Re: X.509 / PKI, PGP, and IBE Secure Email Technologies
Anne Lynn Wheeler wrote: Ed Gerck wrote: Regarding PKI, the X.509 idea is not just to automate the process of reliance but to do so without introducing vulnerabilities in the threat model considered in the CPS. but that is one of the points of the article that as you automate more things you have to be extra careful about introducing new vulnerabilities I believe that's what I wrote above. This rather old point (known to the X.509 authors, as one can read in their documents) is why X.509 simplifies what it provides to the least possible _to_automate_ and puts all the local and human- based security decisions in the CPS. (The fact that the CPS is declared to be out of scope of X.509 is both a solution and a BIG problem as I mentioned previously.) the issue of public key email w/o PKI ... is you have all the identical, same basic components that PKI also needs. PGP is public-key email without PKI. So is IBE. And yet neither of them has all the identical, same basic components that PKI also needs. Now, when you look at the paper on email security at http://email-security.net/papers/pki-pgp-ibe.htm you see that the issue of what components PKI needs (or not) is not relevant to the analysis. ... as in my oft repeated description of a crook attacking the authoritative agency that a certification authority uses for the basis of its certification, and then getting a perfectly valid certificate. What you say is not really about X.509 or PKI, it's about the CPS. If the CPS says it restricts the cert to the assertion that the email address was timely responsive to a random challenge when the cert was issued, then relying on anything else (e.g., that the email address is owned or operated by an honest person or by a person who bears a name similar to that mailbox's username) is unwarranted. Cheers, Ed Gerck - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Clips] Study Finds Mass Data Breaches Not as Risky as Smaller Lapses
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Thu, 8 Dec 2005 15:59:25 -0500 To: Philodox Clips List [EMAIL PROTECTED] From: R. A. Hettinga [EMAIL PROTECTED] Subject: [Clips] Study Finds Mass Data Breaches Not as Risky as Smaller Lapses Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] http://online.wsj.com/article_print/SB113380595757914237.html The Wall Street Journal December 8, 2005 FISCALLY FIT By TERRI CULLEN Study Finds Mass Data Breaches Not as Risky as Smaller Lapses December 8, 2005 Two scenarios: a) You're notified by an online retailer that you're among millions of customers whose account information was lost or stolen; or b) you learn a former staffer has stolen employee names, addresses and Social Security numbers from your small business. Which one puts you at greater risk for identity theft? If you chose b, you'd be correct, according to a study released Wednesday by ID Analytics, a San Diego company that helps companies combat fraud using pattern-recognition technology. The company examined billions of bits of identifiable information, such as Social Security numbers, cellphone numbers, dates of birth and credit-card account numbers, from consumers who were victims of security breaches. The study analyzed four cases of security breaches, two involving the theft or loss of sensitive data, including names and Social Security numbers, and two involving credit-card account information only. SHARE YOUR THOUGHTS What do you think?1 Are corporate notifications of data security breaches necessary to prevent identity theft, or do they cause unnecessary panic? What should companies do to aid customers when they discover sensitive consumer data have been lost or stolen? Write to me at [EMAIL PROTECTED] Turns out size does matter: The study found that individuals involved in mass data security breaches are less likely to have their information misused than victims of smaller data breaches. The sheer volume of consumers affected slows identity thieves down, says Mike Cook, vice president of product services at ID Analytics and one of the company's co-founders. We applied identity theft to real work terms, eight-hour days, with breaks and vacation time, and found that it would take a fraudster 40 years to work a million stolen IDs, he says. Some disclosure: ID Analytics, which is in the business of detecting identity theft for companies such as financial-services firms and retailers, initiated the study at the request of the companies whose security breaches were examined. The companies didn't sponsor the study, but ID Analytics provides services to one of the breached companies and provided services to another of the companies in the past. The ID Analytics study also found that mass data security breaches didn't result in the identity theft free-for-all many had feared. The odds are less than one in 1,000 that misuse or fraud will be detected for individuals whose sensitive information is compromised in cases of large-scale security breaches. Identity theft was more common when there was an intentional effort to steal information, as opposed to security lapses that occurred by accident, the study found. So, for example, you're more likely to be a victim if a thief intentionally steals a laptop to access the sensitive consumer data it holds, rather than if the thief steals the laptop simply to hock it for cash. The study comes in the wake of a series of highly publicized mass security breaches this year, which raised concern about the potential for widespread identity theft. In June, for example, MasterCard International Inc. reported3 that someone had broken into the computer network of CardSystems Solutions Inc., an Atlanta company that processes credit-card transactions. The breach gave the thief access to names, account numbers and card security codes on more than 40 million credit-card accounts. When breaches such as this are disclosed, many consumers have no idea how likely it is that their information will be used to commit fraud, says Jay Foley, co-executive director of the Identity Theft Resource Center in San Diego, a nonprofit organization that assists victims of identity theft. What [ID Analytics] is doing is identifying quite accurately where the greatest potential danger is, he says. The study emphasizes the types of breaches [that] businesses and government need to look at closely and take seriously. What constitutes a higher-risk intentional breach? The riskiest category is one-on-one crimes, where a thief targets a victim to steal identification or account information. When information on thousands of individuals is stolen, however, the chances of one person in that group becoming a victim falls considerably, according to the study. As you pass information stolen on 200 people or more in one incident, the risk drops off sharply, he says. Consumers
Re: X.509 / PKI, PGP, and IBE Secure Email Technologies
-- From: Anne Lynn Wheeler [EMAIL PROTECTED] PKI is trying to offer some added value in first time communication between two strangers However, the main point of attack is phishing, when an outsider attempts to interpose himself, the man in the middle, into an existing relationship between two people that know and trust each other. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG FYVMooN6NmFglw4lbAf5aNMCV9JMCU/ozMfXJMgI 4WWQ2pQAOpm3Ttro+Ga5AcJIyW4/gefQzmeVWEsPN - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: X.509 / PKI, PGP, and IBE Secure Email Technologies
-- James A. Donald: We can, and should, compare any system with the attacks that are made upon it. As a boat should resist every probable storm, and if it does not it is a bad boat, an encryption system should resist every real threat, and if it does not it is a bad encryption system. Aram Perez I'm sorry James, but you can't expect a (several hundred dollar) rowboat to resist the same probable storm as a (million dollar) yacht. James A. Donald: Software is cheaper than boats - the poorest man can afford the strongest encryption, but he cannot afford the strongest boat. Aram Perez If it is that cheap, then why are we having this discussion? Why isn't there a cheap security solution that even my mother can use? Design is not cheap, and in particular cryptographic design is not cheap, because one has to see what attacks eventuate - one commonly discovers that one's cryptography was fine, but one's threat model was inadequate. But having been designed, and survived attack, it can then be supplied to everyone. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG J0TlTGnN72O7gpg1XX5GRDTi4nJ4wVeAa557yccN 44MC72QwGhBFeTainKp+spi3G6oGpfuNsPZYDSpwt - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: X.509 / PKI, PGP, and IBE Secure Email Technologies
On Thu, Dec 08, 2005 at 09:40:22AM -0800, Aram Perez wrote: On Dec 7, 2005, at 10:24 PM, James A. Donald wrote: Aram Perez James A. Donald: We can, and should, compare any system with the attacks that are made upon it. As a boat should resist every probable storm, and if it does not it is a bad boat, an encryption system should resist every real threat, and if it does not it is a bad encryption system. I'm sorry James, but you can't expect a (several hundred dollar) rowboat to resist the same probable storm as a (million dollar) yacht. Software is cheaper than boats - the poorest man can afford the strongest encryption, but he cannot afford the strongest boat. If it is that cheap, then why are we having this discussion? Why isn't there a cheap security solution that even my mother can use? Can your mother sail a boat? Worth noting that more expensive doesn't necessarily make the boat easier to sail (in fact there are more things to tune, in general), and at the point that you're getting a million pound yacht, you'll probably be hiring someone very qualified to skipper it for you... Is that a useful comparison then to security software? I would expect a competent sailor to be able to weather some storms in a rowboat, where, your mother (to use the example above) would fail. If we carry the discussion to its logical conclusion: I'd therefore expect someone who understands about security to be able to use available security software with a reasonable ability to keep their data safe. Useability and cost are not necessarily related. This discussion is conflating both things. In the security software case, the useability is not there yet at all, the cost is generally fine. The question you want to be asking is what can be done to make the available software useable safely by my mother? Cheers MBM -- Matthew Byng-Maddick [EMAIL PROTECTED] http://colondot.net/ (Please use this address to reply) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: [Clips] Diebold insider alleges company plagued by technical woes
Does anyone here have any links to voting system designs that use cryptography to achieve their goals? Have a look at www.scytl.com Neil Mitchison - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
