"Arnold G. Reinhold" wrote: > > At 11:50 PM -0400 10/1/03, Ian Grigg wrote: > >... > >A threat must occur sufficiently in real use, and incur > >sufficient costs in excess of protecting against it, in > >order to be included in the threat model on its merits. > > > > I think that is an excellent summation of the history-based approach > to threat modeling. There is another approach, however, > capability-based threat modeling. What attacks will adversaries whom > I reasonably expect to encounter mount once the system I am > developing is deployed? Military planners call this the "responsive > threat." There are many famous failures of history-based threat > modeling: tanks vs. cavalry, bombers vs. battleships, vacuum tubes > vs. electromechanical cipher machines, box cutters vs skyscrapers, > etc.
A very nice distinction. The problem with this approach is that it depends heavily on the notion of "reasonably expect," which is highly obvious, after the fact. In each of those cases, it was possible to trace the development of the attack through history, again, after the fact [1], [2], [3]. In each case, the history was mostly readable. Just like security today. In each case, it was very difficult to predict the future. And, for those lucky few who did, they were ignored. And, for those lucky few who did predict correctly, there were many score more who predicted the wrong thing. Military affairs are fairly typecast. You are stuck with the weapons of the past, chasing an infinite number of possibilities in the future. In all that, you have to fight the current war. Prepare for some unlikely future at your peril. If you pick the wrong one, you'll be accused of being a dreamer, or of fighting the last war. Pick a future that actually happens, and you'll be called a genius. Crypto systems get pretty much deployed like that as well. Reasonable threat models are built up, a point in the future is aimed for, and the system gets deployed. Then, you hope that attacks like that of Adi Shamir's student don't happen until the very end of life. You watch, and you hope. > In the world of the Internet the time available to put in place > counteract new threats once they are publicized appears to be > shrinking rapidly. And we are only seeing one class of adversaries: > the informal network of hackers. For the most part, they have not > tried to maximize the damage they cause. There is another class, > hostile governments and terrorists, who have so far not shown their > hands but are presumably following developments closely. I don't > think we can restrict ourselves to threats already proven in the wild. The alternate is to prepare for every possible threat. That's hard. It may be that you can justify this level of expenditure, but for most ordinary missions, this is simply too expensive. Mind you, I'm not sure of your first claim there, can you explain why the security field has not moved quickly to counter the threat of web site spoofing? It's been around for yonks, and it's resulting in losses.... > Then there is the matter of costs and who pays them. Industry is > often willing to absorb small costs, or, better, fob them off onto > consumers. Moderate costs can be insured against or written off as > "extraordinary expenses." Stockholders are shielded from the full > impact of catastrophic costs by the bankruptcy laws and can sometimes > even get governments to subsidize such losses. > > Perhaps guilds are the right model for cryptography. At their best, > guilds preserve knowledge and uphold standards that would otherwise > be ignored by market forces. Anyone out there willing to have open > heart surgery performed by someone other than a member of the > surgeon's guild? Anyone out there willing to send a chat message that is protected by ROT13? As we have defined our mission, we can set our requirements, and build our threat model. I don't see that the presence of huge costs in some exotic industries means the rest of us have to pay for heart surgery every time we want to send a chat message. Or face death threats every time we pay for flowers with a credit card. But, I grant you that FUD will play a part in the ongoing evolution of the Cryptologists' Guild, just as it has in the past. It's too powerful a card to ignore, just because it is unscientific. YMMV :-) iang [1] Although Guderian's development of Blitzkreig was kept a secret, as was all German war planning, it wasn't totally unemulated by the Allies, just not up-played as well as it might have been &. C.f., Patton, who famously "read Rommel's book," and de Gaulle, who parlied a presidency out of his success at holding back the Guderian advances, albeit briefly. In fact, the French tanks outnumbered, outgunned, and out armoured the Germans, The Versaille Treaty banned Germany from having *any* armoured vehicles. That's preparation! & _Panzer Leader_, General Heinz Guderian, 1952. [2] box cutters v. skyscrapers - I have a collection of films that predict the activities of 9/11 in the years before *. In each case, note that Hollywood famously predicts not only a diabolical attack with many similarities, but also a cunningly devious deception plan. * _Die Hard_ (1,2,3), _Executive Decision_, _Under Seige_, _The Seige_, and I gather one of the Clancy books describes the precise form of the attack. Oh, and countless James Bond movies. [3] Bombers v. battleships - yes, although bombers v. submarines, no. It took sonar, depth chargers and lots of frigates to counter the U-boats. Vacuum tubes v. enigma machines, yes with 3 reels, not immediately with 4, and useless when Hitler switched back to motorcycle couriers in the battle of the Bulge. Etc). --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]