Epistemological Relativism

G.K. Chesterton in The Everlasting Man writes about the ultimate and unspoken aim in mythology. He describes it rather appropriately as an almost indirect, semi-conscious search for that something that we all know is out there, but at times are not too sure where to look or what to look for. Mythology’s stories are a way to imagine what things might be like, knowing that there is some deep connection, not between the objects of mythology itself, but between the ideas and themes they conjure and reality itself.

Every true artist does feel, consciously or unconsciously, that he is touching transcendental truths; that his images are shadows of things seen through the veil. In other words, the natural mystic does know that there is there; something behind the clouds or within the trees; but he believes that the pursuit of beauty is the way to find it; that imagination is a sort of incantation that can call it up.

Chesterton observes, quite accurately I might add, a type of experience an artist has when engaged in his craft. This “seeing through the veil” is something that at times can be articulated and at others remains just below the consciousness. I’ve never read any such treatment of this, but maybe I haven’t read enough.

Very deep things in our nature, some dim sense of dependence of great things upon small, some dark suggestion that the things nearest to us stretch far beyond our power, some sacramental feeling of magic in material substances, and many more emotions past finding out, are in an idea like that of the external soul.

I’ll just let you think about this one. I think it is fantastic.

In a word, mythology is a search; it is something that combines a recurrent desire with a recurrent doubt, mixing a most hungry sincerity in the idea of seeking for a place with a most dark and deep levity about all the places found.

I love this duality in mythology’s quest. The doubt and desire collide as the myths attempt to grasp at what is behind the veil.

I just couldn’t resist this one. I love the ever so gentle chastisement upon my completion.

Since I have a few spare moments to read again I have decided to give Barth’s Evangelical Theology another attempt. Ironically, I was not prepared to engage with Barth until after battling it out with Brunner. For those of you that are not aware, these two had significant disagreements about one another’s theology.

Barth, in the beginning of this short book, attempts to sketch what theology is or, more importantly, what the object of theology is. Barth uses “God” to refer to that object which is “our highest desire”. I’ve heard this spun a bit differently in my previous evangelical experiences, but I think Barth makes the point clear.

There is no man who does not have his own gods or gods as the object of his highest desire and trust, or as the basis of his deepest loyalty and commitment.

This isn’t meant to be slanderous or a personal attack directed toward *theists. Barth is merely defining the term god and its possible referents (is that right?). Think of it as more of an abstraction or generalization that can be applied to everyone. Barth gives us examples of what suchs gods may look like.

Such an alternative object might be “nature”, creativity, or an unconscious and amorphous will to life. It might also be “reason”, progress or even a redeeming nothingness into which man would be destined to disappear. Even such apparently “godless” ideologies are theologies.

It is a good starting point for understanding what theology’s aim or object is. It is the study of, reflection upon those things that we elevate to the divine (whether legitimately or illegitimately is another story!) However, once you select your god object things change just a bit. Barth’s aim is to speak of the God of the Gospel. And the goal of this study is to:

..to apprehend, to understand and to speak of the God of the Gospel, in the midst of the variety of all other theologies and (without any value-judgment being implied) in distinction from them. This is the God who reveals himself in the Gospel, who himself speaks to men and acts among and upon them. Wherever he becomes the object of human science, both it source and its norm, there is evangelical theology.

– Karl Barth, Evangelical Theology (Eerdmans, 1963) 3-6.

Last night we started another bed-time book. Always the romantic I try to find books that communicate the beauty of nature wrapped in an exciting and adventurous story. I hope to give the kids, at a worst, an appreciation for nature and, at best, a longing to be a part of it. Yes, unfortunately living in the concrete jungle in Southern California we have to resort to books instead of the real thing. I chose The Wind and The Willows. The large hardback edition that I purchased has fantastic illustrations by Michael Hague. The illustrations are great a jumpstart for the imagination. Since they are not on every page the illustrations aren’t too big of a distraction and keep the kids in suspense and attentive. The good news is that this text is public domain so you can always go here and download a copy to print. It won’t have the pictures, but that’s okay. So here is an great excerpt from the text. The Mole has just stumbled upon a river for the first time in his life.

Never in his life had he seen a river before–this sleek, sinuous, full-bodied animal, chasing and chuckling, gripping things with a gurgle and leaving them with a laugh, to fling itself on fresh playmates that shook themselves free, and were caught and held again. All was a-shake and a-shiver–glints and gleams and sparkles, rustle and swirl, chatter and bubble. The Mole was bewitched, entranced, fascinated. By the side of the river he trotted as one trots, when very small, by the side of a man who holds one spell-bound by exciting stories; and when tired at last, he sat on the bank, while the river still chattered on to him, a babbling procession of the best stories in the world, sent from the heart of the earth to be told at last to the insatiable sea.

- Kenneth Grahame, The Wind in the Willows (1908)

I tend to hear and attempt to preach about this principle when given the opportunity. The principle here is that testing does not guarantee or validate the security of a system. Testing provides some evidence that implementation bugs may not be present in a system. It is not certain. In fact, testing as I’ve sketched it out has scope that should further qualify my statement. You only have evidence of the absence or presence of bug that you are looking for. Many times a test is viewed as some sort of rubber stamp “secure” label. In reality though these testing efforts are, by definition, narrow and finite and don’t have the evidential ability to confer the label of “secure” on a system that has been tested.

The objective of a secure system is to prevent all unauthorized use of information, a negative kind of requirement. It is hard to prove that this negative requirement has been achieved, for one must demonstrate that every possible threat has been anticipated.

- Saltzer & Schroeder, The Protection of Information in Computer Systems (1974)

I was listening to the radio again where I heard the now familiar phrase “culture war”. I wondered, as always, if this really is anything new. Ever since there were human societies and communities there were struggles over ideas. Struggles because even in the most extreme circumstances humans are still individuals. They may not, in some societies, be individualistic, but they remain individuals. They are human. The degree to which an individual’s own ideas are shaped and determined is and has been hotly debated. The fact remains however that even in a society dominated by a large group of like-minded individuals, there are at least as many who do not align with the dominate group’s ideals.

To say that we are in a culture war, then is a bit superfluous. Or is it? The really incredible news would be that we were not in a culture war. I don’t intend, with a wave of my hand, to make the issues that surround us seem meaningless or without dire consequences. Here comes the irony. What I intend to bring to everyone’s attention is that this is now news. In the West and particularly where I live in North America, we have grown so busy with our busy-ness that we’ve lost sight of our responsibilities as citizens. Like many out there who feel that it is the government’s responsibility to raise the world’s children, we have implicitly made similar statements with regards to the direction of culture and value where we live. We put those decisions into the hands of “people that know better”. But, who are these people? We don’t really know. It is only a hopeful expectation that “everything will be okay”. Maybe it will be okay. Of course, that is dependent upon where you stand when the dust settles on certain issues. Now, the challenge is that if we decide to engage in these issues, do we have the equipment to think carefully about them?

Being in the security industry we’re constantly confronted with the problem of protecting data in transit and data at rest. Of course, everyone has a different way of describing data traveling somewhere and data staying somewhere semi-permanently, but I digress. In any case, data at rest or data’s primary place of residence has been a nasty little problem these days. Many will tell you that it solves the worlds problems. It protects data from bad guys and from good guys we don’t trust (which is sort of an oxymoron isn’t it?). At least that is the perception. Various forms well-intentioned, but wholly uninformed pieces of legislation are attempting to mandate the implementation of encryption at rest. I hear of products for database encryption, filesystem encryption, whole-disk encryption and others.

Many people have fallen victim to the “Use encryption and your data will be protected” fallacy. The have made the mistake of equating the use of encryption with the mitigation of a broadly defined set risks or risks are not defined at all. Sure, it makes people sleep well at night, but only because they think their understanding of the situation is complete and correct. Unfortunately, this is not the case and the sleepful nights should be coming to a close.

Encryption at rest solves one problem. Physical compromise. Yes, it’s true and I know it is hard to believe. It does reasonably well if someone walks into your data center, home, office or what not and walks off with your computers. I must add, though, that this too only works if your data is not currently “decrypted for use”. If it is, you fall victim to the usual attacks. So, to clarify it solves the physical compromise problem as long as your data is actually encrypted at the time of attack. In all other cases encryption at rest is useless. It is useless against a successful attack against an application and associated components that process the information. It is useless against a successful compromise of a system hosting your information. It is absolutely useless against the administrator you’re not sure about. Here’s why..

The application attack is aimed at the unencrypted data stream and therefore not protected by encryption at rest. The application (I’m using the broad definition here) processes the “real” data at many points so it is a grave mistake to presume that encryption at rest protects data as it is being processed.

The system attack is aimed at gaining access (usually elevated). It is a small step on many systems to get privileges that enable you to retrieve keys, passphrases and other material that is required to decrypt the data at rest. Nevermind those pesky out-of-band crypto-machines. The unencrypted stream has to get there for it to work.

Administrator trust issues? Yeah, you have serious issues if you don’t trust these guys. Sorry to say this, but if you don’t trust your administrators you trust them implicitly. Game over. If you have elevated privileges on a system or software the game is over. See the system attack for a sampling. The best you can do here is detect, but even that is problematic in the administrator game. Since they are “god” on systems and software they can potentially control entry and exit points.

The list can certainly be expanded and elaborated. Even this sketch is a compelling case for why people who use encryption at rest are not solving the problems they think they are. They shouldn’t be sleeping well at night, because their data is no more protected than it was prior to shelling out hundreds of thousands of dollars on products and services.

Again, encryption at rest is useful for the physical threats. The usual threats are laptop thefts, tapes falling off of trucks, DVDs being thrown away, etc. Laptops, mobile media and even servers with data being shipped across the country are all cases where this solutions works well. Using it for anything else is big money sink that could have been used to enhance all of the other relevant controls that can support the protection of data at rest.

So, I’m writing this little proof-of-concept tool that uses various icmp types and codes to smuggle data out of networks. It is useful for networks that have a significant amount of filtering, but still manage to let out icmp. I know, it’s a stretch. If they’re blocking most traffic and doing it smartly with a white list (default deny) then this little tool won’t be very useful. That’s okay, it is only the first phase in my Han Solo’esque smuggling experiment. Besides it’s quite fun, in the painful sort of way.

Not wanting to allow just anyone to see my super-secret payloads riding on top of the innocuous icmp packets I decided to use some encryption. I made the decision that some sort of high-speed symmetric cipher would do the trick. But how do I handle the key exchange? Diffie-Hellman to the rescue! Wait a minute. Not so fast. Wanting to reinvent the wheel I starting writing my own bug-ridden implementation and suddenly realized I had stumbled upon a problem that people have been working on since the times of Euclid. Smart people. With Diffie-Hellman two parties have to agree on an prime number. We all remember what those are right? Public school education? Okay, a prime is a number that can only be divided by 1 and itself. Anyways, for my tool I have to randomly generate a number and then determine if it is prime in order to use it in the key exchange process. Sounds easy, but I run into all sorts of challenges when testing for primality. For example, you can run some tests that give you reasonable probability that your number is prime, but it is not certainty. Certainty is a much more lengthy process. Well, it is to my brain. So, instead of writing code I’ve found myself reading all sorts of documentation on primality testing and playing with python to see if I’m understanding everything. Anyways, it is times like this that I wish I would have paid more attention in math class.