Cassandra Security

Analysis of the security industry, and all that it influences.

• Home
• About Us
• Events
• Research
• Papers
• Podcasts
• RSS

Without Tesla, we security researchers may never have had formal reverse engineering procedures.   What you say?  Tesla was, in addition to other things, a security researcher focused on reverse engineering?  Clearly no, he was not.   Nikola Tesla was a brilliant man who lived in the age of Edison (or Tesla depending on who you ask making his living as a specialist in areas of research having to do with mechanical and electric engineering.   He is known for the following:

• Tesla coil
• Tesla principle
• Tesla turbine
• Tesla’s Egg of Columbus
• Teleforce
• Alternating current
• Tesla’s oscillator
• Induction motor
• Tesla electric car
• Rotating magnetic field
• Wireless technology
• Particle beam weapon
• Bifilar coil
• Death ray
• Telegeodynamics
• Terrestrial stationary waves
• Electrogravitics

Nevertheless, perhaps what he is most noted for is the controversy, which ensued between 1891 – 1893.  At the time, Nikola Tesla was living and working in St.Louis, Missouri where his focus was on the production of devices used in his experiments with electricity.  His work saw the construction of various devices and apparatus that produced between 15,000 and 18,000 cycles per second.   Within the scope of his work, the transmission and radiation of radio frequency energy was a feature exhibited by Tesla that he proposed might be used for telecommunication of information.   He gave several demonstrations of his technology and work to very prestigious institutes including the Franklin Institute and the National Electric Light Association.   He was articulate, crisp and concise in his description of his wireless work that was both fascinating and groundbreaking.   The descriptions provided by Tesla contained all of the elements that were later incorporated into radio systems well before the development of the vacuum tube a feat which still amazes many to this day largely due to his staunch rejection of hertzian waves which he considered wasteful.   His work both superseded the work being conducted by Hertz and Bose while eclipsing the work of Edison and Marconi as well.   Tesla was truly the master of wireless transmissions.  He received the following US patents for his work in this space:

• Tesla’s U.S. Patent 447,920, “Method of Operating Arc-Lamps” (March 10, 1891), describes an alternator that produced high frequency (for that time) current of around 10,000 hertz. His innovation was suppression of the sound produced by arc lamps that were operated on alternating or pulsating current by using frequencies beyond the range of human hearing.

• U.S. Patent 645,576, “System of Transmission of Electrical Energy” (March 20, 1900; filed Sept. 2, 1897). In US645576, Tesla cited the well-known radiant energy phenomena and corrected previous errors in theory of behavior. Within this specification, Tesla declared, “The apparatus which I have shown will obviously have many other valuable uses – as, for instance, when it is desired to transmit intelligible messages to great distances [...]“.
• U.S. Patent 649,621, “Apparatus for Transmission of Electrical Energy” (May 15, 1900; filed February 19, 1900). In US649621, Tesla established a system which was composed of a transmitting coil (or conductor) arranged and excited to cause oscillations (or currents) to propagate via conduction through the natural medium from one point to another remote point there from and a receiver coil, or conductor, of the transmitted signals.

Through reasons not his own, Tesla’s innovation was (like that of others), misattributed to Guglielmo Marconi, who has been called the father of radio.  Marconi is said to have read about the experiments that Hertz did in the 1880s while he was on vacation in 1894 and about Tesla’s work as well and that this information led to the creation of his device that was largely comprised of components conceptualized by others. It was at this time that Marconi began to understand that radio waves could be used for wireless communications.  As interesting as all of this is, this is not the purpose of this blog post.  No, today’s blog focuses on a concept, a principle developed by Tesla, known as the Tesla Principle, which was paramount to his work and over time became less relevant but no less important in other forums.   What is the Tesla Principle?  Put plainly the Tesla Principle was used to describe (amongst other things) certain reversible processes invented by Nikola Tesla himself.  It was a brilliant and yet obvious means by which he could if the need arose work backwards in order to troubleshoot issues if necessary.  It was developed during Tesla’s research in alternating currents where the current’s magnitude and direction varied cyclically.  It marks the official birth of reverse engineering.

Reverse engineering is integral in puzzle solving and for those of us who make part or all of our living reverse engineering products, ideas, concepts, situations, the ability to work fluidly and linearly is important.  It enables us to, in an organized fashion; ensure that A led to B, B to C and so on.   It empowers us to interject a timeline and workflow where one does not exist.  It is quite elementary yet terribly important.   We in the information security industry require from time to time a healthy dose of the Tesla Principle whether wish to admit it or not.   I cannot imagine doing what we do without Tesla’s Principle in some form being utilized.   Simple because consumers are consuming and products are being purchased does not mean that challenges are being solved truly, completely and comprehensively.   As a result, the ability to reverse engineer or retrace our steps is both necessary and integral to success in technological pursuits as well as those having more to do with the philosophical and political elements of our craft.   Application of the theory however requires a level Dutch courage that is not ubiquitous throughout our industry or any industry for that matter.   It requires we use and put into practice observing ego and separate ourselves (personally), from the challenge in order to assess the incidents independently in order to gain the appropriate point view while arriving at best prospective and solution.

Tesla’s Principle can and should be applied to all we do as security thought leaders, practitioners, vendors and intelligentsia.  However, in doing so it requires an honest forth-coming response to the challenges we face, some being result of stagnation within the practitioner community, others the result of stagnation within the ranks of ownership and still others within the areas of responsibility belonging to the vendor community.   In explore what doesn’t work, hasn’t worked and cannot possibly work based on the facts as we have them, we enable ourselves to create a new, dynamic and effective solution designed to address the deficiencies seen in the original while delivering on all the promises articulated in the product release document (regardless of the form this takes).

Ultimately, it requires a scientific approach that calls for emotion to be considered, yet side lined in order to focus on improving people, process and technology for the greater good.   Can our industry withstand this change?  I don’t see how it has any choice given where business is going in general and the observable failures witnessed over the last several years (breaches, losses, compromises due to poor policy enforcement etc.), which could have been prevented had a re-engineering thought and process been conducted.   When I think of issues such as those seen in recent years.   Incidents such as those related to the VA, or Choicepoint, or more recently the loss of 60+ systems from Los Alamos Labs, I can only hope and pray that we as the leaders of the new generation take a lesson from Tesla and apply a similar principle in reinvestigating our efforts to see what is and is not working….clearly there is room for this today!

Comments

• Categories

  • Advanced Persistent Threats (APT)
  • Assessment
  • Audit
  • Backdoors
  • Bot Nets
  • Cloud Computing
  • compliance
  • Crime and Punishment
  • critical infrastructure
  • Cyber Crime
  • Cyber Defense
  • Cyber Fraud
  • Cyber Terrorism
  • Cyber Warfare
  • Information Security Philosophy
  • Malicious Code
  • Malicious Content
  • Next Generation Threats
  • Patterns & Profiles and Threat Vectors
  • PCI-DSS
  • Risk
  • risk management
  • Rootkits
  • SaaS
  • Security Philosophy
  • Subversive Multi-Vector Threats (SMTs)
  • Terrorism
  • threat
  • Threat Modeling
  • Trojans
  • Uncategorized
  • Vulnerabilities & Threat Research
  • Whitehat
  • Whitepapers

• Archives

  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009

• Blogroll

  • Arbor Networks Blog
  • CSI Provoked
  • Dancho Danchev
  • Fudsec - Showcasing Fear, Uncertainty and Doubt from the Information Security Industry
  • Gunter Ollmann's Blog
  • Harlan Carvey's Windows IR Blog
  • IANS Perspective
  • Joanna Rutkowska of Invisible Things Labs
  • Nelson Brito (no português)
  • Our Twitter
  • Palantir - Palantir Technologies
  • SANS Internet Storm Center
  • Schneier on Security
  • Security Fix
  • Security Incite
  • TaoSecurity
  • The Art of Software Assessment - Mark Dowd, John McDonald, Justin Schuh
  • The Threat Post - Kaspersky Lab Services
  • the451group

• Admin

  • Register
  • Log in
  • WordPress
  • XHTML