Schneier on Security

Clive Robinson • January 28, 2023 4:02 AM

@ Steve,

Re : Being nice.

“It’s a tricky problem.”

It is, especially when as anthropologists point out “being social” is actually effectively genetic, and may be due to evolution.

As you may not know, the size of the human head, thus the brain is limited by the size of what is politely called the “birth canal”.

As a result the head of a baby is actually “compressed” and expands significantly over the next few days after birth as the skull bones move into place.

It has been argued that this process is part of the reason human babies do not “get up and run with the herd” within an hour of birth. Or as with arachnida:araneae start spining geometrically complex webs.

As a very loose analogy human babies are like PCs once were and the spiders like the microcontroler in your coffee machine. Whilst the coffee machine “worked out of the box” the PC did not, it needed a little love and attention and software be loaded to give it it’s working personality and function.

Thus for babies to survive to become viable parents they need the support of their parents / family / troop / society. Being nice or atleast the ability to fake being nice is a survival trait.

It’s also been argued that adolescence where children undergo a major psychological change and thus appear almost as an “alien species” occurs because they have reached a point where they can survive independently. Thus they are faced with a choice along a scale of total independence from others to total dependence on others. Either end of the scale actually being evolutionary undesirable.

So the argument is being “social, is an essential built in” of humans more so in women than men as they are the initial primary care givers[1].

So… If being “social” is evolutionarily desirable, but also a “security anti-pattern” not only does it raise a series of interesting questions[2], it also tells us implicitly that phishing is not going to go away.

But it also has a more curious question lurking within, that is, is phishing effectively a “Maslow’s hammer”[3] or it’s inverse?

If it is the inverse then the advantage is actually with the Doves not the Hawks, as they have significantly greater numbers and can thus “organize around” the Hawks who are down at the near total independence end of the spectrum.

But there is a third option with phising that people should consider.

Phishing is reliant not just on humans being social, but the communications system being almost completely insecure.

Up untill less than a couple of centuries ago by far the majority of communications was “face to face” which implicitly gave a number of “authentication channels”. Every attempt so far to extend communications beyond “face to face” has been vulnerable to falsification or impersonation.

Thus the Doves have two potential solutions to the Hawks,

1, Only communicate face to face.
2, Develop communications authentication atleast as strong as that of face to face.

I’ve never been “phished” in my social communications, because I personally do not use Email or other weak/non authenticated distance communications, and I also “second channel” anything that looks even remotely “hinky”.

So far the use of a second channel has stopped issues to do with replay-attacks[4] but I’d be the first to say “Second channel is not sufficient on it’s own”.

But that raises the question of “Deniability” one asspect of society, that some claim is part of the glue that holds society together is “The little white lie”. They work because they can not be verified and are often easily deniable in very many ways often due to the ephemerality of face to face communications and the vagaries of language usage, where you can say things that can be multiply interpreted or miss interpreted[5].

So, we end up with the issue of is strong authentication of remote communications actually desirable for individuals or society?

Just remember before jumping one way or the other Cardinal Richelieu’s “six lines” maxim, is the very reason deniability is essential[6].

[1] There is an argument based on observation that a childs face has significantly more of “the fathers looks” than the mothers so that the father will see it as being their offspring. I could point out that the argument has flaws. However the argument works better if the similarity is not for the father but other members of the social grouping. Thus the implication that familial or genetic identification is quite essential in societal groupings.

[2] Look on it as a lead in to the “Hawks and doves” issues.

[3] From the observation of “If all you have is a hammer, every problem looks like a nail” implying an over reliance or cognative bias of a favoured tool. With the inverse of “If all problems are nails, you only need a hammer” implying an evolutionary cul-de-sac.

[4] SMS is actually “weakly authenticated” at best and only for the communications channel not the user of the channel. By the way SMS works, messages can be injected at intermediary nodes and appear with sender identification attached, but in no way verifiable. Not much mentioned is occasionaly due to software faults along the SMS path from sender finger to recipient eyeball messages can get replayed in part or whole. Any SMS I see as potentially hinky I then take to another channel, usually a voice call or “face to face” which adds a degree of “actual user authentication” (The face to face was how we reliased there was a software error because we could see both mobile devices and verify what we said had been sent and what we said had been received).

[5] The whole “Does my bum look big in this?” or equivalent trap that comedians still find new jokes in. The reply that gets you out of it is not to answer the question such as “That’s a fantastic dress, and you know I love your bum” then immediately drop into counter-measures mode of some form.

[6] One of the problems with most encryption by cipher is the “Unicity Distance” of the cipher. It makes deniability difficult to impossible when the second party (recipient) betrays the first party (sender) in a communications to a third party (adversary) who has a verified copy of the sent ciphertext. There are two basic solutions have a cipher where the unicity distance is longer than any message can be, or use some internal coding method on the actual message such that it is ambiquous at best to the third party who thus can not verify or uniquely identify the plaintext message agsinst the known sent ciphertext. In essence both methods need the equivalent of a “One Time Pad”(OTP).

https://en.m.wikipedia.org/wiki/Unicity_distance

Unfortunately the OTP has issues that generally stop it being used. The most obvious is the amount of “Key Material”(KeyMat) required thus the difficulties of “Key Managment”(KeyMan) of which, audit, grneration and distribution are just some. Obviously using an OTP cipher needs a large amount of KeyMat, however actuall plaintext is very mostly redundant thus an appropriate code book can take much of the redundancy out thus coding the plaintext needs less KeyMat. However the downside of using code-books to reduce message length is the plaintext becomes stylised, which removes or limits one form of authentication humans tend to rely on when face to face communications is limited.