When such a process does not end up in a system error that would trigger a correction mechanism, these assumptions become beliefs and subsequently regarded as indisputable truths. Although natural, this phenomenon can be a dangerous one, because when our assumptions turn out to be wrong, we can fall into the trap of making wrong decisions, not because the logic is cheating us, but because it is based on false fundamental elements.
When it comes to Internet and cybersecurity, these concepts are so complex, with so many branches, that often even the specialists are forced to work with assumptions. Modern marketing is particularly harmful, as it makes use of this information jungle in order to create a favorable framework where the goods and services are easily placed. A framework full of emotions, fears, partial information, where the technology limitations are hidden and strengths brought to the fore. It is important from time to time to stop and analyze the conditions under which we operate because each system is different. Only if we understand all sides of the system can we really apply efficient mechanisms for their security, and in the end, for our own personal safety.
Security, in general
Before we go into the details of the recent modern computer security system, since the information world has developed along an extremely distributed way, let’s analyze the concept of security in its most personal meaning, namely referring to an individual or group of people, be it a family or a company.
Take for example, insulin. It is an essential supplement for a person suffering from diabetes mellitus – its absence can have serious consequences on one’s health. So, if we look at the “safety of insulin”, it is important that it is not lost, nor stolen, nor deteriorated, i.e. it is at the disposal of the person in need. But if we analyze an insulin pump, things get complicated. This is a device that dynamically analyzes the glucose level and automatically injects the required dose. So, if you look at the “safety of the pump” from the point of view of the person that needs it, we can see that it is no longer enough to make sure that the pump is available to the person in need, but we must also ensure that nobody has access to the device setup, as it may harm the person in need due to the direct intimate relationship with its body.
We have to think similarly when it comes to a group, only in this case, we will have additional elements. Thus, in the case of a group, a family or a company, it is not enough if the safety of each individual member of the group is assured, we must also ensure that the group as a unit is safe. For example, in the case of a company, employees may be safe from the point of view of each person, but the company may go bankrupt because of an event that affects its operations, not necessarily the employee’s health.
Consolidated and distributed defense mechanisms
The easiest and best-understood security model is the enhanced one, the one around which we can place a security perimeter. In real life this is the most popular security mechanism, even starting from ancient times, with medieval fortresses, buildings of maximum safety, our houses, countless examples are built on this model, which are not accidental, but are the easiest to defend. It is sufficient to have a relatively impenetrable perimeter, and a limited number of accesses, and no matter how vulnerable the elements inside are, their safety is provided by the perimeter. The defense mechanisms are also easy to understand and available to anyone. The concrete walls provide a high degree of impenetrability, we have the possibility to set up security guards at the doors, a secretary is an exceptional biometric filter that can identify strangers or those who do something suspicious inside the building, a dog is also an excellent biometric filter, and it is not complicated to get one in order to improve the safety of the dwelling or the yard.
The same applies to cybersecurity, where we have many relatively secure mechanisms for implementing security on this kind of model that has long operated, practically from the beginning of the networks. The problem is that this model can no longer be applied to modern information structures, because things have changed radically and the era when the information assets of an organization could be placed in such premises has long gone. We no longer have the accounting program, the database, the ERP, etc. in the local network, we have them stored by an online service provider, that is, they follow a distributed security model around which no perimeter can be mapped out and so we need other defense mechanisms.
This form of distributed security is fundamentally different from the consolidated one and, unfortunately, is often misunderstood even by those who work in the field. In particular, the way of thinking about these mechanisms is reduced to the consolidated model and is often viewed simplistically: it is not a consolidated framework, there are several consolidated frames, each defended by separate perimeters, and from here on a series of misunderstandings arise and countless information vulnerabilities are born.
A similar example from the physical world, which we can easily understand, is the banking system. It is a system that has worked for a long time, where the goods are not kept exclusively in the perimeter of the house, but some remain inside the house, the money goes into the bank account, and some valuable goods are stored in the bank vault. Anyone’s natural reaction to this will likely be, in fact, that this model is even safer than the classical one, with all the goods stored in the perimeter of the house, because the bank’s security perimeter is better than the house’s perimeter. It is normal to look at situations like this, and cybersecurity marketing is using our weakness of seeing the glass half full half and misses some “slightly apparent” details, which in some situations can become the Achilles’ heel of the whole system.
Coming back to the bank example, it is undeniable a bank has a better safety area than any home, and as long as the good is stored in the deposit box, the sense of security is justified. But if the good in question is an object that we need on a daily basis and in the morning it must be transported to the company headquarters and in the evening back to the bank, the transitional period, in which the asset is neither in the safety perimeter of the bank nor in the security perimeter of the company, becomes significant and erodes the security aura of this complex system: bank + company. If bankers get bored of taking us twice a day to the vault and they decide to place the door of the safety deposit box by the window so that we can have access to its contents whenever we want, this whole aura completely disappears. In this scenario, the safety deposit box no longer benefits from the absolute security perimeter of the bank. No matter if its back is in the bank, its door is out of it, and everything separating the good in the safety deposit box from a villain is the door of the box itself. So, a series of vulnerabilities are introduced to the system with two safety perimeters: the transition period, the box lock, the hardness of the box, the person holding the key, the security features of the key, the security elements where the key is being kept, and so on.
If this paradoxical situation seems familiar, it is because it precisely describes the security conditions of the distributed framework in the information system. Mailboxes, our photos, online bank accounts, and all other accounts where we store information assets and not only, get to suffer from these deeply misunderstood security gaps that we disregard with the false statement that the security of an information platform provider is more advanced than the one of our PC.
In fact, if we are to secure the safety of an informational asset in this framework, we must ensure that all stages of its existence are secured. The security elements are not cumulative, but have a reverse synergy: the more elements the more unsafe the system becomes. When one climbs up a mountain, he or she depends on multiple safety features: the rope, the mountain rock, the anchor, the karabiners, the mate, and so on. If one of these elements breaks, the outcome may be fatal, and the more elements we introduce, the greater the chance that one of them fails.
Going back to the information system, it is not enough to rely on perimeter security, and we cannot afford placing an unsafe object within this framework, we must ensure that the objects themselves are safe at all stages of their use. For example, if we cannot be sure if a file exchange system is safe, but we have to use it anyway, we can very easily encrypt the data in the file and pass the key to the recipient in another way. Solutions exist but they are not always apparent.
Online security paradigms
In the distributed security model, there are two fundamental paradigms that must be taken into account: isolation, in the sense of ensuring that no one intercepts or alters transactions, and the certainty of identity, that is, the certainty that the partner which we deal with is the right one. And if in everyday life these two are trivial, in cyberspace where the identification elements are incomparably weaker, and the transactions are made on hostile grounds, things are much more complicated and the two elements must be strictly and concurrently followed, otherwise we cannot speak of security. For example, if we have isolation but we have no certainty of identity, we can fall into the trap of safely dealing with an evil entity, and if we have the certainty of identity and we have no isolation, we can be monitored, or the transaction can be intercepted and altered without our knowledge.
In 1995, Netscape introduced for the first time the secured socket layer (SSL) concept, a highly efficient mechanism capable of providing both principles, but only under its original form called MASSL (mutually authenticated SSL), which, unfortunately, despite existing for such a long time, due to practical reasons has not been spread. What most Internet users know as SSL is a simplified form in which only the server has a certificate of authenticity, the client does not, and thus the certainty of identity cannot be ensured on the client side. That is why more uncertain forms of authentication, which we are accustomed with, are being used, but which remain vulnerable to various forms of attack: by force, identity theft, interference, etc. It is important to be aware of these deficiencies when choosing a service provider or the method by which we store / manipulate a certain informational good, to take an informed decision based on importance, sensitivity, and so on.
Another very dangerous phenomenon is the introduction of a new type of SSL called DV (domain validated)-SSL, which in fact is an SSL that does not bear the certainty of the site’s identity, but only that it was issued for the site in question, which has zero value. Any villain can buy a cheap domain and run a DV-SSL data theft site that will look 100% legitimate, because browsers do not issue any alert, and even if this type of SSL can guarantee isolation, the unpredictable Internet user can type the password on an Internet page that steals data, because the certainty of identity is not available.
Security in this modern framework based on Software as a service (SaaS) is not easily understood and even harder to assure, because, unfortunately, there is a profound technological handicap coming from the fact that it is impossible to secure both paradigms in any given situation, and so there is an inherent weakness of the system that cannot be technologically eliminated, and should be analyzed and reduced methodologically.
Security in the IoT space
The IoT (Internet of Things) space is also an online space, but unfortunately, providing even greater uncertainty for many reasons. If in the case of a classic service-type application, the account, like the safety deposit box, is stored by the service provider, and this provides a certain maintenance that includes vulnerability correction, security of the perimeter behind the box, imposes certain access rules etc, then in the case of IoT devices, where most of them are stored at home or other insecure places without strict rules, professionalism, maintenance, vulnerability correction, it is virtually impossible to determine if they were fraudulently accessed.
These objects belong somehow to no one, because the responsibility for their safety is not assumed by anyone. For example, these days there has been a massive attack on the east coast of the United States that was executed by IP cameras and other devices in the homes of unsuspicious citizens.
What is even worse is that these devices often have an intimate relationship with their owners, such as the insulin pump in the case of the diabetes patient. It can harm the owner not only through information loss, which is in itself grave, but also through the fact that the device can perform functions that the holder relies on, for example, it can be a smart door, a smart alarm system, and so on, which, if it does not perform its function properly, it can cause serious damage.
So in the case of IoT, as in the case of online services, we need to look for and analyze the dependency points (rope, rock, anchor, karabiner, and so on) of the system and we need to make sure that all these points are solid because each introduces weaknesses through which the whole system can succumb.
It might be useful to formulate a list of questions that can help us understand these weaknesses and how they affect us. It is not easy, as the responsibility is deeply diluted in the case of IoT and almost every device is differently conditioned both, technically and from the point of view of the relationship with the person, the family or the company in question where it is placed. Any such list of questions must, however, include at least some elementary questions that we, as users of the device must be able to answer with a high degree of certainty, as a sign that we understand the problem, the associated risks, and have a plan in case things derail. For example:
- What kind of information does the device collect?
- Where is this information stored?
- Can the collected information be intercepted while being transferred?
- Can the information be stolen during storage?
- Who owns the collected information?
- Who controls the device?
- Who corrects vulnerabilities when they are being discovered?
- How do I know if the device is under the control of a malicious power?
- How do I turn off the device when stolen?
- How am I or those that I am responsible for going to be affected, if any of these questions fail?
It is very difficult or even impossible to answer all these questions, so the last question on the list is especially important. This is the question on which I can decide whether to make a compromise or prefer not to take the risk. Obviously, the response will be different depending on the device. For a smart electric bulb, perhaps the worst thing that can happen is wasting the object, so the risk is low, but in the case of more complicated devices, the situation may be much worse. On December 4, 2011, an American military drone was hijacked by the Iranians and captured because no one asked the second to last question from the previous list. It is not the case to analyze the incident in detail, but we can imagine how serious the situation got at all levels: political, technological, informational, financial, not mentioning the popular trust.
This long-awaited and prematurely celebrated world of IoT is still an unborn child with a lot of positive potential but which, if we are not careful enough, can also generate a world tragedy. Last but not least, each of us is responsible for understanding the gravity of this situation and for taking necessary action anytime the decision-making power lies with us – when buying such products or when the authorities consult with us regarding the laws governing these devices.
Information security is a very complex concept that is hard to define in itself, and the more complex a system is, the harder it is to analyze and understand. And although it is difficult to find a general formula covering all angles, it is relatively easy to understand each given situation, through the personal security aspect, because this fact, beyond certain generalizations, is a profoundly personal subject and those capable of finding questions and answering them will be those concerned. All it takes is elementary logic, a bit of time allocated to the matter, and a mental exercise considering all the elements affected by such a system, the components with which it interacts, the way they interact, their importance, ways of access, and how they all affect the person, the family, the company, etc., their final benefits and the risks to which we are exposed. And even if we do not find all the questions and consequently all the answers, we will be safer because we can eliminate the vast majority of the risks, because in the end it is everyone’s responsibility to make sure the things surrounding us do not endanger us.
This implies that there is a need for all of us at a personal level to learn more about the actions we can take to improve the security of the devices we consume to make our lives better. Ultimately such knowledge is going to have to be driven by governments and educational institutions to ensure all people have such awareness levels.
Translated from original language