New Risks you Cannot Control
In the world of risks we are confronted with a range of dangers from sloppy personal behavior (losing your wallet at the State Fair) to flaws in the most basic computation and processing systems. Our identity theft protection project (funded in part by the national Science Foundation and by the Center for Information protection) deals mostly with human behavior flaws that lead to data loss risks.
At the other end of the spectrum it was revealed this week there are other and much larger risks as John Markoff writes in the New York Times, (Nov. 17, 2007).
“One of the world’s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk.”
Adi Shamir, a professor at the Weizmann Institute of Science in Israel, circulated a research note about the problem to a small group of colleagues. He wrote that the increasing complexity of modern microprocessor chips is almost certain to lead to undetected errors.
Historically, the risk has been demonstrated in incidents like the discovery of an obscure division bug in Intel’s Pentium microprocessor in 1994 and, more recently, in a multiplication bug in Microsoft’s Excel spreadsheet program, he wrote.
“A subtle math error would make it possible for an attacker to break the protection afforded to some electronic messages by a popular technique known as public key cryptography.”
Although it’s inappropriately complex for a discussion such as ours here, we do wish to point out that this is one of those “systemic breakdown” as opposed to the “personal behavioral breakdown” which we are studying and for which we are seeking solutions through highly targeted and systematic education and training.
“One of the world’s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk.”
Adi Shamir, a professor at the Weizmann Institute of Science in Israel, circulated a research note about the problem to a small group of colleagues. He wrote that the increasing complexity of modern microprocessor chips is almost certain to lead to undetected errors.
Historically, the risk has been demonstrated in incidents like the discovery of an obscure division bug in Intel’s Pentium microprocessor in 1994 and, more recently, in a multiplication bug in Microsoft’s Excel spreadsheet program, he wrote.
“A subtle math error would make it possible for an attacker to break the protection afforded to some electronic messages by a popular technique known as public key cryptography.”
Although it’s inappropriately complex for a discussion such as ours here, we do wish to point out that this is one of those “systemic breakdown” as opposed to the “personal behavioral breakdown” which we are studying and for which we are seeking solutions through highly targeted and systematic education and training.
The lesson for those of us working in the area of critical information protection is clearly that there needs to be a range of security assessment starting with hardware and software makers (including cell phone companies whose microwave transmissions are woefully insecure) to the personal behavior of employees handling sensate material and ultimately to ourselves in our daily behavior. (This is outlined in our first book “Who is You: The Coming epidemic of Identity theft”)
Labels: behavior, CIP, critical, cryptography, identity theft, information, Iowa State University, NSF, science
0 Comments:
Post a Comment
<< Home