Yesterday, I wrote a blog post about the first day of the Usenix Enigma conference. Here is my take on the second day.
Dhia Mahjoub from OpenDNS kicked off the day with his insights into the detection of bulletproof and anonymous hosting providers. As expected, Dhia did not speak about the traditional bullet proof hoster you could not reach and who was exempt from law enforcement. The modern bullet proof hosting provider is a business partner of a dynamic criminal. If he receives a takedown notice, he typically gives the criminal time to move his content to a new location instead. The location is picked based on the hoster’s advice with regards to local laws and the content in question. Dhiab Majoub and his partner Sarah Brown have developed interesting graph patterns of how network space is organized and interconnected (ASN relationships) that helps them discern between a “good”, an “abused” and a bullet proof hoster. That was great start of the day.
Prof. Uma R. Karmarkar from the Harvard Business School made it clear from the beginning that she does not know much about cyber security. But she knows a bit about economics and the decisions humans make. A key problem is that the online world is an unnatural environment for users. The questions we ask often do not relate to the offline world at all: No bakery is asking their customers if they would like to deposit their credit card for future use! Questions as these lead to a feeling of uneasiness that stems from our general adversity to ambiguity (I am condensing a lot of information from the talk into very little text here). But people like to feel certain, so they set priorities and they make decision that have bearing financial consequences. Even more so as we tend to repeat decisions. So once somebody has clicked on a button or link, he or she is likely to click again the next time around. This makes it very hard to design secure user environments or surfaces. I have a hard time to condense this very interesting talk into a brief paragraph, but Uma Karmarkar’s insight was an eye opener in many aspects.
Next came Anthony Vance from Brigham Young University. Tony started with remarks about our general inability to multi-task effectively. And how we all think we are quite good at it. Dual task interference, as he called it, diminishes our ability to make sense of important questions and as Uma Karmarkar had explained, once we made the wrong choice, we are likely to repeat the wrong decision. So the timing of security questions is paramount. Display it the moment the user wants to see a funny video and he clicks it away and will continue to do so in the future. It might be better to display it during a page load, when the necessary attention is available. There is also a general warning fatigue and Tony’s experiments showed that little changes in the widget’s layout or even the background color could change the reaction of the user dramatically. This interferes with the ideal of strict design guidelines of course. A most interesting topic for sure.
Tamara Bonaci from the University of Washington works on brain computer interfaces and explained how the same rigs can be used to learn private and sensitive information about a user by presenting a user with subliminal stimuli, which they may not even be aware of. She also said this kind of privacy attack has not been recognized in the wild, and that she does not expect this to actually happen anytime soon. But then a question from the audience linked VR headsets with these devices and I got a very uneasy feeling. Subconscious level
Meanwhile my belly was telling me on a very conscious level that he was expecting to be fed. Like immediately. So we all headed to the buffet with its superb selection of foods.
The afternoon started with Tom Lowental. Hats off to Tom for his single page powerpoint. I am an avid friend of such a presentation style. I also liked the calm way how he explained the Committee to Protect Journalists work to support journalists worldwide in their mission. He stated that journalists are a regular example techies use to justify their security choices, but when they design their solutions, they quickly forget about the use cases of said journalists. The tools need to be accessible and even if Signal is a brillant product, their needs to be alternatives that are more accessible and deliver 90% of the security.
Zeynep Tufekci from the New York Times delivered an energetic speech on use cases for secure software for activists and the general inadequateness of the existing solutions – and the quasi inexistence of documentation that really explains how to use the tools in a secure way. Her talk was more to the point than the previous one and she made it quite clear that the activist have already decided to publish something. Hiding it from the public is not what they want. On the contrary: A pressing need in the times of fake news are tools that help the activists establish the authenticity of their photos and reports. Whenever they post something fake accounts spring into action and refute their claims and drown the information in uncertainty and doubt. Activists will also use the same tools everybody uses. So when the Guardian published his false articles about the security of What’s App, the activists would drop back to use cleartext SMS messages which was even worse of course.
Eli Sugarman presented the Hewlett Foundation as an independent and neutral actor investing in long term policy work. Their cyber initiative invests about $70 million per year and has 51 active grants. While being focused mainly of the States, they actually work worldwide. Eli quoted a variety of reports that have been written with their support as an example of their work and the positive role that philantropy can play in cyber security.
Daniela Oliveira from the University of Florida researches security for vulnerable populations. Namely the susceptibility of older adults to spear-fishing emails. The heuristic approach of our species to decision making guarantees fast and possibly also consistent decisions. But adversaries use this mechanism which leads to a lot of unsecure behaviour. She has proven that older women are even more susceptible than older men and she delivered a wide selection of data based on countless experiments detailing the behaviour. Humans can not be in deception mode all the time. They hang out on the web that they perceive as a friendly environment. They will generally ignore information that says otherwise and we need to secure the web despite this difficult behaviour patterns for we can not fix humans. This was a very fascinating talk. Daniela Oliveira has an impressive presence on the stage and the hard data she obtained from her work let her deliver one of the best speeches of the day.
Ben Adida from the Helios project has a strong passion for electronic voting. Needless to say that the audience was very receptive of his talk given the new political climate in the US. He explained that the paper ballot and the message favoring the paper ballot as a means to secure an election was a failure. Instead, he proposed end to end verifiability of the votes with mathematical means and continued to demonstrate how it is fairly easy to refute claims of vote fraud with testing only very small samples within the large number of votes. I work on one of two Swiss E-Voting projects, so I really enjoyed this insight into the problems with American elections. Europeans (let alone the Swiss) have a habit of looking at the American voting process in a condescending way (Gerrymandering?? WTF are you doing!). So Ben put things in perspective and I really enjoyed his passion for the idea that one person should get one vote that this is indeed the foundation of our democracies. Refute this principle and it all breaks down. I shivered when he said that.
Finally, Susan Hennessey had to cancel her talk for pressing family reasons. Nathaniel Gleicher took her place and delivered a vivid speech on the methods used by the US secret service to physically protect their key asset (the president) in their service environment (public places where the president speaks). The key message was to reduce the attack paths or attack surface if you will to get to the key asset. They would then man the remaining access gateways with their secret service agents; a rare ressource that can only be used at strategic positions as they are so expensive to train. The idea behind this all was to obtain total control over the possibly hostile environment, achieve superb detection abilities and a strikingly fast response. This all sounds fairly obvious of course, but you have to see it in the light of the prevalent habit of configuring firewalls with default permit … I liked the talk for its crystal clear message and the impressive stage presence of Nathaniel.
So this was the second day of the conference. I enjoyed myself a lot. The talks were less technical than on the first day of the conference, but the range of topics – or let me say presenters – was even wider. This diversity helps to understand the very, very diverse audience and seems to be a key parameter that let the organisers draw women to the security conference in an unprecedenced manner. The rumor has it, that there is a queue in front of the ladies restroom at times and it seems that even the women in the said queue welcome this development.