Superconductor

There's a theorem from mathematical physics that may have an application in the workplace. This is the virial theorem, and its workplace analogy may explain why every job has its annoying parts.

One version of the virial theorem roughly says that for a finite collection of point particles interacting gravitationally, the time average of the kinetic energy is half the time average of the potential energy, or

<K> = - <U> / 2

The virial theorem is useful to astronomers because you can use it get a good idea of masses of distant objects, which you can't really observe, from their kinetic energy, which you can observe. The reason that we think that dark matter exists is basically from observations like those plus the virial theorem.

Driving in to work today, I had the thought that an appropriate analogy for the virial theorem the workplace might be that the bad parts of a job are always proportional to the good parts of a job. In my experience, this seems to have always been true.You probably have some relationship like this, for example:

<Bad> = - <Good> / 2

When I was an officer in the US Army, there were lots of good aspects of the job. There's nothing in the world as rewarding as working with soldiers, for example, and getting paid to work with explosives and fire guns is also lots of fun. To make up for this, however, there's also the fact that the military is really part of the government, so you're really part of a large, mind-numbingly bureaucratic organization.

Or when I used to do what's probably best called applied physics research, it was great fun working with things like lasers and electron microscopes. To make up for this, however, there's the never-ending battle that you have to fight to get funding for those expensive gadgets.

Or when I did mergers and acquisitions consulting, it was great fun getting a look inside lots of different companies in lots of different industries and seeing how they worked. The pay wasn't bad, either. To make up for this, however, there were the 20-hour days and the backstabbing from other consultants (particularly the lawyers) involved in the M&A projects that you had to keep a constant eye out for.

So although I'm not sure that you can write down a set of assumptions that lets you rigorously prove an analogy for virial theorem for the workplace, it certainly seems to be true. If there's a job out there for which it doesn't hold, I'd definitely like to hear about it.

Not many engineers seem to like writing. This might have been why the April 27, 1947 Stanford Linear Electron Accelerator Project Report No. 7 was so short. This report was so short that I'll quote it in its entirety here:

We have accelerated electrons.

You can read more about this report here, and can even see what this short and to-the-point report looked like. Although this doesn't always happen, this is one case where reading the original paper really isn't so bad.

I came across an intesting paper that may explain why PKI technology failed. This paper is "Test of Influence from Future in Large Hadron Collider; A Proposal," by Holger Nielsen and Masao Ninomiya. Nielsen and Ninomiya essentially argue that the LHC may be plagued by problems because if it actually worked it would produce effects that are so ugly that they would actually send ripples of bad luck back through time to thwart the creation of the ugly effects. This may sound like something from a bad science-fiction movie, but this paper appears to be quite serious about this.

Similarly, maybe the possible future in which everything is PKI-enabled and digital certificates are ubiquitous is so horrendous that it actually sent ripples of bad luck back through time that sabotaged the development and deployment of PKI technology. Some things actually seem to make a lot of sense from this point of view.

I'll leave it to someone else to work out the physics of exactly how this could have happened. The paper by Nielsen and Ninomiya is probably a good place to start.

In the P1363.3 Standard for Identity-based Public Key Cryptography using Pairings, there's one particular bit of notation that seems to confuse and annoy people. That's the use of "ID" to indicate the string that represents a users identity. Every other variable in the document is represented by a single letter, and the fact that this particular variable is represented by two letters seems to be the source of the trouble. I hope that this particular bit of notation doesn't cause people too much trouble, although it certainly seems to have the potential for doing that: a good notation is its own heaven, a bad notation is its own h**l.

Quantum mechanics is an example of a field that seems to defined by its bad notation. Quantum mechanics, at least the material that I learned, is really nothing more than looking at how certain linear operators on Hilbert spaces behave. In other words, it's essentially just linear algebra, but with a notation that does its best to obscure that fact.

The notation that we used in a class on quantum electrodynamics that I had in graduate school is probably why I decided to not study physics any more and to stick to things that used a notation that I could understand. I probably made the right choice. If I had stuck with physics, I'd have spent a significant part of the rest of my life converting between the bra-ket notation and something that actually made sense to me. 

With any luck, the notation in the P1363.3 standard isn't bad enough to make someone decide to give up cryptography.

In the past few weeks, I've heard lots of comments about quantum computing. Because I heard so much about it, I thought that there must have been a big breakthrough of some sort. The last I had heard was that a team at IBM had managed to factor 15 using Shor's algorithm. Because of the sudden interest, I thought that this record must have been beaten in some way, and I don't mean by factoring 17.

But when I looked around the Internet, however, I couldn't find anything that talked about bigger successes, although others have reproduced the factorization of 15. This leads me to wonder what caused the sudden interest in quantum computing. Are there quantum computers out there that can do more than factor 15?

Being able to factor 15 with a quantum computer is actually a very impressive technical accomplishment, but it's not one that leads me to believe that existing public-key technologies are in danger of being rendered ineffective by the existence of quantum computers any  time soon. Perhaps ever. Or is there research out there that I didn't find?

It was big news last year when Ed Felton’s group of security researchers released their paper “Lest We Remember: Cold Boot Attacks on Encryption Keys” in which they described at attack on full-disk encryption based on freezing DRAM and reading its contents before they’re lost. There was lots of media hype around this paper, with some people making claims like “full-disk encryption is totally non-secure.”

The fact that this paper was considered newsworthy is interesting in itself, and the interest in the so-called “cold boot” attack probably says more about how the background of information security professionals has changed over the past 20 years than it says about the security of full-disk encryption.

Security-conscious organizations like banks and governments have known for quite a while that it’s possible to recover cryptographic keys from DRAM. That’s why the standards that they’ve written often require the use of a hardware security modules to protect keys. So if it’s been known for quite a while that it’s easy to recover keys from DRAM, why the interest in the cold boot attack?

The reason for the interest is probably due to the way that background of the typical person who works in information security these days differs from their counterpart in the past. If you go back 20 years or so, the typical information security professional had a background in electrical engineering. If you study electrical engineering, attacks based on freezing DRAMs are fairly obvious. So are side-channel attacks, ways to recover cryptographic keys from physical measurements of operating cryptographic hardware. If you’ve designed and built hardware, the fact that the timing of calculations or the power consumed during calculations depends on the exact bits being processed is fairly obvious.

Today, however, the typical person who works in information security has a background in computer science. This means that they probably know a fair amount designing and writing software, but it also means that they probably don’t know much about hardware. And because they don’t know much about hardware, they’re often surprised by the properties of hardware that allow a cold boot attack to be carried out. It’s also why side-channel attacks aren’t that widely understood these days.

This doesn’t mean that today’s information security professionals are worse or inferior to those of 20 years ago. Instead, it just means that they know different things. If you go back 20 years, you’ll find that things like buffer overflow attacks, SQL injection attacks, or cross-site scripting attacks were totally unknown, but they’re fairly widely known today. They’re probably examples of the knowledge that’s replaced the understanding of hardware that was there in the past.

There seems to be an unexpected benefit to Common Criteria certifications: they may actually be able to effectively combat global warming. Here's why.

There are essentially two ways to reduce the amount of carbon dioxide in the air: you can either stop adding more or you can find a way to take some out. Planting more trees is an easy way to remove carbon dioxide from the air because the cellulose fibers and the other components of wood are made from carbon dioxide that trees get from air. In the language that's used to discuss global warming, trees are a carbon dioxide "sink." Some businesses even promise to take advantage of this fact by planting additional trees to offset any emissions that their operations create. The information security industry may have its own way to take advantage of this, and it relates to the Common Criteria.

Buying security products can be tricky because you can't always tell if they're working or not. If you have an intrusion detection system running, for example, you know that you're going to have false alarms as well as missing some real intrusion attempts, and those missed attacks can cause trouble. You can hope to get the number of such missed attacks down to an acceptable level, but you'll never really know how many you missed. With spam filtering you have a similar trade-off between mislabeling legitimate e-mail as spam and letting spam sneak through your filter, and unless you check the list of messages that have been identified as spam on a regular basis, you'll never know how many messages were mislabeled.

If a vendor claims that their spam filtering technology only misidentifies 0.01 percent of legitimate e-mail as spam while catching 99.99 percent of all spam, you might be inclined to think that they got this estimate under laboratory conditions that may not reflect the real-world. On the other hand, if an independent testing laboratory comes up with the same estimate, you'd probably be more inclined to believe it. So one good way to work around the problem of the unknown quality of security products is to have an independent third-party test them and certify them as being good in some way. Doing this helps both security vendors and their customers. The vendors benefit from the trust that comes with such a certification as well as the shorter sales cycle that it can bring. Their customers benefit by the reduced effort required to test the products before buying them.

On the other hand, too many certifications can also be a problem. Getting products certified is expensive and time-consuming, so vendors certainly don't want to do separate certifications for each country or for each industry segment. So from the point of view of security vendors, the Common Criteria is very useful. As its name tells us, it’s supposed to be a single standard that’s widely accepted. So by getting their products Common Criteria certified, vendors only need to get a single certification rather than needing to get many different certifications.

But the Common Criteria uses a very generalized definition of a product that includes lots of additional specialized documentation that has little or no relevance to the actual security provided by the product. These documents are almost impossible for a non-specialist to get correct, and most of the time and effort spent on a Common Criteria certification is spent getting these documents just right. And because these documents are considered part of the product from the Common Criteria point of view, supporters of the Common Criteria can point to the errors that occur in these documents as proof that evaluations virtually always uncover “flaws” in security products. This is definitely not the kind of standard that security vendors or their customers would develop on their own, and it really doesn’t provide the type information that most customers find useful.

Because products (at least as most people would define it – which does not include this specialized documentation) almost never changes during the evaluation process, being Common Criteria certified doesn’t really give customers much useful information about the product that they might buy – it just verifies that lots of unnecessary paperwork was completed. Because of this, customers still need to do additional security testing of products that are Common Criteria certified, which eliminates one of the key advantages that a certified product is supposed to provide. On the other hand, the unnecessary paperwork created by a Common Criteria evaluation provides an additional benefit: it helps to fight global warming.

The reams of paper that are used for the Common Criteria documents come from trees, which are great carbon dioxide sinks. So the extra documentation that the Common Criteria process requires may actually have a beneficial side effect: the paper that's used for the Common Criteria documentation binds up carbon that came from carbon dioxide in the air, making it unavailable as a greenhouse gas that can contribute to global warming. Note that you just need to print these documents to get this advantage; you should feel lucky that you don't actually have to read them.

A critical look at the safety estimates for the Large Hadron Collider (LHC) may give us some useful insights into estimating the risks that information security tries to address. Here’s why.

The LHC is the world's largest particle accelerator. By smashing beams of protons or heavy ions together at extremely high energies, physicists doing experiments with the LHC are able to test predictions of high-energy physics and perhaps even give us additional insight into the structure of the universe a short time after its creation in the Big Bang almost 14 billion years ago. But because it works at such high energies, some people believe that it might be able to create microscopic black holes that could destroy the Earth. There has even been a law suit filed to stop the operation of the LHC based on these concerns. The legal challenge to the operation of the LHC was eventually dismissed, but a new paper questions the methodology of the study that estimated that the chances of a black hole being formed by the LHC are too low to worry about.

"Probing the Improbable," by Toby Ord, Rafaela Hillerbrand and Anders Sandberg questions the accuracy of the estimates that the chances of the LCH destroying the Earth are too small to worry about. They don't claim that the LHC is dangerous. They just question the methodology of the safety study.

The basis for questioning the methodology of the safety study is that the probabilities of the dangerous events that the study estimates are so low that they are dwarfed by other errors. The LHC safety report estimates that there's roughly a 1 in 1 billion chance per year of the LHC destroying the world. On the other hand, the chances of the model used to produce the estimate being in error or of an error happening in scientific calculations are much higher. This means that the 1 in 1 billion number isn't really an estimate of the safety of the LHC. Instead, it's really a conditional probability: the probability of the LHC being safe given that the model is accurate and there's no error in the calculations. According to "Probing the Improbable," roughly 1 in 1,000 is a reasonable estimate for both the chances of a peer-reviewed scientific papers turning out to be inaccurate as well as the chances of an error in calculations happening. Accounting for these possible sources of error can increase the overall estimate of the danger posed by the LHC by a significant margin, perhaps by a factor of 100 or so.

Information security deals with a similar situation. In quantifying the risks from using computer systems, we also deal with relatively rare events, but ones that can have severe or catastrophic consequences. This suggests that you could probably make a similar criticism of many risk models. In many cases, the probability that there's an error in the threat model or in a calculation may be greater than the actual probability of an event. After all, most risk models don't really get the same level of scrutiny that peer-reviewed scientific publications do. But just like the paper by Ord, Hillerbrand and Sandberg doesn't say that the LHC is dangerous, this doesn't mean that inaccurate risk models tell you that systems are not secure. It just means that you might want to question exactly what a risk model can actually tell you.

It's very difficult to find a source of entropy that's truly random, but sources that are based on some sort of physical process are usually good places to start. You might think that radioactive decay would be a good process to use to create random bits, but new research has actually shown a correlation between decay rates and the Earth's orbit around the Sun.

The researchers who found this unexpected correlation were puzzled by the conflicting measurements of radioactive decay rates that other researchers had measured and tried to find which estimates were the right ones. It turns out that all of the measurements may have been right, and the variation between experiments may be due to unexpected effects instead of errors on the part of the researchers.

By the Hoary Hosts of Hoggoth! This certainly is strange. What's going on here?

When I first heard of this research, I wasn't too surprised. After all, General Relativity tells us that time is distorted when you go fast or are near a very massive object. These effects are significant enough that the GPS system won't work without accounting for them, so they're very real. Knowing this, my first thought was that the change in decay rates were probably due to similar effects from the elliptical orbit of the Earth around the Sun. Maybe when the Earth is closer to the Sun, time is just slowed a bit more that when the Earth is further away from the Sun. Maybe the difference in speed between when the Earth is the closest to the Sun and when it's farthest away is also part of this.  

The researchers who found the correlation between decay rates and the Earth's orbit don't mention this as a possible cause of the variations in decay rates, however. Instead they suggest that the changing rate of solar neutrino flux may be responsible for it. This something that I know absolutely nothing about, and it looks like my first guess wasn't even close.

So it looks like a source of entropy that based on radioactive decay may have non-random components that are actually measurable. In light of this research, one thing is still certain: it's hard to find a source of entropy that's truly random.

Many people who study Mathematics or Computer Science in college often learn about Gödel's First Incompleteness Theorem. This essentially says that any axiomatic system will always be incomplete, because there will always be things that are true that you can't prove from the axioms. This also means that if you keep adding axioms to your system, you'll eventually be able to find propositions that are logically independent from your axioms, so that they can't be either proven or disproven from the axioms. Such logically independent propositions are called "undecidable." Ever since Gödel proved his First Incompleteness Theorem in 1931, the concepts of logical independence and undecidability have been confusing students of mathematics and computer science. They may also start confusing students of physics soon.

Last year, a group of physicists suggested that there's a link between undecidability and randomness. In particular, they show that quantum systems can encode axioms, and that measurements of such systems can tell whether or not logical propositions are decidable or not within the axioms. This means that undecidability can limit what you can learn from physical measurements. They then argue that quantum randomness is really just a physical manifestation of undecidability. Could there be implications of this connection in quantum computing or quantum cryptography?

Terrorism is one of the more serious threats that national governments have to deal with these days. Fortunately, academics have thought about what sort of dirty tricks terrorists may try next and how to prepare for them. Here's what one paper said:

"If recent trends in terrorism have taught us anything, it is that terrorists are nimble actors who can be innovative when necessary. At the same time, technological development is inherently dynamic, with one of the negative externalities of this dynamism being the opportunities it can provide for malefactors. New technologies include cheap, accessible sprayers to disperse chemical agents, nanotech, proteinacious microspheres, aerosol vaccine delivery, bioinformatics, SNP's (single nucleotide polymorphisms) and Bose-Einstein condensates."

Bose-Einstein condensates? That's a state of matter that you get when you cool things down to temperatures of a few nanokelvins. When you get things very cold, enough atoms collapse into a single quantum state that you can actually see quantum effects. Liquids will crawl up the sides of a bottle, for example, because there's essentially no friction between the condensate and the bottle.

This doesn't sound like a good weapon for a terrorist to use. The equipment needed to keep a few thousand atoms of Bose-Einstein condensate cold is pretty big. It's definitely not the sort of thing that a terrorist can sneak past the TSA and onto an airplane. And if they could, what could they do with their exotic matter to cause trouble?

There is, however, a bizarre effect that's been called a "bosenova" that can occur when you put a Bose-Einstein condensate in the right kind of magnetic field. The word is based on the word "supernova," because the magnetic field can make the Bose-Einstein condensate fly apart in a dramatic explosion. Physicists don't seem to fully understand why bosenovas happen yet, but I doubt whether they're a suitable weapon for a terrorist to use.

In addition to having the equipment needed to make the Bose-Einstein condensate, you also need specialized equipment for making the precise kind of magnetic field that's needed to make the bosenova. And even if you have all of this equipment, it takes a huge amount of energy to make just a few thousand atoms of Bose-Einstein condensate. None of this equipment is cheap, and it's definitely not the kind of stuff that the average person could put together, even with a few million dollars in funding. I think that terrorists could probably find a better use for their time and money, so worrying about attacks using Bose-Einstein condensates is close to the bottom of the list of things that I worry about.

If quantum cryptography and quantum computing seem to defy any reasonable intuition, counterfactual computing pushes this to an extreme limit. In counterfactual computing, we use the fact that a quantum system is in multiple states at once, but use this in an unusual way.

Instead of having a quantum system that is in multiple state that correspond to different calculations, like we do with quantum computing, in counterfactual computing, we think of a computer as being in two states at once: on and off. So if we interact with a computer, we will be interacting with it as it were both on and off at the same time.

Carrying this to the next logical step, we can then interact with a computer that is turned off, but get information out of it as if it were actually on. This may seem to make absolutely no sense, but it has actually been demonstrated in a laboratory by researchers.

Fortunately, there seem to be limits to what this technology is capable of, and it may turn out to be impossible to take advantage of its bizarre properties. Otherwise we could imagine assuming that a computer is in states that correspond to either having finished cracking a 256-bit cryptographic key or not having finished this calculation, and be able to break military-strength cryptography just by interacting with a computer that is in these two states. This would allow such attacks without even having to spend any computing resources on the attack.

With any luck, researchers will find that counterfactual computing is little more than a laboratory curiosity that only works in small, well-defined experiments, and is not suitable for use in anything more than trivial demonstrations.

Quantum computing takes advantage of the ability of quantum information to be in more than one state at a time, and allows the construction of computers with very different properties than the ones that exist today. They also have some fairly unusual theoretical properties. Computations on existing computers are not reversible. In the simplest case, two bits go into an AND gate, but only one bit comes out, and there is no way to reverse the computation and determine the inputs of an AND gate from the outputs.

On quantum computers, however, every calculation is inherently reversible. This means that it's theoretically possible to use a quantum computer to perform a calculation, print out the result, and then step through the steps of the calculation in reverse, ending up back where it started.

The security of modern cryptography depends on certain mathematical problems being easy to compute one way and hard to compute the other way. Multiplying two numbers together is easy, but factoring a large number is hard, which is the basis for the security of the RSA scheme. Quantum computers make it possible to turn the hard mathematical problems that provide the basis for public-key cryptography, like integer factoring and calculation of discrete logarithms, into easy problems. This would make decrypting as easy as encrypting, which eliminates the security provided by the algorithms.

Because this would make encrypting and decrypting equally easy, there would be no way to overcome this problem just by making keys longer. All of the commonly-used public-key algorithms would be affected by the existence of quantum computers.

Quantum computers can also make it easier to defeat symmetric cryptography, like DES or AES, but only by a relatively small amount, and it is easy to increase the sizes of keys to keep them secure, even if quantum computers are available to an adversary. In particular, algorithms that can run on a quantum computer can reduce the effective key size of a symmetric algorithm by half, reducing the strength of a 256-bit key down to only 128 bits, for example.

Unlike public-key algorithms, where quantum computers totally eliminate the security provided by the algorithms, it is easy to increase the strength of symmetric algorithms to compensate for the existence of quantum computers: just double the key size. While speaking at the 30^th Anniversary of Public Key Cryptography event recently, Brian Snow, the former Technical Director of the NSA’s Information Assurance Directorate, said that this was the reason that the standard for AES defines keys up to 256 bits in length, keys that provide more security that will ever be needed. If quantum computing ever becomes practical, 256-bit AES keys will still provide the equivalent of 128 bits of strength, which is still more than adequate for almost all purposes.

Quantum computers have been built that use a small number of quantum bits, but they are not yet capable of performing useful calculations. A quantum computer with seven quantum bits has managed to factor the number 15 using an algorithm designed to run on a quantum computer, a result that is interesting because it shows that quantum computers can actually be constructed, but building one with enough quantum bits to threaten even 1,024-bit RSA keys is still a daunting engineering challenge.

Some experts believe that it will prove impossible to build such computers with enough quantum bits to do such calculations. Only time will tell if useful quantum computers can be built that can threaten the security of existing public-key cryptography, but even if this turns out to be possible, it is probably still several decades in the future.

Our intuition is developed by watching the world around us. This intuition works fairly well in situations that we usually encounter, but when we stray too far from these, our intuition fails miserably, and we have to fall back on mathematics and physics to understand how things work. In particular, if things get too big or go too fast, then our intuition fails, and we need to fall back on Einstein's theories of relativity to explain things accurately. GPS satellites, for example, are affected by both of these possibilities. They are near a big, heavy object (the Earth) and they go fairly fast in their orbits. Relativity tells us that time gets distorted in either of these cases, and we find that we need the framework of relativity if we want to make GPS satellites accurate enough to be useful. Without the use of relativity to correct for the slight time distortions that these satellites experience, position errors in a GPS system would accumulate at a rate of roughly 6 miles per day.

Our intuition also fails when things get very small. This is the realm of quantum mechanics, and the models that predict things accurately on this scale are nothing like what we see in our daily lives. In particular, quantum mechanics tells us that quantum systems exist in all possible states at once, and that measuring such a system collapses it into one of the possible states, losing information about the other states when it does this. So while a classical bit is either a logical 0 or a logical 1, a quantum bit can be both 0 and 1 at the same time, and if we measure its state it will turn into either a 0 or a 1, losing all of the information about the other state. This means that any information that we encode as quantum states has very different properties than the information that we encode using classical bits and bytes. It also provides the basis for three interesting technologies: quantum cryptography, quantum computing, and counterfactual computing. The most mature of these is quantum cryptography.

The term "quantum cryptography" is a bit misleading. The term describes a technology that is used to distribute cryptographic keys that are encoded as quantum information, so "quantum key distribution" is a more descriptive name for it.

An adversary who intercepts a transmission protected with quantum cryptography will destroy some of this quantum information when he tries to determine the state of what he intercepted. When this happens, he will be unable to make exact copies of the information, so he will be unable to retransmit an exact copy of what he received. Because of this, the intended receiver will be able to tell that this transmission was intercepted, and decide to not use the key that was observed by the eavesdropper. So quantum cryptography cannot stop an adversary from eavesdropping, but it can detect when such eavesdropping has happened. The first quantum cryptography protocol was invented by 1984 by Charles Bennett and François Brassard, and is commonly called the BB84 protocol.

In the BB84 protocol, for each bit that the sender needs to transmit, he needs to pick a coordinate system with which to encode the bit. This defines what states the quantum information contains. He can use coordinates based on the familiar binary 0 and 1, or he can use other sets of coordinates. He then encodes the bits using the appropriate coordinate system and transmits them. After this, he sends a list of the coordinate systems that he used for each bit. The recipient needs both the encoded bits and the coordinate systems that were used to encode them to recover the information that was sent in this way.

An eavesdropper who intercepts the encoded bits will destroy some of the quantum information in them when he checks their state. This loss of information will cause errors that will be detected by the recipient – some errors usually happen in any transmission, but too many errors indicates that eavesdropping has occurred. An eavesdropper can also intercept the list of coordinate systems that is sent, but without the information that was encoded with them, knowing the coordinate systems is useless.

Information protected by quantum cryptography needs to be encoded in quantum states, and existing implementations use individual photons that are then transmitted over a fiber-optic link. Because any hardware in a communication channel that boosts the fading signal strength needs to interact with the signal, existing quantum cryptography technologies are limited to a single fiber-optic link. Repeaters act just an eavesdropper, and destroy quantum information when they interact with it.

Quantum cryptography is an established and proven technology. There have been commercially-available quantum cryptography products since 1999, and there are now two vendors from which the technology is available. On the other hand, while the problems of key distribution and key management are indeed difficult, they have not become so difficult that quantum cryptography is an attractive alternative for most commercial deployments. So although the technology has been available for quite a while, it has not yet become a commercial success. Maybe we'll be seeing more of it in the future.

In August 2006, astronomers at the meeting of the International Astronomical Union in Prague voted to adopt a new definition of the term "planet" that reduced the number of planets in the solar system to eight. Pluto was reclassified as a "dwarf planet," much to the dismay of many astronomers and much of the general public. The trend of "convergence," in which information security becomes integrated into corporate risk management organizations, may soon result in a similar type of reclassification of the discipline.

There are valid scientific reasons to support the new definition of a planet. Pluto is more similar to the icy bodies that form the Kuiper belt, the large disk-shaped region past Neptune that is home to many such objects, than to the other planets. Many people, however, find this distinction somewhat arbitrary, and have argued that Pluto should remain a planet. Some have even started a campaign to have its place as one of the nine planets restored. Only time will tell whether or not they are successful.

There have two main reasons advanced for reclassifying Pluto as a planet again: nostalgia and politics. The argument based on nostalgia is essentially that everyone knows that Pluto is a planet, so it should remain a planet. Six billion people cannot be wrong, can they?

The argument based on politics is essentially that it is easier for scientists to get funding for research on planets than on dwarf planets, trans-Neptunian objects or Plutonian objects, other terms for bodies that do not qualify as being planets in some way. It is no secret that there are lots of small, icy bodies in the Kuiper belt, making it hard to justify funding for research that tries to find more of them. Any why would NASA spend $675 million on the New Horizons spacecraft if it is just going to visit one of these many icy rocks? On the other hand, the goal of finding another planet sounds much more important and worth of funding.

The field of information security may be due for a similar reclassification soon, as the trend towards combining information security and other risk management operations moves information security away from its roots in information technology and into the business world. The reasons for justifying the merging of security organizations seems to make sense from the business point of view, but not everyone agrees that such a change is the right thing to do. The arguments against doing this are eerily similar to the arguments for keeping Pluto classified as a planet.

One obvious argument against merging security organizations can be summarized as nostalgia, or the fact that information security practitioners have grown accustomed to not having to justify investments in information security technologies like others might have to do in their business. This has even been institutionalized in using different metrics to justify investments.

The return on security investment (ROSI) concept seems to have been created to overcome the obstacles that information security practitioners face because it is often difficult to justify investments in information security by using the conventional ROI metric. Some industry analysts have even argued that information security should be exempt from traditional risk analysis and management methodologies because the traditional methodologies do not work well in information security. Such special treatment might disappear if information security merges with other risk management disciplines.

Another argument against merging information security into a business-wide risk management organization can be summarized as politics. Many information security organizations now have the attention of upper management due to the recent increased focus on regulatory compliance. If information security becomes part of a corporate-wide risk management organization, the political influence that comes with the attention of upper management maybe reduced. If such convergence happens, many information security investments will probably be questioned if they competing for funding with other risk management projects. Can you really justify the TCO of PKI-based encrypted e-mail if the same investment can be used to reduce slips, trips and falls?

The business forces that are pushing for the convergence of information security and other risk management functions seem to be fairly strong, which may lead to the eventual disappearance of information security as a separate discipline. For many information security professionals, it seems that understanding the business where they work has already become as important as understanding information security technology. As the trend of convergence continues, understanding the business aspects of their jobs will probably become even more important. And unlike the possibility that exists of reinstating Pluto as a planet, there seems to be little chance for this trend to be reversed. So information security professionals should note the trend of convergence and try to understand what it can mean for them in the future.

Hot water freezes faster than cold water. Or does it? Cold water at 0.01 ºC will probably freeze before water at 99.99 ºC, and a small drop of cold water will probably freeze faster than a large quantity of hot water. So it's certainly not true that hot water always freezes faster than cold water. It is true in some cases, however, and there are enough of these cases to make the property interesting.

The fact that hot water sometimes freezes faster than cold water has been named the "Mpemba effect" after Erasto Mpemba, who brought it to the attention of the scientific community in 1963 while he was a high-school student in Tanzania. It turns out that stating the Mpemba effect in a careful way that's possible to verify experimentally is actually fairly tricky. You probably need something like this: "There exists a set of physical parameters and a pair of temperatures such that given two samples of water identical in these parameters and differing only in their initial uniform temperatures, the hotter of the two will freeze sooner."

If that's what it takes to say it carefully, it's easy to see why "hot water freezes faster than cold water" is preferred by most people.

You see the same preference for shorter yet not-quite-as-accurate descriptions of cryptographic schemes. It's easy to describe the Diffie-Hellman key exchange like this:

1. Alice uses her private key a to calculate g^a, which she sends to Bob
2. Bob uses his private key b to calculate g^b, which he sends to Alice
3. Alice calculates the shared secret g^ab as (g^b)^a
4. Bob calculates the shared secret g^ab as (g^a)^b

This is as sloppy as saying that hot water freezes faster than cold water, but it's also good enough for almost every time that you need to describe the Diffie-Hellman key exchange.

If you take the time to say everything precisely that you'll find that it takes too much long to say anything of consequence. So we accept a certain amount of inaccuracy in day-to-day conversation and reserve being careful to things that we put in writing. Try to describe something as simple as the Diffie-Hellman key exchange in careful and precise language and you'll find exactly how hard this can be.

I have absolutely no idea why this blog is called “Superconductor,” but when I hear the name, I’m reminded of an project I worked on several years ago that dealt with superconductors. It turns out that superconductors provide an easy way stop magnetic fields, and I used this property to build a shield that prevented certain side-channel attacks.

To carry out a side-channel attack on a cryptographic system, you make some sort of physical measurements and hope that they're correlated with some aspect of the cryptography. You might be able to do something like measuring the power that a microprocessor uses and use that information to determine a cryptographic key that it’s processing. Maybe processing a bit that's a '1' takes more power than a bit that's a '0,' for example. It’s difficult to eliminate side channel attacks. It might even be impossible.

Electronics radiate an electric field when they operate and it’s possible in some cases to determine what information is being processed by looking at how this field changes. This has been known since at least 1985, when Wim van Eck showed that it was possible to measure the emanations from a computer video display and use them to reconstruct the data being displayed.

It’s fairly easy to stop an electric field. A Faraday cage, an enclosure made of conducting material, stops electric fields very well. On the other hand, a Faraday cage doesn’t do much to magnetic fields. These are much tougher to stop.

But just like electric fields don’t penetrate into a conductor, magnetic fields don’t penetrate into a superconductor. So one way to stop magnetic emanations from electronics is to enclose them in a shield made of a superconductor, and I once built a superconducting shield that did just that.

While this sounds easy enough in principle, don’t forget that materials that we know of today aren’t superconductors at room temperature. I used a shield of YBCO, yttrium barium copper oxide, or YBa₂Cu₃O₇. This doesn’t become a superconductor until it’s 93 K (-180 ºC) or colder. This meant that I had to keep a supply of liquid nitrogen (77 K or -196 ºC) in my lab along with all sorts of other interesting stuff to build this prototype. So while the name of this blog must have meant something to someone at some time, it reminds me of working on the superconducting shield and of the clever engineering tricks that it required.