Small world

[maradydd]

There's a post up on BoingBoing today (ok, yesterday for me) about open vs. closed search algorithms, suggesting that the search algorithms used by Google, Yahoo et al are bad because of their lack of transparency. It invokes a comparison to an important concept in computer security: "security through obscurity" is dangerous because an effective encryption scheme should be equally hard to break whether you know the internals of the algorithm that generated the ciphertext or whether you don't.

I think comparing this to search is a bad (or at best misleading) idea, and expounded on this in the comments. But I'm far more entertained by the fact that the two best comments on the post so far come from two sources with whom I am tangentially familiar, albeit from totally different directions: jrtom and radtea. Small damn world!

Comments

[enochsmiles.livejournal.com]

Furthermore, you can affect the inputs, and you can learn things about the way pages are added to the set through black-box methods. Non-trivial for someone who isn't skilled in attacking these sorts of things, sure.

[jrtom.livejournal.com]

I'm willing to believe that there are attacks that I don't know about (see previous response). It just seemed to me that in this case the black box is awfully, well, black. :)

[enochsmiles.livejournal.com]

So, my field of research is focused on building black boxes that thwart traffic analysis (and of course, attacking such black boxes.) There are definitely attacks you don't know about -- there are also surely attacks I don't know about, and furthermore, attacks that are not known.

I'm not convinced that there's a secret algorithm that will withstand blackbox analysis by an adversary, and yet here I am discussing the feasibility of an open algorithm that will withstand whitebox analysis by the adversary. I must be bored.

What's interesting in this case (and this has parallels to my research) is that you have different classes of adversaries. Sometimes you may have an adversary that can see the entire network in real time (I doubt it in this case, but let's say Google has cut a deal with the devil to monitor Yahoo's links). Sometimes you have an adversary who can see part of the network (if most of the processing is done in a few locations, owning the link to one of those locations gets you a lot of data to work with).

And of course there's the difference between active vs. passive attacks. You're positing a scenario where the attacker is purely passive -- but in the search engine situation, they are at least as active as a given user, quite likely far more given the easy access one has to botnet time, open proxies, Tor, etc. They can insert their own inputs into the system and measure the internal behavior of the black box that way. They can set up pages that are crawled, another way of inserting data, and perform queries designed to tell them what happened to those inputs. And so on.

The only reason this black box isn't grey-bordering-on-white, I suspect, is the years of edge-case-rules added to counter specific attacks discovered to be occurring in the wild. So, mapping the internals of the Google black box, for instance, would be rather complicated not by design, but by accident. However, I'm guessing wildly at this point, as I've not actually attempted a reverse-engineering of the $Seachengineofchoice algorithm.

Hmm. Perhaps that's something to do with my time after my current area of research gets outlawed.