On Wednesday 01 June 2005 10:35, Birger Tödtmann wrote:
> Am Dienstag, den 31.05.2005, 18:31 +0100 schrieb Ian G:
> [...]
>
> > As an alternate hypothesis, credit cards are not
> > sniffed and never will be sniffed simply because
> > that is not economic.  If you can hack a database
> > and lift 10,000++ credit card numbers, or simply
> > buy the info from some insider, why would an
> > attacker ever bother to try and sniff the wire to
> > pick up one credit card number at a time?
>
> [...]
>
> "And never will be..."?  Not being economic today does not mean it
> couldn't be economic tomorrow.  Today it's far more economic to lift
> data-in-rest because it's fairly easy to get on an insider or break into
> the database itself.

Right, so we are agreed that listening to credit cards
is not an economic attack - regardless of the presence
of SSL.

Now, the point of this is somewhat subtle.  It is not
that you should turn off SSL.

The point is this:  you *could*
turn off SSL and it wouldn't make much difference
to actual security in the short term at least, and maybe
not even in the long term depending on the economic
shifts.

OK, so, are we agreed on that:  we *could* turn off
SSL, but that isn't the same thing as "should* ?

If we've got that far we can go to the next step.

If we *could* turn off SSL then we have some breathing
space, some room to manouvre.  Some wiggle room.

Which means we could modify the model.  Which
means we could change the model, we could tune
the crypto or the PKI.  And in the short term, that
would not be a problem for security because there
isn't an economic attack anyway.  Right now, at
least.

OK so far?

This means that we could improve or decrease
its strength ... as our objectives suggest ... or we
could *re-purpose* SSL if this were so desired.

So we could for example use SSL and PKI to
protect from something else.  If that were an issue.

Let's assume phishing is an issue (1.2 billion
dollars of american money is the favourite number).

If we could figure out a way to change the usage
of SSL and PKI to protect against phishing, would
that be a good idea?

It wouldn't be a bad idea, would it?  How could it
be a bad idea when the infrastructure is in place,
and is not currently being used to defeat any
attack?

So, even in a stupidly aggressive worst case
scenario, if were to "turn off SSL/PKI" in the process
and turn its benefit over to phishing, and discover
that it no longer protects against listening attacks
at all - remember I'm being ridiculously hypothetical
here - then as long as it did *some* benefit in
stopping phishing, that would still be a net good.

That is, there would be some phishing victims
who would thank you for saving them, and there
would *not* be any Visa merchants who would
necessarily damn your grandmother for losing
credit cards.  Not in the short term at least.

And if listening were to erupt in a frenzy in the
future it would likely be possible to turn off the
anti-phishing tasking and turn SSL/PKI back to
protecting against eavesdropping.  Perhaps as
a tradeoff between the credit card victim and
the phishing victim.

But that's just stupidly hypothetical.  The main
thing is that we can fiddle with SSL/PKI if we want
to and we can even afford to make some mistakes.

So the question then results in - could it be used
to benefit phishing?  I can point at some stuff that
says it will be.

But every time this good stuff is suggested, the
developers, cryptographers, security experts and
what have you suck air between their teeth in and
say you can't change SSL or PKI because of this
crypto blah blah reason.

My point is you can change it.  Of course you
can change it - and here's why:  it's not being
economically used over here (listening), and
right over there (phishing), there is an economic
loss waiting attention.


> However, when companies finally find some 
> countermeasures against both attack vectors, adversaries will adapt and
> recalculate the economics.  And they may very well fall back to sniffing
> for data-in-flight, just as they did (and still do sometimes now) to get
> hold of logins and passwords inside corporate networks in the 80s and
> 90s.  If it's more difficult to hack into the database itself than to
> break into a small, not-so-protected system at a large network provider
> and install a sniffer there that silently collects 10,000++ credit card
> numbers over some weeks - then sniffing *is* an issue.  We have seen it,
> and we will see it again.  SSL is a very good countermeasure against
> passive eavesdropping of this kind, and a lot of data suggests that
> active attacks like MITM are seen much less frequently.


All that is absolutely true, in that we can conjecture
that if we close everything else off, then sniffing will
become economic.  That's a fair statement.

But, go and work in one of these places for a while,
or see what Perry said yesterday:

> The day to day problem of security at real financial institutions is
> the fact that humans are very poor at managing complexity, and that
> human error is extremely pervasive. ....

I'm sure that you'll agree that the likelihood of them
closing of all the other attacks is next to nil.  Even
if some top flight security experts manages to find
a client that really cares about security and they
together manage to actually lock everything down
(a rather low probability, I'd suggest) then there will
still be 1000 other places for the attacker to steal
the data.

The day to day reality of financial institutions is that
they do not have good protections in place, they
have *adequate* protections for what they *know*
about.  Which means that there is plenty of pickings
out there.

So I would suggest that listening for credit cards will
never ever be an economic attack.  Sniffing for random
credit cards at the doorsteps of amazon will never ever
be an economic attack, not because it isn't possible,
but because there always likely to be easier pickings
elsewhere.

But don't get me wrong - I am not saying that we should
carry out a world wide pogrom on SSL/PKI.  What I am
saying is that once we accept that listening right now
is not an issue - not a threat that is being actively
dedended against - this allows us the wiggle room to
deploy that infrastructure against phishing.

Does that make sense?

iang

PS: nor does it matter whether I'm right or I'm wrong
about my prediction that sniffing will be an economic
attack or not - it's just a prediction about the future,
just a hypothetical estimate.

What matters is now:  what attacks are happening
now.  Does phishing exist, and does it take a lot of
money?  What can we do about it?
-- 
Advances in Financial Cryptography:
   https://www.financialcryptography.com/mt/archives/000458.html

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to