I was reading an interesting post about encryption and it made me feel a need to respond on what is said about credit cards.
Capabili-what?
Very soon after I joined es-discuss, I read some messages by Mark S. Miller. Soon enough, I watched his infoQ talk. This talk introduces the notion of object capabilities. This talk and this concept blew my mind. “Modularity increases my security?”. And he also shows the problem (and a solution) of distributed secure currency. Any “smart” idea I’ll write in this post are actually more or less already in this part of the talk.
Unrelatedly, I watched a talk by Douglas Crockford which suggested people to go watch The Lazy Programmer’s Guide to Secure Computing by Marc Stiegler which strongly emphasis POLA. I did and took the same sort of mind-blowing shower. I will learn later that Marc Stiegler and Mark Miller have been working together.
This led me to start reading Mark Miller’s thesis (haven’t finished yet, but still working on it) and to watch some other talks. It also led me to read about petnames, rich sharing, website passwords, web introducer and many other interesting things.
There are years of serious research poorly summurized in the links above. I highly encourage to read and watch all of this, but I admit it takes a lot of time to.
Thousands of credit cards numbers stolen during the Sony Playstation network hack
People have given their credit card number to Sony. Sony got hacked. People were annoyed. Who is to blame? Sony for its flawed security? Let’s take another look at the problem.
I want to pay…
I want to pay online. I want to buy one item once or pay regularly (like in a monthly payment to Sony). What option am I given? Giving my credit card number. And this is a terrible idea!
…but not to give my credit card number!?
When I send my credit card number and any “secret” written on the card, I do not allow for a one-time payment (or regular) to one company for a given amount of money I choose. Rather, I give the authority to anyone reading my info to do a payment of any amount directed to anyone, anytime. And that’s a source of insecurity.
Another way of thinking online payment
Here is how payment could happen: I go to my bank website, I have a form where I choose the amount I want to pay, who I want to pay to and to which frequency (one time, once a month, etc.). The two last fields are optional. In exchange, the bank gives me a secret (a URL for instance). I share this secret with who I want to pay. End of story.
Of course, this is just an example crafted in 2 minutes that could probably be improved.
“Oh fuck! Sony is getting hacked again!”
So, In my imaginary world, Sony (or anyone, it’s not about Sony as you’ve understood) does not have access to my credit card number, but only to a secret allowing a payment only to it at a frequency that I chose and to an amount that I chose as well. Sony gets hacked? WHATEVER!
We could imagine extensions where I could tell my bank “such secret has been compromised. Please stop paying through it”, “regenerate a secret for the same parameters”, etc.
Conclusion
As Ben Adida mentions in his blog post, encryption is not the final answer to security. His analysis of how encryption may get in the way of social features is interesting.
I wrote this post to show that security without encryption can exist, even for payments. Object capabilities seems to have a huge misknown and underused potential to achieve this form of security.
In the particular case I described, it’s not here because it requires cooperation from banks. I’m looking forward to see banks implementing this!