[Cryptography] What do we mean by Secure?

alex at alten.org alex at alten.org
Mon Feb 9 23:06:48 EST 2015 

Quoting Kent Borg <kentborg at borg.org>:

> On 02/09/2015 02:08 AM, alex at alten.org wrote:
>> For myself security is just another engineering domain, like software
>> or electrical engineering.
>
> There is that--your engineering could be great.
>
> But there are a couple of crucial differences.
>
> First, exactly where you draw the boundary of your system matters.
....
> The second difference is that, unlike orderly data and predictably  
> charged electrons, you have active, clever, adaptive, and malicious  
> foes who are looking for holes in your design and  
> implementation--and they are trying to shift the system boundaries  
> to create new holes--trying to make a shift that destroys your  
> otherwise your perfect security.
....
> Those two properties make computer security very different from  
> "just another engineering domain". We are trying to "stop crime"  
> here. We know a lot about it, we have some solid tools, but we don't  
> have complete solutions and are fools to think we could.
>

No engineering discipline is perfect, think of crashed airplanes,
sunk boats, or collapsed bridges.

Your rightly point out that Security engineering has differences
from other engineering disciplines.

It usually has to prove a negative, which is a key difference.  Other
disciplines like the insurance industry face a similar challenge.
And like them we can use probability analysis (or if we have enough
historical data we can use statistics) to help us build a more secure
system.

As for boundaries, and the failure thereof, I remember working with
some extremely good ex-NSA cryptographers.  They did an analysis that
they called partial-key analysis.  Basically they said let's say
somehow someone managed to recover some of the subkeys for a few
rounds of a cipher, how strong is that cipher now?  In the context
of a security system the equivalent is to relax some boundary conditions
or to let an axiom fail (for example an input to a PRNG is predictable).
Now how good is your security system design?

Once you grasp the essentials of how to design a secure system it
really is just another engineering discipline, albeit a bit weird
compared to mechanical, civil, electrical or software engineering.

- Alex





-- 
Alex Alten
alex at alten.org

More information about the cryptography mailing list