Increasing connectivity – The Role of Cryptography in the Connected World

1.3 Increasing connectivity Connectivity allows designers to add novel, unique features to their products and enables new business models with huge revenue potential that simply would not exist without it. At the same time, connectivity makes it much harder to build secure systems. Similar to Ferguson and Schneier’s argument on security implications of complexity, one […]

Connectivity versus scaling attacks – The Role of Cryptography in the Connected World

1.3.3 Connectivity versus scaling attacks To summarize, connectivity exposes devices and IT systems to remote attacks that target network-facing software (and, thus, directly benefit from the continuously increasing software complexity), are very cheap to launch, can be launched by a large number of threat actors, and have zero marginal cost. In addition, there exists a […]

Complexity versus security – features – The Role of Cryptography in the Connected World

1.4.1 Complexity versus security – features The following thought experiment illustrates why complexity arising from the number of features or options is a major security risk. Imagine an IT system, say a small web server, whose configuration consists of 30 binary parameters (that is, each parameter has only two possible values, such as on or […]

Technical requirements – Secure Channel and the CIA Triad

2.1 Technical requirements This chapter introduces basic definitions, design principles, and goals and therefore requires no specific software or hardware. 2.2 Preliminaries The fundamental objective of cryptography and computer security in general is to enable two persons, let’s call them Alice and Bob, to communicate over an insecure channel so that an opponent, commonly called […]

Confidentiality – Secure Channel and the CIA Triad

2.3 Confidentiality A fundamental need in secure communication is to ensure the privacy of the information transmitted between the communicating parties. In cryptography, this is referred to as confidentiality of data. More precisely, confidentiality is the ability to keep the content of information from all but those authorized to have it [117]. Confidentiality therefore guarantees […]

Integrity – Secure Channel and the CIA Triad

2.4 Integrity Integrity is the ability to detect data manipulation by unauthorized entities. By data manipulation, we mean unauthorized acts such as the insertion, deletion, or substitution of individual data chunks or entire messages. It is not required that manipulations as such are rendered impossible; given the multitude of possible communication channels, this would be […]

Message authentication – Secure Channel and the CIA Triad

2.5.1 Message authentication Message authentication is the ability of the communicating party that receives a message to verify – through corroborative evidence – the identity of the party that originated the message [117]. This form of authentication is also referred to as data origin authentication. Message authentication can be achieved by providing additional information together […]