[ExI] openness again

Anders Sandberg anders at aleph.se
Tue Apr 5 15:57:52 UTC 2016 

On 2016-04-04 18:28, John Clark wrote:
> On Sun, Apr 3, 2016  Anders Sandberg <anders at aleph.se 
> <mailto:anders at aleph.se>>wrote:
>
>         ​ >> ​
>         ​I presume that wouldn't include the entire world knowing ​my
>         credit card number.
>
>
>     ​ > ​
>     The problem with credit card numbers is that currently we use
>     security by obscurity: much of your protection comes from me not
>     knowing your number, rather than restrictions on how I can use it.
>     A good authentification system would make knowing your card number
>     useless to me, just as me knowing your email address doesn't allow
>     me to hack your mail server
>
>
> ​But if you knew all there is to know about my mail server including 
> passwords and private encryption keys you could hack it. ​

If I knew all the information, of course. But then I would already have 
access. If I knew your credit card number but did not have the proper 
access (say biometric or surveillance recognition), then I could not get 
in. You could do the same thing with the email server too: if it only 
allows access to people who were you when it was initialized, it will be 
pretty secure.

>
>     ​ > ​
>     Now imagine a 100% surveillance world. In this world there would
>     not be a need for a passwords or codes, since in principle
>     whenever you wanted to use your card the system could just trace
>     you back to the moment you got the card at the bank years before.
>
>
> ​And if somebody ​knew all there was to know about "the system" they 
> could hack that too and successfully pretend to be me.

Remember Kerckhoffs well tested principle: knowing a system architecture 
does not make it unsafe if it is a good architecture. In reality system 
security depends a lot on implementation, and this is where real 
insecurities tend to hide. But if you have a solid (or highly redundant) 
system then the adversary would have a tough time.

I am sure it is always possible to fool a security camera or biometric 
algorithm. But if there are ten independent cameras and algorithms, then 
fooling them all at the same time (and unobtrusively) becomes very 
tough. If the overall system doesn't have a simple point of failure 
(like letting all the camera data go through the same hackable server) 
but instead collates distributed information, then it will be very hard 
to crack. And the metric is not impossibility of cracking it, but that 
the cost/effort is too high to make it worthwhile.


>     ​ > ​
>     Personal continuity makes for a great authentification system.
>
>
> ​ Provided people trust it, provided they believe that the continuity 
> the system displays is the truth. Should they believe the system 
> if everybody can hack it? And if the system is secure because it keeps 
> passwords and encryption keys secret can I also keep passwords and 
> encryption keys secret?

Proving a system is trustworthy in the technical and social sense will 
always be a complex process.

The security of the above 100% surveillance system is not in any secret 
keys, but just checking that the person withdrawing money is contigious 
with the person opening the account. There is no secret, just a hard to 
forge surveillance trail.

Note that authentification is different from secrecy. In a 100% 
surveillance world there are going to be few if any secrets, but one can 
still authentificate things. Since subverting a system is about secretly 
changing it, it becomes hard in this world.

-- 
Anders Sandberg
Future of Humanity Institute
Oxford Martin School
Oxford University

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20160405/86d2025d/attachment.html>

More information about the extropy-chat mailing list