Why Cryptography is Harder Than It Looks

1
Why Cryptography is Harder Than It Looks

• Written by Bruce Schneier
• Presented by Heather McCarthy
• Software Systems Security
• CS 551

2
Outline

• Threats to Computer Systems
• Methods of Entry
• What Cryptography Can Cant Do
• Security Dependencies
• Threat Models
• System Design
• Implementation
• Human Factor

3
Introduction

• Cryptography is essential
• Current cryptography is not as strong as it
  claims to be
• Cannot be an afterthought
• Difficult to identify strong products
• Wastes money
• Present computer security systems will not
  withstand attacks for very long

4
Threats to Computer Systems

• Types of Threats
• Fraud in Electronic Commerce
• Forgery
• Impersonation
• Denial of Service
• Cheating
• Privacy Violations
• Targeted vs. broad data harvesting attacks
• Electronic Vandalism
• Vandals ROUTINELY break into networked computer
  systems

5
Threats to Computer Systems

• Characteristics of Threats
• Opportunistic
• Often, security need only be relative to thwart
  an attack
• Motivation of attackers
• Vast knowledge and free time
• Few financial resources and / or vendetta

6
Methods of Entry

• Not through typical doorway
• Steal technical data
• Bribe insiders
• Modify software
• Collude
• Summary
• Easy to attack an automated system
• Need only find one of many weaknesses to gain
  access

7
What Cryptography Can and Cant Do

• Security is never guaranteed entirely
• A good system balances actual failures against
  potential failures
• Non-invasive attacks CAN be totally prevented
• Targeted attacks can only be withstood up to a
  point
• The problems with cryptography are not in the
  algorithms and protocols, but the implementation
• Weakness are found at human interaction level

8
Security Dependencies

• Security is a chain
• Cryptography is rarely broken through the
  mathematics
• Finding flaws is difficult and tedious
• No test can prove the absence of flaws

9
Threat Models

• In other words, understanding what to protect
  against
• What system protects
• From whom
• For how long
• Must take into consideration intended and
  unintended users
• Often designers dont work to build accurate
  threat models

10
System Design

• Scientific
• Requires many fields of mathematics
• Extensive peer review
• Years of analysis
• Art
• Needs a balance between conflicting goals
• Security vs. Accessibility
• Anonymity vs. Accountability
• Privacy vs. Availability
• Intuition

11
Implementation

• Cryptographic algorithms are only part of the
  chain
• Exact
• A GUI must be as strong as the protocols
• Unfortunately, this facet is often overlooked
  because it is not technically interesting
• Method of Design Make, Break, Repeat

12
The Human Factor

• Insiders commit most fraud
• Honest users cause problems because they dont
  care about security
• Users needs must be considered in order to build
  a smoothly operating system

13
Current State of Security

• No good way to compare systems
• Magazines list features instead of evaluating
  their security
• Marketing lies
• Secrecy paves the way for breaches
• Thank goodness for CERT
• Laws only cure the symptoms, not the cause of
  security failures
• Average lifetime Five years

14
Conclusion

• Assume the worst
• Make, Break, Repeat
• Leave a margin for error
• Questions?