1 How to live and prosper with insecure cyberinfrastructure Andrew Odlyzko Digital Technology Center University of Minnesota

Slides:



Advertisements
Similar presentations
Internet Governance and Democratic Legitimacy (in the US) Olivier Sylvain, Vox Internet II: Le droit dentrée 27 March 2010.
Advertisements

Conference on Accelerating Global Commerce Through Technology and Policy Elliot E. Maxwell September 20, 2002 The E-Commerce Policy Landscape.
THE ANALYSIS OF USING PSYCHOLOGICAL STRATEGY TO DECREASE ILLEGAL MOTORCYCLE AND BIKE PARKING PROBLEMS IN CITY CENTERS Kuang-Yih Yeh, Hao-Ching Hsia and.
Cloud Computing COMP 1631, Winter 2011 Yanggang Chen.
Youth and Digital Media in Central Asia Sarah Kendzior, PhD.
Breaking Trust On The Internet
American Free Enterprise
“We need to cultivate the imagination, for those who lack an imagination cannot know what is lacking.” -Vijay Prashad.
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
An Introduction to Assurance and Financial Statement Auditing
1 PROCEDURAL DUE PROCESS. 2 Texas Education Agency provides Notice of Procedural Safeguards Rights of Parents of Students with Disabilities Download this.
MADALINA CROITORU Software Engineering week 1 Madalina Croitoru IUT Montpellier.
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.
Business Plug-In B7 Ethics.
Broadband Andrew Odlyzko The Many Paradoxes of Broadband
The Growth of Dual-Use Bioethics Lecture No.13 Further Inf. For further information and video link please click on the right buttons in the following slides.
1 Network design What (not) to expect from the future Internet Andrew Odlyzko Digital Technology Center University of Minnesota
University of Minnesota Economics, psychology, and sociology and the limitations they impose on secure knowledge management Andrew Odlyzko Digital Technology.
Cybersecurity versus human space, and the role of cryptography and security Andrew Odlyzko, Digital Technology Center, University of Minnesota, 02/09/2007.
1 Digital Rights Management: Desirable, Inevitable and Almost Irrelevant Andrew Odlyzko Digital Technology Center University of Minnesota
University of Minnesota Cybersecurity and its limitations Andrew Odlyzko Digital Technology Center University of Minnesota
Information and communication technology (ICT) capability Australian Curriculum, F10.
1 From Filing Cabinet to Desktop and Network: Records Management in N.C. State Government Ed Southern Government Records Branch N.C. Office of Archives.
Are consumers really networked? And, if they are, should you care? Jim Jansen Senior Fellow Pew Internet & American Life Project (they are and you should)
1 Raymond Doray Conflicts between the new Canadian Money Laundering Act and the rules of professional conduct and ethics September 13, 2002.
This is my Kindergarten Electronic Portfolio From ~ Gardner Math, Science, Technology Magnet School Click Here To Begin.
12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.
12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.
Syllabus CS 765: Introduction to Database Management Systems Fall 2008 Text Database Management Systems Ramakrishnan/Gehrke, 3rd.
Semantics 3rd class Chapter 5.
Corporate Social Responsibility
1 AO 8/03 University of Minnesota 1 AO 8/03 University of Minnesota Providing security with insecure systems Andrew Odlyzko School of Mathematics and Digital.
ELECTRONIC CONVEYANCING WORKSHOPS 2009 Simon Libbis Executive Director Ann Kinnear Operations Manager.
Do you believe in this? Due to its very nature, the Internet is NOT a safe or secure environment. It is an ever-changing medium where anyone and everyone.
Core campaign messages ‘Let’s not throw it all away’
ARTIFICIAL INTELLIGENCE [INTELLIGENT AGENTS PARADIGM] Professor Janis Grundspenkis Riga Technical University Faculty of Computer Science and Information.
John Locke ( ) Influential both as a philosopher (Essay Concerning Human Understanding) and as a political thinker (Two Treatises on Government)
Public Review Committee Linda Sullivan-Colglazier Assistant Attorney General July 28, 2011.
Web Architecture: Extensible Language Tim Berners-Lee, Dan Connolly World Wide Web Consortium 元智資工所 系統實驗室 楊錫謦 1999/9/15.
Jeopardy: Digital Citizenship Please use presentation mode!
An Object-Oriented Approach to Programming Logic and Design Fourth Edition Chapter 6 Using Methods.
Introducing Interviewing COMM 3420 Chapter 1. Overview An introduction to interviewing The essential elements of interviews Relational communication.
Software Engineering Principles. SE Principles Principles are statements describing desirable properties of the product and process.
Ethics Scenarios Ms. Lindsay. Ethics Scenario 1  Ben’s Game:  Jerry borrows Ben’s game disks for Monster Truck Rally II and installs them on his home.
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics.
DIGITAL SIGNATURE.
Y490 Politics of the Internet January 18, Three ways of defining the Internet  Technical: network of networks  Comparative: the Internet as an.
ISLLC Standard #1 Implementing a Shared Vision Name Workshop Facilitator.
International Baccalaureate
2 Digital Citizenship
Cybersecurity Essentials Lesson 1 Protecting Your Identity ICT Demonstrate an Understanding of Internet Safety and Ethics 3.08 Identify and apply.
784-1 Brooklyn College Sarah Kessar July 16, 2009.
A Vision for K-12 Science Education as Described in the Framework for K-12 Science Education and Next Generation Science Standards How is NGSS different.
The internet as a governance challenge mira burri, world trade institute university of bern.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
DAY 8 Using Identity and Inverse to Write Equivalent Expressions.
Understanding Business and Personal Law Offer and Acceptance Section 5.2 How Contracts Arise Requirements of an Offer Serious Intent Definiteness and Certainty.
The Power of Culture in ELT. 문화의 이해 Kelly (1945): 문화란 인간행동의 가능한 지 침으로서 항상 존재하면서 생활속에서 역 사적으로 창조된 현재의 잠재적, 합리적, 비 합리적인 모든 것을 의미한다라고 서술한 다. Kelly (1945):
THE core elements of digital citizenship
CS 2315 review.

Importance of statistics data for regional cooperation
American Free Enterprise
Issues in Cryptography
INTELLECTUAL DEVELOPMENT
CS305, HW1, Spring 2008 Evaluation Assignment
Operator Foundation The Future of Internet Freedom
Slide 1 The State of the State in Cyberspace The Hybrid Regulation of Global Data Protection Ralf Bendrath University of Bremen Collaborative Research.
American Free Enterprise
Presentation transcript:

1 How to live and prosper with insecure cyberinfrastructure Andrew Odlyzko Digital Technology Center University of Minnesota

2 Main points : Dominant issue in security: people Economics, psychology, and sociology trump technology We are incapable of building secure systems (and could not live with them if we could) Chewing gum and baling wire will continue as main security techniques Math and CS research efforts important, but should be redirected

3 Half a century of evidence: People cannot build secure systems People cannot live with secure systems

4 Civilian Cryptography of last 30 years: huge intellectual achievements, based on (and providing stimulus for) mathematics: –integer factorization –lattice basic reduction –probability –elliptic and hyperelliptic curves –algebra –… limited by human nature

5 Honor System Virus: This virus works on the honor system. Please forward this message to everyone you know and then delete all the files on your hard disk. Thank you for your cooperation.

6 Intentional ambiguity (in proposed SEC rule for corporate lawyers): Evidence of a material violation means information that would lead an attorney reasonably to believe that a material violation has occurred, is occurring, or is about to occur. VS. Evidence of a material violation means credible evidence, based upon which it would be unreasonable, under the circumstances, for a prudent and competent attorney not to conclude that it is reasonably likely that a material violation has occurred, is ongoing, or is about to occur.

7 Do not expect improvement: teaching people about security won’t solve the problem: growth in ranks of users of high tech proliferation of systems and devices –improvements in usability of individual systems and devices to be counteracted by growth in general complexity

8

9 1980s: the “Golden Age” of civilian cryptography and security But also: the “Golden Age” of fax, including faxed signatures

10 The dog that did not bark: Cyberspace is horribly insecure But no big disasters!!!

11 The Big Question : Why have we done so well in spite of insecurity? Will this continue? What can we learn?

12 More general puzzle: Prosperity and appalling innumeracy confusing millions with billions most spreadsheets flawed peer-reviewed papers with incorrect statistical reasoning

13 Why does a fax signature work? Hard to do serious damage with a single forged fax Fax usually just one of many elements of an interaction (involving heterogeneous elements, such as phone calls, s, personal meetings,...) The role of a fax signature has to be viewed in the context of the entire transaction. (And it is not used for definitive versions of large contracts,...)

14 Human space vs. cyberspace in technologist view : separate cyberspace a new world cyberspace to compensate for defects of human space

15 A Declaration of Independence of Cyberspace Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.... You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that already provide our society more order than could be obtained by any of your impositions.... Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that is both everywhere and nowhere, but it is not where bodies live.... Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here.... — John Perry Barlow, 1996

16 Cold dose of reality: human space and cyberspace intertwined human space compensates for defects of cyberspace

17 The role of cyberspace is increasing, and attacks and other action in cyberspace are faster and more far- reaching than in physical Partial Solutions: Speed bumps Example: e-voting –Untrustworthy electronic systems compensated by printed record of vote

18 Quantifiable benefits of (incomplete) security:

19 Contrarian lessons for the future: learn from spammers, phishers,  build messy and not clean –create web of ties to other systems –permanent records

20 Contrarian lessons for the future (cont’d, in detail): security through obscurity code obfuscation, “spaghetti code,”  “least expressive languages” rely on bad guys’ human failings law and lawyers

21 Further data, discussions, and speculations in papers and presentation decks at:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.