THE SUBJECT AT hand is protection of metrical attack-surface(s); with respect to the safe transfer of meaning between individual human beings. Accordingly, we specify how to protect symbolic structure (for datum(s)); and with a view to obtaining unbreakable encryption for datum-copies.
A second goal of this section is to define and classify encryption mechanism(s) for primary-network defence (i.e. locking datum-copies)—by means of logically consistent definitions, analysis and exposition.
The topic at hand is creation of an impenetrable meaning-gateway—or protecting a datum-copy’s metrical attack-surface (or symbolic structure)—whereby the same copy is either—A) at-rest; or B) in-transit.
Wherein we assume that any physical and/or virtual getaways (or protective measures for the copy’s form) may be ineffective and/or could fail. Right away—for a point-to-point communication system connected to an open-network—we acknowledge that a problem exists in terms of message/identity/key: authentication and signification; or making certain that the Identity and Access Management System assigns the same to the correct party.
Placing these matters aside, we find that there are two basic kinds of symbolic encryption:
• Symmetric-Key-Encryption: the encryption and decryption keys are the same. Communicating parties must have the same key before they can achieve secure communication.
• Public-Key-Encryption: the (public) encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the (private) decryption key that allows messages to be read.
Entry-Method / Defence-Method
An entry-method is a system access pathway—or series of actions that must be performed by a human, running program and/or helper actor(s)—to access a datum-copy (i.e. a primary, secondary, tertiary-copy). Whereby an entry-method (may) involve traversing several system gateway(s)—before opening up the datum’s inner meaning.
A defence-method is a system access pathway that is inaccessible to unsafe-actor(s). Wherein both the entry-method and defence-method(s) may be protected by locking, blocking and/or concealment techniques. Note that an entry-method plus defence-method— may sometimes be the exact same sub-subsystem (i.e fulfil a dual purpose for any particular access pathway or system entrance method).
Either symmetric/non-symmetric encryption may be used to develop effective cryptographic software—and standards are widely available for employing such techniques (see end notes and bibliography). However successfully using encryption to ensure security may be a challenging problem—and because even a single error in system design or execution can allow successful attacks. Sometimes an adversary can obtain unencrypted information without directly undoing the encryption (see the Trojan Horse/Traffic Analysis hacking method(s) as explained elsewhere).
Overall, we advise caution in terms of reliance on cryptography alone for protecting a datum’s privacy.
SCF 1.0 – InfoGraphic G
Cybersecurity System Access Gateways
Source: ‘The Science Of Cybersecurity’ (2017) – by Alan Radley
Protection Of Symbolic Structure
In this section we are concerned with protection of symbolic structure—or meaning—for communicated datum(s); whereby the message is comprised of a specific pattern of symbols. Wherein we ignore the possibility of using icons and indices as signifiers—and because these topics are unusual and/or lie outside of our analysis (e.g. steganography).
Obviously the remaining topic of symbolic cryptography is complex; and any adequate treatment would run to a book-length treatise. How then, you may ask, is it possible in only a few pages to say anything consequential on such a highly technical subject matter? Quite simply, we can identify best practice in terms of logical premises/reasoning/appropriate-conclusions for achieving absolute security; and hence outline effective methods to protect the metrical structure of communicated datum(s).
Ergo, we abide by one (or more) of the following—
Virtual Message Tamper-proofing: The digital signature verification and encryption must be applied to the cipher-text— when it is created—typically on the same primary-network used to compose the message—to avoid tampering (adequate locking—guarantees message integrity).
Physical Message Tamper-proofing: Encrypting at the time of creation is only secure if the encryption device itself has not been tampered with (i.e. closed/blocked physical gateway(s) or device-integrity).
Employ Secret Keys: Obey Dr Claude Shannon’s maxim (i.e. Kerckhoff’s principle); and assume that: ‘the enemy knows the system’. Avoid relying on security through obscurity and/or security through minority—in terms of not assuming that the secrecy/uncommonness of system design provides unimpeachable protection (adequate concealment + locking).
Pattern Obfuscation: Special encryption/coding/scrambling methods must be employed to prevent spies from deducing information from patterns present in the copy.
Access-node/Key/ID Security: Adequate access control methods must be employed to protect unwarranted access to any and all access-nodes, access-devices, keys, user IDs etc (adequate blocking + key concealment).
Viruses, Trojan-Horses: Methods to eradicate Viruses and to prohibit Trojans misrepresenting as safe-actors— hence preventing unsafe-actors from gaining unwarranted access to copies/actors on the data-processing stack (adequate blocking).
Environmental Spying: Methods to prevent spying on the primary-network through leaking emanations, including radio or electrical signals and vibration(s) etc.
Protection Of Meaning Gateways – Conclusions
The history of cryptography provides evidence that it is difficult to keep details of a widely used algorithm secret.
Accordingly, only secrecy of the key provides sufficient security—and because a key is often easier to protect (it’s typically a small piece of information) than an encryption algorithm, and easier to change if compromised.
And that’s about it for now; in later Chapters we go on to explore all of the issues raised here; and in terms of attaining logical, holistic, effective and broadly considered (plus scientific) cybersecurity policies.
The Beholder’s Share
THE SUBJECT AT hand is protection of descriptive and selectional attack-surface(s)—with respect to the safe transfer of meaning between individual human beings. Accordingly, we specify how to protect descriptive structure (for datum(s)); and with a view to obtaining absolute security for communicated datum-copy(s).
A second goal of this section is to define and classify coding mechanism(s) for primary-network defence—by means of logically consistent definitions, analysis and exposition.
The topic at hand is creation of impenetrable descriptive and selectional gateway(s)—or protecting a datum-copy’s descriptive and selectional attack-surface(s) (i.e. defining language(s) used and/or coding structure(s) employed). Whereby the same copy is either—A) at-rest; or B) in-transit. Wherein we assume that any physical, virtual, plus (symbolic) meaning gateway(s)—may be ineffective and/or could fail.
Once again we are faced with a host of potentially valid techniques in terms of descriptive and selective coding. The large number of such combinations makes for a particularly useful set of protective measures—each with a high level of robustness and immunity to attack.
Whereby the large number and great diversity of potential coding method(s) helps to effectively cloak/ obscure—said attack surface(s); and because an attacker has difficulty guessing which specific protective technique(s) may have been used—leading to significant obstacle(s) for breaking into the coded datum(s).
However there is an important caveat here, in terms of any unbridled optimism with respect to coding methods. That is the susceptibility of all coding/encryption methods to attacks—whereby a spy attempts to deduce information from patterns present in the copy.
We can think of coding as a statistical technique. Ergo for any fairly long message of—for example—english text; if a consistent encryption and/or coding method is employed; then due to the (relatively) small range of letters/words/ phrases present in the english language—it may be possible to use numerical/computationally intensive methods to discover, guess and/or decode the original message.
Limitations of Coding Protection
We can conclude that no coding/encryption method is (by itself) absolutely secure against all possible attack-vectors. Ergo, form based protection is desirable. Previously, we had identified core principles of system design for symbolic cryptography. Here in this Chapter we wish to do the same for coding methods—defined as the generation of descriptive and/or selectional layers for a representation.
Note that we can also use special coding techniques and/or modal methods for protecting symbolic structure—but we normally assign the same to encryption as a topic in-and-of-itself. Right away we shall state that all of the vulnerabilities and principles for effective cryptography apply also to coding methods. The only difference is that coding methods may be superior for eliminating and/or reducing the possibility of an attacker deducing information from well-known and/or repeated patterns (i.e. phrases) present in the communicated datum.
Pattern obfuscation is a central concern in terms of achieving socially secure communication. Basically we are in the domain of statistics—because no matter how clever/intricate and/or obscure the coding or encryption technique—it can often be broken—given sufficient time, effort and resources. Note however, that to break into a protected datum using statistical methods requires that a sufficiently large— homogenous coded-segment—or section of cypher-text/ coded-text sample is available for analysis.
Ergo we wish to avoid: using identical natural-language constructs too-often in a long message; and/or use of the same coding method(s) continually. Plus we wish to avoid sending coded messages with common patterns that may be used to reverse-engineer the coded datum(s). In fact, this is how the German Enigma code was broken; whereby every message contained known words—‘Heil Hitler’—day after day.
How can we mitigate such formidable risks? Quite simply, by using sufficiently obscure and intricate descriptive coding schemes and/or strong encryption methods; plus by using selectional content that varies sufficiently in terms of modal obfuscation.
Ergo—for socially secure communication—we abide by—as many as possible of—the following message/ datum—CODING PRINCIPLES [Axiom 55]:
- Employ effective symbolic encryption; including multi-layer encryption with new keys generated for each communication instance (i.e. use perfect-forward-secrecy).
- Employ obscure descriptive coding methods (i.e. one-time-pad(s) or perfect-secrecy).
- Employ variable selectional coding methods (i.e. multiple code-books in a single message); with constantly changing constructive pattern(s) for each message. (i.e. one-time-pad(s) or perfect-secrecy).
- Employ safe pattern constructs. Avoid sending identical (coded) natural-language constructs repetitively; pad the pattern(s) with NULLS or hide them; use varying constructive code(s).
- Rely on the Beholder’s Share—employ covert and obscure methods for interpretation of meaning.
Bigger Brain Versus Stealth
THE SUBJECT AT hand is the building of stealth defences—with respect to the safe transfer of meaning between individual human beings.
Accordingly, we specify aspects of primary-network concealment; with a view to obtaining absolute security for communicated datum(s) [ref.Absolute Security:TARGET and METHOD(S)]. A second goal of this section is to define and classify covert mechanism(s) for primary-network defence—by means of logically consistent definitions, analysis and exposition.
In the present section we are concerned with how best to protect form based attack-surface(s); consisting of physical-gateways—media of storage, transfer and access; and virtual-gateways—formatted copies for storage, transfer and access. Patently—a wide range of—defensive techniques are possible—to protect gateway type(s); and because systems of communication are many and varied. Ergo, it is difficult to identify any universally applicable defensive procedures—without precedence.
Nevertheless, we can outline key principles for primary-network concealment—the same being methods that may prove useful to the designer of a system that seeks to provide absolute security.
Effective—STEALTH TECHNIQUES [Axiom 59] include (for defence):
Move access-node(s)—plus related data-set(s)—including user data (i.e. user owned IDs/keys)—to a private (possibly portable) access-device; closing physical/virtual gateway(s).
Employ an invitation-only-network + cypher-matching— whereby unsafe parties are blocked (i.e use a private network).
Use false/null data-traffic, decoys, honey-pots, spoofed access-device IP/MAC addresses (hide source + destination IDs/point(s)); hide message(s) in innocuous content; closing invalid gateway(s).
Use a secret/scrambled/coded protocol (key-protected); secret routers/gateways—to close/protect all datum physical/virtual-gateway(s).
Eliminate all legitimate and illegitimate secondary copies (e.g. use a Peer-to-Peer (P2P) network); closing physical + virtual gateway(s).
Protect the communication channel (e.g. use distributed transport and/or concealed packet(s)).
Conceal the method(s) of coding within a large range of possible method(s) + vary/overlap method(s); that is protect meaning gateway(s) (i.e. exploit the beholder’s share).
Localise Identity and Access Management System(s). Do not trust private items to nth-parties.
Employ nested protective layers (ref. physical/virtual gateways).
Stealth Techniques – Summary
In a nutshell, we wish to reduce gateway: exposure (limit existence in place/time), number(s), visibility and fragility—eliminating/nullifying attack-vectors [Axiom 60].
The title of the present Chapter—Bigger Brain versus Stealth Techniques’—refers to what we regard as best-practice for building an—absolutely secure—point- to-point system for private communication of meaning. Put simply, we believe that it is far better to rely on stealth techniques—in order to block/eliminate/conceal system gateway(s)—than attempt to have a bigger brain than all attackers (i.e use unbreakable locks).
Remember that for a central-server network; the primary, secondary, tertiary copies etc; hang around effectively forever—and are backed-up repeatedly. Undertaking to build an unbreakable encryption defence and/or coding method for such (effectively immortal) copies; may be unrealistic. Ergo, attaining robust meaning gateway(s)—is predicated upon—maintenance of superior intelligence /know-how (perpetually)—and because the defence mechanism(s) must stay (at least) one step ahead of all attacker(s)—now and at all times in the future.
A preferable approach—and one that will prove to be—in all likelihood—far less vulnerable to a data-breach; is to move system gateways—beyond the reach of any attackers. Primary-network concealment can be achieved using fundamental techniques that do not rely on having a bigger brain (so-to-speak). Rather we employ carefully chosen hardware and software tools as described—for example—in the list above.
SCF 1.0 – InfoGraphic F
Privacy And Security Relations
Source: ‘The Science Of Cybersecurity’ (2017) – by Alan Radley
Absolute Security – Conclusions
We can conclude that the techniques of absolute security are not rocket science—but they are a little unusual in that they do require specialist tools; including potentially: Peer-to-Peer (P2P) network design, stealth and depth-defences, well-designed encryption/coding, plus localised—or P2P—user ID/key management system(s), user-owned passwords, secret-keys etc.
Let us now go back to the original purpose of this book. Remember that we had made a distinction between partial/absent and absolute security [ref. Absolute Security: TARGET]. Perhaps for most situations it is fine to have a small degree of additional security provided by a standard encryption method (e.g. using email with a single-layer of encryption). But for those occasions when one has to communicate datum(s) that are of a particularly high value (i.e. be private-by-guarantee)— then we must employ special techniques.
Unfortunately, attaining absolute security is challenging using standard (central-server) tools such as email and file-sharing systems like DropBox, GoogleDrive etc; because— as we have seen—these systems are potentially open to a host of exploits, intercepts and data-breaches. Such problems relate to structural vulnerabilities in terms of network design (i.e. long-term exposure of physical gateways); leaving only virtual and meaning gateway protective techniques.
In summary, attaining absolute security for our digital communication(s)—is a difficult-to-reach—but not impossible goal. Just like the magician, rather than performing any real magic tricks (achieving unbreakable encryption/coding)—we misdirect.
Accordingly, we seek to:
- Lock/block/conceal system gateway(s);
- Conceal the method(s) of entry/defence (variable aspects) within a large range—of (potential) methods;
- Employ depth-defences to confuse/ slow-down an attacker.
In this manner (1+2+3) [named as Axiom 62], we safeguard attack-surface entry-methods.