Re: Examples of lost security when integrating (secure) SW

From: Rick Wash (rick.wash_at_gmail.com)
Date: 06/10/04

  • Next message: nick black: "Re: Examples of lost security when integrating (secure) SW" 
    Date: Wed, 9 Jun 2004 23:30:23 -0400
To: Magnus Therning <magnus-work@therning.org>

    On Tue, 8 Jun 2004 14:10:18 +0200, Magnus Therning
    <magnus-work@therning.org> wrote:
    >
    > I just had a discussion with my colleagues regarding problems with
    > security in larger systems that are composed by combining
    > modules/components that individually are secure. Both my gut and sources
    > I have consulted says this is the case. However, I haven't been able to
    > find any examples of when this has happened!
    >
    > Bruce Schneier spends a few pages in Secrets & Lies on the subject,
    > without offering any examples of what can happen. I seem to remember
    > some talk on a conference (was it Usenix?) a few years ago__I never
    > attended it but I read the abstract of the papers/talks--where a talk on
    > security mentioned a case where the combination of two security features
    > effectively cancelled each other.

    This is an academic example, but I believe the example you are
    thinking of is the SDMI watermarking challenge. Rememeber that
    paper? It was the one with all the controversy about being published.
      One of their results was that two of the methods involved were
    opposites, and applying both to the same song cancelled each other
    out.

    The academic cryptography literature provides more examples of this
    type of thing. For example, a recent paper by Yoshi Kohno at UCSD
    illustrates that SSH's usage of AES and CBC modes is insecure yet both
    of the underlying technologies are secure. This is more of an
    example of how difficult it is to get security right than it is
    technologies cancelling each other out.

      Rick

  • Next message: nick black: "Re: Examples of lost security when integrating (secure) SW"