Security theatre at its finest.
posted by MartinWisse at 7:42 AM on February 28, 2014 [2 favorites]

Do we still think there are internet "security" features that aren't compromised at the most fundamental level by the NSA?

The real key to the internet sits in James Clapper's Star Trek themed office. Or maybe he carries it with him at all times, just in case.
posted by T.D. Strange at 7:46 AM on February 28, 2014

That was interesting, thanks!
posted by Blazecock Pileon at 7:54 AM on February 28, 2014

Is anyone else visualizing an Ocean's 11 style Hollywood action caper break-in to steal the keys to the internet?
posted by jacquilynne at 7:55 AM on February 28, 2014 [2 favorites]

Is anyone else visualizing an Ocean's 11 style Hollywood action caper break-in to steal the keys to the internet?

As soon as I tried to visualize that it turned into a series of crudely animated lolcat and doge images.
posted by yoink at 7:59 AM on February 28, 2014 [2 favorites]

Interesting, but, yeah, theater, totally..
posted by k5.user at 8:00 AM on February 28, 2014

Is anyone else visualizing an Ocean's 11 style Hollywood action caper break-in to steal the keys to the internet?

That's what I was thinking. Backstory to the most pointless heist movie in history.

After two hours of sneaking and conning and generally being dodgy the pay off would be a two minute montage of people typing "irs.gov" and ending up on a tax protestor site.
posted by Tell Me No Lies at 8:06 AM on February 28, 2014

While I understand the hurfdurfNSA cynicism, I think there is very good reason to believe that there are many security features that are not compromised, depending on exactly how they are implemented.

Nothing that has appeared in the Snowden files or in the other declassified literature suggests that the NSA has made any fundamental advances in mathematics. No quantum computers, no novel P=NP stuff, no fast factorization algorithms. They seem to be muddling along with basically the same level of basic computer science and technology that everyone else has, just with a really fucking big budget.

Most of their exploits go after endpoint security, not after the base crypto. It's all about poor implementations and shoddy engineering. E.g., they can break into routers because the routers are designed to have their software upgraded, so there's an easy route in for inserting malware. (Or are backdoored already, e.g. Huawei.) So all of the details that ICANN seems to be attending to, with the safes and the security cages and the keysplitting, are hopefully indicative of them paying more attention to implementation. That's a Good Thing.

At least so far, the big NSA lesson seems to be that IT security people need to obsess more over implementations and not just on the math. 256-bit AES is probably solid, but not if your random number generator is compromised, or if your BIOS has been replaced by a version that occasionally uploads everything you've typed to a remote server. Or if they can just ask VeriSign nicely for the root certificate and MITM your traffic.

SSL is, of course, fucked, because of the CA scheme. Everyone knew that already.

What they are doing at ICANN with the keysigning relates to DNSSEC, which might someday replace the Certificate Authorities. And that's why all the "theater" — which is to say, the attention being paid to the details of the implementation, and to ensuring confidence in the system — is important. The CA system sucks because you can't possibly trust all the CAs in your browser's trust list, and a compromise to any one of them means you can be MITMed. DNSSEC's trust model rolls up to one entity: ICANN.

There's a balance between having a single point of failure/compromise and having too many central entities that need to be trusted. The CA model has too many. It's possible that the DNSSEC/ICANN model will be too centralized. But that remains to be seen, and so far I've seen no evidence that they are doing anything wrong, or even that their security measures aren't meaningful. It's a bit belt-and-suspenders, but probably not wrongfully so.
posted by Kadin2048 at 8:08 AM on February 28, 2014 [26 favorites]

The master password to everything is 1-2-3-4-5.
posted by localroger at 8:12 AM on February 28, 2014

That's the kind of thing an idiot would have on his luggage.
posted by Kadin2048 at 8:14 AM on February 28, 2014 [4 favorites]

That's amazing. I've got the same combination on my luggage.
posted by Tell Me No Lies at 8:22 AM on February 28, 2014 [2 favorites]

Why are the Elders of the Internet meeting in El Segundo, if they keep the Internet on the top of Big Ben?
posted by TheWhiteSkull at 8:22 AM on February 28, 2014 [2 favorites]

It took them only six minutes to get around the security lockdown. How long would it take to get around the other measures?
posted by Tool of the Conspiracy at 8:25 AM on February 28, 2014

I think there is very good reason to believe that there are many security features that are not compromised, depending on exactly how they are implemented.

I agree with you. On the other hand I was also front and center for two widespread implementation issues in PPP security, both of which were in the field for years before someone said "Oh hey wait..."

In any case this "seven people" stuff is almost certainly more about ICANN politics than security.
posted by Tell Me No Lies at 8:33 AM on February 28, 2014 [1 favorite]

Obligatory IT Crowd reference (SLYT)
posted by GallonOfAlan at 8:51 AM on February 28, 2014 [1 favorite]

I wonder if Mel Brooks uses the internet regularly and encounters people referring to that Spaceballs joke over and over. I like to think that the answer is yes, and that it helps him get up in the morning.
posted by davejay at 9:14 AM on February 28, 2014 [1 favorite]

For reference, this is about DNSSEC - the DNS security extensions.

Currently, with vanilla DNS, you look up a domain name - say, www.metafilter.com - and get back an IP, or 50.22.177.14. Your computer connects to that IP, and you get back a website. There's various attacks you can do to subvert this process; one of which is to attack or fake the DNS server, and give you back a different result. Your computer goes to the new, fake destination instead, and you would have no idea, as as far as your computer is concerned, it can't tell the difference.

One defence is to use HTTPS. The real server has a certificate, signed by Trustworthy People (certificate authorities). The fake server can't have that certificate for that domain, so your browser can tell the difference. (It also encrypts the connection, to defend against other types of attack). Certificates that go through extra checks for more money will show up with a green logo.

The problem is, the Trustworthy certificate authorities turn out not to be very trustworthy at all, and there have been a number of CA compromises and failures - there's a lot of them, and the law of averages and all that. Plus people like the NSA can lean on national CAs and get them to issue valid certificates for domains they shouldn't be allowed to have.

Plus if you're not using encryption for the whole site, which does have some drawbacks for hosts, you've no defence against a whole host of DNS attacks against your visitors.

Thus enter DNSSEC. Here the key-signing mechanism is applied to the DNS records themselves, rather than the web servers.

DNS itself is a little more complicated than a straight lookup. For metafilter.com, you'd first go to the root servers*, who tell you where to find the .com domain servers. Then those servers tell you what DNS servers handle metafilter.com. And those DNS servers cough up the IP for www.metafilter.com. At each stage, we could be given fake data.

So the root servers have a signed key, saying that the records on the root servers are correct. If you trust that public key issuer - in this case ICANN - then you know that the place you're being sent for the .com domains is right. Verisign, who runs .com, signs their records. That means you can trust the server that tells you about metafilter.com is right. Finally, the www.metafilter.com address can be signed, to prove that the final IP address you get is correct.

You can now trust that the IP address you get is the right one; if the DNS record was altered at any point and doesn't have the right signature (or none at all), it's fake, and you're being sent to the wrong site. You still want encryption to protect your connection in transit to the server - protecting passwords from eavesdroppers et al - but you have a mechanism to verify the place you're visiting is the right one without relying on the certificate authorities at all. Of course, it means you trust the official DNS records to be accurate from ICANN on down; but then, you need to trust them, as otherwise you're kind of buggered anyway, under most circumstances.

This means the root signing mechanism for ICANN HAS to be secure and proper. Otherwise, the entire DNSSEC mechanism cannot be trusted. And that's why this rigmarole of multiple key holders from many different countries. Without subverting a large number of them, there's no way for any large company or country to seize control of the DNSSEC system. Some of it is a bit of security theatre, but most of it is necessary steps to ensure the root zone signing is kept secure. Even if one whole national registrar - say, verisign - gets compromised, the rest of the internet's DNS will remain trustworthy.

DNSSEC is a long way away from being routinely deployed. But it is growing, and it is a definite step forward in securing the functional infrastructure of the internet.


*in practise, we shouldn't go alllll the way to the root zones for lookups. You have DNS cache servers at your ISP etc that save results for a while and just return those, rather than look them up fresh every time - they just get results that have been hanging around a while and need to be re-checked. This is still compatible with DNSSEC. This is why it takes a while to move a website to a new IP address.
posted by ArkhanJG at 9:29 AM on February 28, 2014 [13 favorites]

I watched the whole video hoping to catch a glimpse of the Asteroids machine, which, despite being one of the bassiest and dimmest video games of all time, apparently "blares out tinny music and flashing lights."
posted by rlk at 9:32 AM on February 28, 2014 [1 favorite]

I like Schneier's quote: "A lot of it is necessary, and some of it is necessary theatre". Nothing wrong with a little ritual ceremony, although I think it'd work better if people were wearing white robes and there was some blood magick involved somewhere. (I mean didn't everyone lose their virginity on a mainframe altar at a PGP key signing party in 1995? What, only me?)

Thanks for the DNSSEC context, ArkhanJG. The failure of DNSSEC and IPSEC to be meaningfully deployed is one of the greatest shortfalls of Internet technology. I used to think it was simple customer recalcitrance (see also: IPv6). But now that we know NSA has been actively subverting Internet security for years I wonder if it's something more sinister.
posted by Nelson at 9:35 AM on February 28, 2014

I understand the point of what was going on for the DNSSEC issues. But the breathless ritualization of a few folks getting together to renew the keys plays out like theater.
posted by k5.user at 10:12 AM on February 28, 2014

the Elders of the Internet

Soon they will release The Protocols of the Elders of Transmission Control.
posted by yoink at 10:24 AM on February 28, 2014 [1 favorite]

Thanks for the great comment, ArkhanJG - I saw the FPP and was gearing up to do a bunch of explaining but you probably did a better job than I would've, and first. :)
posted by rmd1023 at 11:00 AM on February 28, 2014

Soon they will release The Protocols of the Elders of Transmission Control.

Cabal Member #1:  I call to order the meeting of Elders, we who do evil
                  because we are evil.
Cabal Member #2:  Hooray!  Today we will do evil.
Cabal Member #3:  Muwahahaha!
CM#1:  Cabal Member #4 could you sum up our evil plans concisely so that
       if these minutes ever fall into the hands of the innocent victims
       they will know that we are evil?
CM#4:  I would be delighted.
CM#4:  First, our agents continue to blackmail officers to keep net
       neutrality in place.  This communist policy will tear down the
       structure of capitalism and destroy the future of America.
CM#2:  Oooh, that's evil.
CM#3:  Muwahahaha!
CM#4:  Second, our plans to interrupt Netflix streams just often enough
       to anger people but not quite enough to get them to give up
       continues apace.  We have no particular goal for this program,
       we just like to piss people off.
CM#2:  Pointless plans are the most evil of all.
CM#3:  Muwahahaha!
CM#1:  Could someone hit Cabal Member #3?  I think he's stuck.
          (CM#2 punches CM#3 on the arm)
CM#3:  Whew, thank god for that.  CM#4 could you continue with your
       summary of evil?
CM#4:  This brings us to our current project.  We have replaced six of
       the seven sacred key holders to the internet with our own agents.
       Who are evil.  Unfortunately the remaining key holder is a white
       male American between the ages of 35 and 45 with strong libertarian
       leanings.
CM#4:  All of our attempts to subborn him have failed due to his possesion
       of multiple firearms.  Firearms work much like crosses in scaring
       away our evil agents.
CM#2:  Drat!  How can we do our evil work if he is so well protected?
CM#1:  Enough.  We will have our agent Snowden pit the NSA against the
       security community.  In the confusion we will seize control of
       his key and with it corrupt DNS!
CM#2:  That's brilliant.  And evil!  Everyone, a toast to evil!
          (they all toast)
CM#1:  I hereby close this meeting.  In the foyer you will find puppies
       which we will torture and then eat.

posted by Tell Me No Lies at 12:05 PM on February 28, 2014 [5 favorites]

Except MeFi does not have DNSSEC in place.
posted by Samizdata at 9:53 AM on March 1, 2014

I'm part of the cabal. (One of the recovery key shareholders.)

On the one hand, the procedure did seem ridiculous, when we all went through it.

On the other, a lot of people from a lot of countries were observing and did take this very, very seriously. This is what security looks like to a lot of systems around the globe.

Happy to answer questions.
posted by effugas at 12:12 AM on March 2, 2014 [4 favorites]

Hey effugas, thanks for dropping in! Is there something readable about the current state of DNSSEC? A quick look on Wikipedia shows that Comcast and Google DNS both support it, but I don't really know what that means in practice.
posted by Nelson at 8:52 AM on March 2, 2014

effugas: Is there another description of the process around somewhere, perhaps a little less ... breathless than TFA? I'd be interested to read about the security measures, why they exist / what the perceived threats are, etc.

I think it's unfair to write off any part of the process as mere "security theater" without knowing more about what the (perceived) threats are. E.g. the safes, the cage, the mantrap could all be reasonable responses to particular threat scenarios. I doubt they went out and did all that purely for show.

Somewhat ironically, I think we have achieved a level of cynicism among people who know something about security wherein anything that looks like TSAesque security theater is deemed worthless, without necessarily considering that while what the TSA does is largely stupid, the security measures they love so much generally ape physical security practices which, in particular scenarios, are not stupid nor meaningless. It's all about context.
posted by Kadin2048 at 2:04 PM on March 2, 2014

OK, I'll try to be less cynical.

Think of, say, the SI alloy cylinder that is the official kilogram measurement.

Every year or so, they (for some definition of they) pull the cylinder out, measure it, and use that measurement to calibrate every other certified device, and things trickle down from there.

This isn't much different. "they" all get together, re-certify the crypto, and everything "flows" from there.

I'll toss in an old, (95-ish) computer security joke: it always comes down to men with guns. (ie if you want a secure computer, it is never on a network and has men with guns in front of it).

That's where the cynicism comes in: Crypto gets re-signed regularly (not daily, but often enough), why should it be such a big deal ?

Yeah, there are a few partners needed to all come together to get this done, but shit, again, competitors/"enemy" organizations do similar stuff all the freaking time. (It smacks of a bit too much scifi/fantasy "break the ring into 5 pieces and give one to each tribe, to force them to work together to defeat the evil wizard that comes back every 100000 years blah blah blah).
posted by k5.user at 6:56 AM on March 3, 2014

Every year or so, they (for some definition of they) pull the cylinder out, measure it, and use that measurement to calibrate every other certified device, and things trickle down from there.

Actually, according to your own link they only actually pull the prototype Kilogram out of storage every 40 years to compare it to the official copies. It's quite a big deal.

Weights and measures are an interesting analog to the situation with DNSSEC. One of the innovations of the American Constitution -- and one which was met with uncharacteristically unanimous agreement -- was that while weights and measures are enforced by the states, the actual standards are defined nationally, as standards are a Good Thing in the course of doing business. Before that era deliberately debased measures were a shockingly common tactic for profit maximization.

So the end result is that, for similar reasons, nearly all modern nations voluntarily comply with the SI standards coordination, and enforcement of the standards is considered a proper function of the law. And those are your guys with guns -- the fellow who shows up at your grocery store to put stickers on the scales is actually a cop. And he can shut down your business and even arrest you depending on what he finds during a surprise inspection.
posted by localroger at 8:01 AM on March 3, 2014

It smacks of a bit too much scifi/fantasy "break the ring into 5 pieces and give one to each tribe

The reason they're splitting the key is to prevent a situation where a compromise to a single person could result in a key disclosure. There is, presumably, no single person who can be trusted with the key by themselves, without someone else having a problem with it.

The low-tech solution would be to put the key in a safe and then have a couple of people stare at it, in shifts, all the time. That's probably a bit effort-intensive though, so splitting the key ensures that it takes a cooperative effort of at least a fixed-number subset of keyholders to do anything. Everyone might not trust each other individually, but they might trust the group in general. It seems like a pretty elegant solution to me.

It also has the benefit of decentralization: rather than having a single key stored in a single place, like the kilogram, if they need to perform a re-signing they can do it anywhere that the keyholders agree to. That might also get over some geographic trust issues.
posted by Kadin2048 at 12:45 PM on March 3, 2014

Current state of DNSSEC is...well, I'll be blunt. We're not exactly in a great geopolitical environment to be advocating deep centralization of trust. Decentralized trust doesn't work at all, but that doesn't really matter right now. (What about Bittorrent you say? Well, you get a trusted hash from a site that you look up in DNS that ultimately roots back to a trusted namespace. Bittorrent is as decentralized as is effective but no more.)

I don't actually think the processes are for show. Somewhat ridiculous, yes, but if you were to do something expensive and nasty this is when you'd do it. Having all these observers and all this process is a great way to avoid doubt.
posted by effugas at 9:34 PM on March 3, 2014

The Internet already has a certain amount of mandatory centralization due to how DNS works.* If you want to have one Internet, there's going to be a root DNS zone, and somebody is going to have to coordinate the namespace delegation from there. And since DNS needs to be secured anyway, so you might as well use that as a channel for publishing site certificates and get rid of the shoddy CA system.

The trick is keeping what the central authority does as uncontroversial as possible. Individual parts of the Internet always have the option to pull out from the rest of the network and go it alone, and a major dispute could result in a "split root" that would break the Internet into competing sections without a unified namespace. It's always leadership by consensus at the end of the day.

Provided that ICANN doesn't give in to the temptation to create a bunch of new TLDs — and I'm of the opinion that in retrospect, un-countrycoded gTLDs were a Really Bad Idea — or otherwise increasing their scope, they should be fine. All they need to do is hold the current status quo and sign the records for the various gTLD and national registrars, and then let them do the dirty work of signing individual records including site certificates and whatnot. If people don't like a particular registrar's signing policies (which is equivalent to not trusting a particular CA under the current system), they can configure their system not to trust it, or just block sites from that domain.

It's if they get into creating additional TLDs or becoming the actual arbiter of disputes over the legitimacy of one registrar vs. another (instead of punting to the UN or something to determine ownership of a country's ccTLD) that they stand a very great risk of becoming a target, or worse a trophy for various geopolitical actors to wrestle over.

* And then there is the separate issue of how IP address assignments and AS numbers are handled, which is IANA rather than ICANN. I think you could probably decentralize those more easily than you could get rid of the root DNS zone, though.
posted by Kadin2048 at 8:31 AM on March 4, 2014

Thanks for the answer, effugas. I'd still love to see some technical summary if one exists. I see from Wikipedia that Google DNS supports DNSSEC and Comcast implements some part of DNSSEC too. That's encouraging, I'd just like more depth on exactly what that means.

I think blaming the "geopolitical environment" for lack of DNSSEC adoption is a cop-out. I mean, DNSSEC development goes back literally 17 years, when such risks were purely theoretical. Apparently we don't have much to show for it. Even if DNSSEC doesn't solve the problem of NSA/China subverting the whole system, it would definitely stop a lot of stupid script kiddy attacks. And like Kadin2048 I'm a bit more optimistic about the hierarchical trust model implicit than the TLD structure.

(On this topic, the more urgent geopolitical threat to me is the relative decentralization of browser SSL certificates. There's some 400+ sources of trust in the typical web browser. There used to be a few more until those were subverted by hackers clumsy enough to get caught. How many more are compromised and we don't know?)

My dark belief is that vendors and users either don't understand or don't care about Internet security. And the good guys who do care enough to make it happen despite customer demand are either overcareful sages too worried about getting every detail right or else co-opted by NSA and actively working to undermine security.
posted by Nelson at 9:57 AM on March 4, 2014