After thinking long and hard, I came to the conclusion that all security ends up being physical security. Currently we assume a person’s body is physically secure, with memory being the most secure part of all. Common security systems, such as passwords, try to extract as much of this secrecy out of us as possible and store it somewhere less secure like on a remote server. This is horrible. I don’t care that it’s stored in hashed form: if we only have a finite amount of secrecy to give, then once we reveal it in a form that can be brute-forced, Moore’s Law will ensure that at some point it will be brute-forced and will no longer be secret.

So we should do less of that, and exploit the real issue, which is physical security. We do have some secrecy storage that are less secure than memory but more secure than an untrusted remote system. For example, we have storage on trusted computers and personal devices; more exotically, we have biometrics and DNA (physical versions, not data of them); and we also have non-replicable behavioral capabilities in the sense that they are driven by stored “secret” body states. These things we call “reasonably physically secure storage” (RPSS). They are compromisable, and will reveal all their stored secrets if compromised, but they are “impossible” to get to without you knowing. Obviously this is technology dependent, and you can potentially get to human memory with superior MRI technology. Or straight up torture works, too.

But let’s assume there are both physically secure storage (e.g. memory) and freely modifiable RPSS (e.g. storage on phones). We can store on the latter a database of currently computationally secure secrets (e.g. long random passwords of high entropy). This database is protected by a secret we obtain from our memory, of potentially lower entropy than is computationally secure. We want to conserve our memory secrets, so we never use them directly for remote passwords. We only use them to unlock this database of passwords on the RPSS. The untrusted remote server never gets to our memory and never has computationally insecure secrets to store, so it can be compromised all the time and we don’t care. We only reset the passwords there when computational capability improves or when our RPSS has been compromised. When the latter happens, we obviously need to generate a new database secured by a new secret from our memory before the attacker can compute the secret that unlocks the database. It’s also possible to secure different parts of the database with different amounts of memory secrets, no different from having different passwords. N-factor authentication can be implemented by sharding the database across several RPSS, secured by the same or different memory secrets. This is really the best we can do.

Currently this is very feasible. Keychain software already do this. But there comes a day when computational capability will far exceed the amount of secrecy that can be held in memory, or memory itself will become exploitable and RPSS, or worse. Then we must ask how much new secrecy can be obtained and stored, and at what rate. At that point, we may as well forget about human memory, as only machines can stay ahead of machines. We’ll probably have a physically secure implant that collects entropy from the physical proximity, making sure it is not common information accessible to other entities.* These secrets then supply the protection — in password form or otherwise — for less physically secure storage.

* Properly speaking we will be authenticating a local physical state that can only formally be called “me.”

Krys
$800?? Wow. Here is what I did and it only cost me about $60.
I had similar problem. The ticket was in my name and i bought it in June 08 for the trip to Poland in December. In July, my grandmother died. Since we did not have a lot of money I decided to give my ticket to my dad. I ran into the same problems trying to change name on the ticket. After whole week of trying I gave up. I looked into changing my dad’s legal name. And there it was. A process that took about 1 week, $60 in cash, 15 minutes in front of judge and we had my dad’s first name changed to mine. I was honest with the judge as to why he wanted to change his first name (my dad doesnt speak english). Once we got the approval, we went to secretary of state to get him new license, once we got that we got him new green card (took 2 months) and there he went. He now changed his name back for another $60.

This is part of the Toronto visit series.

I sit in this small airport in the middle of Downtown Toronto, wondering why airports can’t all be like this. YTZ (Billy Bishop) is small, with a single terminal (if it can be called that). There is just one commercial airline, also a small company. And its planes are small, four-seat-across propeller aircrafts that I’ve sworn not to take again after one particularly unpleasant ride years ago, but am taking anyway. More on that later.

The inbound wasn’t all that impressive. You go through Canadian customs, then cross a small canal on what must be the world’s shortest ferry ride — I mean you wait for the ferry longer than the ride, which is like 20 seconds — to the parking lot which also belongs to the airport. The airline provides two shuttles, one to the York Hotel, one to Union Station. To go anywhere else you’re kind of on your own, but the nearest public trolley buses are a five-minute walk away — if you know where they are, because there is no information desk. This is the downside of small.

But downside is replaced by upside on the outbound. For such a small airport, US customs is not here, but back on the US side. This is great for saving time. YYZ (Pearson International) is not like this; it has both the Canadian and US customs checkpoints outside the security perimeter. Somehow this also translates into a friendlier security checkpoint at YTZ. You don’t have to take off your shoes unless they tell you to, you can put your laptop in the same bin as other stuff. Mostly they are not in a hurry because there is nobody in the airport this day — almost empty. Also note the following:

It makes air travel bearable again. A tradeoff exists with small planes, too. They don’t do too well in turbulence, but in exchange for this possibility, they are quiet and have large seats. Also they seem so… primitive, and their mechanism so… accessible, that I couldn’t help but watch the propellers go around.

Oh do they? But come… on…, what is this ridiculous demonstration? Okay, okay, it’s the IT Policy School over there, let’s cut them some slack. What they’ve come up with is a way to read seated DRAM under OS lock without specialized hardware, and if they said that, it would be fine.

While I don’t care for their pseudo-slick presentation and shameless self-promotion (with a “blog”?), it is still a curious piece of work. Its unfortunate and regurgitated untechnicality leaves questions, though. DRAM is refreshed in tens of milliseconds, and since DRAM manufacturers are always trying to cut power consumption, I’m going to assume this rate is necessary to ensure reliable read out. There is a 3-order magnitude difference between that and the seconds to minutes reported that DRAM can be without power and still be read, during which time exponential charge decay takes place. Something else has to be going on, no? It just isn’t entirely clear that when the computer is turned off momentarily, on-board capacitors or even on-module capacitors aren’t discharging for long enough to residually power the refresh circuitry [*]. On the other hand, they claim they can remove the RAM completely and (with the help of liquid nitrogen) halt for an hour without power. I have some doubts as they dance around this issue.

As for real implication for security, there isn’t much, if only because this kind of breach isn’t fundamental. We already know that once indefinite hardware access to a running machine is first obtained (a practical requirement for this attack), there are always ways to compromise it. That’s how the Xbox was cracked — I’m talking about in-parallel probes on pins and traces, which can be just as well applied to the scenario here. Unless there are self-destructive mechanisms or other fundamental barriers to hardware access, we are just dealing with a matter of how high is the effort threshold. To fix it, encryption keys should not be stored in RAM in a detectable way, and any TPM modules that are currently being designed should have additional hardware security measures. That’s not hard to do, but in the meantime, let’s sit back and watch an uptick in the cracking of existing software and DRM protection schemes, as protected areas of RAM are opened up to easy hacking — a far more likely and practical fallout.

[*] I just read their full technical documentation, and they seem a little sloppy. They measure (and plot) total module read out error rate, but then fit a curve to it that they justify with MOSFET charge decay characteristics. Isn’t that right? Well, no: error rate should exhibit the typical digitizing water-fall effect of the comparator circuit.