HardCrypto

advertisement
Why Cryptography is Harder
Than It Looks
Written by Bruce Schneier
Presented by Heather McCarthy
Software Systems Security
CS 551
Outline
•
•
•
•
•
•
•
•
Threats to Computer Systems
Methods of Entry
What Cryptography Can & Can’t Do
Security Dependencies
Threat Models
System Design
Implementation
Human Factor
Introduction
• Cryptography is essential
• Current cryptography is not as strong as
it claims to be
– Cannot be an afterthought
• Difficult to identify strong products
– Wastes money
• Present computer security systems will
not withstand attacks for very long
Threats to Computer Systems
• Types of Threats
– Fraud in Electronic Commerce
• Forgery
• Impersonation
• Denial of Service
• Cheating
– Privacy Violations
• Targeted vs. broad data harvesting attacks
– Electronic Vandalism
• Vandals ROUTINELY break into networked
computer systems
Threats to Computer Systems
• Characteristics of Threats
– Opportunistic
• Often, security need only be relative to thwart
an attack
– Motivation of attackers
• Vast knowledge and free time
• Few financial resources and / or vendetta
Methods of Entry
• Not through typical “doorway”
– Steal technical data
– Bribe insiders
– Modify software
– Collude
• Summary:
– Easy to attack an automated system
– Need only find one of many weaknesses to
gain access
What Cryptography Can and Can’t Do
• Security is never guaranteed entirely
• A good system balances actual failures
against potential failures
• Non-invasive attacks CAN be totally
prevented
• Targeted attacks can only be withstood up to
a point
• The problems with cryptography are not in
the algorithms and protocols, but the
implementation
– Weakness are found at human interaction level
Security Dependencies
• Security is a chain
• Cryptography is rarely broken through
the mathematics
• Finding flaws is difficult and tedious
– No test can prove the absence of flaws
Threat Models
• In other words, understanding what to
protect against
– What system protects
– From whom
– For how long
• Must take into consideration intended
and unintended users
• Often designers don’t work to build
accurate threat models
System Design
• Scientific
– Requires many fields of mathematics
– Extensive peer review
– Years of analysis
• Art
– Needs a balance between conflicting goals
• Security vs. Accessibility
• Anonymity vs. Accountability
• Privacy vs. Availability
– Intuition
Implementation
• Cryptographic algorithms are only part
of the chain
• Exact
– A GUI must be as strong as the protocols
• Unfortunately, this facet is often
overlooked because it is not technically
interesting
• Method of Design: Make, Break, Repeat
The Human Factor
• Insiders commit most fraud
• Honest users cause problems because
they don’t care about security
• Users’ needs must be considered in
order to build a smoothly operating
system
Current State of Security
• No good way to compare systems
– Magazines list features instead of evaluating their
security
– Marketing lies
• Secrecy paves the way for breaches
– Thank goodness for CERT
• Laws only cure the symptoms, not the cause
of security failures
• Average lifetime: Five years
Conclusion
•
•
•
•
Assume the worst
Make, Break, Repeat
Leave a margin for error
Questions?
Download