October « 2009 « Equilibrium Networks

Random bits

14 October 2009

“Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain’s point-of-sale system”

“We have spoken to a number of industry insiders and what happened is that when updating the data, the script did not add a terminating ‘.’ to the DNS records in the .se zone. That trailing dot is necessary in the settings for DNS to understand that ‘.se” is the top-level domain. It is a seemingly small detail, but without it, the whole DNS lookup chain broke down.”

For some reason a news article on a two-year-old result about the maximum processing speed of a reversible computer was published on the 13th, then Slashdotted. But you saw it here first!

Leave a Comment » | Communications security, Networks, Random bits, Science | Permalink
Posted by eqnets

Random bits

13 October 2009

Want to bank online securely? Use a Live CD (Here’s how.)

“The refutation of the [Riemann hypothesis] by computer methods seems to be as difficult as the analytical proof of its validity”

Thermal computing

Varyag == training carrier?

Leave a Comment » | Communications security, Mathematics, Random bits, Security | Permalink
Posted by eqnets

VizSec 2009 was yesterday; aside from Bill Cheswick’s keynote and participating in the poster session (the poster is available on our downloads page), I was pleasantly surprised by Joel Glanfield et al.’s OverFlow work. Like us, they have recognized that aggregating IPs (among other things) is a good thing for visualizing network traffic, particularly over time. One thing OverFlow does that we don’t is to explicitly show a representation of the aggregated connections as a graph drawing. When aggregation is done statically (even including layer 4) this seems like the sort of thing that can be very friendly to analysts, but there are occlusion issues that suggest focusing on one aggregated node at a time, especially for time series data. Anyway I look forward to seeing more of this sort of thing and fewer “yarn ball” visualizations and their ilk that too often convey little or no useful information because of a refusal to recognize one of the great lessons of physics: that successfully analyzing complex systems is largely dependent on identifying relevant spatial and time scales and then ignoring irrelevant details. When I heard people saying that analysts complain that visualizations frequently “get in the way of the data” I think I know what they meant.

One thing I was pleasantly not surprised by is that the afternoon panel seemed to repudiate the notional equation “Security + Visualization = Science”. As I’ve commented here (and there), there can be no truly scientific theory of security. Visualization doesn’t change this. The place where security and visualization can overlap with each other and with science is in the development of frameworks guided by scientific principles, both in architectural and cognitive aspects. For example, an immunology-based security visualization tool might seek to leverage some kind of corresponding visualization, like some sort of graph summarizing “antibodies” that draws from biologists’ experience.

But trying to compare different visualizations scientifically is almost surely doomed to failure outside of a “perturbative regime” where small elements of visualizations are altered and the cognitive effects are measured. For instance, comparing Wireshark and TNV might be done carefully and provide some insight, but it does not qualify as science. And it doesn’t need to. Engineering is a good thing, and so are usability studies. But while we certainly base our own framework on principles from physics, we haven’t bothered with trying to do formal usability studies, because people will make it known if or when they want minor improvements to an interface, and that’s precisely the sort of thing that falls into the “perturbative regime” anyway. I think the bottom line is that if you care about how users interact with your tool and what it can do for them, just let them have a say in the development process.

1 Comment | Commentary, Communications security, Equilibrium Networks, Networks, Nonrandom bits, Science, Security | Permalink
Posted by eqnets

Cyberterror: menace or myth?

8 October 2009

Today I went to a talk by Irving Lachow at the think tank where I used to work on whether cyberterrorism is a myth or a menace. The conclusion is probably obvious: it’s basically not a real menace. There’s lots for everyone to worry about from organized crime and certainly lots more for the government-industrial complex to worry about from nation-state threats, but cyberterrorism is a mirage, and basically everyone who doesn’t have skin in the game (and even some people who do or might–such as myself) agree. I’ve talked about similar themes here and here and here, among other entries on this blog.

Lachow mentioned that he did his research on this topic through unclassified sources, then went onto JWICS with crossed fingers–and ended up standing by his initial conclusions. Terrorists do organizational and support stuff and “influence operations” (I guess this is a subtler version of PSYOPS) using networks, but they don’t really engage in cyberterrorism. And the stuff that gets called cyberterrorism basically doesn’t deserve the name. Lachow believes, as I do, that crime, espionage, and state-level network attacks are what we really ought to be concerned with: cyberterror should be considered a “lesser included threat”–although the risks for all of these threats will only increase with time.

One theme that he brought up that I and many others have mulled over is cyberdeterrence. Basically, nobody knows how to do it. The nuclear analogies are false. But (as I’ve mentioned here) for a really big attack, one that’s worthy of a strategic offensive move by a nation-state or terrorist group, there will be a kinetic component. Attribution won’t be a problem. Old-fashioned deterrence with guns still works just fine.

3 Comments | Commentary, Communications security, Equilibrium Networks, Nonrandom bits, Security | Permalink
Posted by eqnets

Random bits

8 October 2009

Terry Tao reports that Israel Gelfand died recently. He was one of the greats, his name familiar to every student of functional analysis from the GNS construction

New work on the border of quantum chaos

Leave a Comment » | Mathematics, Random bits, Science | Permalink
Posted by eqnets

A graded lexicographic index, part 1

6 October 2009

This post is going to introduce a way to index elements of the bucketspace

$X_{B,b} := \{\alpha \in \mathbb{N}^B : |\alpha| \equiv \sum_{j=1}^B \alpha_j = b \}.$

This is basically equivalent to indexing the $\binom{B+b-1}{b}$ ways you can put $b$ indistinguishable balls into $B$ distinguishable buckets, hence the name.

Why is this useful? There are a number of pretty good reasons. For one thing, such an index is the key to providing a total ordering of $\mathbb{N}^B$ that is a graded lexicographic ordering (i.e., something akin to a dictionary ordering in which words of length 1 appear first in order, then words of length 2, and so on) which can probably be used in lots of places (it seems like the sort of thing that could be a 35-40 rated exercise in Knuth depending on hints). A more specific application derives from the fact that multivariate Lagrange interpolation is about as nice as it can possibly be on $X_{B,b},$ which is probably why it turned out that Carl de Boor of spline fame anticipated a lot of our early work from 2001 discussed in this post two years beforehand.

Example of Lagrange interpolation of a function on $X_{3,4}$ .

But the reason we’re talking about it here is that random walks on $X_{B,b}$ have been used as a way of describing network traffic in a past approach by DoD that we’ve drawn a lot of lessons from (the basic idea for translating network packets to random walks was similar to the approach described at the end of a previous post, except that the finite space $X_{B,b}$ is used instead of the infinite root lattice $A_{B-1}$ ), and we seriously considered running with this framework in tandem with the one that we followed through with.

There are also some cute martingale results that derive from looking at $X_{B,b}$ as the configuration space of states for a classical Bose gas and looking at the energy fluctuations of the gas. In fact this line of thinking led in a very circuitous way to the development of a lattice gauge theory for random walks that we’re working on in the hope that it could lead to descriptors generalizing electric and magnetic charges, fields, etc. for dealing with correlations within network traffic–but talking about that more would take us way too far afield, especially since that stuff is still in the research stage.

Getting back on topic, pictures of the graded lex ordering obtained by projecting $X_{B,b}$ onto $\mathbb{R}^{B-1}$ give a little more insight. For example, with $B = 3$ and $b = 12$ , there are $\binom{3+12-1}{12} = 91$ elements or states, and they are ordered as

(0,0,12), (0,1,11), …, (0,12,0), [13 states]

(1,0,11), (1,1,10), …, (1,11,0), [12 states]

(2,0,10), (2,1,9), …, (2,10,0), [11 states]

…

(11,0,1), (11,1,0), [2 states]

(12,0,0). [1 state]

If we just project these points into two dimensions and literally connect the dots in order (except for joining the last point to the first one) we get a pretty clear picture of what’s going on:

State index for <img src='http://s0.wp.com/latex.php?latex=B%3D3%2C+b%3D12&bg=ffffff&fg=333333&s=0' alt='B=3, b=12' title='B=3, b=12' class='latex' />. A circle indicates the first index and "x" indicates the last index.” width=”300″ height=”225″ /><p class=

State index for $B=3, b=12$ . A circle indicates the first index and "x" indicates the last index. The coordinates shown are artifacts of the projection used.

The pattern becomes more obvious if we add a dimension:

State index for <img src='http://s0.wp.com/latex.php?latex=B%3D4%2C+b%3D12&bg=ffffff&fg=333333&s=0' alt='B=4, b=12' title='B=4, b=12' class='latex' />. A circle indicates the first index and "x" indicates the last index.” width=”300″ height=”225″ /><p class=

State index for $B=4, b=12$ . A circle indicates the first index and "x" indicates the last index.

It looks recursive, and it is. Since you can read about an essentially equivalent construction in de Boor’s 1999 paper, I won’t belabor the details, though our MATLAB code is different from his and appears to be more fully developed in many respects.

First, here’s how to produce $X_{B,b}$ :

function y=lookup(B,b);

% Generates a lookup table with B buckets and b balls.

P1 = pascal(max(b+1,B+1));
P = P1(1:B,:);

numstates = P(B,:);
% ith element gives number of states for B buckets and (i-1) balls

% addermat is a matrix of "row adder" vectors:
addermat = fliplr(eye(B));

%init
look = zeros(1,B);

% Put C = max(c)...the number of balls is b = C-1, so b-1 = C-2
for c = 1:b
 for k = 1:B
 blocksize(c,k) = nchoosek(c+k-2,c-1);
 temp = blocksize(c,k);
 cellblock{k} = look(1:temp,:)+repmat(addermat(k,:),[temp 1]);
 end
 look = cat(1,cellblock{:});
end

y = look;

Next, here’s a recursive index:

function y = stateindex(state)

% B: number of buckets
% b: number of balls

B = length(state);
b = sum(state);

if min(state) < 0 | max(state) > b
 stateindex = 0;  % basic error handling
else
 P1 = pascal(max(b+1,B+1));
 P = P1(1:B,:);
 PA = cat(1,zeros(1,max(b+1,B+1)),P);

 % addermat is a matrix of "row adder" vectors:
 addermat = fliplr(eye(B));

 blocknum = zeros(1,b);
 numblocknum = zeros(1,b);

 substate = state;
 for i = 1:b
 blocknum(i) = max(find(fliplr(substate)));
 substate = substate-addermat(blocknum(i),:);
 numblocknum(i) = PA(blocknum(i),b+2-i);
 end

 stateindex = sum(numblocknum)+1;
end

y = stateindex;

Unfortunately, recursive code usually looks conceptually elegant but performs terribly. In the next post in this series I’ll discuss some more sophisticated methods for indexing states in $X_{B,b}$ and related algorithms that avoid this pitfall.

1 Comment | Communications security, Equilibrium Networks, Mathematics, Networks, Nonrandom bits | Permalink
Posted by eqnets

Random bits

5 October 2009

DHS wants to hire 1000 cybersecurity experts. Too bad there aren’t that many and NSA is poaching a lot of people anyway. In my world “expert” must mean something quite different from how a lot of folks seem to interpret the word. There are not 1000 experts on any modern technical subject, there are on the order of 1-100. Once it gets past that number the nature of expertise changes–or undergoes a phase transition–and the aspects of the subject become “well known”.

DHS travel records look like this.

“There is a real sense in the Pentagon that Israel is preparing to attack Iran” and another take on the situation at Information Dissemenation

Using neutrinos for submarine communications. I recall seeing work investigating the use of neutrinos to detect nuclear submarines as well. To mix metaphors, this sort of thing has been on the Navy’s radar for a long time: a JASON report on neutrino detection dates from 1988.

Leave a Comment » | Communications security, Random bits, Science, Security | Permalink
Posted by eqnets

Equilibrium Networks

Random bits

Random bits

VizSec09

Cyberterror: menace or myth?

Random bits

A graded lexicographic index, part 1

Random bits

Blogroll

Featured posts

Archives

Categories

Search

Follow “Equilibrium Networks”