* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Why Cryptography is Harder Than It Looks
Survey
Document related concepts
Distributed firewall wikipedia , lookup
Information security wikipedia , lookup
Wireless security wikipedia , lookup
Cyberwarfare wikipedia , lookup
Airport security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Unix security wikipedia , lookup
Mobile security wikipedia , lookup
History of cryptography wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Cyberattack wikipedia , lookup
Security-focused operating system wikipedia , lookup
Cryptography wikipedia , lookup
Cryptanalysis wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Transcript
Why Cryptography is Harder Than It Looks Written by Bruce Schneier Presented by Heather McCarthy Software Systems Security CS 551 Outline • • • • • • • • Threats to Computer Systems Methods of Entry What Cryptography Can & Can’t Do Security Dependencies Threat Models System Design Implementation Human Factor Introduction • Cryptography is essential • Current cryptography is not as strong as it claims to be – Cannot be an afterthought • Difficult to identify strong products – Wastes money • Present computer security systems will not withstand attacks for very long Threats to Computer Systems • Types of Threats – Fraud in Electronic Commerce • Forgery • Impersonation • Denial of Service • Cheating – Privacy Violations • Targeted vs. broad data harvesting attacks – Electronic Vandalism • Vandals ROUTINELY break into networked computer systems Threats to Computer Systems • Characteristics of Threats – Opportunistic • Often, security need only be relative to thwart an attack – Motivation of attackers • Vast knowledge and free time • Few financial resources and / or vendetta Methods of Entry • Not through typical “doorway” – Steal technical data – Bribe insiders – Modify software – Collude • Summary: – Easy to attack an automated system – Need only find one of many weaknesses to gain access What Cryptography Can and Can’t Do • Security is never guaranteed entirely • A good system balances actual failures against potential failures • Non-invasive attacks CAN be totally prevented • Targeted attacks can only be withstood up to a point • The problems with cryptography are not in the algorithms and protocols, but the implementation – Weakness are found at human interaction level Security Dependencies • Security is a chain • Cryptography is rarely broken through the mathematics • Finding flaws is difficult and tedious – No test can prove the absence of flaws Threat Models • In other words, understanding what to protect against – What system protects – From whom – For how long • Must take into consideration intended and unintended users • Often designers don’t work to build accurate threat models System Design • Scientific – Requires many fields of mathematics – Extensive peer review – Years of analysis • Art – Needs a balance between conflicting goals • Security vs. Accessibility • Anonymity vs. Accountability • Privacy vs. Availability – Intuition Implementation • Cryptographic algorithms are only part of the chain • Exact – A GUI must be as strong as the protocols • Unfortunately, this facet is often overlooked because it is not technically interesting • Method of Design: Make, Break, Repeat The Human Factor • Insiders commit most fraud • Honest users cause problems because they don’t care about security • Users’ needs must be considered in order to build a smoothly operating system Current State of Security • No good way to compare systems – Magazines list features instead of evaluating their security – Marketing lies • Secrecy paves the way for breaches – Thank goodness for CERT • Laws only cure the symptoms, not the cause of security failures • Average lifetime: Five years Conclusion • • • • Assume the worst Make, Break, Repeat Leave a margin for error Questions?