Securing BGP: A Case Study (10)

9 May 2016 |

The next proposed (and actually already partially operational) system on our list is the Router Public Key Infrastructure (RPKI) system, which is described in RFC7115 (and a host of additional drafts and RFCs). The RPKI systems is focused on solving a single solution: validating that the originating AS is authorized to originate a particular prefix.…

Securing BGP: A Case Study (9)

2 May 2016 | Comments Off on Securing BGP: A Case Study (9)

There are a number of systems that have been proposed to validate (or secure) the path in BGP. To finish off this series on BGP as a case study, I only want to look at three of them. At some point in the future, I will probably write a couple of posts on what actually…

Securing BGP: A Case Study (8)

25 April 2016 |

Throughout the last several months, I’ve been building a set of posts examining securing BGP as a sort of case study around protocol and/or system design. The point of this series of posts isn’t to find a way to secure BGP specifically, but rather to look at the kinds of problems we need to think…

Should We Stop Encryption? Can We?

22 March 2016 | Comments Off on Should We Stop Encryption? Can We?

It’s not like they’re asking for a back door for every device. If the world goes dark through encryption, we’ll be back to the wild west! After all, if it were your daughter who had been killed in a terrorist attack, you’d want the government to get to that information, too. While sitting on a…

Reaction: More Encryption is Bad?

15 March 2016 |

This week I was peacefully reading the March 9th issue of ACM Queue when I received a bit of a surprise. It seems someone actually buys the “blame the victim” game, arguing that governments are going to break all encryption if we don’t give them what they want. These ideas are all based on the…

Anonymity isn’t a bug

17 November 2015 | Comments Off on Anonymity isn’t a bug

Despite the bad rap it sometimes gets, anonymity – and anonymity technology – is used all the time by everyday people. Think about it: just walking in a park without being recorded or observed or “going off the grid” are common examples of people seeking to disconnect their identity from their activities. via the center…

Castle versus Cannon: It’s time to rethink security

16 November 2015 | Comments Off on Castle versus Cannon: It’s time to rethink security

In case you’re confused about the modern state of security, let me give you a short lesson. Your network is pictured to the left. When I first started working on networks in the USAF we were just starting to build well designed DMZs, sort of a gate system for the modern network. “Firewalls” (a term…

Information wants to be protected: Security as a mindset

14 September 2015 |

I was teaching a class last week and mentioned something about privacy to the students. One of them shot back, “you’re paranoid.” And again, at a meeting with some folks about missionaries, and how best to protect them when trouble comes to their door, I was again declared paranoid. In fact, I’ve been told I’m…

Understanding Rowhammer

31 July 2015 | Comments Off on Understanding Rowhammer

As I learned in my early days in electronics, every wire is an antenna. This means that a signal in any wire, given enough power, can be transmitted, and that same signal, in an adjacent wire, can be received (and potentially decoded) through electromagnetic induction (Rule 3 may apply). This is a major problem in…