Back in 1977 I went to an IEEE meeting at Cornell where there was a big flap by NSA and others over the release of the Rivest et al crypto schemes. At the time I had the opportunity to watch over some Eastern Europeans who were in DC but in Ithaca, there they were. Surprise, no.
Out of those meetings came a way to combine the then crypto scheme approved by NIST and the new RSA scheme. Namely one could use DES as a shared key system but use RSA to send the keys in a secure manner and then cycle through various DES keys using RSA. Works fairly well and even then was doable whereas today it is dirt cheap.
The second issue was authentication. Namely the problem of assuring from whom the message came from. Today we use certificates but then and I assume still now we use complex systems as we had developed then. Our application in the late 70 was the deployment of sensors using seismometers to check for Soviet nuclear testing. We wanted to have authenticated data and not Soviet spoofs.
Today we look for patterns as to who is talking to whom. Assuming people do not try to confuse others then this may be possible over big data systems. However for a couple of decades now we have seen the development of anonymizers. Now MIT researchers announced their latest scheme.
They state:
If an adversary has infiltrated the server, however, he or she can
see which users are accessing which memory addresses. If Charlie’s
message is routed to one address, but both Alice’s and Bob’s messages
are routed to another, the adversary, again, knows who’s been talking. So instead of using a single server, Vuvuzela uses three.
Corresponding to the three servers, every message sent through the
system is wrapped in three layers of encryption. The first server peels
off the first layer of encryption before passing messages on to the
second server. But it also randomly permutes their order. So if, for
example, Alice’s message arrived at the first server before Bob’s, and
Bob’s arrived before Charlie’s, the first server will pass them to the
second in the order Bob, Alice, Charlie, or Charlie, Bob, Alice, or the
like. The second server peels off the second layer of encryption and
permutes the message order yet again. Only the third server sees which
messages are bound for which memory addresses. But even if it’s been
infiltrated, and even if the adversary observed the order in which the
messages arrived at the first server, he or she can’t tell whose message
ended up where. The adversary does, however, know that two users whose messages
reached the first server within some window of time have been talking.
And even that is more information than Vuvuzela’s designers want to give
away.
Namely they flush everything they have across the net and confuse any adversary. Cute, but I suspect this is but one of many such schemes. Hiding in plain sight, hiding in noise, etc all follow a similar path.
Thus the questions which this poses are:
1. In encryption, any junior engineer could implement an AES/RSA system which would be quite difficult to break. In fact a "whack a mole" feature one could argue would make it unbreakable. In fact such a system would be outside the transmission path, and thus one could care less about iPhone encryption, you do not rely upon it.
2. Authentication is critical. If two adversaries desire to speak then they must be certain as to whom each is. This is an authentication problem and one cannot expect to use Certificates here. Yet there also a large collections of options.
3. Patterning is the means of looking at data flows and trying to see what they infer as to the actions of parties. Systems like the one above demonstrate that the complexity of this can be increased exponentially. In fact it can be made almost fool proof.
Thus the screams and moans as to making all systems open is just that; scream and moans. Any adversary already has a wealth of tools, many most likely funded by Government contracts and in the public literature.
Remember 1977! When RSA came out you could guess who was in the audience. Today, different faces but same result.
skip to main |
skip to sidebar
A blog containing opinion and analysis in a wide array of areas including the economy, health care, broadband and international relations.
About Me
- Florham Park, NJ, United States
- Terry has spent most of his career in industry, half in corporate executive positions, and half involved in his start ups. He started on the Faculty and Staff at MIT in 1967 and was there until 1975, and he had returned to MIT from 2005 to 2012 to assist groups of doctoral and post doc students. Terry has focused on a broad set of industries from cable, to satellite, wireless, and even health care software and medical imaging. Terry has published extensively in a broad set of areas as well as having written several books. Terry has returned to Medicine on Boards at Columbia University Medical Center. Copyright 2008-2024 Terrence P McGarty all rights reserved. NOTE: This blog contains personal opinions of the author and is not meant in any manner to provide professional advice, medical advice, legal advice, financial advice. Reliance on any of the opinions contained herein is done at the risk of the user. For publications see: https://www.researchgate.net/profile/Terrence_Mcgarty
Key Connections
Blog Archive
-
▼
2015
(239)
-
▼
December
(23)
- A Good Idea Does Not a Business Make
- Merry Christmas
- Amazon Reviewers
- In Case You Missed This
- Seven Years Old
- Indentured Servitude
- Dutch Women and the Death of American Men
- Sometimes Smart People Do Stupid Things, Now Amazon
- Whose Money Is It?
- Now Who Wrote That?
- The Downside of Award Galas
- The Politics of Cancer
- Return of the Scribe
- Security, Privacy and Data Gathering
- Pearl Harbor: Then and Now
- Some Thoughts on Plant Evolution in The Urban Jungle
- Employment December 2015
- The PhD: Value and Use
- DeVita, Cancer, and a Must Read
- An Excellent Contribution to the Literature
- The New Tsar
- CRISPR and the Sears Catalog
- What's Old is New Again
-
▼
December
(23)
Labels
- Academy (243)
- AI (19)
- Amazon (25)
- AMTRAK (1)
- Antitrust (5)
- Artificial Intelligence (1)
- Baseline Portfolio (29)
- Bats (1)
- Bees (2)
- Biodiversity (2)
- Biofilms (1)
- Books (81)
- Botany (3)
- Bridges (1)
- Broadband (84)
- Business (5)
- Cancer (284)
- Cap and Trade (26)
- CAR-T Cells (5)
- CATV (34)
- Chemistry (1)
- China (79)
- Church (11)
- Climate Issues (19)
- Commentary (753)
- Commentary. (2)
- Common Carriage (1)
- Companies (1)
- Computers (1)
- Congress (3)
- Constitution (4)
- COVID (15)
- CRISPR (31)
- Culture (1)
- Cyber Warfare (5)
- Daylilies (8)
- Dell (1)
- Dentists (3)
- Diabetes (13)
- Drugs (1)
- Economics (175)
- Economy (515)
- Education (48)
- Electronic Medical Records (14)
- Electronic Shopping (1)
- Employment (2)
- Energy (8)
- Environment (2)
- Epigenetics (4)
- EU (1)
- Europe (1)
- FCC (45)
- Finance (3)
- Fox (1)
- French (1)
- G20 (5)
- Gene Drive (1)
- Genetics (22)
- Ginkgo (1)
- Global Warming (43)
- Google (34)
- Government (148)
- Guest Blogger (1)
- Health Care (593)
- Healthcare (7)
- History (5)
- Hollywood (1)
- Immunization (1)
- Individualism (4)
- Information (2)
- Infrastructure (1)
- Innovation (3)
- Intellectual Property (1)
- Intellectuals (1)
- Internet (30)
- Internet Neutrality (13)
- Japan (2)
- Law (23)
- Libraries (4)
- Marx (4)
- Mathematics (1)
- Media (13)
- Medicare (2)
- Medicare for All (1)
- Medicine (9)
- Microsoft (38)
- Middle East (3)
- Military (10)
- Millennial (2)
- MIT (27)
- Models (1)
- MOOCs (13)
- Multimedia Communications (2)
- NASA (23)
- Nationalism (1)
- Natural Rights (3)
- New York City (1)
- News (2)
- NJTransit (3)
- Nuclear Weapons (15)
- Obesity (14)
- Observation (1)
- Paine (1)
- Pandemic (514)
- Pandemics (4)
- Papacy (6)
- Patents (1)
- Peer Review (2)
- Personal (1)
- Political Analysis (47)
- Political Correctness (3)
- Politics (160)
- Power (1)
- Press (8)
- Privacy (5)
- Quality (1)
- Rare Earths (2)
- Recession Statistics (3)
- Regulation (2)
- Religion (5)
- Revolution (2)
- Rome (1)
- Russia (43)
- Science (11)
- Security (5)
- Shakespeare (1)
- Social Media (2)
- Socialism (4)
- Software (2)
- Space (2)
- Squirrels (15)
- Taxation (4)
- Technology (13)
- Teeth (1)
- Telecom (37)
- Terchnology (1)
- Test (2)
- Testing (1)
- The English (2)
- Twitter (1)
- UPS (2)
- USPS (6)
- Vaccine (4)
- Vaccines (2)
- Vatican (3)
- Verizon (8)
- Virus (20)
- Voting (11)
- War (3)
- Weather (1)
- Wireless (8)
- Yield Curve (14)
Publications
Posts
Important Documents
Total Pageviews
Cookies EU
Notice: This site is written by me and operated by or under the aegis of Google via Blogspot and May Contain Cookies. This notice should suffice as a warning which may be required by EU regulations. Then again, it is the EU after-all and this may not reflect the regulated reality but at least you have been advised. Copyright 2008-2021 Terrence P McGarty All Rights Reserved, also quotes are from referenced materials and are used under a Fair Use principle as they are commented upon and linked back to.
NOTICE
All documents and materials on this web site are the copyrighted property of Terrence P McGarty, the "Author", and can be used solely for individual purposes. The Author also does not represent in any manner or fashion that the documents and information contained herein can be used other than for expressing the opinions of the Author. Any use made and actions resulting directly or otherwise from any of the documents, information, strategies, or data or otherwise is the sole responsibility of the user and The Author expressly takes no liability for any direct or indirect losses resulting from the use or reliance upon any of the Author's opinions as herein expressed. There is no representation by The Author, express or otherwise, that the materials contained herein are investment advice, business advice, legal advice, medical advice or in any way should be relied upon by anyone for any purpose. The Author does not provide any financial, investment, medical, legal or similar advice on this website or in its publications or related sites. Also the author may, from time to time, include items from other publications on the reliance of "Fair Use" principles in Copyright Law and such items are used in the opinions stated, they are also referred to by source and delineated as coming from such third party sources. This Blog is not implemented in any manner to generate revenue or any other benefits and is solely for opinion and expression thereof. Any who have concerns about referred to comments should contact the Author for prompt remediation.