Why Security Is All About Copies

In this second section on basic Axioms, we overview methods for achieving privacy in terms of our interpersonal communication(s). Building on the security definitions established in the first section; we hereby characterise privacy as being concerned primarily with exposed-copies of the communicated datum (+ meta-data). Therefore cybersecurity vulnerabilities may be mitigated by social restriction—and protection—of such copies.

A second goal of this section is to list and classify, plus compare and contrast, the different kinds of threats, potential exploits and attack-vectors/surfaces/windows that may exist for a digital point-to-point communication system.

In simple terms we can characterise private communication as being concerned primarily with protection of ownership right(s) for datum-copies—or management of safe: storage, transfer and social-access for replicated datum(s) (+ meta-data).


Formula For Absolute Security

Once we recognise that any potential copy has to be either—a primary, secondary or tertiary one—then we can develop a formula for what we might term absolute security.

Absolute security—for a point-to-point communication instance—is the replication of a single instance (or primary-copy) of a private-datum from one socially restricted access-node to another [Axiom 12] [ref. Absolute Security:TARGET]. In other words, it is the single-copy-send of a datum from one party to another; whereby no—socially accessible—nth-party copies exist whatsoever (hopefully persistently—or on a long-term basis).

Likewise we can define partial/absent security as the existence of any unprotected—or nth-party accessible— primary/secondary/tertiary datum-copies [Axiom 13].

Both of these metrics—absolute and partial/absent security—are mutually-exclusive true/false values for any act of communication. It is obvious that just because a datum-copy has (apparently) been communicated with absolute security at one epoch; then that does not mean that such a status will necessarily be permanent.


Digital Media

Digital-media are electronic media used to store, transmit and receive digitised information; and may refer to any media that has been encoded in a machine-readable format. Digital-media—or simply media—can be created, viewed, distributed, modi ed and preserved on computers.

For our purposes we have compartmentalised media into three types: storage, transfer and access [Axiom 14].


Form And Content

A datum is a discrete pattern of meaning that may be transferred between minds (network access-nodes). A datum-copy is a particular instantiation of a datum’s pattern—that exists inside or (potentially) outside of a point-to-point communication system.

A copy has two primary aspects: firstly form (the encapsulating format)—or media of storage, communication/ delivery, and access; and secondly content (a representation with metrical, descriptive and selectional aspects) [Axiom 15].

Creation of a datum-copy involves instantiation of form in place and time (i.e. illustration of content in the real and/or virtual worlds—and ultimately in a human mind). A datum-copy has a natural owner—often the sender/creator of the datum [Axiom 16]. Ownership rights include protection of social access (e.g. secrecy, privacy, openness) for the copy—in terms of who can see, know and/or change the content and/or form of the copy (ref. new owner(s)/user(s)) [Axiom 17].

When we speak of—a datum-copy being hacked and/or a data-breach/system-exploit occurring—that is defined as unwarranted social access to the informational content of the datum (i.e. loss/change of privacy status) [Axiom 18].

It may be that loss of privacy—extends also to aspects of the copy’s form, but for the datum itself loss of privacy relates to—and consists of—purely informational content.

 

Infographic_C7

SCF 1.0 – InfoGraphic C

Aetiology Of a Datum-Copy

Source: ‘The Science Of Cybersecurity’ (2017) – by Alan Radley

Privacy Status

All kinds of hardware/software, networking and social influencing factors can affect the privacy status of a primary, secondary and/or tertiary copy. Potential vulnerabilities include exposed: user IDs, logins, passwords, and private encryption keys, meta-data etc; and each may contribute to privacy breaches.

We are now in a position to classify the different ways in which a hacker could potentially gain unwarranted access to a primary, secondary or tertiary copy of a private-datum. Obviously, in order to improve the security of any communication system; one seeks to reduce the number of—attack-surfaces/windows—and related attack-vectors (for datum-copies)—and so to minimise the opportunities for break-ins to an (ostensibly) secure network.

Accordingly, we now define the principal ways in which a nominal—or generalised—communication system may be compromised; and hence result in a data-breach.

At least eight kinds of hacking/spying/eaves-dropping methods are possible; as detailed below in the list of networked system hacking methods.


Absolute Security Target / Methods

The Absolute Security: TARGET—for a point-to-point communication system—is the replication of a single instance (or primary-copy) of a datum—from one socially restricted access-node to another. In other words, it is the single-copy-send of a datum from one party to another; whereby no—socially accessible—nth-party copies exist whatsoever (hopefully persistently).

Absolute Security: METHODS—are continually working security: systems, rules, actors, networks, programs, defences and human/automatic operational procedures etc; that protect: an Absolute Security TARGET.


Network System Hacking Methods

A basic list of network System hacking methods is given below:

  • Cloud provider legal request—‘back-door‘ —primary/secondary copy
  • Transmission provider legal request —primary/secondary copy
  • Transmission line reconstruction (remote) —tertiary copies
  • Communications hacking (local and remote) —primary/secondary copy (+ tertiary copies?)
  • Communications eavesdropping (environment) —primary/secondary copy (+ tertiary copies?)
  • Cloud account hacking—‘front-door‘ —primary/secondary copy
  • Physical device hacking —primary/secondary copy
  • Physical device data replication —primary/secondary copy

(See later discussions for Threat Taxonomies and Effective Countermeasures).

Obviously, depending upon the nature of a particular breaching technique, different impacts arise—on the primary, secondary and/or tertiary copies—as to whether or not a system is vulnerable at any particular place/time. Dependent variables include: degree of access of the attacker to local resources, relationships of attacker to/with ‘nth’ parties, motivations/capabilities of attacker, attack/defence techniques, system and network vulnerabilities, and the capabilities/legal operating frameworks—plus assumptions—of all the parties involved.

Note that for the purposes of our analysis, we make no distinctions (legal, ethical or otherwise) between an ordinary attacker; and one who may possess any supposed: legal, moral, and/or ethical right(s); in relation to gaining unauthorised access to a private-datum (see Axioms C).

Finally, and given what’s been said; I do find myself wondering how—or even if—it is possible to mount an effective defence—permanently—against any and all cyber-attacks and unwarranted access methods.