If security is a topic that interests you, you may be trapped within the “computing security mind-set”, that is you may think about security only in the context of computers. Security in general is a multi-faceted term which is not necessarily tied to computers. Having read several of Bruce Schneier’s books (among which the most recent is Beyond Fear, ISBN 978-0387026206) and after giving the issue some thoughts of my own, I came to realize that indeed, security is part of our day-to-day life and we are prone to security trade-offs.
Security decisions are usually taken in order to protect a certain objective. We lock the door in order to protect our possessions; we install antivirus software in order to protect the programs and the data in our computers and we read newspapers in order to be updated with the latest happenings. All these are security trade-offs: we lock the door, but we have the inconvenience of carrying the key around; we install antivirus software, but the system is somewhat slowed down. Finally, we read newspapers at the expense of the subscription and the physical time to read. These are trade-offs.
Trade-offs are almost never black or white. It all depends on the lengths one is willing to go in order to accomplish a specific goal and the intrinsic value of the objective being protected. For instance, my house has a regular door, with no special properties, which should protect against most burglars. Installing an expensive door with all the fancy features out there would make little sense here, unless perhaps I would need to protect a valuable collection of paintings. Similarly, I am willing to install one antivirus product, but there’s nothing you can do to convince me to install two at the same time (okay, the example is a bit not realistic here, as two antivirus programs would most likely collide in an odd way).
Here is a real-world example of what I consider to be a security trade-off. In my recent trip to Greece, I booked a room at a nice hotel (Roda Garden Village, north of Corfu Island). The room was nice and cozy and had a system for saving on electricity, described below:
The power in the room was conditioned by inserting a metallic strip attached to the key inside the EnerCard device (see image below). When the strip was inserted into the slot, the power would go on instantly. The system could not be easily fooled, as inserting objects such as sheets of paper or cardboard into the slot did not trigger the power. Nice.
To increase its efficiency, the air conditioning unit was further controlled by a magnetic sensor placed on the balcony door. So, even though I had power in the room, I had to keep the door closed in order the air conditioning unit to work.
If you are like me, trying to spot weaknesses in anything, you may have noticed already that I found a workaround that completely circumvented the power economizer. It’s more mundane than you might think. Since the EnerCard device needed the metal strip that was attached to the room key and I wanted the key (while being out of the room), I simply detached the key from its metal strip. I didn’t even force the two objects, I simply used my fingers. Voila, we have power in the room while the key itself is in my pocket. Now, next in line is the air conditioning unit. I noticed that the balcony door actually consisted in two twin doors opening on the sides. However, the magnetic sensor was only placed on one door, which basically allowed half of the door to be opened while still allowing the air conditioning unit to run.
If you are wondering how this fact relates to security trade-offs, remember that the designer tried to save on his electricity bill incurred by the average hotel guest. Securing the system harder (like for instance using a solid connection between the key and the metal strip and using two magnetic sensors, one for each door) would have probably rendered my efforts useless, but the added cost multiplied by the number of rooms would have meant something. Now, the designer may have either put little thought on the economizer system, leaving it flawed, or it may have reached to a judiciously thought trade-off. You judge.
Entries (RSS)
October 5th, 2007 at 7:43 pm
How easy would it be to secure the key to the metal strip so that shysters like you (and me, most likely) can’t just remove the key? Pretty easy I think. The explanation to that error is probably more along the lines of ‘laziness’. They were hoping that most people would either not think to remove the key or wouldn’t go through the effort.
At first I wanted to say that the other issue (the metal strip only cover one door) was poor design, and it is, but once again I think laziness has to be the primary root cause here. Whoever implemented that security feature surely knew that the user could easily utilize the ‘non-secure’ door, and yet they still left it vulnerable. I don’t see the extra cost being a realistic explanation here. LAZY!
Interesting real-world metaphor for computer security. Thanks.