March 30, 2017

Archives for August 2015

How not to measure security

A recent paper published by Smartmatic, a vendor of voting systems, caught my attention.

The first thing is that it’s published by Springer, which typically publishes peer-reviewed articles – which this is not. This is a marketing piece. It’s disturbing that a respected imprint like Springer would get into the business of publishing vendor white papers. There’s no disclaimer that it’s not a peer-reviewed piece, or any other indication that it doesn’t follow Springer’s historical standards.

The second, and more important issue, is that the article could not possibly have passed peer review, given some of its claims. I won’t go into the controversies around voting systems (a nice summary of some of those issues can be found on the OSET blog), but rather focus on some of the security metrics claims.

The article states, “Well-designed, special-purpose [voting] systems reduce the possibility of results tampering and eliminate fraud. Security is increased by 10-1,000 times, depending on the level of automation.”

That would be nice. However, we have no agreed-upon way of measuring security of systems (other than cryptographic algorithms, within limits). So the only way this is meaningful is if it’s qualified and explained – which it isn’t. Other studies, such as one I participated in (Applying a Reusable Election Threat Model at the County Level), have tried to quantify the risk to voting systems – our study measured risk in terms of the number of people required to carry out the attack. So is Smartmatic’s study claiming that they can make an attack require 10 to 1000 more people, 10 to 1000 times more money, 10 to 1000 times more expertise (however that would be measured!), or something entirely different?

But the most outrageous statement in the article is this:

The important thing is that, when all of these methods [for providing voting system security] are combined, it becomes possible to calculate with mathematical precision the probability of the system being hacked in the available time, because an election usually happens in a few hours or at the most over a few days. (For example, for one of our average customers, the probability was 1×10-19. That is a point followed by 19 [sic] zeros and then 1). The probability is lower than that of a meteor hitting the earth and wiping us all out in the next few years—approximately 1×10-7 (Chemical Industry Education Centre, Risk-Ed n.d.)—hence it seems reasonable to use the term ‘unhackable’, to the chagrin of the purists and to my pleasure.

As noted previously, we don’t know how to measure much of anything in security, and we’re even less capable of measuring the results of combining technologies together (which sometimes makes things more secure, and other times less secure). The claim that putting multiple security measures together gives risk probabilities with “mathematical precision” is ludicrous. And calling any system “unhackable” is just ridiculous, as Oracle discovered some years ago when the marketing department claimed their products were “unhackable”. (For the record, my colleagues in engineering at Oracle said they were aghast at the slogan.)

As Ron Rivest said at a CITP symposium, if voting vendors have “solved the Internet security and cybersecurity problem, what are they doing implementing voting systems? They should be working with the Department of Defense or financial industry. These are not solved problems there.” If Smartmatic has a method for obtaining and measuring security with “mathematical precision” at the level of 1019, they should be selling trillions of dollars in technology or expertise to every company on the planet, and putting everyone else out of business.

I debated posting this blog entry, because it may bring more attention to a marketing piece that should be buried. But I hope that writing this will dissuade anyone who might be persuaded by Smartmatic’s unsupported claims that masquerade as science. And I hope that it may embarrass Springer into rethinking their policy of posting articles like this as if they were scientific.

The Defend Trade Secrets Act Has Returned

Freedom to Tinker readers may recall that I’ve previously warned about legislation to create a federal private cause of action for trade secret misappropriation in the name of fighting cyber-espionage against United States businesses. Titled the Defend Trade Secrets Act (DTSA), it failed to move last year. Well, the concerning legislation has returned, and, although it has some changes, it is little better than its predecessor. In fact, it may be worse.

Therefore, Sharon Sandeen and I have authored a new letter to Congress. In it, we point out that our previously-stated concerns remain, both stated by a previous letter and in a law review article entitled Here Come The Trade Secret Trolls. In sum, we argue that  combined “with an ex parte seizure remedy, embedded assumption of harm, and ambiguous language about the inevitable disclosure doctrine, the new DTSA appears to not only remain legislation with significant downsides, but those downsides may actually be even more pronounced.” Moreover, we assert that “the DTSA still does not do much, if anything, to address the problem of cyber-espionage that cannot already be done under existing state and federal law.”

In the letter, we call on Congress to abandon the DTSA. In addition, we ask that “there be public hearings on (a) the benefits and drawbacks of the DTSA, and (b) the specific question of whether the DTSA addresses the threat of cyber-espionage.” Finally, we encourage Congress to consider alternatives in dealing with cyber-espionage, including much-needed amendment of the Computer Fraud and Abuse Act.

Does cloud mining make sense?

[Paul Ellenbogen is a second year Ph.D. student at Princeton who’s been looking into the economics and game theory of Bitcoin, among other topics. He’s a coauthor of our recent paper on Namecoin and namespaces. — Arvind Narayanan]

Currently, if I wanted to mine Bitcoin I would need to buy specialized hardware, called application-specific integrated circuits (ASICs). I would need to find space for my hardware, which could take up a considerable amount of space. I might need to install a new cooling system into the facility to dissipate the considerable amounts of heat generated by the hardware.

Or I could buy a cloud mining contract. Cloud mining companies bill themselves as companies that take care of all of the gritty details and allow the consumer to directly buy hash power with dollars. Most cloud mining companies offer contracts for varying term lengths, going anywhere from on the order of weeks to perpetuity. For example, I could pay $300, and receive one terrahash per second for the next year. As soon as the cloud hashing provider receives my money, they start up a miner, or allocate me existing cycles, and I should start earning bitcoins in short order. Sounds easy right?

Cloud mining has a bad track record. Many cloud mining services have closed up shop and run off with customer money. Examples include PBmining, lunaminer, and Gavin Andresen, a Bitcoin Core developer, once speculated that cloud mining doesn’t make any sense and that most of these services will end up as scams.

Cloud mining has been a popular front for Ponzi schemes, investment frauds where old customers or investors are paid with the money of new customers. In the case of cloud mining Ponzi schemes, bitcoins to pay old contracts are furnished from the payment of new customers. Ponzi schemes tend to collapse when the flow of new customers dries up, or when a large number of customers try to cash out. Cloud mining is a particularly appealing target for Ponzi schemes because the second failure case, cashing out, is not an option for those holding mining contracts. The contracts stipulate a return of bitcoins determined by hash rate. This means Ponzi scheme operators only need to keep recruiting new users for as long as possible. Bitcointalk user Puppet points out a set of 7 useful criteria for spotting cloud mining scams. Out of the 42 operations puppet examines, they identify 30 operations as scams, 14 of which have already ceased operation.

Yet cloud mining persists. That so many cloud mining operations end up being scams may appeal to our basic business intuition. Compare a cloud miner to a traditional bitcoin miner. A traditional bitcoin miner mines bitcoins and sells them on the exchange at their current market rate. It seems that the only way for a cloud miner to do better than a traditional bitcoin miner selling bitcoins at market price is at the expense of the cloud mining customer. It appears there is no way for both cloud miner and their customer to walk away better off.

Yet cloud mining and at least some interest in cloud mining persists. I would like to offer some possible scenarios where cloud mining may deliver the hashes that customers order.

Hired guns? Papers that propose attacks against bitcoin often pose “An attacker with X% of the hash power could do Y.” For example, in selfish mining, as first described by Eyal et al, with 33% of the mining power an attacker could force the rest of the network to mine on top of their blocks. Cloud miners could be used for block withholding attacks too. An important feature of many of these attacks is that the mining power need not be used all the time. These attacks would require flexibility in the mining software the attackers are using, as most off the shelf mining software (thankfully) does not have these attacks built in. Most cloud mining set ups I have looked at don’t allow for enough flexibility to launch attacks, nor are the contract periods on most services short enough. Cloud mining customers typically have a simple web interface, and in the best case are able to chose which pools they join, but they do not have any sort of scriptable direct interface to the mining hardware. At the moment, cloud miners are probably not supporting themselves by executing attacks for others.

Regulatory loophole? Individuals may try to use cloud mining to circumvent Bitcoin regulations, such as know-your-customer. If I want to turn my dollars into bitcoins, I can buy bitcoins at an exchange, but that exchange would have to know my true identity in order to comply with regulations. Unscrupulous individuals may not want to link their identity and cash flow reported to the government. Cloud mining operators and unscrupulous customers may try to skirt these regulations by claiming cloud mining operations are not exchanges or banks, rather they merely rent computer hardware like any cloud computing provider, meaning they do not need to comply with banking regulation. It is unlikely this would be viable long term, or even short term, as regulators would become wise to these sorts of regulatory loopholes and close. This paragraph is the most speculative on my part, as I am neither a regulator nor a lawyer, so I don’t have expertise to draw on from either of those fields.

Financial instrument? Currently most bitcoin miners take on two roles, managing the mining hardware and managing the financial risk involved in mining. A more compelling justification for cloud miners existence is that cloud mining contracts allow a cloud mining provider to avoid volatility in the exchange rate of bitcoin and the variability in the hash rate. Cloud mining is a means of hedging risk. If cloud miners can enter contracts to provide a certain hash rate to a customer for a length of time, the cloud miner does not need to concern themselves with the exchange rate nor hash rate once the contract begins. It then becomes the job of the customer contracting the cloud miner to manage the risk presented by volatility in the exchange rate. This would allow the cloud miner to specialize in buying, configuring, and maintaining mining hardware, and other individuals to specialize in managing risk related to bitcoin. As the financial instruments surrounding cryptocurrencies become more sophisticated, a terrahash could become another just another cryptocurrency security that is traded.


Acknowledgment: I would like to thank Joseph Bonneau for the contribution of “cloud mining as a means of managing risk” concept.