The Value Of Security
Copyright© Miklos Szegedi, 2023.
I started this blog to address a few issues that I saw in tech. I received some feedback that it is provocative. It is way simpler to do such things when you run your own business, and you are not on payroll. I try to be more inspiring and insightful in the future.
I learned quickly that securing a work environment is not so easy. I had to do hard work to get things working like in an enterprise environment.
Problem Why do we need digital security?
Solution Academic research supports rational decision-making and sufficient information to make efficient economies. A secure work environment ensures that accurate and sufficient information is available. Privacy is important. If our decision is affected by feedback on leaked data, the decision-making may become irrational leading to inflation, high risks, lower productivity.
The goal of digital security is to ensure independent, rational decision-making.
The first question is the flow of abundant, and accurate information.
Problem Distributed systems are difficult, especially if you run a lean startup.
Solution Cloud was the single biggest investment in the past two decades that helped startups. Running a distributed and connected environment is not so difficult anymore. There is still a need of privacy, so offline will be with us forever for one reason: Psychology.
There are two main algorithms everybody can master distributed networks.
Problem I need to collect a large file sized of a single node or less. It is computed from an entire cluster of thousand machines. I am sensitive to latency.
Solution All problems can be derived to this. Your machines have a data blob of zeros, but you may have a single bit set in the datacenter. The way this is handled is that you pick five hundred machines that talk to five hundred other. They collect a localized result. Two hundred and fifty can talk to two hundred and fifty others to reduce the set. Eventually this logarithmic algorithm will set the bit on one machine, or it collects a filtered result on one machine. You just read it from there. You cannot get this done in less time. The algorithm already processes information from each node aggregated with information of all other nodes in a logarithmic critical path. Less than logarithmic critical path would mean a node is not accounted. It is a node bandwidth optimized scenario. This solution follows the tree topology.
Problem You need to spread a single large dataset across your cluster requiring the bandwidth of each node times the number of nodes.
Solution This does not require a logarithmic computation. It is just a copy. It requires the cluster bandwidth by design, but it allows a latency of the node count times the transfer time between nodes. You have a full duplex connection on each machine. You can replicate the block by sending out right away, when it arrives. This is a circular topology. This is replicated right away by the next machine. A circle is made that fills up the cluster as fast as possible proportional to the link transfer latency and the block unit size.
Any other algorithm can be derived to these two. Modern databases are leveraging these called streaming and reduce aggregation in products like Spark, Kafka, Flink, etc. Algorithms like gossip, when any node communicates to any other are less efficient. They need to shorten the message sizes vs. the potentially infinite size of the stream. Gossip does not use the network bandwidth efficiently, some wires are used less.
Problem Security and authorization is hard for lean startups.
Solution This is not really the case. You can cap the bandwidth of any potential attacker. A simple example is a vault that has a pin code of five digits. You wait for ten seconds before giving an accepted or denied answer. This will enable the vault to require more than a week to open. Gunther, the Swiss banker can come back from a long weekend. He can catch the robbers in action. All the damage he suffers is that he drops his Swiss cheese sandwich due to the surprise.
Similarly, computer systems can add critical sections and 100 milliseconds to 1000 milliseconds of waiting on a positive answer to introduce an artificial bottleneck. It does not matter at this point whether attackers use regular or quantum computers.
Problem Transferring data can expose it through quantum computing.
Solution The most basic rule is Kerckhoff’s principle stating that even if the system is public, the cryptographic key ensures the security of the message. The most basic system in such case is a bitwise xor with a key as long as the message. The key is never reused. You just need to use a secret key as long as your data file. A quantum computer may apply keys, it can generate any document in the world, it will never figure out the original one.
You can share such secrets during manufacturing time in a solution like a TPM chip. A remote key knob can contain the same stream as the car. It can replay the next key in the list every time the door is opened. A car is opened about twenty thousand times a lifetime. A unique set of keys require just ten megabytes or even less of cheap flash. Some algorithmic quirks are needed, so that the knob never sends out all items to a black hole malware.
Problem How do you distribute such a key?
Solution You can distribute a sufficiently random dataset by doing a bitwise xor of the first secret block private key and each following one with the result. You can use a pre-shared key-set to adjust risk levels arbitrarily. If you never use the random numbers, or you use them to encrypt random messages, they will remain secret forever.
Problem Such a solution still have risks of man in the middle attacks sticking well known inputs to retrieve secrets.
Solution If you use them to xor encrypt data streams, then you need to encrypt an arbitrarily long random set first. Any man in the middle attacks or decrypting require the attacker to iterate through the complexity of the random blocks before. This is impossible even with quantum computers due to Kerckhoff’s principle.
Problem Wait, should not we use public key encryption?
Solution Modern academic approach taking quantum computing into consideration suggests retiring these certificates.
The history of Internet helps to understand this. The public key certificate system was invented through defense projects. They rely on a hierarchy of certificates copying the command chain. This is very efficient, when hierarchies are the best. Management ensures the completion of the project by having the freedom to choose and lay of staff.
Efficient economies on the other hand rely on distributed decision-making. This makes them more efficient for long-running perpetual processes triggering growth.
If you need to drop parachutes to capture a bridge for a convoy, you need a commander that plans the schedule. If you need to grow as much grain as possible, you make sure you educate farmers, that take care of the land, financing and selling independently. They do not require extensive communication and risk. They will grow more for less.
You can verify cash by looking at the color and familiar patterns. Public-key based certificates are hard to verify, even if you are good at elementary maths. Many symmetric key algorithms were built against Kerckhoff’s principle relying on multiple rounds of shuffling. Ever improving processors generated the development of 3DES from DES tripling the shuffling as “good enough”. This is the weakness of them in the age of neural network computing and quantum computing. Attackers also often target the random number generators making them predictable.
The best approach is to have multiple layers of security. Keep the certificate based security for https browsers. Add an additional layer of protection to protect against modern tools. Choosing an xor approach with an hourly change of keys and a long random initialization vector at the beginning of streams helps. Random back references can help to deter human interceptors. Such algorithms have minimal power overhead.
Problem Let’ encrypt everything then.
Solution This is not the real case. Public streams like upgrades or news articles can be distributed over unencrytped HTTP channels with an integrity signature. Defenders can see the streams, verify hashes and address any man in the middle attacks easier. If updates are encrypted different customers can get different streams with different malware. This prevents growth in the economy strengthening cyber-gangs, violence, and corruption.
Problem We can prevent cybercrime this way.
Solution We also need to address the motive with economic solutions. Marketing, defense, red brick education are zero-sum games that require different solutions for hierarchical systems. Manufacturing, design, services, arts, finance, communication and are positive-sum games that require distributed solutions to ensure rational decision-making. Racing, gang violence, nationalism, racism are negative sum games that need to be addressed by education and law.
Problem We need many cyber-cops then.
Solution That is not the full answer. You need as many cops so that the demand of investigation has a matching supply. Too much oversight prevents people to learn independent decision-making. This supports a healthy 3-4% real growth, productivity gains, low inflation and real returns. The Invisible Hand of Adam Smith ensures that selfish people also think about the future and society knowing they will get more, if there is a growth. If oversight and rules deter investment, growth suffers, and the Invisible hand suggests hoarding, selfishness, corruption over competition.
Problem How much cybersecurity do we do then?
Solution It depends on the type of risks similar to rate matching in banks. Cash hungry cyber gangs have a constant size. They can be addressed by insurance companies that finance investigations and capture them. If crime grows, they lose more, so there is an incentive to invest more. The criminals target everyone, so the insurance setup is the right one.
Tech risks can rise on complexity. Twice as much code will likely have more potential backdoors. Limiting unnecessary code helps. No-code can also expose risks, if there is no review or labeling of models. Matching demand with staffing is the right solution to limit these.
Cyber enforcement from excise taxes can make sure that there is a constant quality regardless of competition and price levels. The growth of economy can be protected by spending on financial crimes from income or sales taxes.
Problem Do we need offensive tools?
Solution Whoever has offensive tools will use them. They already invested in them, so they need to prove efficiency to sustain the investment. Building offensive tools in large can lead to conflicts as a result. Real low cost, low risk, low interest rate security solutions tend to reduce costs over time. The security spending converges to zero in a low rate economy replacing race and conflict with competition.
Problem Does my software stack have backdoors?
Solution You can estimate it. Assume that you have one percent chance to introduce a backdoor with a release. You release hundred times a year. This stochastic model suggests a safety rate of 37% having a probability of a backdoor 63%. Release less, release less code, and release only code that is matched with revenue.
Problem Do I have intentional backdoors?
Solution Industrial and defense sabotage is different. When something is secret, you can expect that only few people know about it. This suggests, they will inject only a few errors, if they can. They will probably be more assertive to protect them. The author suggests relying on liberal law standards of requesting court permission and physical access based on jurisdiction. Everything else can be legally problematic for law enforcement.
Problem Do all backdoors need to be found?
Solutions It is similar question to the value of information. If there is a backdoor that will never be exploited, it is cheaper not to spend finding it. However, if investors are increasing rates due to risks, reviews might help to lower uncertainty and costs.
Problem What to do when a backdoor is revealed?
Solutions The answer is simply check what others do in this case and copy the process. There is a risk that public backdoors affect legal cases. One may argue that the validity of an evidence is affected by the integrity of systems. Data stored on earlier versions after a patch may not be reliable.
Problem Should I keep backdoors secret?
Solution Never leave hidden backdoors in systems. It increases risks. It is a bond that is paid when the backdoor is recovered. You should rather transparently document and fix what is revealed. If you need to protect against errors of robotics, install a push button to stop it like trains.
Problem Should I use obfuscation?
Solution No, you should use Kerckhoff’s principle and a strong random key instead. Obfuscating used to help against a few well known smart hackers, when tech employed just a few people. It just increases your costs, and you lose out with competition having a slower upgrade time.
Problem Future?
Solution Adjustable secret quality can be achieved by mining random numbers and sharing them with others. If fifty random numbers are xored together, and attacker has to reveal them all. Otherwise, they will attack the merging point making them easier to catch.
Problem So what is the final solution?
Solution You need to rely on the legal system of the local jurisdiction. Data needs to match the applicable law. Systems and terms need to specify the applicable jurisdiction. Express explicitly, if there is a territory where you do not want your service to be used.
Focus on what taxes are used for rather than trying to avoid taxes. You have to rely on legal enforcement standards eventually. Some front yards do not have a fence.
A good approach is to check what data bankrupted companies stored. You can catch who was spying on competition this way. Such procedures deter cyber crimes.
Researching functioning companies may be expensive, but the method above may be a sufficient deterrence. Be proactive vs. reactive to save costs.
Problem Are cyberattackers advanced?
Solution You can expect them to be advanced. Even a college grad can create systems like below.
Any icon or processor driven microphone signal can be changed to show false indicators that there is no recording or that WiFi is turned off. Systems that mask file systems that write and read local disks or the network instead of a USB key. Simple AI can revert some changes to make you confused and slow you down. Data center hardware can learn and analyze test results to inject intentional but sporadic looking errors to increase the cost of competition. Make sure your system is secure.
Problem So does crypto money has value?
Solution The value of crypto money is proportional to that bond of secrets mentioned earlier. If a secret becomes public the bond is paid. Crypto has such a risk, cash has a different risk. The price of crypto includes the security risk of algorithms and systems it relies on.