How cognitive blind-spots compromise security systems

Tanya Khovanova has a fascinating and illuminating story about the blind-spots that can leave security systems vulnerable. She describes a clever one-way function using real-world tools:

Silvio Micali taught me cryptography. To explain one-way functions, he gave the following example of encryption. Alice and Bob procure the same edition of the white pages book for a particular town, say Cambridge. For each letter Alice wants to encrypt, she finds a person in the book whose last name starts with this letter and uses his/her phone number as the encryption of that letter.

To decrypt the message Bob has to read through the whole book to find all the numbers. The decryption will take a lot more time than the encryption. If the book increases in size the time it takes Alice to do the encryption almost doesn’t increase, but the decryption process becomes more and more draining.

This example is very good for teaching one-way functions to non-mathematicians. Unfortunately, the technology changes and the example that Micali taught me fifteen years ago isn’t so cute anymore. Indeed you can do a reverse look-up online of every phone number in the white pages.

Then she explains how a student pointed out her own blind-spot that made the system trivial to defeat:

I still use this example, with an assumption that there is no reverse look-up. I recently taught it to my AMSA students. And one of my 8th graders said, “If I were Bob, I would just call all the phone numbers and ask their last names.”

In the fifteen years since I’ve been using this example, this idea never occurred to me. I am very shy so it would never enter my mind to call a stranger and ask for their last name. My student made me realize that my own personality affected my mathematical inventiveness.

As Bruce Schneier points out, the young student is demonstrating "security mindset," imagining an attack on a security system that works on the weakest flank.

One-Way Functions (via Schneier)



    1.  There just aren’t that many messages you can encode with “Mike Hunt” as the only code point. 

      The old-school security thinking was to avoid giving one’s name to random strangers who call on the phone. 

    2. I wouldn’t ask for their last name. I’d say something like: “I’m on a treasure hunt to collect letters of the alphabet. Would you tell me the first letter of your last name please?” Lame, I know, but I don’t think I’d get a lot of turn downs, and I wouldn’t need all the letters to begin deciphering.

    3. Some people might answer the phone with their name. Or just ask “is this Mr. X?” and hope to be corrected. If you have some fantasy and are good at talking, you’ll probably get the Name. 

    1. Good old rubber-hose cryptanalysis… You don’t even need rudimentary knowledge in mathematics, but a decent knowledge in anatomy helps.

  1. The household could have individuals with different last names.
    The household could have changed owners/renters since the book was published.
    The individual on the phone could lie.

    And of course depending on the format of the encrypted data, the corruption introduced by the above scenarios may or may not have an effect on the usability of the unencrypted data (plaintext “bamb the Amoricone Enbrssy” is still somewhat useful data vs. an array of hex with incorrect entries).

    But secretly I’m just jealous knowing that I wouldn’t have seen that solution either…

        1. I hate when I get a random call, try and look it up, but get cellphone listings even though it’s a land based biz phone. I think what happens is that the number gets indexed as a cell, gets changed, but the websites don’t get updated.

Comments are closed.