Architectural principles of the internet from way back in 1996

I was reading the RFC 1958 to understand the architectural principles laid down for the internet way back in 1996 and came across an interesting term the 'end to end argument', which is discussed in depth in a paper by Saltzer et al .

The basic argument is that, as a first principle, certain required end-
to-end functions can only be performed correctly by the end-systems
themselves. A specific case is that any network, however carefully
designed, will be subject to failures of transmission at some
statistically determined rate. The best way to cope with this is to
accept it, and give responsibility for the integrity of communication
to the end systems. Another specific case is end-to-end security.

To quote from [Saltzer], "The function in question can completely and
correctly be implemented only with the knowledge and help of the
application standing at the endpoints of the communication system.
Therefore, providing that questioned function as a feature of the
communication system itself is not possible. (Sometimes an incomplete version of the function provided by the communication system may be useful as a performance enhancement.")

Though this is applicable mostly to reliability and availability, an interesting thing is that it doesn't quite equally apply verbatim to security. The dynamics of the internet and security requirements have changed to such an extent (as also noted by Bradner here), that this argument (which the architecture of the internet is based on) does not seem to be as applicable to security any more.

[PS: I cannot believe that there are no updates since RFC 1958]

Unleashing the power of Google

In a book by Chris Sherman, named Google Power.. , he writes of an article that he authored way back in June 1999. At the time Google was still on its way to becoming popular and was laying its foundations. Something striking from the interview in the article:

'Unlike the major search engines, Google is a "pure" search engine. No news, email, chat, stock quotes or other trappings offered by major portals. And Page says that Google intends to keep it that way, focusing the companies energies strictly on search.'

:)

Rootkits

Some information I got from Neil Daswani's book Foundations of Security : A rootkit is a set of impostor operating system tools (tools that list the set of active processes, allow users to change passwords, etc.) that are meant to replace the standard version of those tools such that the activities of an attacker that has compromised the system can be hidden. Once a rootkit is successfully installed, the impostor version of the operating system tools becomes the default version. A system administrator may inadvertently use the impostor version of the tools and may be unable to see processes that the attacker is running, files or log entries that result from the attacker’s activity, and even network connections to other machines created by the attacker.

Context Aware Phishing

The security and privacy of context aware applications is important for several reasons, the most important one being that these applications have access to a lot of the user's personal information (like location, preferences, behavioral history, etc). What is more interesting is that phishing attacks can be taken one step further by using contextual information . As Markus et al talk in this paper, an attack considering context of a user would make him more gullible to the attack and less aware of any trust factors he should be looking for. Phishing, done through web sites, already does consider context in many cases. But when we talk about context aware mobile applications, what kind of attacks would be possible? If an attacker knows the locations you have recently visited, he could easily use that information into gaining your trust.

Anind Dey's talk

Yesterday, we had a presentation by and lunch with Anind Dey, an asst professor at Pittsburgh. He's currently working on applying human computer interaction to ubiquitous systems and context aware applications in particular. Among the projects he's working on, he explained a few which sounded very interesting. One of them involves the study of traffic and driving conditions on drivers, and using this information to improve intelligibility of navigation systems. For that project, he presented a paper at CHI-09 of a design to show the navigation on the windshield of a car, instead of having the driver distracted by a gps-like system. Another project involved a memory-logging system meant for alzheimer's disease patients. It consists of a camera that takes pictures every so seconds and helps these patients remember what they did in the recent past. He mentioned that one Prof Laura at Pittsburgh is also working on studying the usability of security and privacy in context aware mobile applications. Apparently, her findings show that the padlock is the least useful cue in conveying security in underlying transport. One of Anind's suggestions was that of using a change in the background color of the application in case of a connection to an insecure access point. Hmm.. need to get in touch with her soon!

Idea

Over the past 3 months, I have been focusing on understanding how user's are affected by security and privacy cues in software applications (or other systems, like a car or house lock). One interesting idea that came to mind while reading the Clickbot.A paper was that we have not talked about the human factors (though indeed of a different nature) that influence security guarding agents, like anti virus companies or banks. What motivates them while dealing with security and fraud? An example that came up from the paper was that of anti virus companies spending time and money to identify a piece of software as being malicious, but they have no incentive for analyzing the behavior of bots that spread these malicious software. How do these factors affect software developers like us, and more so the public at large who use these software?

Neil Daswani's talk

Today we had a guest lecture by an ex-Google security expert, Neil Daswani. He was here to talk about web application attacks and current threats to information security. In less than an hour, I was introduced to several new terms, like Same Origin Policy , Google's Map Reduce , Drive-by-download , Clickbot.A and Malvertising . It'll take a week for me to get into the depths of each of these topics and write more about them, which is another reason why I'm glad I attended this lecture. The main reason, though, is that he told us more about the Advanced Computer Security Certificate at Stanford. The pricing sounds reasonable and the courses, very interesting. I definitely plan to go out there some time soon, after I get a job.

RSA Conference '09

The theme for the RSA conference this year is Edgar Allan Poe . The man set up a contest for people to submit to him a cipher and offered free subscription to Alexander Graham's magazine if anyone submitted a cipher which he could not break. The contest was closed six months later by Edgar, claiming that he had broken all the 100 ciphers sent to him as an entry to the contest. And all this, by the way, was in 1839!

P2P Privacy

An interesting article from one of Schneier's blogs made me a more curious about privacy in peer to peer networks. This reminds me of the project idea that Keying was talking about in class - privacy and security perceptions of people using p2p networks. It would have been a good project to work on for sure.

Apparently, it is just as likely that the entity prying onto your system from a p2p network may be a legitimate company as it could be an attacker. How do you save yourself from such prying eyes? By installing open source tools like PeerGuardian or ProtoWall. I plan to do this some time soon. Will keep posting the results.

No more ADC?

The wait for ADC II has been long and quite annoying. Early this year I knew there was little hope in expecting an announcement anytime soon, or even this year. Specially since Google started handing out devices to their employees for free to get more people to build applications on their platform, instead of hosting another ADC. What came as a shock though, was that they removed all trace of ADC I from google.com entirely. How is that justified?! Boo-hoo Google!

Idea

An idea that came up during the guest lecture on Access Control today was to study the effectiveness of social controlling techniques in access control. An example of social control in access control is, say if you perform access control on a file by sending an email to all the people you want to grant access to and deny access to others by stating in the email "Do not share this file with anyone not in this mailing list".

Ultra-human vision

In continuation to the idea and implementation put forth by Pranav Mistry in 'Sixth Sense', this article at Next World takes it a step forward and talks about a research project undertaken by researchers at University of Washington, in which the use of contact lenses would replace the projection and the person wearing them could see all information that he needs about the object within his range. Would this work in conjunction with the transcranial magnetic simulator or would it need a different interface? So many interesting questions can be asked about a technology like this.

Spim and more

An interesting article about the top 5 IM security risks features (surprisingly) at its 5th position a term called Spim . That is spam for instant messaging. So how does spim work? One source is from im server databases. People sell the account names alongwith any other demographic information to spammers and in turn these spammers will use bots to make life hell for you. So what happens when you reply to these bots? An interesting wiki article talks about a bot called The Great Hatsby which basically hooks two people who reply to the bot and pretends to be chatting with them both. An open source tool - bot sentry is apparently the most powerful anti-spim tool (as a plugin for Pidgin) which only allows messages to be sent to you from people in your friends list, your allow list or someone who gives a correct reply to a question you have already set for the tool to ask. Now, that's an intelligent yet really simple design.

Of course on a similar note, there are other techniques like splog, spasms (spaSMS. lol!), spamming on newsgroups and forums, etc.

Wow!

The most interesting work I’ve seen in quite a while here . This gives a whole new dimension to context and awareness!

Integer Overflow

In my quest to check what other code attacks are possible because of vulnerabilities in the run time, I came across a method to perform integer overflow to indeed corrupt memory. The article clearly explains the opcodes too, which makes it so much easier to understand. Anyway, its getting late now and I'm not able to find a good integer overflow attack that can be actuated in Java, so I'm going to call it a night and hope I find more luck tomorrow :)

This one's for the viruses

When I googled for top ten all time worst viruses, I found an interesting article . Now what is interesting about this article is that most of the viruses listed are really old and the authors have been caught too. Nevertheless, a majority of these (and other new ones - the most popular one being Conficker ) exploit a single technique - buffer overflow. Besides other techniques, an interesting method used to exploit buffer overflows is NOP slide technique which uses the NOP (no operation) instruction to slide to the end of the buffer to get to the exact redirection of address to the start of the malicious shellcode. Though old, it definitely is interesting enough to make an entry into this blog.

Of course, more importantly, techniques to counter buffer overflow attacks. Apparently it is extremely important to use safe (bound checking) libraries and yet, how many times do we really do that?