I hesitate to post commentary about this article, but feel that is important to deconstruct claims by those believing they have all the answers. Especially when they are posting in high-profile blog sites.
InfoWorld’s Security adviser Roger A. Grimes has detailed his “Perfect Plan” for making the Internet secure for every user. In his words: “All computer devices, users, and transactions must be authenticated by default.”
I recommend first reading the article, but let’s analyze this approach to ultimate computer security.
First, recall one of the primary lessons we’ve learned in 484: There is no such thing as perfect security. Without reiterating why this is true, suffice to say that we can already begin to see the error of this thesis. Lets take a look at some of the major points.
- “Why do malicious hackers hack? Because we can’t catch them.”
This is a trivialization of the motivation of “hackers”. Personal accountability and fear of punishment are deterrents for only a subset of hackers. What about hackers in other countries outside our legal jurisdiction? What of hacker organizations where no one person is perpetrator? Even if all hacker’s could be “caught” (which in itself is a ludicrous assumption), hacking would persist.
- “We start by making hardware impervious to hardware hacks. If someone hacks the hardware, it will refuse to boot. “
The plan for perfect security is predicated with this unrealistic requirement. Having “all hardware” impervious to hardware attacks is an unobtainable asymptote of security. There would be no feasible way of implementing a way for hardware to be sure that it hadn’t been hacked, by definition of it being hacked the device wouldn’t know it had been tampered with.
- “The user is authenticated using two-factor (or more) or biometric identifiers. “
We’ve all read on how “foolproof” biometrics are. Even if the biometric identifiers were completely reliable, am I really going to have a finger print analyzer on my $100 Nokia flip phone? Requiring this level of device authentication would put some hardware manufacturers out of business.
- “All OSes and programs would be authenticated and approved before running”
Who authenticates this? What about custom and open source operating systems? The author is speaking without context of an authentication methodology. Even if there were some way of authenticating ALL software loaded into memory, the entity performing the authentication would potentially be vulnerable to attacks.
- “Traffic arriving from users and computers with higher levels of trust will go directly to their intended destination.”
Unpacking this statement validates our time spent on this article by teaching us an important lesson. As soon as we start to believe that something is “absolutely safe” we put our guard down. There is an extreme danger in removing existing guards because we are convinced that the users of devices are implicitly to be trusted.
Musings about how to create perfect security systems are implicitly in vain. Rather than wasting time fantasizing on the Utopian computing experience, we need to concentrate on making sure that most important stuff is safe most of the time. Efforts for security that are grounded in reality will ultimately benefit a larger number of people.
Dare to dream? I say dream on.
The feasibility of Grimes’ plan is clearly bunk. What comes to my mind when I see this is the emotional/psychological side of security. Grimes is essentially playing people’s emotions to make a ludicrous ideal look feasible. Nobody wants to believe there’s no such thing as perfect security. In a lot of people’s minds it has to be possible to make, say, our credit card info and social security number absolutely safe from hackers. There must be some way to make systems impenetrable to viruses. Truth is, of course, that these ideals aren’t possible — however, people refuse to accept that because they don’t want it to be true.