Hacker News new | past | comments | ask | show | jobs | submit login

All networks are hostile, not just the internet or "external" network.

Google's BeyondCorp [1] initiative recognizes this and treats the internal network as untrusted.

Instead of trusting a privileged network or VPN, securely identify devices and users assuming untrusted networks.

[1] http://static.googleusercontent.com/media/research.google.co... [PDF]




I keep coming back to the idea that one should assume the computer is untrusted. Which leads to two unpopular suggestions, keyboards that encrypt typed characters to prevent spoofing by entities without physical access. Displays with a separate side channel overlay system to bypass the core CPU for certain security operations like entering pins.


I've often thought about this, but came to the opposite conclusion: a laptop is the smallest thing you can trust. The keyboard sends data to the CPU. The CPU sends data to the screen. The CPU does encryption and talks to the network.

I feel like there's no point in trying to chop it down any smaller than that. All you're doing is shifting trust from "system A" to "system B", without really changing anything.


The keyboard has a CPU that can do encryption and signing, in addition to decoding for key presses. Ditto for touch screens.

The reason for putting the encryption in system B AKA the keypad and display controllers is, if you want end to end encryption, the keypad decoder and the display controller are the closest to the end points you can get. And they are single purpose devices that don't run arbitrary code nor accept arbitrary input.

Compare that with laptop CPU's and complex operating systems with their huge attack surfaces. Running software written by completely untrustworthy corporations and individuals.


> And they are single purpose devices that don't run arbitrary code nor accept arbitrary input.

But be careful designing firmware upgrades though. Also I really don't see what kind of attack it prevents when you have a trusted keyboard and display but otherwise compromised OS.


Absolutely. I take the view that if one needs very high security, you steer well clear of anything electronic and go back to the old ways. The idea of secure electronic communications is well and truly dead. If one's life depends on it, why even begin to trust IT? Over the last few years just about every aspect of IT has been exposed as a risk. I'm sorry, but its game over. Personally, I'd use the hell out of IT creating a nice normal profile for the spies, then go completely off piste for anything I absolutely needed to be secure.

What I'd like to know is why people though it was ever fully secure in the first place. It really never was.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: