>From: "Perry E. Metzger" <[EMAIL PROTECTED]> >Sent: Aug 6, 2005 2:28 PM >To: cryptography@metzdowd.com >Subject: solving the wrong problem
>Frequently, scientists who know nothing about security come >up with ingenious ways to solve non-existent problems. Take >this, for example: >http://www.sciam.com/article.cfm?chanID=sa003&articleID=00049DB6-ED96-12E7-AD9683414B7F0000 >Basically, some clever folks have found a way to "fingerprint" the >fiber pattern in a particular piece of paper so that they know they >have a particular piece of paper on hand. It is claimed that this >could help stop forged passports. >Unfortunately, the invention is wholely useless for the > stated purpose. A couple of these guys gave a talk at NIST recently. The thing is, I can think of a bunch of uses for the thing they're doing. This looks genuinely useful as a tool. Whether they've worked out how to use the tool to best effect is a different question. The passport idea doesn't add much, as you pointed out. The reason is that the thing you care about there is that the information on the passport hasn't been tampered with and originated from the right source. An identical copy of my passport is no worse than the original. On the other hand, think about the uses of this technology for paper bearer instruments. Design travelers' checks that include a 2D barcode with a BLS signature, bound to the piece of paper, and you can print the damned thing on regular paper if the readers are cheap enough. Similar things apply to stamps, tickets, etc. If you can get readers into peoples' homes, you can even allow home printing of tickets, travelers' checks, etc., each bound to a specific piece of paper. Add a reader to your favorite DVD player platform (I think it's the same basic hardware as is used in a DVD player), and you can uniquely sign content on a disc, and use the player's hardware to enforce only playing content when the disc's biometric matches the signed content. You could use the technique to scan small bits of flat surfaces of all your stuff (the basic technique works on paper, plastic, and metal, at least; I'm not sure if it works on wood or glass), record the biometrics and locations of the scans, and provide this to the police when your house gets burgled. There are some wonderful potential uses for this technology in making paper-based voting systems *much* more secure. And on and on. If I were in the business of producing tamper-resistant paper, I'd be scared to death. ... >Anyway, I have a larger point. >I read about such stuff every day -- wacky new ways of >building "tamper proof tokens", "quantum cryptography", and >other mechanisms invented by smart people who don't >understand threat models at all. Yes. As I said, sometimes this stuff looks almost useless (like quantum cryptography), other times it looks like it may provide powerful tools, despite the fact that its designers don't know much about how to use those tools yet. The same is often true in cryptography, where we have some very theoretical work which sometimes ends up having enormous practical consequences. >We already have the term "snake oil" for a very different >type of bad security idea, and the term has proven valuable >for quashing such things. We need a term for this sort of >thing -- the steel tamper resistant lock added to the >tissue paper door on the wrong vault entirely, at great >expense, by a brilliant mind that does not understand the >underlying threat model at all. In my consulting days, I used to use the term "padlocking the screen door" for the related phenomenon of piling security on one part of the system while ignoring the bigger vulnerabilities. But this is a bit different.... >Perry --John Kelsey --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
