Help - Search - Members - Calendar
Full Version: Wireless
Dumpshock Forums > Discussion > Shadowrun
BaronSameday
I might be being dumb but what advantages does having wireless cyberwear bring you ?

Example

Old style smartgun link cannot be hacked? New wireless ones can be!!

So why would people use wireless kit?

Would that not mean that most SR's would carry a basic Comlink that can be turn off and dumped if they need.

Now if having a PAN/Comlink set up provided a bonus I could see the reason.
MrMiracle
Hands free access to every item in your inventory? Strap that Flashpak to your chest and set it off with a thought without taking your hands off of your assault rifle. Change viewing mode on your goggles, command a few drones, have that bad guy shoot himself while he's checking your gun barrel. Use a hold-out pistol as a makeshift spy camera. Set off traps.

All that, and your Hello Kitty screensaver too!
Synner
a) You can turn off their wireless functionality at will.

b) There is no reason you can't have all your cyber, gadgetry and weapons setup to only recognise and link up through your commlink, in fact that should be the default for mostly everyone who has a commlink. Hackers then need to hack your commlink's firewall to get to the cyber.
BlackHat
QUOTE (Synner)
b) There is no reason you can't have all your cyber, gadgetry and weapons setup to only recognise and link up through your commlink, in fact that should be the default for mostly everyone who has a commlink. Hackers then need to hack your commlink's firewall to get to the cyber.

Or get your commlink's ID and spoof it. At least, I think that is doable... the gadgets will only respond to your commlink, but for all they know, they ARE responding to your commlink.
Sigfried McWild
I haven't read the rules on hacking and excryption yet, but if looking at it from a real world perspective hacking and/or decrypting the wireless feed between yuo and your cyberware should be between impossible and just forget it.
Any wireless transmission can be encrypted. Given that you are the only one that's supposed to connect to that cyberware you can be using secret key encryption (much, much harder to crack than public key) with the key entered manually on the piece of cyberware. Given the raw processor power they could be using 4-8 kbit keys. Nowadays a 256 bit encryption is completely unbreakable and even the military rarely pushes over 512 and difficulty increases exponentially with the length of the key.
Spoofing would be impossible since nobody else knows the key (secret key encryption never tansmits the key).
In fact any of the techniques used today to encrypt internet connections is completely valid for applications in this context.

The only thing that might worry me is jamming since none of these devices can use high powered transmitters due to battery size restrictions.
I'd also assume that every bit of cyberware you have with a wireless connection can turn it off just to make sure. The only real entry point for a hacker is your main commlink, if you leave the wirelss on.
DireRadiant
Directional jammers though...
Aku
QUOTE (Sigfried McWild)
I haven't read the rules on hacking and excryption yet, but if looking at it from a real world perspective hacking and/or decrypting the wireless feed between yuo and your cyberware should be between impossible and just forget it.
Any wireless transmission can be encrypted. Given that you are the only one that's supposed to connect to that cyberware you can be using secret key encryption (much, much harder to crack than public key) with the key entered manually on the piece of cyberware. Given the raw processor power they could be using 4-8 kbit keys. Nowadays a 256 bit encryption is completely unbreakable and even the military rarely pushes over 512 and difficulty increases exponentially with the length of the key.
The only thing that might worry me is jamming since none of these devices can use high powered transmitters due to battery size restrictions.
I'd also assume that every bit of cyberware you have with a wireless connection can turn it off just to make sure. The only real entry point for a hacker is your main commlink, if you leave the wirelss on.

and this would make for a pretty boring game, especially for a hacker. "Oh, i'm sorry, Linux 2070 was installed, and they used 1024 encrption, you're screwed, sorry, next action?" Encrpytion is breakable, with a Decrypt + Response
(Encryption rating x 2, 1 Combat Turn) test.
Sigfried McWild
QUOTE (Aku)
QUOTE (Sigfried McWild @ Jan 30 2006, 08:51 AM)
I haven't read the rules on hacking and excryption yet, but if looking at it from a real world perspective hacking and/or decrypting the wireless feed between yuo and your cyberware should be between impossible and just forget it.
Any wireless transmission can be encrypted. Given that you are the only one that's supposed to connect to that cyberware you can be using secret key encryption (much, much harder to crack than public key) with the key entered manually on the piece of cyberware. Given the raw processor power they could be using 4-8 kbit keys. Nowadays a 256 bit encryption is completely unbreakable and even the military rarely pushes over 512 and difficulty increases exponentially with the length of the key.
The only thing that might worry me is jamming since none of these devices can use high powered transmitters due to battery size restrictions.
I'd also assume that every bit of cyberware you have with a wireless connection can turn it off just to make sure. The only real entry point for a hacker is your main commlink, if you leave the wirelss on.

and this would make for a pretty boring game, especially for a hacker. "Oh, i'm sorry, Linux 2070 was installed, and they used 1024 encrption, you're screwed, sorry, next action?" Encrpytion is breakable, with a Decrypt + Response
(Encryption rating x 2, 1 Combat Turn) test.

That's why hackers in my games are rare and rarely do much "movie" style hacking.
It also means that there's a reason for the hacker to be in the frontlines (if you can't hack the firewall, just go to the machine behind the firewall)
Butterblume
QUOTE (Sigfried McWild)
Given the raw processor power they could be using 4-8 kbit keys. Nowadays a 256 bit encryption is completely unbreakable and even the military rarely pushes over 512 and difficulty increases exponentially with the length of the key.
Spoofing would be impossible since nobody else knows the key (secret key encryption never tansmits the key).

Bruteforcing might take a lot of time, but if i remember my math correctly, it is not proven that this kind of encryption can't be broken with an easy algorithm.

Quantum computers are another possibility to break this kind of encryption - if such computers will be viable.
Sigfried McWild
QUOTE (Butterblume @ Jan 30 2006, 04:17 PM)
QUOTE (Sigfried McWild)
Given the raw processor power they could be using 4-8 kbit keys. Nowadays a 256 bit encryption is completely unbreakable and even the military rarely pushes over 512 and difficulty increases exponentially with the length of the key.
Spoofing would be impossible since nobody else knows the key (secret key encryption never tansmits the key).

Bruteforcing might take a lot of time, but if i remember my math correctly, it is not proven that this kind of encryption can't be broken with an easy algorithm.

Quantum computers are another possibility to break this kind of encryption - if such computers will be viable.

A simple algortihm nobody's found yet.
And they've been looking.

Anyway I assume you are talking abotu breaking RSA encryption by finding an easy way of factorising numbers. That's public key encryption. You'll notice I've specifically said secret key encryption. Most secret key encription algorithms do not suffer from this "vulerability" and they are mathematically proved to be "unbreakable" (you either have the key or you have to bruteforce).

Also if by any chance you had qunatum computers in the sr4 world, you'd also have access to qunatum encryption which is not only unbreakable but also un-bruteforceable
Brahm
QUOTE (BlackHat)
QUOTE (Synner @ Jan 30 2006, 08:00 AM)
b) There is no reason you can't have all your cyber, gadgetry and weapons setup to only recognise and link up through your commlink, in fact that should be the default for mostly everyone who has a commlink. Hackers then need to hack your commlink's firewall to get to the cyber.

Or get your commlink's ID and spoof it. At least, I think that is doable... the gadgets will only respond to your commlink, but for all they know, they ARE responding to your commlink.

That is why you should use Encrypt to create any links you make. It forces them to take the extra step of Decrypt before they can step in the middle and spoof.
BlackHat
QUOTE (Brahm)
QUOTE (BlackHat @ Jan 30 2006, 08:02 AM)
QUOTE (Synner @ Jan 30 2006, 08:00 AM)
b) There is no reason you can't have all your cyber, gadgetry and weapons setup to only recognise and link up through your commlink, in fact that should be the default for mostly everyone who has a commlink. Hackers then need to hack your commlink's firewall to get to the cyber.

Or get your commlink's ID and spoof it. At least, I think that is doable... the gadgets will only respond to your commlink, but for all they know, they ARE responding to your commlink.

That is why you should use Encrypt to create any links you make. It forces them to take the extra step of Decrypt before they can step in the middle and spoof.

Yes, AN extra step... but it probably (assuming you're running encryption 5) will take a moderate hacker (6 dice = 2 succeses average) about 5 combat turns (15 seconds) to break. In combat, that is an eternity.. but if he's jsut sitting at the table beside you at a resturant, that is nothing.
Butterblume
QUOTE (Sigfried McWild)
A simple algortihm nobody's found yet.
And they've been looking.

They still are wink.gif
QUOTE
Anyway I assume you are talking abotu breaking RSA encryption by finding an easy way of factorising numbers. That's public key encryption. You'll notice I've specifically said secret key encryption.

I actually thought of RSA encryption, since that's the one i am familiar with - cryptology basically shuts down my brain function as protection against boredom.
QUOTE
Most secret key encription algorithms do not suffer from this "vulerability" and they are mathematically proved to be "unbreakable" (you either have the key or you have to bruteforce).

I have to take your word for that, you know, the ... *yawn*. I know, the one-time-pad is unbreakable, if you can find a method to make the key really random (thats the hard part wink.gif ).
QUOTE
Also if by any chance you had qunatum computers in the sr4 world, you'd also have access to qunatum encryption which is not only unbreakable but also un-bruteforceable

Don't know about that, but it seems likely that people would come up with new ways to protect their data. I can't imagine how that would work, but that's in no way a counter argument wink.gif.
Sigfried McWild
QUOTE (Butterblume)
QUOTE (Sigfried McWild)
A simple algortihm nobody's found yet.
And they've been looking.

They still are wink.gif
QUOTE
Anyway I assume you are talking abotu breaking RSA encryption by finding an easy way of factorising numbers. That's public key encryption. You'll notice I've specifically said secret key encryption.

I actually thought of RSA encryption, since that's the one i am familiar with - cryptology basically shuts down my brain function as protection against boredom.
QUOTE
Most secret key encription algorithms do not suffer from this "vulerability" and they are mathematically proved to be "unbreakable" (you either have the key or you have to bruteforce).

I have to take your word for that, you know, the ... *yawn*. I know, the one-time-pad is unbreakable, if you can find a method to make the key really random (thats the hard part wink.gif ).
QUOTE
Also if by any chance you had qunatum computers in the sr4 world, you'd also have access to qunatum encryption which is not only unbreakable but also un-bruteforceable

Don't know about that, but it seems likely that people would come up with new ways to protect their data. I can't imagine how that would work, but that's in no way a counter argument wink.gif.

About Quantum encryption: the theory of how it would work is known today, like a we have a theory of how a quantum computer could work, we're just missing the tech which is roughly the same for both.

About 1 time pads and other secret key algorithms: the thing about 1 time pads is that not only they cannot be broken by using "tricks" it also cannot be feasibly be bruteforced (unless you know what the result should be), and any bruteforced keys are useless. Secret keys algorithms can be burteforced but a 256 bit key is already unfeasible.

About RSA: I know they are still looking, in fact RSA itself is offering a lot of money to anyone who can break their encryption. Nobody has succeded yet and it's quite possible nobody will ever (of course as of now we have no proof either way)

In the end it all comes down to however yuo want your game to work, if you think it's cool that someone might highjack someone else's gun or cyberarm and that the best encryption you'll ever find can be broken in less than a minute, with all that entails, go with it.

I just prefer a world where I can connect my computer (quite possibly installed in my head) to the net without beign taken over by a script kiddie and my smart gun will fire when I say so and not when someone else's decideds it might be funny. For this I'll pay in a weakening of hacker characters, but I think I can turn that around into a good thing.

Aku
well, the easiest way to fix that would be to increase the interval time on hackign tests from 1 combat turn, to whatever you feel is approriate, you dont "weaken" the character per se, you just make it more realistic.

I think the main problem mayu lie in that the virtual world still tries to be seperate from the meat world, and thats not really the case any more, so either things should've been slowed down in the frist place, or metahumanity gained speeds to react at a thought naturally.
runefire32
Just to note, most things like smartlinks and such have very low signal ratings...so you either have to be within punching distance...or you have to go through their comlink. So they have to hack into your comlink, and then try to spoof the commands. Two step process, three step if you add in encryption.

But thats why we have things like skinlinks. Wireless is cheap, anyone with smartlink contacts or glasses can grab a smartlinked gun, flip on wireless and go a blastin.

Wireless is great for some things, but it also has vulnerablilities. As does skinlinking things. pick up that gun, but its not skin linked so you have to activate the wireless capabilities and subscribe it. Granted you're not picking up lots of guns usualy...but figured I'd toss that out there.

(edit)Well 4 steps if you add in finding your comlink (which should be in hidden mode)
hyzmarca
Bruteforcing a 256 bit key is feasable with enough processing power. Today few, if any, computers with that kind of speed exist. In the future, it is almost a given that they will.

It isn't unreasonable for a comlink to be fast enough to brute force a 256 kilobit (or better) encryption key in under 15 seconds. Of course, since SR computers no longer use the bit standard there is some confusion on how powerful they really are. This pretty much hinges on what exactly a pulse is.

Of course, the hacker doesn't even have to break encryption at all. He can just put an Agent in a copy of the newest firmware update and spoof a 'critical update' notification. And the poor sammies who download Mitsuhama's new reticle pack will find that their smartlinks don't work quite right inside that corp's facilities.
Brahm
QUOTE (BlackHat)
QUOTE (Brahm @ Jan 30 2006, 09:34 AM)
QUOTE (BlackHat @ Jan 30 2006, 08:02 AM)
QUOTE (Synner @ Jan 30 2006, 08:00 AM)
b) There is no reason you can't have all your cyber, gadgetry and weapons setup to only recognise and link up through your commlink, in fact that should be the default for mostly everyone who has a commlink. Hackers then need to hack your commlink's firewall to get to the cyber.

Or get your commlink's ID and spoof it. At least, I think that is doable... the gadgets will only respond to your commlink, but for all they know, they ARE responding to your commlink.

That is why you should use Encrypt to create any links you make. It forces them to take the extra step of Decrypt before they can step in the middle and spoof.

Yes, AN extra step... but it probably (assuming you're running encryption 5) will take a moderate hacker (6 dice = 2 succeses average) about 5 combat turns (15 seconds) to break. In combat, that is an eternity.. but if he's jsut sitting at the table beside you at a resturant, that is nothing.

It depends on whether and what the GM imposes for a limit on the number of rolls for the Extended Test. I doubt that this hasn't all been discussed at least twice before here. Both about how well, or not, Shadowrun encryption models real life encryption and about how to make the Decrypt step meaningful in non-combat situations. Topic specific boards tend to run on a loop with obvious questions coming up repeatedly.
Sigfried McWild
QUOTE (hyzmarca @ Jan 30 2006, 05:56 PM)
Bruteforcing a 256 bit key is feasable with enough processing power. Today few, if any, computers with that kind of speed exist. In the future, it is almost a given that they will.

It isn't unreasonable for a comlink to be fast enough to brute force a 256 kilobit (or better) encryption key in under 15 seconds.  Of course, since SR computers no longer use the bit standard there is some confusion on how powerful they really are.  This pretty much hinges on what exactly a pulse is.

Of course, the hacker doesn't even have to break encryption at all. He can just put an Agent in a copy of the newest firmware update and spoof a 'critical update' notification. And the poor sammies who download Mitsuhama's new reticle pack will find that their smartlinks don't work quite right inside that corp's facilities.

115792089237316195423570985008687907853269984665640564039457584007913129639936
that's 2^256
that's the number of possible keys
1/2 of that is the average number of attempts to bruteforce a key

5789604461865809771178549250434395392663499233282028201972879200395
that's the time it takes in seconds to bruteforce it if you can do 10^10 attempts per second (which is far more than it's physically possible today and probably 2070 too, to put in perspective a 3GHz machine today could do 3*10^9 attempts if each attempt took 1 clock cycle, an attempt is unlikely to take less than 10^6 cycles, giving ~3000 attempts per second max)

183461494596097604734788109692574701265733111303838954862628
that's the number of years it takes to bruteforce the key

15000000000
that's the age of the universe in years

12230766306406506982319207312838313417715540753589
that's the number of current lives of the universe it would take to brute force the key

if we assume a computer that's can do 10^20 attempts a second (10^10 times faster than the previous) the time take drops to 18346149459609760473478810969257470126573311130383 years roughly

for this kind of problems like many others encountered in computer science (factorising a number is another example) it doesn't matter how much processing power you have, a minimal increase in the complexity will require an exponential amount of processing power to solve (and note that I'm not using the word exponential as an exaggeration)

I should also point out that a bit is not just a "cell" of memory in your computer but also a unit of information, thus the concept of bit can be applied independently of the underlying architecture of the processor. Whatever a pulse is it will carry x (x>=1) bits of information.

I agree that usign trojans is a much more efficient way of getting round the entire problem, so I hope the sammies will keep their virus scanners up to date
mdynna
Even if you are using a Private Encryption key it has to be stored on your Commlink *somewhere*, unless you are telling me that the guys is typing in his password every half-second when his Smartlink wants to connect to his Cybereyes, not likely. Therefore, that Private Key must be stored *somewhere* on his PAN, on his 'Link or not. Therefore, a Hacker could break into his Commlink, then use a good Browse program, find the key, and Decrypt the network.

Private key encryption is *not* "unhackable" it just trades the Decryption test for a Browse test: six of one, half-dozen of the other, I would say.
milspec
Oh good, another "real-world encryption math about a game" post. smile.gif

milspec
mdynna
Also keep in mind that computers in SR are optical, not electron-based. Current limits on computing speed are based on the Parasitic Capactiance properties of the little itsy-bitsy electron pathways on circuit boards. Basically, when you are operating in the Giga-Hertz band even centimetre long "wires" start to look like Transmission lines and "bleed" electricity into space.

Theoretically, optical computers do not have that problem because Parasitic Capacitance doesn't apply anymore. The jist of what I'm saying is this: You're math for breaking encryption is based on *our* technology and doesn't necesarily apply to SR. We're not really sure how fast Optical computers will really go.

Final note: it's a game! Yes, it might not seem realistic to break Encryption in 15 seconds, but neither does it sound realistic that you can see a huge dragon flying overhead hurling magical fireballs at you.
Vaevictis
Guys, with respect to this encryption/decryption difficulty thing, let's just assume the following:

In Shadowrun, c. 2070, if you're good enough, P=NP. Problem solved.
Butterblume
QUOTE (Sigfried McWild)
115792089237316195423570985008687907853269984665640564039457584007913129639936
that's 2^256
that's the number of possible keys


Your numbers seem a bit off, the RSA 640 (bit) Challenge was solved last year, using a 80 cpu (2,2 GHz) opteron cluster, in about 5 months.

(btw: the poster said 256 kBit key - but i assume you meant 256Bit key)

QUOTE (milspec)
Oh good, another "real-world encryption math about a game" post.

I don't mind if a really good hacker can decrypt my data in less time than it takes to type this sentence. But i really would like if the decryption of the new mega hot research data from ares would take a little longer ...
Vaevictis
QUOTE (Butterblume)
Your numbers seem a bit off, the RSA 640 (bit) Challenge was solved last year, using a 80 cpu (2,2 GHz) opteron cluster, in about 5 months.


You seem to be comparing a asymmetric key system to a symmetric key system. Brute forcing them works very differently. (Simply put, symmetrics are harder per bit to brute force)
BlackHat
QUOTE (Butterblume)
i really would like if the decryption of the new mega hot research data from ares would take a little longer ...

Especially since someone with hacking 1 and decrypt 2 can do it fairly reliably within an hour. (Ignoring his odds and the results of glitching for the moment)
Butterblume
Could be wink.gif.

But i stand to my last statement (the one referring to Shadowrun biggrin.gif).
kigmatzomat
QUOTE (BaronSameday)
I might be being dumb but what advantages does having wireless cyberwear bring you ?

So why would people use wireless kit?

Well, first off you should have all your gear equipped with skinlink. This is technically "wireless" in that there are no wires but your body acts as the connector so it is still a hardlink. 'Runners, and really anyone who can afford it, should run encryption on all devices.

Now the 'when to use wireless' is really a matter of EMCON - emissions control. When do you want to be stealth? Sometimes stealth is bad, like when walking around a high-security corp enclave where you need to broadcast your SIN (see the hacking example in SR4). There you want to blend in and have the normal RF traffic around you. Other times, like deep in the heart of a black op, you want all your radios turned off.

It all turns into a risk assessment. Is the risk of discovery counterbalanced by the advantages of slugging your video feed to the rest of your team? How much do you want that fire-support drone on the mission? If things just went pear-shaped will you make things better or worse by notifying the rest of the team?

There are Joe-Average advantages to wireless gear. Service and maintenance logs can be transferred automatically. Software updates should be done on the fly. And perhaps most importantly, if you spot a hot girl in the club you can zap her image over to your pals.
Sigfried McWild
QUOTE (mdynna)
Even if you are using a Private Encryption key it has to be stored on your Commlink *somewhere*, unless you are telling me that the guys is typing in his password every half-second when his Smartlink wants to connect to his Cybereyes, not likely. Therefore, that Private Key must be stored *somewhere* on his PAN, on his 'Link or not. Therefore, a Hacker could break into his Commlink, then use a good Browse program, find the key, and Decrypt the network.

Private key encryption is *not* "unhackable" it just trades the Decryption test for a Browse test: six of one, half-dozen of the other, I would say.

Of course the key is stored in the item and the commlink.

But why are you running with your commlink open to connections?

And moreover the hacking the commlink is going to be just as hard. Well, that depends, if you use the rules it's going to be silly easy. If you went with reality it's going to be nigh impossible. Given properly written and properly set up software (not windows) a computer can be made almost unhackable. All hacking attempts on current computers (at least on unix machines) exploit bugs in the software most of these bugs are fixed within days if not hours of being found. For a significant tradeoff in performance most of these attempts can be caught by software running on the targeted machine, while this tradeoff (basically running the software in a virtual machine doing heavy security checks) is too expensive for modern day internet servers I wouldn't be surprised to see a security conscious street sam doing so on his commlink, after all he's not going to need the processing power, and having a setup that closes all connection to the outside as soon as an intrusion attempt is detected (by the virtual machine).
Moreover something like a smart gun smartlink pair has no need to be connected to your commlink, after an initial manual pairing (punch a key into the gun and into the smartlink) the pair can be completely autonomous.
Also there is no reason for any of the keys for each pair to be the same or for them to stay the same for any length of time over a few seconds.

In the post above I forgot to mention the massive bandwidth needed to transmit 10^10 256bit keys every second, something like 2^38 bits/second (just shy of a Tb/s)
mdynna
Ok then, in your games computers are unhackable. Rip out the Hacker archetype and most of the Wireless World section of your rulebook and move on. Simple solution.
Sigfried McWild
QUOTE (mdynna @ Jan 30 2006, 08:08 PM)
Also keep in mind that computers in SR are optical, not electron-based.  Current limits on computing speed are based on the Parasitic Capactiance properties of the little itsy-bitsy electron pathways on circuit boards.  Basically, when you are operating in the Giga-Hertz band even centimetre long "wires" start to look like Transmission lines and "bleed" electricity into space.

Theoretically, optical computers do not have that problem because Parasitic Capacitance doesn't apply anymore.  The jist of what I'm saying is this: You're math for breaking encryption is based on *our* technology and doesn't necesarily apply to SR.  We're not really sure how fast Optical computers will really go.

Final note: it's a game!  Yes, it might not seem realistic to break Encryption in 15 seconds, but neither does it sound realistic that you can see a huge dragon flying overhead hurling magical fireballs at you.

It dosen't matter how much faster optical processors are. Every time I add another bit to the key I double the work you need to do to decrypt it. So what if optical processors are a few millions times faster, if you look to my post above you'll see how much difference going from 10^10 to 10^20 attempts (a 10 billion fold increase in processing power). For all practical purposes the difference it's nil.

RSA keys are products of prime numbers. A secret key algorithm can take any of the 2^n (where n is the length of the key in bits) possible keys. It's also quite possible that different keys will encrypt different messages to the same encrypted message adding all kinds of fun to bruteforcing attempts.

If P proved to be equal to NP that would bring all kinds of fun, I agree.

Finally, yes I know it's a game. Play however you wish, my posts here have 4 purposes:
1) Point out that it's perfectly resonable for GMs to be a lot harsher on the hacking rules
2) Clear up misconceptions about real life encryption as opposed to the game encryption, it really annoys me as a computer scientist to see people carry them on
3) Make you aware that a following those rules are lot more far fetched than the magic ones
4) Bore you to death
Vaevictis
QUOTE (Sigfried McWild)

Given properly written and properly set up software (not windows) a computer can be made almost unhackable.


There's the rub. The problem is writing "properly written" software. That's easier said than done.


QUOTE (Sigfried McWild)

For a significant tradeoff in performance most of these attempts can be caught by software running on the targeted machine


... and that software will have its own set of flaws...

The main key here is that you should remember that the sheer capacity c. 2070. Software is like a gas; it expands to fit the container holding it. If we can assume unlimited capacity, we should assume slightly less unlimited software size.

There's just going to be so much room for bugs that any given system will likely have thousands of possible exploitable flaws, at least one combination of which will give the desired privilege level.

I still say we should just define P=NP for terms of SR4 and leave it at that.
Sigfried McWild
While the random software you install can be buggy and untestable due to sheer size, a basic virtual machine for security checking is not, hell a java virtual machine almost fits the bill already. Also such software can be specified formally and be proved correct at the conceptual level, leaving only very minor errors. The same thing can be done for firewalls and all the other safety critical software.

And if you are running random s**t on your implanted commlink with open wireless connections during a run, you deserve to be hacked
Vaevictis
QUOTE (Sigfried McWild)
While the random software you install can be buggy and untestable due to sheer size, a basic virtual machine for security checking is not, hell a java virtual machine almost fits the bill already.


Assuming that the face of software 2070 is the same as it is today. How do you know that a basic virtual machine looks the same tomorrow as today? You're talking 60 years of change; the hardware it's based on probably doesn't even use the same *physics*; it may not even use the same algebras and mathematical concepts. You're making rather strong assumptions when you say that.

(And fwiw, JVM is not really the best example of such a beast, given the problems it's had in the past)

QUOTE (Sigfried McWild)

Also such software can be specified formally and be proved correct at the conceptual level, leaving only very minor errors.


Depends on the size of the software. Proving a software design any more complex than trivial to be "correct" rapidly becomes intractable to a human. And while you can prove the design is correct, the implementation can go wrong any number of ways.

I can see an AI getting this right (since they seem to be free of such fundamental problems as the halting problem), but any computational device less than an AI, no way. Humans are out also, since they just won't have the processing ability.
Butterblume
QUOTE (Sigfried McWild)
Of course the key is stored in the item and the commlink.

But why are you running with your commlink open to connections?

I discussed this with my peers a few week back (incidentally all students of computer science). We came, of course, to the one-time-pad solution. We could build an unbreakable intranet between us, provided enough storage for the key (which, for practical purposes in SR, is a given).
The weak point would be interfacing with other nodes, so we would disallow this (so there is no possibility anyone can access the key stored on the commlink).
Sigfried McWild
You can do quite a bit of proving on small modules such as let's say the first few layers of a network driver stack. And then testing and more testing and more and more...

I wasn't suggesting using the JVM, but saying that software like the JVM would do the job of providing a virtual machine with strong security checking.

While the hardware in 2070 is very different from todays I doudt the thory of computation will have changed much. Turing and Church both developed a theory of computation before having hardware to work on purely on a mathematical basis. As long as computers are computationally equivalent to turing machines I don't see why a virtual machine (which is nothing more than an interpreter for a "programming" language) shoudl change much
mdynna
Okay, let's "pretend" for a minute that someone sometime between now and 2050 came up with a "super decryption algorithm". Basically, some brilliant mathematician came up with a way to break encryption (any kind) much *much* faster than previously thought possibly. So, basically, encryption just slows somebody down now, instead of being an ultimate defense.

After this discovery, computer security became more about countering intruders after they have gotten in, then preventing the break-in altogether. If that isn't any further beyond the realm of possibility than magic and megacorporations are, then you should be able to rationalize Shadowrun.

Every see the movie Sneakers? That's basically the premise of the movie.
Brahm
Or let us pretend that encryption is still often implemented and used by people that don't fully understand what they are doing, and that software still gets written and sold with flaws in it.
Butterblume
QUOTE (Brahm)
Or let us pretend that encryption is still often implemented and used by people that don't fully understand what they are doing, and that software still gets written and sold with flaws in it.

I second that wink.gif.
Shrike30
It seems to me that the easiest way to secure your PAN would be to have two of them.

On your "public" PAN, you run a commlink in your mode of choice, usually the one that's appropriate to the environment you're in. This is where you have your ID, some money on a cred account, your public profile... all the stuff people expect to see on a PAN. You could even subscribe some of the basic devices to it... your music player in your jacket, the "flare comp" in your adjustible sunglasses, that kind of thing. Dummies would even be an option... the controls for your smartlink, for example, except they don't actually do anything except trigger an alert when they're fooled with.

On your "private" PAN, you've got an ENTIRELY SEPERATE COMMLINK ghosting as hard as it can. You subscribe your important equipment to it, the stuff you don't want hacked. You define the "security sheaf" for it (it's response, as a host, to a detected hacking attempt) to be an alert to you, the user, and possibly rebooting. You define the services it can connect to manually (your gear, the other members of your team, etc), and only open it to the "outside" world by physically plugging it into the "public" commlink.

This way, you've got a PAN all ready to go for when a hacker takes a poke at you, you scan as John Q Public in the burboclaves, and it's one more thing that is going to burn a hacker's time before he even thinks to *look* for a second PAN.
kigmatzomat
....aaaand if you'll search the archives you'll see this is a standing assumption.

Good job grasshopper, you've just graduated to "functional paranoid." You are now ready to run the streets with the basic tools required to blend with the masses while still keeping your secrets.

Be sure to pick up your RFID tag eraser with your diploma. If you're smart enough to erase the RFID tag on the diploma you get your Master's Degree. If you borrow a buddy's tag eraser to erase any tags on your eraser get the Ph.D.
Azralon
QUOTE (kigmatzomat @ Jan 30 2006, 05:34 PM)
If you borrow a buddy's tag eraser to erase any tags on your eraser get the Ph.D.

Pfft, old hat. Two commlinks, two tag erasers (to erase each other's RFIDs).

While school's in session, here's a safety tip: Don't put thermographic in your eyes or contact lenses and then put your smartlink in your glasses... Unless you actually want to see what the inside of your glasses look like to thermo. Same goes for ultrasound.
hobgoblin
QUOTE (milspec)
Oh good, another "real-world encryption math about a game" post. smile.gif

milspec

plus ca change, remember?
Vaevictis
QUOTE (Sigfried McWild)
You can do quite a bit of proving on small modules such as let's say the first few layers of a network driver stack.

Yeah, well, like I said -- it rapidly becomes intractable as you diverge from trivial.

QUOTE (Sigfried McWild)
And then testing and more testing and more and more...

I'm sure you know that testing doesn't prove anything when it comes to security. You can test it a million different ways, or a million million different ways, and there's still the possibility of that one outlier that never got tested because it was one in a million million million. If that outlier exists, you can be sure someone with malfeasance in mind will find it in short order.

QUOTE (Sigfried McWild)
I wasn't suggesting using the JVM, but saying that software like the JVM would do the job of providing a virtual machine with strong security checking.

I understood what you meant. My point was, the JVM is basically designed to provide the same functionality you are describing and it has had quite a few exploitable security holes.

QUOTE (Sigfried McWild)
While the hardware in 2070 is very different from todays I doudt the thory of computation will have changed much.

Something non-trivial must have changed to be cracking top-shelf encryption in a matter of minutes.

QUOTE (Sigfried McWild)
As long as computers are computationally equivalent to turing machines

I see no reason, given the rules on computing in SR4, why SR4 computers are computationally equivalent to Turing machines. Other than "that's the way it's always been done", do you see any reason? If anything, given the behavior of the rules, some fundamental and revolutionary change is *implied*, whether a swap to some non-Turing style machine, or P=NP, or something like that.

QUOTE (Sigfried McWild)
I don't see why a virtual machine (which is nothing more than an interpreter for a "programming" language) shoudl change much

Not particularly relevant to the topic at hand, but I'm too pedantic to let it go. Some virtual machines are in fact interpreters for programming languages, but they are generally much more than just that. They abstract the hardware (or hosting application) away and provide a consistent interface to consumer programs and deal with the hardware behind the scenes. In other words, they're basically an operating system.
Sigfried McWild
QUOTE (Vaevictis @ Jan 31 2006, 01:06 AM)
Not particularly relevant to the topic at hand, but I'm too pedantic to let it go.  Some virtual machines are in fact interpreters for programming languages, but they are generally much more than just that.  They abstract the hardware (or hosting application) away and provide a consistent interface to consumer programs and deal with the hardware behind the scenes.  In other words, they're basically an operating system.

Depends on the virtual machine.
The above quoted JVM has nothing to do with an operating system (note JVM not JRE) it can in fact be implemented as a hardware chip.

another virtual machine, virtualPC is also an interpreter, in this case of i386 machine language.

This is the kind of virtual machines I was thinking of.

The one reason why I believe computers in 65 years will still be equivalent to Turing machines is because we have found no other model of computation and the 3 models of computation developed independently in the first half of the 1900s (Turing, Church and another I can't remember) apparently completely different, were quickly proved to be the same.

Of course I can't predict the future and everything you propose could be true. I just find the required suspension of disbelief much harder than the required for dragons and magic. It's probably just me.
hobgoblin
QUOTE (Vaevictis)
QUOTE (Sigfried McWild)
As long as computers are computationally equivalent to turing machines

I see no reason, given the rules on computing in SR4, why SR4 computers are computationally equivalent to Turing machines. Other than "that's the way it's always been done", do you see any reason? If anything, given the behavior of the rules, some fundamental and revolutionary change is *implied*, whether a swap to some non-Turing style machine, or P=NP, or something like that.

well there was the first crash, and the comment about big biz using the downtime to change how the computer worked to better fit their "needs" (most likely drm to an insane degree and whats not).

allso, lets rember that in SR4, there are two diffrent skill going around. the computer skill, for those security goons that need to work a terminal now and again. and the hacking skill, it have the same basic things coverd as the computer skill but then goes above and beyond that...

but in the end, it boils down to SR being a game. and a cyberpunk game at that. sorry to say, but cyberpunk computer have never been known for the 100% accurate depiction of computer security nyahnyah.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012