Postmodern security

The real challenge going forward: we can't trust anything.

A few weeks ago, I wrote about postmodern computing, and characterized it as the computing in a world of distrust.

This morning, I read Steve Bellovin’s blog post, What Must We Trust? — Bellovin explains that “modern” (my word) security is founded on the idea of a “Trusted Computing Base” (TCB), defined (in part) in the United States’ Defense Department’s Orange Book. There were parts of a system that you had to trust, and you had to guard their integrity vigilantly: the kernel, certainly, but also specific configuration files, executables, and so on.

The TCB has always been problematic, particularly since (at least initially) it did not consider the problem of network connections. But networking aside, Bellovin argues that recent events have blown the idea of a “trusted” system to bits. We’ve seen attacks against (Bellovin’s list) batteries, webcams, USB, and more. If Andromedans (Bellovin doesn’t want to say NSA) have managed to infiltrate our disk drives, what can trust mean? And it would be naive to think that this stops with devices that have disk drives. Our devices, from Fitbits to data centers, have been pwnd even before they’re built.

That’s the real challenge going forward: we can’t trust anything. The age of distrusted computing is here. And, at the end of the post, Bellovin makes an intriguing remark:

“Some of the work in secure multiparty computation suggests that we need not trust anything, if we’re willing to accept a very significant performance penalty.”

I’m not sure what Bellovin is alluding to, but that could be a reference to the blockchain, which I see as a brilliant (and computationally very expensive) solution to the problem of trust in a system where all players are distrusted. It could also be a reference to techniques such as fully homomorphic encryption, which allows (very expensive) computation without decrypting the data. I don’t know if the blockchain or FHE are the answer, but we do know the question. Non-trusted computing is the central infosec problem of the post-modern computing world.

tags: , , ,