Pages: 1 ... 3 4 5 6 7 8 ...9 ...10 11 13 14

  2006-07-28

The toughest part of designing secure products

  21:37, by Hagai Bar-El   , 928 words
Categories: Security Engineering

It is already obvious that security is hard to do right. Bruce Schneier has written a good essay called: Why Cryptography Is Harder Than It Looks. This essay refers to cryptography, but touches on the subject as a whole. It is still not always clear, however, where the hard-core of security analysis work is, and where exactly the difference from QA, and from other system engineering domains, lies.

I would like to take a shot at explaining the fundamental difference between assuring functionality and assuring security, and pinpoint the toughest part of security analysis.

Full story »

 PermalinkLeave a comment »

  2006-05-07

Is E-mail encryption really too complex?

  21:32, by Hagai Bar-El   , 567 words
Categories: IT Security

Every once in a while we read yet another article revealing the level to which e-mail encryption is uncommon. The last one I saw is here. Whenever the debate is raised about how come e-mail encryption is so seldom used, we hear the common opinion that e-mail encryption is just not easy enough for the commons; yet. It is not intuitive enough, it is not user-friendly, it is too intrusive to the typical work-flow, and so forth. Indeed, e-mail encryption for the masses is with us for more than a decade already, and other than a few geeks and a few privacy-savvy individuals, people just don't use it.

Full story »

  2005-11-12

Evaluating Commercial Counter-Forensic Tools

  21:30, by Hagai Bar-El   , 548 words
Categories: IT Security, Sources

I have just enjoyed reading "Evaluating Commercial Counter-Forensic Tools" by Matthew Geiger from Carnegie Mellon University. The paper presents failures in commercially-available applications that offer covering the user's tracks. These applications perform removal of (presumably) all footprints left by browsing and file management activities, and so forth. To make a long story short: seven out of seven such applications failed, to this or that level, in fulfilling their claims.

Full story »

  2005-10-24

Anonymity -- great technology but hardly used

  21:27, by Hagai Bar-El   , 581 words
Categories: IT Security

It's hard not to appreciate the long way we did in studying anonymity and pseudonymity. We know a lot and can do a lot. Each time I read on a zero-knowledge scheme or on another untraceable digital cash I am amazed by the amount of knowledge that the security community has gained and by its arsenal of mechanisms that can buy us any sort of anonymity or pseudonymity we want to deploy. But do we? In spite of our having the ability to establish anonymous surfing, have untraceable digital cash tokens, and carry out anonymous payments, we don't really use these abilities, at large.

If you are not in the security business you are not even likely to be aware of these technical abilities.

Full story »

  2005-06-21

Today's Credit Card Fraud Prevention -- Throwing The Baby With The Bathwater?

  21:24, by Hagai Bar-El   , 596 words
Categories: Security Policies

E-commerce and credit cards in particular are always considered to have succeeded in overcoming the big problem of fraud. All too often when a new security mechanism is presented to combat credit card fraud its opponents claim that fraud in credit card transactions is already mitigated to an adequate extent. This does not seem as a false claim as we don't see Visa, Mastercard, or American Express going bankrupt due to fraud. The fraud figures are not too bad either considering the fact that no state-of-the-art mechanism is deployed yet for the masses.

However, trying to make an online purchase recently made me lose any respect I had for the so-called anti-fraud mechanisms that are used today.

Full story »

  2005-06-04

Trojan-Horse Espionage in Israel -- A Tip of an Iceberg

  21:22, by Hagai Bar-El   , 661 words
Categories: IT Security

About one week ago, a serious commercial espionage system was discovered in Israel. For years, several large-scale companies in Israel enjoyed inside information about their competitors using private investigators who were using a Trojan horse application that was planted on victims' workstations. More details can be found in this Globes article.

Obviously, the topic made it to the national news primarily because it involved high-profile companies in Israel, companies that "everybody knows", and because it led to the arrest of several top executives. It's the first time such a large scale espionage act is discovered in Israel, and this is new, but the rest is not.

Full story »

  2005-05-14

Watermarking for DRM? Maybe one day

  21:16, by Hagai Bar-El   , 228 words
Categories: Security Engineering

One of the biggest hurdles of DRM results is that content can somehow be leaked by a few skilled individuals and then find itself on the peer-to-peer networks again. The only way to mitigate this threat is by embedding a watermark on the plain content data that will be used either by the playback devices to recognize pirated content or for identifying the source of leaked content on the network.

That's nice, but for this we need a watermarking scheme that can be detected by a non-secret mechanism (called Public Watermarking) and for this mechanism to be such that makes it impossible, or at least very difficult, to peel the mark off. Unfortunately, these two requirements are known to be contradicting. The schemes being public implies that anyone can form an oracle that will tell him as soon as the mark was rendered useless. Once such an oracle is available there is a simple iterative process to be followed by which changes are introduced to and removed from the original content until the result is another piece of content that on one hard is not too different from the original and on the other hand does not contain a usable mark.

This is not to say that watermarking for DRM is doomed to failure - this is just to say that a breakthrough is needed to make it happen.

1 ... 3 4 5 6 7 8 ...9 ...10 11 13 14