Old Fashioned Security

Old Fashioned Security

  • Comments 7

The other day I decided to write one of my very good friends a letter. Not one of those new-fangled electronic letters - no - but a real honest-to-goodness pen-and-paper it-costs-real-money-to-send ye-olde-fashioned hand-written letter.

Given that sending a real letter is something of a special occasion in this day and age, I like to spend a little extra time and effort and pick out some nice paper and envelopes for the task (no stealing the Microsoft corporate logo paper in the mail room!).

So I went to The Paper Tree at Bellevue Square to check out some of their fancier fare. Amongst all the wedding invitations and so on I found some nice paper prints, and there on top of the case was something I'd never seen before: sealing wax and little bronze seals! Now of course I've seen people seal letters the old fashioned way in movies before, but I'd never actually seen the stuff in real life (who knew people still did that?) and being something of a security guy I thought it would be cool and somewhat novel to utilise this technique in my letter.

So along with some nice paper and envelopes, I also picked up some blue sealing wax (whenever I had heard the term before, I always assumed it was "ceiling wax" -- ie, something you put on your ceiling!) and, after asking the sales associate whether I should choose my first or last initial, a letter "T" seal (no points for guessing what her answer was...)

After getting home and actually writing the letter, I had to try and seal it. Hmmm... that could be a problem. Need to practice first so I don't set it on fire or make a big mess all over the place. I got one of those useless return envelopes from my bank (I pay my bill online, so who needs return envelopes?), went over to the stove and turned one of the burners on to low (by the way, don't tell Rob about this, okay? Thanks!). After a few mishaps I managed to get the wax at a point where it was warm enough to smudge onto the envelope and stamp with the seal, although it's not an easy thing to do. I managed to get the final seal on the real letter with only two attempts (it's a rather thick seal ;-) ) and after wrapping it in some more paper and sticking it in a normal envelope (to protect the seal from being knocked off by the letter-sorting machinery at the post office) I sent it on its way.

Anyway, the seal has some interesting properties. It has two main purposes:

  • To identify the sender of the letter
  • To deter people from opening the letter

The first property is similar to the way we use digital signatures today. If Microsoft digitally signs some software, you can check that signature and know that the software really did come from Microsoft. Nobody else can sign code with our key (unless of course they steal it or make a lucky guess), just as nobody could use an Official seal without stealing or duplicating it.

Additionally, if you know that Official letters are always sealed, you can be wary of any letters you receive that are not accompanied by a seal -- most likely, they are forgeries. In the same way, you should expect all software you download from the internet to have a digital signature, and if it doesn't you should be wary of it. Unfortunately, this doesn't work in reality for two reasons:

1)    Most 3rd party software is not signed. If you download software from a shareware site then it is unlikely to be signed, most likely because certificates cost a lot of money and it's hard to justify one when the product itself is free (or very cheap)

2)    Just because software is signed, doesn't mean it is good! A virus writer or other bad person can obtain a certificate and use it to sign their code just as easily as Microsoft can. The FriendGreetings episode proved this.

Remember that the only thing a signature tells you is that the person who signed the content is in possession of the private key. (Now hopefully that person is the rightful owner of the private key, but it's possible for keys to be compromised). Signatures do not mean software is trustworthy or free of viruses or anything like that. But if you trust the person who signed the code and you believe that they would not sign malicious code and would take the necessary precautions to make sure it did not contain viruses or other badness, then the presence of the signature can help you make a decision about installing or running the code. But if someone merely claims that software came from a source you trust but does not provide a signature to back it up, then you must rely on some other evidence (or just blind faith / desperate hope) if you decide to execute the code. Certainly you should never run code that claims to come from Microsoft unless it is signed with our key. Unfortunately a LOT of people are installing the W32.Swen "latest critical patch" virus (which obviously isn't signed by us) -- I now get upwards of four or five HUNDRED virus mails a DAY!

The second property of the seal is interesting. It acts as a deterrent to stop unauthorised people from reading the letter, but it doesn't stop them. Unlike an encrypted message, which will prevent anyone from reading the content unless they have the right key to decrypt it, a sealed message can be read by anyone who breaks the seal. But once the seal is broken, they presumably cannot reseal it, so anyone else who receives the message will know its contents has been compromised.

The problem with this as a deterrent is that it only works if the recipient is expecting a letter. If Alice sends Bob a sealed letter, but Bob is not expecting it, then Charlie the postman can simply steal the letter, break the seal, and read the contents. Bob will never know of the compromise, because he wasn't expecting the letter and will of course never receive it. Obviously if Alice was expecting a reply, she may become suspicious after a while when no reply is received (and Charlie can't simply pretend to be Bob and reply on his behalf, since he doesn't have Bob's seal and he knows Alice will be suspicious if she receives an un-sealed reply). But how is Alice to convey this suspicion to Bob? How is she to let Bob know that he should expect a sealed letter from her, other than by sending him... another sealed letter? Obviously the answer is that there has to be some other out-of-band communication -- carrier pigeon, tin-can-and-string telephone, face-to-face meeting, etc -- but then why not deliver the message itself in this way? Maybe because this alternate mechanism offers no privacy, but does guarantee delivery. For example, Alice could announce in the local paper that she is going to send Bob a signed letter. It's not very private, but it would be hard for him not to get the message. Unfortunately this has a problem because unless the paper itself requires sealed communications, it could be someone else who is impersonating Alice that puts the advert in the local paper... but then you have to trust someone somewhere, and if you can't trust the local media then who can you trust? :-)

Of course the real problem is that even when the seal does act as a deterrent (Bob is expecting the sealed letter from Alice, and Charlie knows this) it still doesn't stop Charlie from reading it if he believes the value from reading the letter outweighs the risks of being caught having read it. For example, if he believes the letter contains a hot stock tip and thinks that he can capitalise on it and move to the Bahamas before Alice and Bob find out, there's nothing stopping him doing so. This is why we have real encryption -- to hide the content of a message from someone.

One thing that plain vanilla encryption doesn't give us, but that the seal does, is an indication that someone has read the message. If Bob receives a letter and the seal is broken, he knows someone has read the contents and he can take appropriate action to have the courier beheaded or whatever. But if he receives an encrypted message without any kind of seal, he has no way of knowing if someone else has compromised the decryption key and is silently decrypting the message before passing it on to him.

Now there are digital equivalents to this -- DRM systems, for instance, can provide for one-time-only decryption of songs, etc -- but as far as I know they all require a trusted 3rd party to hold the actual decryption key, and they're not in as wide a use today as simple encryption and digital signatures are (S/MIME, PGP, etc).

Anyway, I hope my letter made it to my friend intact! :-).

Random trivia for the day (night):

I've been using Microsoft Word since 1.1 (when it came with a limited version of Windows!) and I'm a huge keyboard junkie. I often show people keyboard shortcuts that have been in the product forever, but may or may not be well documented. One of the ones I used tonight was the Shift+F3 case change feature. Select some text, and hit Shift+F3. The text will cycle through ALL UPPER CASE, Proper Case, and all lower case. It's a neat trick to save time instead of deleting text and re-typing it.

  • Nice story, Peter. Well said. I particularly liked the part about the local media.
  • You are a good story teller, Peter! I enjoyed your story. However your analogy is not very good. Digital signature only protects content from modification, but wax sealing also provides means to alert occurrence of unauthorized access to the sealed content. The later doesn't have PKI analogy, and is very challenging to implement in local area networks (where it requires great deal of support from the OS and LAN infrastructure) and near to impossible for implementing on heterogeneous wide area networks. That is one of the reasons that nobody had success in implementing efficiently working Digital Rights Management system yet. -Valery.
  • Rob - who told you about this page?!? Argh! :-) Valery - thanks for the comment. I tried to make this point with my paragraph beginning "One thing that plain vanilla encryption doesn't give us, but that the seal does, is an indication that someone has read the message" but perhaps I didn't do a very good job. DRM is hard to do, and I don't believe anyone has a perfect story yet (at least not a pure software one).
  • Hey Peter, Sending wax seals through the mail doesn't work -- I've tried. The wax becomes stiff and the sorting machines destroy it. You need to have your wax-sealed envelopes delivered by a liveried footman.
  • Unfortunately my footman was polishing the Roller and the manservant was exercising the corgi, so they were unable to deliver the letter for me. I'll have them roundly whipped for good measure.
  • I love this. Peter, you are living evidence of why the "two cultures" concept of arts and sciences is a myth.
Page 1 of 1 (7 items)