Re: Fiber cut - response in seconds?
--- On Tue, 6/2/09, Charles Wyble <charles@thewybles.com> wrote:
Encryption is insufficient - if you let someone have
David Barak wrote: physical access for a long enough period, they'll eventually crack anything.
Really? I don't think so. I imagine it would be much more dependent on the amount of computing power the attacker has access to. More encrypted blobs won't help. If that was the case then the various encryption schemes in wide use today would be cracked already. Bad guys can setup networks and blast data through it and have complete access. I don't see them cracking encryption.
Paranoia 101 teaches us that any given encryption approach will eventually fall before a brute-force onslaught of sufficient power and duration[1]. I'm not trying to argue that the attacker in this case could necessarily detect a flaw in the algorithm; rather, they'll get an effectively infinite number of chances to bang against it with no consequences. Once it's cracked, the attacker will *still* have the physical access which is thus compromised, and then has free access to all of the transmissions. Physical security is a prerequisite to all of the other approaches to communication security. Those cases where physical security is presumed to be non-existant have to rely on a lot of out-of-band knowledge for any given method to be resistant to attack, and it's very hard to make use of a connection of that type for regular operations. Pretty much all security eventually boils down to people with firearms saying "don't do that." David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com
David Barak wrote:
Paranoia 101 teaches us that any given encryption approach will eventually fall before a brute-force onslaught of sufficient power and duration[1].
Of course. Hence my comment bout the likely hood of success depending on how much computing power they have access to. How much easier does my job get if I have access to thousands of encrypted e-mails vs 1 encrypted e-mail? Once I factor your PKI root private key, your toast. It was my impression that the various algorithms were designed to prevent traffic analysis attacks, or at least vastly reduce there effectiveness, and if some magical corner case is discovered it should be further mitigated by key rotation right? I'm an operations guy, not a math wizard. :) I'm not trying to argue that the attacker in this case could necessarily detect a flaw in the algorithm; rather, they'll get an effectively infinite number of chances to bang against it with no consequences. Once it's cracked, the attacker will *still* have the physical access which is thus compromised, and then has free access to all of the transmissions. Sure. However couldn't they do this in a lab environment? Various botnets give them access to massive amounts of computing power on an ongoing basis. I presume that the folks with sufficient expertise and knowledge to do these attacks use exploits / back doors that ensure continued access to this computing power, which won't be detected/patched by the little tykes doing spamming/phising/data correlation. Then there is the ability to buy a whole lot of specialized number crunching compute gear as well. Granted the US govt has there own (classified) encryption algorithms and as such that can't be replicated in a lab environment and requires access to the physical medium carrying traffic encrypted by said algorithms.
Physical security is a prerequisite to all of the other approaches to communication security. Those cases where physical security is presumed to be non-existant have to rely on a lot of out-of-band knowledge for any given method to be resistant to attack, and it's very hard to make use of a connection of that type for regular operations.
Really? The US Military uses a whole lot of wireless (satellite, ground baed, surface to air) links. Those links can be sniffed (by people with sufficient motivation/funding/gear to do so). They rely on encryption to protect them.
On Jun 2, 2009, at 3:41 PM, Charles Wyble wrote:
David Barak wrote:
Paranoia 101 teaches us that any given encryption approach will eventually fall before a brute-force onslaught of sufficient power and duration[1].
Of course. Hence my comment bout the likely hood of success depending on how much computing power they have access to. How much easier does my job get if I have access to thousands of encrypted e- mails vs 1 encrypted e-mail? Once I factor your PKI root private key, your toast.
Note that most PKI (such as RSA) may be breakable when and if Quantum computers become practical. http://en.wikipedia.org/wiki/Shor's_algorithm Storing large amounts of PKI encrypted data for that day I am sure would interest some organizations. Regards Marshall
It was my impression that the various algorithms were designed to prevent traffic analysis attacks, or at least vastly reduce there effectiveness, and if some magical corner case is discovered it should be further mitigated by key rotation right? I'm an operations guy, not a math wizard. :)
I'm not trying to argue that the attacker in this case could necessarily detect a flaw in the algorithm; rather, they'll get an effectively infinite number of chances to bang against it with no consequences. Once it's cracked, the attacker will *still* have the physical access which is thus compromised, and then has free access to all of the transmissions.
Sure. However couldn't they do this in a lab environment? Various botnets give them access to massive amounts of computing power on an ongoing basis. I presume that the folks with sufficient expertise and knowledge to do these attacks use exploits / back doors that ensure continued access to this computing power, which won't be detected/patched by the little tykes doing spamming/phising/data correlation.
Then there is the ability to buy a whole lot of specialized number crunching compute gear as well.
Granted the US govt has there own (classified) encryption algorithms and as such that can't be replicated in a lab environment and requires access to the physical medium carrying traffic encrypted by said algorithms.
Physical security is a prerequisite to all of the other approaches to communication security. Those cases where physical security is presumed to be non-existant have to rely on a lot of out-of-band knowledge for any given method to be resistant to attack, and it's very hard to make use of a connection of that type for regular operations.
Really? The US Military uses a whole lot of wireless (satellite, ground baed, surface to air) links. Those links can be sniffed (by people with sufficient motivation/funding/gear to do so). They rely on encryption to protect them.
Granted the US govt has there own (classified) encryption algorithms and as such that can't be replicated in a lab environment and requires access to the physical medium carrying traffic encrypted by said algorithms.
Which is why they do things like this : http://en.wikipedia.org/wiki/Operation_Ivy_Bells Of course these days, it doesn't require nearly as much effort .. just a friendly phone call to AT&T (who, ironically, also built the devices used in the above). Cheers, Michael Holstein Cleveland State University
Really? The US Military uses a whole lot of wireless (satellite, ground baed, surface to air) links. Those links can be sniffed (by people with sufficient motivation/funding/gear to do so). They rely on encryption to protect them.
Which is why, if you have a satellite, you often position DIRECTLY over the antenna you are sending to, and using lasers (rather than other RF) to communicate with it. Likewise, if you want to maintain this kind of security (and reduce the ability to sniff) you do this in space as well. Highly columnated photons are your friend. Encryption helps, but if it was sufficient in all cases, you wouldn't go to such extremes. This (in a much more NANOG related way) has ramifications for those selling/operating Wi-Fi, WiMax, P2P and FSO wireless links and trying to do *commercially important things* -- like finance. The idea here is that fiber is FAR more secure than copper because almost everything you want to do to fiber, you can do to copper, but from a further, less physically-in-contact distance. Another idea is that commercially operated networks have lower standards for data security (but not necessarily data *integrity*) that intelligence *oriented* applications/networks. The idea of installing a tap on an encrypted line to do traffic analysis is all very interesting, but no one mentioned the idea that at a critical time (such as an attack) you could easily DISRUPT vital communications links and prevent their function [and their protected paths]. Security cannot exist without a level of integrity. Most commercial networks only need to concern themselves with integrity and let their customers deal with the security of their own applications. Commercial networks are a great study of "highly" (in the commercial sense) secure data traversing over LSAs (lower sensitivity areas) with lower control thresholds [think poles, manholes, etc]. The data is highly secure to any particular customer, but in the commercial sense, it's almost always lost in the noise. When a business entity crosses that threshold (e.g. the Federal Reserve banks or a transaction clearinghouse) where their data is *worth* getting at no matter how much sifting has to go on... you see extraordinary measures (e.g. properly implemented obfuscation, or what have you) implemented. Deepak Jain AiNET
Once upon a time, Deepak Jain <deepak@ai.net> said:
Which is why, if you have a satellite, you often position DIRECTLY over the antenna you are sending to
Unless your target is on the equator, you don't position a satellite directly over anything. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Once upon a time, Deepak Jain <deepak@ai.net> said:
Which is why, if you have a satellite, you often position DIRECTLY over the antenna you are sending to
Unless your target is on the equator, you don't position a satellite directly over anything.
I promise you that that is not the case for all applications. Geosynchronous satellites can be anywhere. For the applications you are considering (communications mostly), equatorial orbit is the most advantageous. There are books documenting other locations and reasons for other locations... and we are off topic. Best, Deepak Jain AiNET
Once upon a time, Deepak Jain <deepak@ai.net> said:
I promise you that that is not the case for all applications. Geosynchronous satellites can be anywhere. For the applications you are considering (communications mostly), equatorial orbit is the most advantageous.
Geosynchronous are only over a particular longitude. They move up and down in latitude, so it isn't over a given point except twice per day (or only once at the extremes). -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Ok, while this is off-topic, let's just point people to Wikipedia: Other satellites (which are NOT in the same position at all times from the prospective of a spot on earth): http://en.wikipedia.org/wiki/Geosynchronous_orbit TV, and other fixed positioned (relative to the earth are geostationary): http://en.wikipedia.org/wiki/Geostationary_orbit perhaps further comments can go to the discussion pages on Wikipedia since I would wager a very small number of us push any serious number of bits via satellite. John van Oppen Spectrum Networks LLC Direct: 206.973.8302 Main: 206.973.8300 Website: http://spectrumnetworks.us -----Original Message----- From: Chris Adams [mailto:cmadams@hiwaay.net] Sent: Tuesday, June 02, 2009 3:36 PM To: Deepak Jain Cc: nanog@nanog.org Subject: Re: Fiber cut - response in seconds? Once upon a time, Deepak Jain <deepak@ai.net> said:
I promise you that that is not the case for all applications. Geosynchronous satellites can be anywhere. For the applications you are considering (communications mostly), equatorial orbit is the most advantageous.
Geosynchronous are only over a particular longitude. They move up and down in latitude, so it isn't over a given point except twice per day (or only once at the extremes). -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
participants (7)
-
Charles Wyble -
Chris Adams -
David Barak -
Deepak Jain -
John van Oppen -
Marshall Eubanks -
Michael Holstein