Software Development : Security

From bitrary
Jump to: navigation, search

Security is a measure of reliability. Reliability to attackers. Software related security topics are a superset of information related aspects of spycraft.


Social Aspects

  • As history has shown time and time again, the strongest mafia in the area, generally called as "state", can, often will, declare anything to be forbidden, generally phrased as "illegal".
  • Slave-minded people will relentlessly toil for the mafia, which is often in a form of some Church, be the propaganda based on Chris-tianity, Is-lam, "statehood", etc. Statistically speaking, slave-minded people form a majority of the population. As pure democracy is just another form of utilitarism, where "the greater good, the goal that justifies the means" is determined by the Church, majority of slave-minded people enforce slavery (for the benefit of the Church leaders).


That is to say, for non-slave-minded people there is no point of trying to win the popular support, "win the elections". They should just be active at finding like-minded, non-slave-minded, people and work with them on creating opportunities for their own, parasitism-free, non-Church-toiling operations.


As anything can be declared illegal, ultimately all IT related security boils down to a situation, where party $P_1$ applies a security measure and then takes it for granted that it will be a target of a violent attack by its enemies. The attack can have a form of imprisonment, killing, starvation by sieging the castle, obstruction of business, freezing bank accounts, etc. The party that outlasts the violent conflict, prevails.


According to popular literature (and Hollywood), skilful and careful spies often get caught by a scheme, where someone from their parent agency deflects and rats them out. That is to say, even literally perfectly conducted operations with perfect technology will fail, if loyal co-workers are either dumb or smart co-workers change their minds.


Last, but not least: in chess everything is public, visible, but it's still a hard game to play, regardless of how good the eye-sight (read: spy agencies) of any of the players is. Given that "small people" do not have the monetary resources that super-mafias, the "states", have, the small people can save a considerable amount of their very scarce resources by playing the game as if it were a game of chess with peculiarities that the location of the opponents' buttons are not directly seen and can be determined only probabilistically by deduction and the location of one's own buttons are fully visible to the opponent. It's beneficial to keep in mind that many of the people that toil a Church can be very smart in some, narrow, context. Specially people that have not been, yet, horribly mistreated by the Church. Examples of truly smart "useful idiots": Werner von Braun, Alan Turing.


Due to the fact that the number of possible attack types is far greater than the number of different type of defence measures that any party can cost-wise or knowledge-wise ever apply, the offender has always a huge advantage. That explains the cliché, "The best defence is an offence", and explains, why the only practical use for spy-craft is target acquisition combined with knowledge, how to minimize the target acquisition effectiveness of enemies.


Philosophical Arguments for Privacy

Essentially everything revolves around dodging attacks and preparing to attack others, but there can be different flavors.


Hiding

General idea of hiding is to make finding the hidden thing as expensive, resource consuming, as possible. The more spaces to study, the "greater the key-space", the greater the "search-space", the more expensive it is to find the hidden thing.


Places that are "most optimal" by some property of the hidden thing, for example, rooftops for snipers, reduce the search-space, provided that the hider is dumb enough to choose the "most optimal" place.


The more expensive it is to search a single place in the search space, the smaller search space can impose adequate expense to the searcher. For example, a 5 character password is good enough if the delay for both, succeeding and failing password candidates is 5 (five) seconds and password candidates are accepted only sequentially, e.g. it's not possible to submit thousands of password candidates in parallel.


If the hidden object stays at a single location, i.e. its location within the search space does not change during search operation, then by assessing the problem by using the arithmetic mean, "in average" the hidden thing is found by studying 50% of the search space. If the searching party, $P_{s1}$, monitors the hiding party, $P_{h1}$, (by getting access to crypto-keys, placing cameras and key-loggers, etc.) then the size of the search-space gets substantially reduced, often down to 1. A source for inspiration for anti-measures: magic shows.


Things to Keep in mind

It's not possible to use one's own open source software in projects that require anonymity of its conductors, because the software is one huge "fingerprint". With the exception of a few security conscious projects, software that has been written by others can reveal details about anything that the software can get access to in its installed form. A way to place a "tracker" to bit-streams (software, documents, music, whatever files) is to place a download specific watermark to each copy.


That is to say, only software by others can be used for politically sensitive operations and the software must be downloaded only to a virtual machine and only through a TOR network or some similar network. No common, custom, copy-pasted scripts or code can be used in that virtual machine and personal, common, coding style must be avoided in both, details and architecture.


Ortogonal Abilities of Agents

  • ability to modify;
  • ability to understand/interpret cleartext;
  • ability to observe/gather/collect data regardless of whether the data is understandable;


Heuristics

  • In a role of an attacker think of an attack goal, place it as a tree root and construct an Attack Tree that has leaves as the first action of the attack. Each path from a leaf to the root forms one version of the whole attack operation.


  • Send data through different parts, e.g. encrypt a DVD and send the key to the DVD through personal e-mail.


  • The side that is subject to protection, should always call to others, not vice versa, because that way the less protected, less trusted, sides do not need passwords/access-keys to the protected system. In that arrangement the less trusted agents can not choose, when to contact or overload the protected system. (The hollywood principle.). Related terms: LobbyServer.


  • If being surveilled, dilute the surveillance by splitting their resources on multiple surveillance targets that they suspect to be collaborators. For example, take calls and send e-mails to collaborator candidates that are actually not collaborators in the current project.


  • Places should be marked by code-names in stead of actual addresses. The code-names of agents, places, actions should never reflect the interests, capabilities, background of the agents, properties of the places, peculiarities of the actions. The code-names should not reflect the background of the person, who creates the code-names.


  • One way to guarantee that a lottery is honest is to use some mainstream secure hash function. Its input consists of one publicly chosen(dice, coin, etc.) random number, everybody's input in participants alphabetical list order, calculation attempt date and time in a predetermined format. For each draw there is only 1 calculation attempt. The input string of the hash function has a predetermined format and the input string is public, so that anybody can recalculate the hash to test the calculation. The interpretation algorithm of the hash is predetermined and such that it does not turn the whole honest lottery attempt to a hoax. The string binary encoding format is predetermined, for example, UTF-8. To cope with the various optional data like the Unicode byte order mark, not only is the hash function input string public, but the exact binary representation of the string that got used for calculating the secure hash is public.


to be continuoued.


Threat Models

...have their own chapter.


Subfields


May be also


References