cross pond high tech
159.8K views | +6 today
Follow
cross pond high tech
Technology

cross pond high tech

light views on high tech in both Europe and US
Curated by Philippe J DEWOST
Your new post is loading...
Your new post is loading...
Scooped by Philippe J DEWOST
Scoop.it!

"Security is a tax on the honests" - Time to review Bruce Schneier USI 2013 keynote

From www.youtube.com - November 15, 2016 1:59 AM

Society doesn't work without trust

Human being is the only species with trust. We trust hundreds of strangers without even thinking about it.

 

How do we enable trust?

 

How does security enable trust. How do we induce trust?

  • Trusting friends is about who they are as persons.
  • Trusting strangers is about their actions

 

Trust: confidence, consistence, compliancy. It's about cooperation.

  • We trust people, companies and systems
  • We trust systems to produce expected behaviors

 

All complex ecosystems require cooperation. In any cooperative system, there is a way to subvert the system for personal interests.

 

These are called defectors in game theory. They are parasites. They can survive if they are contained. If too many parasites the body dies and the parasites die too.

 

Society doesn't work if everybody steals. Security can be defined as a tax on the honests.

 

Social species: individual competition plus group competition.

 

Security is to keep defection level at an acceptable minimum that is not zero.

 

NSA defector Edward Snowden raises moral debates but the point is that he is a defector. How group enforce the norm. Even mafia groups.

It is about societal pressure.

 

4 types of societal pressure

 

  1. moral: we don't steal because we know stealing is wrong.
  2. reputation: also in our heads but link to other's reactions. Humans are the only species to transmit reputation.
    Experiment: coffee machine + honesty box. Putting a photograph of a pair of eyes in the box bottom decreased the cheat rate dramatically
  3. laws: formalizing reputation, and focusing only on penalties (because of the cost implied by rewarding the majority of honest people). With exceptions in the shape of tax breaks
  4. technology: security systems. Door locks, alarms, ... Some of them extending globally. ATM cards are protected globally.

 

Example: eBay feedback mechanism is a reputational security system that worked remarkably for years as the main security system.

 

How does technology affects us?

Technology is what allows society to scale. It is neutral.

Filesharing: social pressure vs technology

Attackers have a first mover advantage and are more adaptive.

 

Mid 90's Internet going commercial: hackers used it immediately while it took 10 years to the police to figure out how to address it

Such delay is the main security gap

 

Our society is at a point where technology is faster than social changes which means that the security gap widens.

Before: buy this and you'll be safe

Now: when you've been attacked, please talk to us and we'll help

 

It's the antivirus history

Smart paradigm: detect unknown viruses including false positives

Stupid paradigm: check for signatures and update once or twice a day

 

The stupid paradigm seems to have won.

 

So technology will always favor defectors? True, but large organizations can now use technology in a much more effective manner.

Our society has the most technology and the largest institutions.

 

The battle is amplifying between agile defectors and slower yet more effective institutions. Losers are those of us in the middle.

 

To him it is not even clear how there is a balance nor how it will evolve.

 

As a conclusion

 

  1. there will always be defectors
  2. ourselves are not 100% cooperative, we all defect some time in a way
  3. law of diminishing returns
  4. there are good and bad defectors and history decided afterwards. That will be the case for Edward Snowden
  5. society need defectors. This is how we evolve. Defectors are at the forefront of social change: freeing the slaves, giving women voting rights

 

Philippe J DEWOST's insight:

Digiworld Summit 2016 is on "The Digital Trust Economy" - Time to remember Bruce Schneier's remarkable words of wisdom at USI 3 years ago - I have added my on the fly notes to the video link for those who prefer reading

more...
Philippe J DEWOST's curator insight, November 15, 2016 2:01 AM

Digiworld Summit 2016 is on "The Digital Trust Economy" - Time to remember Bruce Schneier's remarkable words of wisdom at USI 3 years ago - I have added my on the fly notes to the video link for those who prefer reading
Sign up to comment
Scooped by Philippe J DEWOST
Scoop.it!

Adept is IBM’s proposal for an IoT combining BitTorrent, Blockchain, and a secure messaging protocol called Telehash

Adept is IBM’s proposal for an IoT combining BitTorrent, Blockchain, and a secure messaging protocol called Telehash | cross pond high tech | Scoop.it
From gigaom.com - April 21, 2015 7:22 AM

Paul Brody, the head of mobile and internet with IBM, is proposing a system called Adept, which will use three distinct technologies to solve what he sees as both technical and economic issues for the internet of things. The Adept platform is not an official IBM product, but was created by researchers at IBM’s Institute for Business Value (IBV). Adept will be released on Github as open-source software. The platform consists of three parts:

1/ Blockchain: As mentioned above, block chain is the distributed transaction processing engine that keeps track of Bitcoin and other crypto-currencies. The beauty of block chain is that it can be used for many purposes. Basically it’s a technology that allows data to be stored in a variety of different places while tracking the relationship between different parties to that data. So when it comes to the internet of things, Brody envisions it as a way for devices to understand what other devices do and the instructions and permissions different users have around these devices.In practice this can mean tracking relationships between devices, between a user and a device and even between two devices with the consent of a user. This means your smartphone could securely communicate with your door lock or that you could approve someone else to communicate with the door lock. Those relationships would be stored on the locks, your phones and come together as needed to ensure the right people had access to your home without having to go back to the cloud.

2/ Telehash: It’s one thing for devices to use block chain to understand contracts and capabilities, but they also need to communicate it, which is why Adept is using Telehash, a private messaging protocol that was built using JSON to share distributed information. It’s creator Jeremie Miller says at its simplest telehash is a “very simple and secure end-to-end encryption library that any application can build on, with the whole point being that an “end” can be a device, browser, or mobile app.” He added, “Perhaps, you can think of it as a combination of SSL+PGP that is designed for devices and apps to connect with each other and create a secure private mesh?” A new version of the software is expected soon.

3/ BitTorrent: And finally, to move all this data around, especially because not everything has a robust connection to each other — especially if they are using a low data rate connection like Bluetooth or Zigbee, Adept uses file sharing protocol BitTorrent to move data around keeping with the decentralized ethos of Adept.

Philippe J DEWOST's insight:

Detailing IBM's "Device Democracy" position paper, IBM's Adept system looks quite similar to / inspired from Ethereum while clearly evidencing blockchain as a generic piece of infrastructure. Comments in the post are equally worth a read.

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn