The annual return of cryptographers to sunny Santa Barbara started today. The morning was dominated by an excellent invited talk by Jonathan Zittrain entitled "The End of Crypto".
The talk gave an interesting initial presentation of the history of computers and networks. In terms of computers before the advent of the PC there was essentially two models. Reprogrammable computers which were essentially mainframes and kept out of the hands of the public; and non-programmable computers which the public could use but had limited functionality (think of the old pong video consoles). With the advent of the Apple-2 people could produce their own softare, and one such piece of software (Visicalc) was so successful that (apparently) initially Apple had no clue why the Apple-2 devices were flying off the shelves. The key point being that the manufacturer could not predict the ways in which the computer was going to be used. Essentially the PC revolution was successful because the public had access to a device which had the accessibility of non-programmable stuff with the flexibility of reprogrammable computers.
In a similar vein the development of networks was the same. Looking at an old Compuserve system from the days before the internet we see a system which was closed and had no ability for user determined functionality. The user could only use it in the ways that the company had initially designed into the product. However, the Internet allows anyone to communicate with any other endpoint. That the Internet actually works is quite amazing, and not immediately obvious from the start. For example in 1992 someone in IBM apparently said "You cannot build a corporate network out of TCP/IP".
How has this change affected cryptography? We have (via PGP say) the ability for a user to encrypt data, without an intermediary such as a manufacturer or network provider enabling it. The promise of crypto was to allow Alice to talk to Bob without people in the middle learning it. But the promise has not materialised due to the problem of malicious code. This problem is caused by the inherent success of the universal machine/network model discussed earlier; computers run loads of software, none of which we know really what they do. They could contain malicious code for example to delete ones hard drive say
The key question is "Whats the point of end-to-end encryption is the endpoints aren't secure?".
How have we dealt with this problem? For any given system can see it as either top-down (for example an automobile from General Motors is given to us as a final product from the top) or bottom-up (for example with a PC anyone can generate ideas/usages). Also a system can be hierachical with a few high level points of control, or polyarchical with multiple control points distributed amongst the users. It should be noted that a polyarchical network can turn into a hierarchical network one, for example by putting people on bad-lists for spam, the owner of the bad-lists becomes eventually the control point for a heirarchical network.
A modern trend is to move to a sandbox, where you can only run programs which are trusted. Here the iPhone is the classic example; looking at the start of it's evoluation very simular to the UI of the old Compuserve system. Eventually new Apps were developed for the iPhone. But then the issue is that Apple can control what is allowed on users phones (and not the users). This is not just Apple, for example one can see Facebook as a gate keeper.
Despite the success of open systems, we now have a movement to enclosure. This makes stuff more secure, but brings more problems. The key problem is that if oneof these gatekeepers is offended by company X, they can essentially put the company out of business. Here Crypto is essentially used to ensure you are locked into a relationshup with a given provider. Thus instead of freeing the user by providing security and privacy, cryptography is used to bind users and withdraw their privacy.
The basic tennent of the talk was that cryptography is not making us safer or more secure, it is now producing problems, because the crypto is used to tie down hardware. An interesting example it how it could be used by companies, govenment, criminals etc to force your hardware to do things which violate your privacy. For example an agency could use cryptography to send a signal to a phone app to turn its microphone on and hence snoop on all your conversations (including ones not on the phone).
So the endpoints are not secure in the sense in which it is non-trusted corporations and entities which controls the endpoints and not the users. So "the end of crypto" is about the aim of crypto. i.e. "The Ends" of cryptography. The speaker ended by saying that cryptography should be about protection of the freedom to securely communicate; but then their are issues about how exceptions to this rule right are handled. And finally it is about protection of the freedom to share discriminately; i.e. I may want to share a photo with some people and not others.
Overall the talk presented a large number of interesting philosophical points on how our subject is developing and how technology in general is affecting our lives in ways which we did not envisage
No comments:
Post a Comment