How To Avoid Future Krack-Like Failures: Create Well-Maintained 'Fat' Protocols Using Initial Coin Offerings

from the blockchain-cryptocurrency-fashionable-moi? dept

It came as something of a shock to learn recently that several hugely-popular security protocols for Wi-Fi, including WPA (Wireless Protected Access) and WPA2, were vulnerable to a key re-installation attack (pdf). A useful introduction from the EFF puts things in context, while more technical details can be found on the krackattacks.com site, and in a great post by Matthew Green. As well as the obvious security implications, there's another angle to the Krack incident that Techdirt readers may find of note. It turns out that one important reason why what is a fairly simple flaw was not spotted earlier is that the main documentation was not easily accessible. As Wired explains:

The WPA2 protocol was developed by the Wi-Fi Alliance and the Institute of Electrical and Electronics Engineers (IEEE), which acts as a standards body for numerous technical industries, including wireless security. But unlike, say, Transport Layer Security [TLS], the popular cryptographic protocol used in web encryption, WPA2 doesn't make its specifications widely available. IEEE wireless security standards carry a retail cost of hundreds of dollars to access, and costs to review multiple interoperable standards can quickly add up to thousands of dollars.

The obvious way to avoid this issue is to ensure that key protocols are all freely available so that they can be scrutinized by the greatest number of people. But the Wired article points out that there's a different problem in that situation:

Even open standards like TLS experience major, damaging bugs at times. Open standards have broad community oversight, but don't have the funding for deep, robust maintenance and vetting

It's another well-known concern: just because protocols and software are open doesn't necessarily mean that people will find even obvious bugs. That's because they may not have the time to look for them, which in turn comes down to incentives and rewards. Peer esteem only goes to far, and even hackers have to eat. If they receive no direct reward for spending hours searching through code for bugs, they may not bother.

So if we want to avoid major failures like the Krack vulnerability, we need to do two things. First, key protocols and software should be open and freely available. That's the easy part, since openness is now a well-accepted approach in the digital world. Secondly, we need to find a way to reward people for looking at all this stuff. As Krack shows, current incentives aren't working. But there's a new approach that some are touting as the way forward. It involves the fashionable idea of Initial Coin Offerings (ICO) of cryptocurrency tokens. A detailed article on qz.com explains how ICOs can be used to fund new software projects by encouraging people to buy tokens speculatively:

The user would pay for a token upfront, providing funds for coders to develop the promised technology. If the technology works as advertised and gains popularity, it should attract more users, thus increasing demand for the token offered at the start. As the token value increases, those early users who bought tokens will benefit from appreciating token prices.

It's that hope of future investment gains that would encourage people to buy ICO tokens from a risky venture. But it's not just the early users who benefit from a technology that takes off. A key idea of this kind of ICO is that the coders behind the technology would own a sizable proportion of the total token offering; as the technology becomes popular, and tokens gain in value, so does their holding.

This novel approach could be applied to protocol development. The hope is that by creating "fat" protocols that can capture more of the value of the ecosystem that is built on top of them, there would be funds available to pay people to look for bugs in the system, which would be totally open. It's an intriguing idea -- one that may be worth trying given the problems with today's approaches.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 23 Oct 2017 @ 4:37pm

    Even those who work with maintaining code for years aren't always aware of its flaws, so it isn't just a matter of not having enough incentives that lets exploits go unpatched.

    Sometimes shit happens, but having projects be open source, freely able to be contributed to by anyone in the world, *and* have no paywalls to view the spec itself, will go a long way in creating more secure wireless standards.

    If it's a cat-and-mouse game, everyone needs to be free to make a better cattrap when bigger organizations can't or won't.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Oct 2017 @ 5:41pm

      Re:

      Even those who work with maintaining code for years aren't always aware of its flaws, so it isn't just a matter of not having enough incentives that lets exploits go unpatched

      We could also use digital currency to fund code reviews and bug bounties. Right now people can get hundreds of thousands of dollars for a bug, if they agree to keep it secret. It's generally believed criminals and governments are the ones paying; Google, Apple, and Microsoft can compete by offering large amounts, but most open-source projects can't.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Oct 2017 @ 4:48pm

    Unrelated news: FBI director admits there "needs to be a balance" between mathematics and wishful thinking. (Mathematics can be tolerated, so long as it is overruled by wishful thinking when government employees would otherwise be inconvenienced.)

    Also, heirs of King Canute continue to claim that the law of gravity infringes on the national sovereignty of littoral provinces. And the Department of Mental Health announces progress on a discovering a cure for irrational numbers.

    reply to this | link to this | view in chronology ]

  • identicon
    Sok Puppette, 23 Oct 2017 @ 5:44pm

    Oh, yeah, yeah right, great idea...

    ... worked great for Ethereum with the DAO.

    All that code review from people putting real money into the thing kept anybody from draining $100M out of it for like a whole week! Almost like every "investor" expected to free ride on the review of others...

    And it's really, really hard to pull the artificial grafted-on toll out of a protocol, thus removing the "fat" aspect...

    Just more idiocy from ICO morons. The market does not fix everything.

    reply to this | link to this | view in chronology ]

  • identicon
    Dave, 23 Oct 2017 @ 5:57pm

    *

    "Even hackers have to eat"
    I thought they already had lots of bytes....

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Oct 2017 @ 5:58pm

    If the technology works as advertised and gains popularity, it should attract more users, thus increasing demand for the token offered at the start.

    Since neither this article, nor the article it references includes any real information on this, can somebody explain what tokens actually are?

    Because the vague descriptions provided don't exactly sound like there's any reason for them to actually rise in value. Or to have value at all.

    Or the other interpretation, they might be just like stocks and therefore we've just replaced a company owning and controlling a "platform" with a company owning and controlling a "protocol." Little real improvement there.

    reply to this | link to this | view in chronology ]

  • icon
    Ehud Gavron (profile), 23 Oct 2017 @ 7:06pm

    The thing you know... and the thing on which you opine...

    ...should be similar.

    Scott Greenfield rails against "law prawfs" who offer legal advice but haven't a clue how the real world works.

    Techdirt rails against LEOs chattering about "golden back door key cuffs magic" but really don't have a clue how encryption works.

    This article is in the same boat suggesting ICOs, something financial advisers from Jordan Belfort ("Wolf of Wall Street") to Prince Alwaleed telling people to STAY THE HELL AWAY FROM ICOs and that they're going to be the next Enron. Posters above me have already excoriated you for missing the entire point that buying IC is not "investing" and it's not "payment" and it's only a "gamble" with little upside and lots of downside.

    We don't want to create a system where we pay real life coders, developers, bug-hunters, or experts based on a gamble in which they don't have any control of the dice, the roll, the size of the bet, or the payoff odds.

    Sorry, Glyn, you're usually on-point, but this one missed the point by somewhere just north of 179.9°.

    Ehud Gavron
    Tucson AZ US
    Don't follow me.

    reply to this | link to this | view in chronology ]

  • identicon
    Lawrence D’Oliveiro, 23 Oct 2017 @ 7:06pm

    It Is Really That Big A Deal?

    The security of the Internet is founded on end-to-end encryption. That means we don’t really care whether the intermediate links might be insecure; your wi-fi might be insecure, there might be somebody eavesdropping at your ISP’s routers, some Government might be getting wholesale data feeds off the data centre of the company you’re talking to, etc. None of this matters if you use a secure end-to-end protocol like SSH or SSL/TLS.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2017 @ 8:37am

      Re: It Is Really That Big A Deal?

      "None of this matters if you use a secure end-to-end protocol like SSH or SSL/TLS."

      It does when the enc is broken

      reply to this | link to this | view in chronology ]

      • identicon
        Lawrence D’Oliveiro, 24 Oct 2017 @ 2:48pm

        Re: It does when the enc is broken

        If your end-to-end encryption is broken, then having a secure wi-fi connection isn’t going to help much. Think of all the other links I mentioned on the way to the server you’re trying to access.

        reply to this | link to this | view in chronology ]

    • identicon
      Thad, 24 Oct 2017 @ 10:20am

      Re: It Is Really That Big A Deal?

      Yeah, it's a good thing that there aren't any examples of massive vulnerabilities in common SSL implementations going unnoticed for years.

      reply to this | link to this | view in chronology ]

      • identicon
        Lawrence D’Oliveiro, 24 Oct 2017 @ 2:49pm

        Re: Yeah, it's a good thing that there aren't any examples of massive vulnerabilities in common SSL implementations going unnoticed for years.

        So how does securing just the wi-fi part of the connection to the endpoint help with that, exactly?

        reply to this | link to this | view in chronology ]

        • identicon
          Thad, 24 Oct 2017 @ 4:33pm

          Re: Re: Yeah, it's a good thing that I don't know, but I've been told, you never slow down, you never grow old.

          You're fixating on a single detail instead of on the main point.

          The point of the article isn't that patching wifi vulnerabilities is our top priority. It's that vulnerabilities get overlooked, often for long periods of time, and we need to look at ways of fixing that problem.

          If you're skeptical of Glyn's proposed solution, then that's a reasonable response that's relevant to the point of the article. Arguing wifi versus SSL is an irrelevant distraction, because if Glyn had been talking about Heartbleed instead of Krack, it would have made no difference whatsoever to the main point of the article.

          reply to this | link to this | view in chronology ]

          • identicon
            Lawrence D’Oliveiro, 24 Oct 2017 @ 4:42pm

            Re: You're fixating on a single detail instead of on the main point.

            Any security system is only as strong as its weakest point.

            This whole article is fixating on a “single detail”. Moody never wrote this article when Heartbleed came up, he’s only writing it now because of Krack.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 25 Oct 2017 @ 2:06am

              Re: Re: You're fixating on a single detail instead of on the main point.

              He is writing the article now because this is an idea that has come up since heartbleed.

              reply to this | link to this | view in chronology ]

  • identicon
    Joel Coehoorn, 23 Oct 2017 @ 7:15pm

    Nope

    The reason we can have large, widely-distributed systems is because low-level protocols can be reproduced cheaply. Allowing more value to collect down there constricts growth everywhere else.

    What we do need is a better patching mechanism, so fixes can be widely distributed more quickly and efficiently, and a better abuse detection system, so that an unethical hacker can't easily fly under the radar abusing a flaw they discover.

    But ICOs are trendy, so, hey, there's that.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Oct 2017 @ 10:13pm

      Re: Nope

      Linux distributions (distros) have a pretty good system. No one but the trusted package maintainers update things, and keep their GPG keys up-to-date. Nothing unsigned is trusted for adding to the package repositories, which are mirrored and hash-checked from the source and stored on dozens of mirrored servers (mirrors).

      If maintainers leave or are found to be untrustworthy (or at worst, had their GPG key/computer compromised), the affected keys will be revoked and in case of a compromise, all packages last updated by this maintainer are peer reviewed before being re-allowed into the package repositories.

      It isn't glamorous, but it works fairly well along with mailing lists notifying users when essential security updates are available and the relevant CVE(s) that were fixed/backported (Common Vulnerabilities and Exposures).

      No idea how it's done in a corporate environment, but if they aren't doing at least this much towards software update security, I would be disappointed, but not surprised.

      reply to this | link to this | view in chronology ]

  • icon
    TKnarr (profile), 23 Oct 2017 @ 8:32pm

    So, as I read it, you have to buy a token to use the protocol. And as the protocol gets more popular, the price of tokens is supposed to increase which should logically encourage people not to adopt the protocol but to use alternatives. Whoever proposed this scheme doesn't understand network protocols at all. Bitcoin, for instance, isn't a protocol. It's an application which uses a protocol to communicate between nodes and to store data, but the monetary value is in the stored data, not in the storage or communications protocols. I say dump this proposal on the scrap-heap along with all the other technical proposals created by technically-illiterate managerial types.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Oct 2017 @ 9:07pm

    Unfortunately ICOs are illegal in the US.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2017 @ 12:55am

    While I certainly agree that network protocols need to make their specs trivially accessible (A.K.A. "open standards"), and that there needs to be a funding mechanism to get them reviewed for security flaws, you loose me at using a ICO for said funding.

    Network protocols are already complex without the need to incorporate a cryptocurrency into every security-sensitive protocol, and this new (and needless) complexity is likely to only introduce security flaws. Also while ICOs may be a great funding strategy when a cryptocurrency is a natural part of your protocol, not every protocol needs or wants a cryptocurrency. And the last protocol to need a cryptocurrency is WiFi authentication, as higher level protocols are needed/used to rely transactions.

    But yeah! ICOs are cool! So let's use those to fund security reviews of WiFi authentication! Despite the fact the added protocol complexity would likely only make the security problem worse.

    P.S. The reason for the complexity of network protocols is because of the various requirements for rudimentary computer-to-computer communication that need to be addressed ontop of the physical connections between computers. That, and the additional backwards compatibility needed to deal with each operating system, ISP, etc all patching their networking stacks at slightly different times.

    reply to this | link to this | view in chronology ]

  • identicon
    SirWired, 24 Oct 2017 @ 4:37am

    How is this not DRM for protocols? Also, how does that improve security?

    It sounds like what is being suggested is that you must pay to use the protocol, and it won't work if you don't pay. How is that not DRM?

    Also, how is paying protocol developers in this way supposed to improve security? Where's the incentive to not simply sell your coins when they become valuable? Where's the incentive to not simply sell your coins when you've been informed of a show-stopping bug?

    It used to be "but... Internet!" was presented as a solution to all sorts of random ills. Now it's "but... cryptocurrency!"

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.