Digital Transactions Authoritative, insightful and timely information for payments professionals
Gideon Samid • Gideon@BitMint.com
Our clients are often angry. Why do we have so many security problems? they demand. Why so many “holes”? Can’t you do better than patching and band-aiding and sweet-talking?
Our answer can be boiled down to one word: complexity. Complexity forces us to build systems with mutual blindness between interacting operational boxes. Erosive complexity is the only protection we offer for data in transit, and guess what? It erodes! Complex systems grow and become increasingly complex, and when they do, they lose stability, and one day they go poof!
At one point, complexity became an interdisciplinary object of research—very productive research, one must add. The abstract notion of a multitude of cross-involved factors that requires a lot of effort to understand appears to describe topics in modern physics, chemistry, and biology, as well as in economics and finance. Security has just come late to this party.
In the 1960s, IBM promoted a notion called HIPO: Hierarchical Input-Process-Output. They used it to wrestle with the challenge of building complicated systems. They were built as a configuration of “black boxes” that had input trays, and an output tray, and a general description of the relationship between them. Neighboring boxes were mutually ignorant about what happens in the other boxes. It’s like clicking on the letter “g” on your keyboard and watching the “g” appear on the screen while being ignorant as to how the click ends up as the screen symbol.
You trust your keyboard because it works fine every time you tap it. But since you don’t know how your input ends up as output, you are also blind to potential malware built right into your system. Someone could have built your system such that when your press “&-U-P-4-@” simultaneously, all your files get wiped out. You might have banged on this keyboard for years, and still the chances that you would flush out this malware are negligible. Yet anyone who knows about it can do you great harm.
In his bestseller, The World is Flat, Thomas Friedman describes how his ordinary laptop is composed of mutually ignorant components from around the world. Each of these components could house malware that lies dormant until it is invoked. That’s fundamental. We have to acknowledge it. We have a few means to meet this challenge, but they are not cheap. So clients would rather deny the systemic problem and opt for the ongoing breach-and-patch sequence.
We can build fences around data in storage, but when we release data over the information highway, we need to build protection right into them. So we inject complexity to ensure that only those with a proper key can interpret the data. Our mainstay cipher systems are all based on erosive complexity. This means we have no proof that the complexity we use is good enough: We know that it erodes, but not how fast it erodes. Faster computers force us to increase the complexity (e.g., from DES to AES), but complexity also erodes via deeper mathematical insight. If I were to pose a riddle to Albert Einstein, could I estimate how fast he would work through it? Why, then, could we be sure how long will it take for our adversaries to cryptanalyze our communications? Here, too, there are viable solutions that are not moving forward because of stubborn denial of the problem.
Complexity is of such great interest because that is how we came about, climbing up through Darwinian complexity. Alas, complexity is not advancing on pre-laid tracks. It undergoes a process of trial-and-error. The errors are often big blowouts, which increase in likelihood with size. And as we integrate our payments systems, hook into the cloud, and link with social media, GPS, and search engines, we practically guarantee a “big one.” There are well-thought-out means to alleviate the blow, means of fast disengagement involving down-to-size steps, but they are expensive, and they don’t look all that necessary until the “big one” hits.
Locking complexity in sealed boxes invites contamination of the boxes; using erosive complexity to encrypt data generates doubt as to the data’s integrity, and riding on the benefits of greater and fuller integration without allowing for a major shakeup will set us up for a scorched-earth outcome. The federal government has admitted that we don’t have a good theoretical foundation to meet our cybersecurity challenges. Better understanding, and more judicious handling, of complexity would be a good start.
