Very impressive attacks are first discussed as theoretical possibilities. “If an attacker had these enormous resources …” and so on. Then researchers give presentations at conferences showing how the theoretical might be less impractical than we expected. That is followed by a proof of concept demonstration, and then we have attacks occurring in the wild.
All along we were still talking about “the motivation of the attackers,” using vague wording about whether an exploit would be worth the ill-defined time and resources to an attacker. On the defensive side it was a little easier to put a monetary value on data and then make sure that our planned defenses made sense, that we weren’t spending a dollar to save a penny.
Things have changed. At least for some attacks, we can now assign actual monetary costs. The defenders can better assess risk, because the attackers can estimate, perhaps precisely, their cost in advance.
Thomas Roth gave a presentation at Blackhat in January, 2011, describing how he could use very reasonably priced GPU cluster computing in the Amazon cloud to attack cryptographic defenses. GPU systems are quite good at searches for decryption keys or hash collisions.
Now, it’s important to realize that what Roth really showed is that weak passwords are weak. His demonstration, which got a lot of attention, did a brute force search for passwords of just 1 through 6 characters.
The important thing is that the time required on a single cluster, and thus the cost, is predictable (and small, just $1.72 USD for this search at Amazon’s current rate of $2.10 USD per hour for a cluster). Since this type of attack can be parallelized and a lot of resources are available in the cloud, it doesn’t make sense to talk about time requirements. Cost is the useful metric.
Back in 2008, a group of researchers (including Marc Stevens, who I mentioned recently) demonstrated how they could forge a rogue CA signing certificate. They did the computing on a cluster of 200 Playstation 3s running Linux, where it took about two days.
Kaspersky’s analysis of the Flame malware construction suggested a cost of $200,000 for a forged code-signing certificate. (I discussed Flame recently.) That’s how much the computing platform would have cost, as opposed to the potential $1,000,000 (or, realistically, much more) an independent developer could have asked for the code when offering it to, ah, national government agencies.
Other researchers have suggested that the cryptographic breakthrough used here might drop the cost to about $20,000 on EC2.
Putting dollar costs on the attacks don’t make them more dangerous, but they do help the defenders do cost and risk analysis. Learning Tree’s Introduction to Computer and Network Security course and Cloud Security Essentials course discuss these types of attacks and help you figure out just how much to worry.