Thursday , April 19, 2018

Security Notes: Lessons from Heartbleed

Gideon Samid • Gideon@BitMint.com

In all matters of online payments, cryptography is essentially the only strategic cyberwar weapon in our arsenal. Cryptography is a means to differentiate between those who are in possession of a piece of data, usually referred to as a key, and those who don’t possess the key.

Alas, cryptography cannot distinguish between a rightful possessor of a key and a thief who has stolen the key. Keys, unlike coins or jewelry, can be stolen and compromised without ever raising the suspicion of the victim. These facts give rise to the widespread industry of online financial fraud, where thieves, ever more cleverly, milk their victims by virtue of stolen keys.

One reason quantum cryptography generates so much excitement is that data in a quantum state cannot be read without leaving a trace. The victim will readily know that his data were stolen. Unread quantum data are like a spinning coin. Reading them is like slamming the coin with your palm. This act reduces the uncertainty about the coin to a binary choice between heads and tails, but it also kills the spinning and betrays the fact that the coin was read.

For now, stolen data look like virgin data, and many cybersecurity officers operate under the mistaken conviction of data integrity. Data thieves once placed outrageous charges on a stolen card that were readily identified when the victim checked his statement. But as security methods develop, so does cyberfraud. Reportedly, millions now have their credit card statements littered with line items of such small sums that they do not bother to dispute them, if they pay any attention to them. A new wave of companies like BillGuard have popped up to help us spot this clever “dripping theft.” The thieves steal slow, but permanently.

Payment today is memory-intensive: payor and payee “remember” each other’s data, and this memorized data must be stored close to the public surface of the Internet. Often, these data are enclosed with gates, but lie plain. When the gates are compromised, the data are exposed.

The recent Heartbleed bug, which bleeds away the “Heartbeat” protocol, is a case in point. To understand why it is so clever and harmful, we need to understand the hierarchical nature of software. At the bottom of this hierarchy lie very few, and very simple, machine-language commands. These commands are combined into packages that together carry out a more sophisticated task. And these packages are combined again into higher-up packages, and so on.

This means that some small, basic software units become increasingly popular and are found in countless applications. Which also means that any security flaw in such a popular package affects everything that relies on it. The Heartbleed security flaw affected a very popular piece of authentication software, and hence its widespread impact.

Some of the flawed exchanges exposed master keys that are used to generate session keys, which again increased its impact. In short, everywhere data gates were compromised.

A little humility on the part of security officials would have led them to suspect a breach, and prepare for it by keeping the gate-protected data encrypted, with the key kept elsewhere. More and more, we are waking up to this simple idea: Any time data are not eyed and analyzed, they should be encrypted, whether in motion or in storage, whether exposed or gated. New advances in cryptography (homomorphic cryptography) are developing means for data to remain encrypted while analyzed, allowing only the narrow part needed for the analysis to be exposed.

Having said all that, the fundamental remedy for payment fraud is to shift the paradigm. The memory-intensive payment of today should be replaced by memory-less payment, where payor will pass validatable cyber cash to payee, and then keep this cybercash naked of any details about the payor. If no personal data are needed to effect a payment, there’s nothing to gate, encrypt, or steal.

Yes, the blooming industry of “big-data” profiling will be affected. But that is not a catastrophe because there are very good ways to collect profile data from consumers, while not collecting data to harm them.

The advantage of memory-less payment through digital currency is so clear that the market will adopt this new regimen, no sooner than the confusion between non-speculative digital currency, like BitMint, and the speculative kind, like Bitcoin, is sorted out.

Check Also

Cardholder Spending Lifts AmEx’s Discount Revenue Despite Declining Rates

Boosted by higher cardholder spending, American Express Co.’s discount revenue grew 9% in the first …

Leave a Reply