iOS 7.0 Upgrades and Security

Well, here we are.  Another version of Apple’s iOS that is supposed to wow us with all sorts of new functionality.  That’s all great and everything but since I use my iPhone for work our work people have an internal page that shows what will work and what won’t with the current release.  They’ve performed both a great service to me and a great disservice to you.  For me, I’ll know when I can safely upgrade and have all of my work-based apps work.  For you, since I’m delaying my upgrade, it also means delaying any fixes to security vulnerabilities that could impact people elsewhere on the network.

Did Apple make a mistake by not making iOS 7 compatible with iOS 6? If their goals are to have a very secure operating system, then it’s quite possible.  But typically a company’s goal is profitability, and here an expanded platform with broader capabilities might suit the tastes of both users and developers in the long run.  And so once again, security may have taken a back seat.

It is possible that Apple could mitigate this situation directly by telling developers that the phone won’t run apps on the old platform after a certain date.  This might actually align both sets of interests: the public’s security interest and Apple’s interest in not having to support older interfaces.

This works until the value to the consumer  of laggards well exceeds that of the combination of those who have updated their software and the value of the upgrade itself to the consumer.  Once that line is crossed, people will stop upgrading their operating system, returning us to the state we are in, today.  Let’s all hope Angry Birds is up to date.

Interesting Geoff Huston Posting on CircleID

Geoff Huston has established himself as perhaps the foremost authority on IP address markets.  A senior researcher at APNIC, Geoff has tracked this issue for over a decade.  He has recently posted a new blog entry at CircleID, to which I’ve commented.  Here’s what I wrote there:

The fundamental basis for the article above is a lack of transparency within IP address markets.  This is something that Bill Lehr, Tom Vest, and I worried about in our contribution to TPRC in 2008.

Amongst other things, transparency or its lack has the following effects:

  • Assuming it is a goal, efficiency in markets demands transparency.  When markets lack transparency, neither the buyer nor the seller know if they have gotten a good deal, because it could be that there existed either a buyer who would have paid for more, or a seller who would have sold for less, who was simply not identified.  Is $10 per address a good price?  There is at lest a tidbit of information from some of the brokers that indicates wide variance in the cost of IP address blocks.  Whether that information is accurate, who cannot say?  It is not required to be so.
  • Network administrators and owners should be making informed decisions about how and when to move to IPv6.  Absent pricing information regarding v4, there is uncertainty that is difficult to price.  In this sense, hiding pricing information may actually encourage IPv6 deployment.  Keep in mind that large institutions require years if not decades to make this sort of transition.  Were I them, given the increased number of devices (if you can believe the numbers above, and I suggest that we take them with a grain of salt), I would start now to get out of this rigamarole.  Heck, even with transparency, that only tells you today’s price, and not tomorrow’s.  Certainly it is well worth researching methods to price this risk.
  • It is important to know if there is an actor who is attempting to corner the market.  Proper registration of purchases and sales provides an overview of whether dominant players are acquiring addresses beyond the needs of their customer base.  Such acquisitions would have the impact of increasing costs for new entrants.
  • Finally, the Internet Technical Community (whoever we are) need to know if new entrants are in fact unable to access the Internet because IPv4 addresses are too high, if we want to see the safe and secure growth of the Internet everywhere.

The funny aspect of all of this is that governments may already be able to track some pricing information retrospectively through, of all things, compulsory capital asset sale reports, such as the U.S. Form 1040 Schedule D.  However, in general this information is confidential and not very fresh, and hence not sufficient to advance policy discussions.

Snowden disclosures reveal NSA abuse

I had no knowledge of the NSA’s programs, but I’m not surprised by most of it.  James Bamford articulated in The Puzzle Palace in 1980 what the NSA was capable of, and it has always been clear to me that they would establish whatever intelligence capabilities they could in order to carry out their mission.  There are several areas that raise substantial concerns:

1.  NSA’s own documents indicate that they intended to interfere with and degrade crypto standards.  That on its own has caused the agency substantial harm to its reputation that will take decades to recover from.  But they haven’t just sullied their own reputation but that of the National Institutes of Standards and Technology (NIST) who are a true braintrust.  Furthermore, they’ve caused the discounting in the discourse of anyone who is technology knowledgeable who have either recently held or currently hold government posts.  I will come back to this issue below.

2.  It is clear that the FISA mechanism just broke down, and that its oversight entirely failed.  Neither Congress nor the Supreme Court took its role seriously.  They all gave so much deference to the executive because of that bugaboo word “terrorism” that they failed to safeguard our way of life.  That to me is unforgivable and I blame both parties for it.  In fact I wrote about this risk on September 12, 2001.  I wrote then:

I am equally concerned about Congress or the President taking liberties with our liberties beyond what is called for. Already, millions of people are stranded away from their loved ones, and commerce has come to a halt. Let’s not do what the terrorists could not, by shrinking in fear in the face of aggression, nor should we surrender our freedom.

Sadly, here we are.

3. There are reports about law enforcement taking intelligence information and scrubbing the origin.  Where I come from we call that tampering with evidence in an egregious attempt to get around those pesky 4th and 5th amendments.

4. The NSA’s activities have caused great harm to U.S. services industry because other nations and their citizens have no notion as to when their information will be shared.  This is keenly true for companies such as Google and Microsoft who, it is reported, were ordered to reveal information.  The great Tip O’Neill said that all politics is local.  That may be true, but in a global market place, all sales are local.

It would be wrong to simply lay blame on the NSA.  They were following their mission.  Their oversight simply failed.  Congress needs oversight.  That is our responsibility.

Scaling the Internet and Re-considering Routing: LISP

A new experimental approach to routing on the Internet is maturing.  It’s called Locator-Identifier Separation Protocol (LISP), and I am proud to have worked on it with people like Dino Farinacci, Vince Fuller, Dave Meyer, Scott Brim, Darrel Lewis, Wolfgang Riedel, and Greg Schudell.

BGP Routes
Number of BGP Routes, Courtesy cidr-report.org

In 1993 and 1994, Paul Traina, Tony Li, and Yakov Rehkter led a rag tag effort to quickly get all the service providers to BGP 4 so that CIDR-based aggregation could save Cisco routers from hitting the dreadful 20,000 route limit.  This involved a substantial operational change over a very short period of time, where people like Sean Doran at Sprint and Vince Fuller at BARRNET (who I think still used Proteons back then) as well as others went from router to router, quickly bringing up the new version of very fresh code.  Talk about stress!!

File:World population (UN).svg
Courtesy: Conscious/Wikimedia

Today, that number of routes looks like a blip, and in fact you can barely see the drop in the graph.  In 1994, there were already 21 million users, representing a scaling factor of just over 1000.  With over 2.4 billion people using the network today and 440,000 routes in the system, that represents a scaling factor of just under 5,500.  Put another way, for one  route, on average 5,500 people use the Internet.  It’s a lot more complex than that because generally speaking only sites that have more than one Internet connection show up in the routing table.  Still, based on that scaling factor, to get to today’s entire world population of 7 billion would require an additional 835,000 routes or so, and all the associated processing, which still makes some of us nervous.  In the so-called Internet of Things (what connected before that term?), that number becomes a bit more unhinged in as much as it is not directly tied to the population.  Tony Li has continually cautioned us on the risks of feeling good about Moore’s Law, and how it generally doesn’t apply to specialized routing devices..

LISP’s work, as well as that of ILNP, considered these issues. LISP functions as an overlay, not requiring the core of the Internet to have edge routes, effectively pruning any given routing tree by one level.

LISP-NERD focused on two particular aspects:

  • Is it possible to make a separation between operational state and provisioned state within the routing system, on the basis that (a) the core of the network is extremely stable and (b) edge instability could be managed through the Locator Status bits in LISP to reduce the amount of managed operational state?
  • Is LISP’s mapping function properly separated from the core?  Having multiple mapping system makes it possible to test the abstraction.  Other mapping systems would have served this purpose equally well.

I still encourage the development of LISP and alternatives like ILNP under the assumption that even though 835,000 sounds like a small number, there are many restrictions built into that number, specifically that will either undo themselves, or prevent us from selling more gear (and I’m specifically thinking about multihoming in the home).

Smart Watches and wristbands: who is watching the watches?

Over the last few weeks a number of stories have appeared about new “wearable” technology that has the means to track you and your children.  NBC News has a comparison of several “Smart Watches” that are either on the market or could soon be.  Think Dick Tracy.  Some have phones built in, while others can send and receive email.  These things don’t replace smartphones or other PDAs in general because their screen size is so small.  They’re likely not to have much of an Internet browser for that reason, and they may only support a few simultaneous applications on board.

Still, smart watches may find their own nitch.  For instance, a smart watch can carry an RFID that that could be used to control access to garage doors, or perhaps even your front door.  A smart watch might be ideal for certain types medical monitoring, because of its size.  In all likelihood these devices would have limited storage, and would take advantage of various cloud services.  It’s this point that concerns me.

Any time data about you is stored somewhere, you have to know what others are using it for, and what damage can be done if that data falls into the wrong hands.  And so, now let’s consider some of the examples we discussed above in that light:

  1. Voice communications: as one large vendor recently discovered, anything that can be used as a phone can be used as a bug, to listen into conversations.  Having access to a large aggregations of smart watches through the cloud would provide an entire market for attackers, especially if the information is linked to specific individuals.
  2. Medical monitoring: similarly, if you are using a smart watch or any other device for medical monitoring, consider who else might want to act on that information.  Insurance companies and employers immediately leap to mind, but then perhaps so do pharmaceutical companies who might want to market their wares directly to you.
  3. RFID and location-based services.  There have already been instances of people being tracked electronically and murdered.  Children wearing this or a similar device could be kidnapped if the cloud-based services associated with the device is broken into.

This is what concerns me about Disney’s MagicBand.  Disney makes a strong case that having such a band can actually improve service.  But should their information systems be broken into by a hacker, how much might a deranged estranged parent pay that criminal to find out where the child is?

It is the linkage of various attributes that must be considered.  Add location to a name and all of a sudden, a hacked cloud-based service can really do someone damage.  We give away a lot of this information already with many smartphone applications and other devices we carry.  Before we give away more, perhaps we should stop and think about our privacy in broader terms and what is necessary to protect it.  In Europe, the Data Privacy Directive covers a lot of this ground.  But America and other countries are far behind that level of protection.  Further, every new service on a smart device is going to want to monetize every last bit of data they can get.