How we can reduce the effects of Heartbleed next time?
For too long we have talked about layers of security but not “walked the walk.” The OpenSSL weakness was a mistake, but mistakes happen, and sometimes they take a long time to uncover. We have put too much stock in link-level security. Securing our data and our passwords with the same technology is not really the best plan.
With over a billion TPMs deployed, it is time to leverage this technology and provide the tamper-resistant authentication that assures the link does not have to be trusted to assure the security of the access control.
Challenge response with a device is a powerful defense mechanism. The one-time random number that is used to challenge the chip is of little use to a man in the middle. The weakness of OpenSSL would not have affected a TPM authentication. The data transmitted after you log in would still be vulnerable.
TPM can be seen as a single point of failure if a machine is stolen. Adding a self-encrypting drive provides a complete second level of protection: that your token is not used by someone else. It is a simple inexpensive mechanism to provide world-class protection to my device as a token. Layering high-quality security technologies provides a web of safety for the user and can make it easier to recover from a loss. We have to approach each of the security issues in this manner to continue to layer our protections.
Heartbleed will require everyone to reset their passwords in a week or so after the holes have been fixed. If TPM had been in broad use, the TPM credentialing mechanism would not have been put at risk and could have played a role in reducing the impact of an OpenSSL mistake. The reverse is also true: if TPM were to fail, having strong SSL would play a great role in aiding recovery.
Message security is another technology that we need more investment in. Moving from securing links to securing message traffic provides isolation of your sensitive data to many potential weaknesses in the global Internet. Computers are now fast enough to provide us with data encryption at the message level so the data in transit and the data at rest are protected. It is not okay for Dropbox to not encrypt the data for the client anymore.
The rise of Trusted Execution Technology, distributed applications and the Blockchain will put better security into our everyday apps. It will be expected that information is encrypted, isolated and private. Bitcoin has the potential to bring best-in-class cyber security to the kids for messaging and to all of us for the information we use every day.
The Internet is growing up, and we need to have multiple safety systems put into use. The companies who rely only on the one button to keep their pants up might want to re-visit belts, suspenders and the ole reliable duct tape!
Image credit: CC by dfbphotos