax + b. So because the curve in this example isn't of that form, its torsion points don't have to have integer coordainates.

In a recent discussion with another information security industry veteran the follow industry veteran noted that there's an obvious parallel between cryptography and global warming. In both cases, people who really don't know much about the subject don't seem to let this lack of understanding keep them from talking about the field as if they're experts.

In the case of global warming, even though I studied various physical sciences as both an undergraduate (chemistry and physics) and in graduate school (physics, acoustics and meteorology), I don't feel qualified to interpret the scientific evidence either for or against global warming. I don't know much about the field, but I do know that I don't know much about it. That doesn't stop me from having opinions about global warming, of course, but I wouldn't really call these informed opinions, and I certainly wouldn't try to pass myself off as an expert on the topic.

The industry veteran that I was talking to noted that many people, particularly when they're talking about cryptography, seem to have a similar limitation – they really don't know much about the field, but this doesn't seem to constrain them in the same way that my lack of understanding of the scientific evidence for global warming constrains me.

This discussion also reminded of an airline flight a few years ago on which I sat next to an engineer who designed lighter-than-air vehicles, sort of like high-tech blimps. He complained about how people who know absolutely nothing at all about lighter-than-air vehicles feel qualified to give advice to experts in the field, apparently feeling that the technology is so simple that anyone can understand it.

Maybe this phenomenon isn't limited to just global warming and cryptography.

I've been writing articles for various magazines for a while, and one trend that I've noticed is that the length of articles that editors ask for has dropped dramatically in the past few years. About five years ago, it seems that the most commonly requested length for magazine articles was between 2,000 and 2,500 words. More recently, this average has dropped to a much shorter length. Now it's more like 750 to 1,000 words.

It's no coincidence that that's roughly how much will fit on a single magazine page. Editors that I've talked to recently tell me that the typical reader doesn't read past the first page of an article, so it may be the case that editors are shortening the articles in their publications to deal with that reality.

I recently had another credit card compromised. I only use this particular card at two on-line bookstores, so I'm fairly sure how it was compromised.

In any event, someone got my card information and charged a few months of membership at Skype India. When I pointed out these charges to my bank they immediately took care of the fraudulent charges, but I was still left with $0.36 in foreign transaction fees that I was charged for the fraudulent charges because they were made outside the US. The fraud people explained that I would have to talk to a different division to take care of those charges and gave me the number to call to take care of the problem.

After calling the second number, I was transferred around a bit and then put on hold. After being on hold for a couple of minutes I just gave up and decided to pay the $0.36 in fees instead of waiting on hold even longer.

After thinking about this for a while, I realized that I just provided a way to estimate how much my time is worth. If I'm willing to pay a $0.36 fee after 3 minutes, that seems to say that my time is worth about $0.12/min or about $7.20/hr, which is slightly less than the minimum wage in California.

As I mentioned a few days ago, a recent article in Popular Science listed some research that did what might be called confirming the obvious. This article claimed that research has shown that "environmentalists can be smug jerks." I assumed that this was just the editors of Popular Science trying to be controversial and that if I looked at the actual paper that they cite that I might find something different. Here's what I found.

The paper that this article cites is "Do Green Products Make Us Better People?" by Nina Mazar and Chen-Bo Zhong, both of the University of Toronto. Here's the abstract of this paper, which was published in the March 2010 issue of Psychologial Science.

Consumer choices not only reflect price and quality preferences but also social and moral values as witnessed in the remarkable growth of the global market for organic and environmentally friendly products. Building on recent research on behavioral priming and moral regulation, we find that mere exposure to green products and the purchase of them lead to markedly different behavioral consequences. In line with the halo associated with green consumerism, people act more altruistically after mere exposure to green than conventional products. However, people act less altruistically and are more likely to cheat and steal after purchasing green products as opposed to conventional products. Together, the studies show that consumption is more tightly connected to our social and ethical behaviors in directions and domains other than previously thought.

In other words, the Popular Science people may have been trying to be controversial, but they don't seem to have really misrepresented what the research showed.

I have to wonder if generalizations of the Mazar-Zhong research are also true. There are certainly types of computer hardware and software that seem to cause a certain level of smugness in their users and it might be the case that these users compensate for this in some way.

People who drive cars equipped with manual transmissions also seem to feel a meaningless sense of moral superiority over people who can't do this. Maybe they also make up for this by doing bad things. I hope that's not the case. I'm one of those people who feel smug about driving a stick. I'd like to think that this doesn't make me do bad things, but I might be wrong about this.

This time, from the 19th-century point of view.

Phil Smith of Voltage will be talking at the SHARE meeting in Boston next month. His talk will be on Tuesday, August 3 from 9:30 - 10:30 am, and the topic is Enterprise Encryption 101. Here's a quick summary of what he'll be talking about:

We've all seen the seemingly weekly news about yet another data breach: millions of credit card numbers, SSNs, or other personal information exposed. Encryption is the technology that minimizes the cost of such data breaches, by making the "leaked" data useless to the thief. So more and more sites are investigating encryption, some even before a breach occurs. But where do you start with this technology? How do you make a sensible choice among dozens of vendors, between hardware and software? Where and when do you encrypt data, and is that sufficient? What about emerging standards and legislation, such as PCI DSS, Red Flag, GLBA, SB1386, Directive 95/46/EC, et al.? Come hear about implementing encryption from a business perspective -- what you need to worry about and how to approach it. This is not a comparison of encryption technologies per se, but rather a look at the issues surrounding them. While the presenter works for an encryption vendor, this is a general presentation, with minor content at the end that discusses the Voltage SecureData product as an example.

If you can't make it to Phil's talk, you can download the slides for his talk here. That's probably not quite the same as seeing the talk in person, but it's probably much cheaper.

One big problem with the Internet is that security wasn't in its original design, so that security vendors need to provide products that try to overcome this original oversight. It looks like cars might have this same problem. A recent paper by a group of professors from UCSD and the University of Washington describes some of the security problems that cars have. Here's this paper's abstract:

Abstract—Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input— including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car’s two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car’s telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.

There may be additional security issues that the automobile manufacturers don't feel comfortable letting researchers discuss in public, of course. But because people are looking at the problem now, it's probably only a matter of time until these issues are addressed, either by the automobile manufacturers or by third-party security vendors.

After reading this paper I was curious about how many processors a typical car has these. The last estimate heard of this was 14, but that was several years ago. After using Google for a few minutes I didn't find that particular bit of information, but I did learn that both the BMW 7 Series and the Mercedes S Series vehicles actually have over 100 microprocessors in them these days. I'd imagine that there's also a fairly sophisticated network connecting those processors, but that's something that I'll probably never get around to learning about.

The article "Science Confirms the Obvious" was in the most recent issue of Popular Science. Here are some of the findings that it describes. There's peer-reviewed research behind each of these, so there may actually be more substance that the quick summaries might lead you to believe. Their wording, of course, not mine.

• Blowing up mountains is bad for the environment
• Old people prefer happy memories
• A mean gym teacher can turn you off sports
• People are happier on the weekend
• Most people drive poorly when talking on the phone
• Siblings who fight don't get along
• Young people want big money, big vacations
• Hard-drinking adrenaline freaks are prone to injury
• Environmentalists can be smug jerks
• Self-control makes students more manageable

I'll have to track down the research in a few of these cases and see how well Popular Science's summary matches what the papers actually say.

It looks like DARPA is interested in homomorphic encryption. Here's an extract from their recent call for proposals "PROgramming Computation on EncryptEd Data (PROCEED)."

PROgramming Computation on EncryptEd Data (PROCEED)

The Defense Advanced Research Projects Agency is soliciting proposals for innovative research in programming computation on encrypted data. The proposed research should investigate innovative approaches that enable revolutionary advances in science, devices, or systems. Specifically excluded is research that results primarily in evolutionary improvements to the existing state of practice.

Introduction

The goal of the PROCEED research effort is to develop practical methods for computation on encrypted data without decrypting the data and to develop modern programming languages to describe these computations. PROCEED is a comprehensive research effort with six primary research thrusts:

• Mathematical Foundations of Fully Homomorphic Encryption – Discovery and development of new mathematical underpinnings for efficient computation on encrypted data is needed in a noninteractive setting. The solution might involve fully homomorphic encryption [Gentry09, Gentry10, Smart10] that allow noninteractive computation on encrypted data. This area is captured in RA‐10‐80, and interested proposers are referred to that solicitation.

• Mathematical Foundations of Secure Multiparty Computation – Discovery and development of new mathematical underpinnings for efficient computation on encrypted data is needed in an interactive setting. Secure multiparty computation [Yao86, Bickson10] has a rich history of interactive computation on encrypted data, but requires further improvements to be truly practical.

• Mathematical Foundations of Supporting Security Technologies – Computation on encrypted data preserves the confidentiality of the data being computed on, but does not inherently protect the integrity of the computation, nor provide strong protection of the program, among other potentially desirable security goals. Techniques to address these and other related security issues are sought in the PROCEED research effort.

• Implementation/Measurement/Optimization – To make computation on encrypted data practical, highly optimized implementations, possibly including programmable hardware, will be needed. Experience shows there can be at least an order of magnitude difference in the performance of highly optimized cryptography implementations over less sophisticated implementations.

• Algorithms – Practical computation on encrypted data will require libraries of data structures and algorithms that are optimized for efficiency in the encrypted domain. Most current approaches to computation on encrypted data work by turning a program (with a bounded maximum input size) into a circuit.1 An important goal for optimization is minimizing circuit depth, which is traditionally a goal of hardware designers, not programmers.

• Programming Languages – More advanced languages are sought, with type systems that embed cryptographic knowledge, making programming computation on encrypted data no more difficult than conventional programming. Today’s languages for computation on encrypted data, such as the one in the FairPlay system [Malkhi04] are simple, imperative languages that have little, if any, type system support for cryptography.

I've heard lots of people call homomorphic encryption "interesting technology in search of an application," so I wonder exactly why DARPA is interested in this.

Consider the singular elliptic curve

E/Q: y² = x³

which is singular at the point S = (0,0).

Even though this curve is singular, we can still use the usual rule for adding points to get a group for all of the non-singular points: E_ns(Q) = E(Q) \ S. When we do this we find something interesting: the group of non-singular points on this curve is isomorphic to the rationals under addition, or that (E_ns, +) is isomorphic to (Q,+). And because this is true, we can see that E_ns(Q) isn't finitely generated, which is always the case with non-singular curves (the Mordell-Weil theorem).

To see why (E_ns, +) is isomorphic to (Q,+), we use the function

φ: E_ns(Q) → Q

defined by

φ(P) = φ(x,y) = x / y if P ≠O and

φ(O) = 0

This has an inverse

φ^-1: Q → E_ns(Q)

defined by

φ ^-1 (t) = (1 / t²,1 / t³) if t ≠0 and

φ ^-1 (0) = O

It's easy to see that φ is one-to-one and onto. Seeing why φ is a homomorphism is a bit more complicated.

Suppose that P_i = (x_i,y_i) are elements of E_ns with φ(P_i) = t_i.

What we want is that if P₁ + P₂ = P₃, then φ(P₁) + φ(P₂) = φ(P₃), or that t₁ + t₂ = t₃.

If we have that P₁ + P₂ = P₃ then P₁, P₂ and -P₃ are collinear. From the point-slope form of a line we have that the line through P₁ and P₂ is given by

y - y₁ = m (x - x₁)

where

m = (y₂ - y₁) / (x₂ - x₁)

or that

(x₂ - x₁) (y - y₁) = (y₂ - y₁) (x - x₁)

This line also passes through -P₃ = (x₃, -y₃) so we have that

(x₂ - x₁) (-y₃ - y₁) = (y₂ - y₁) (x₃ - x₁)

We also have that P₁ = (1 / t₁²,1 / t₁³), P₂ = (1 / t₂²,1 / t₂³) and P₃ = (1 / t₃²,1/ t ₃³). Substituting x₁ = 1/t₁², etc, we find that we have that

-(t₁ - t₂) (t₁ + t₃)( t₂ + t₃) (t₁ + t₂ - t₃) / (t₁³ t₂³ t₃³) = 0

If t₁, t₂ and t₃ are all different and non-zero, this gives us that t₁ + t₂ - t₃ = 0 or that t₁ + t₂ = t₃, so φ is a homomorphism like we want. The other cases can be handled similarly.

Last weekend I took my sons to a local game store where they run demos of various boardgames. This particular weekend the demo took longer that usual so I had some time to kill and I tried making entertaining anagrams for "Voltage Security."

One of them, "cattle ye vigours," seemed the one that might be deemed "most likely to be said by a pirate." Maybe this September 19 (talk like a pirate day), I'll hear a few people saying something like "Arr, cattle ye vigours matey!"

Another one, "evil cages tryout" seemed to be a reflection on our fairly rigorous hiring process.

When I got to "lots creative guy" I stopped, thinking that that particular anagram was fairly appropriate. We are known for our innovative technologies, after all.

Over the recent holiday I had time to catch up on some reading that I've meant to do for a while, and I noticed a pattern that's probably obvious to people in touch with literary trends. In particular, it seems to me that a big motivator for lots of the science fiction of the '50s and '60s was the Cold War mindset that started in the '40s and that a big motivator for the horror fiction of the '70s and '80s were the social and political trends of the '60s.

The terrorism that we're dealing with today seems to be something that we might see in future genre fiction. Maybe identity theft is also. Data breaches are certainly big news these days and the losses due to identity theft seem to be growing at an alarming rate. Maybe we'll see identity theft featured prominently in genre fiction of the next decade or two.

The cyberpunk sub-genre of science fiction, which I really don't know much about, seems to be where this might first appear, although there may be enough material there to create an entire new sub-genre.

In a previous post I described how the USPS might have been corrupted by transporting a copy of the Necronomicon, a fictional book of ancient and forbidden knowledge that appears in some of H. P. Lovecraft's stories. In this I suggested that the Necronomicon had been brought to the US by a soldier who somehow came across it in the Gulf War.

Several people have asked me to tell the story of exactly how this happened, so I started working on this last week when a short layover in the Atlanta airport turned into an unplanned overnight stay there. The working title for this was "War Story."

More than one person who later saw that title thought that I was writing something about what goes on at standards meetings.

We're starting to look for good places to hold the 2011 Key Management Summit. It will almost certainly be held somewhere on the west coast of the US, and probably in California. We have several sites that we're looking at now that are good candidates for this, but we haven't yet decided which one we'll actually use. So if you're interested in attending this event and have a preference for a location for it, now's the time to let us know.  

Mazur's theorem tells us that the points of finite order on an elliptic curve over the rationals has to have a particular structure. In particular, if E_tors is the subgroup of E(Q) of points of finite order then E_tors has to have one of the following forms:

1. Z_n, a cyclic group of order n where 1≤n≤10 or n = 12

2. Z₂ x Z_2n, the direct product of a cyclic group of order 2 with one of order 2n for 1≤n≤4

There are examples of curves for each one of these possibilities in Exercise 8.12 on p. 238 of Silverman's The Arithmetic of Elliptic Curves.

I was curious what each of these curves looked like, so I decided to graph both the curves and the points of E_tors. Some of the cases were interesting. Others were not.

In any case, here's what I found.

Next year will mark the five-year anniversary of Waterfall 2006, the premiere conference on the benefits of sequential development processes. Maybe it's time to organize the next one. I'm sure that we've learned lots of interesting things about how to manage software development since then.

In a previous post I mentioned how storage vendors were predicting that the amount of information would be doubling every 11 hours by the year 2010. They were saying this to get you to buy their products to help you keep pace with that overwhelming amount of information, of course.

We're now well into 2010 and it should be fairly clear by now that the amount of information really isn't doubling every 11 hours. It actually should have been obvious to most people that this particular claim was obviously wrong, but that didn't stop it from getting published in a few academic papers and being widely cited by storage vendors.

This led me to develop the following warning label that could be included in papers of questionable accuracy:

 

I'm not really sure that many editors of all publications really worry about the accuracy of what they publish, however. I used to review submissions to a few publications, but after I recommended that they not publish various submissions because they were just plain wrong, the editors stopped asking me to review submissions for them.

There's certainly a place for discussing controversial ideas, but I really don't like the idea of getting things into print that are obviously wrong, like the wildly inaccurate claim that the amount of information would be doubling every 11 hours by the year 2010. I would have recommended that that particular paper not be accepted. Apparently someone else didn't think so.

I recently read "Social Media and FINRA: Twitter and LinkedIn Considerations," a report from the Burton Group that talks about the regulatory issues that businesses may run into when their employees use either Twitter or LinkedIn. These issues are all related to FINRA's Regulatory Notice 10-06, "Guidance on Blogs and Social Networking Web Sites."

I'm certainly not an expert on the details of FINRA's guidance, but some of the conclusions of this report made me question whether or not some of the ways in which securities firms are regulated really make sense.

According to this report, for example, a securities firm may get into trouble with regulators if one of their employees has selected "Business deals" as one of the things that they're open to receiving messages about through LinkedIn. Providing recommendations for other people on LinkedIn can also apparently get you in trouble with regulators. The report lists several other examples, none of which made any sense to me at all.

So it if assume that the Burton Group's analysis is correct, which seems like a reasonable assumption, it certainly seems to me that the way in which the securities industry is regulated doesn't make much sense. And because it looks like we'll probably see more regulation of that industry in the future, I'd expect things to get much worse before they get any better