Skip to content

Security

links: AC1 TOC - Security & Cryptography - Index

Dictionary definition: the state of being free from danger or threat

Security is an organisational problem. It's goal is to provide an operational status 'se' (without) 'cura' (fear).

Questions to be asked to reach security:

  • What - Problem, asset, adversary, goals
  • Strength - Value of asset over space and time, power of adversary
  • How long - How long to secure asset, active time of adversary
  • Where - Resting, in transit, local, remote and where is the adversary
  • Trust - Assumptions, borders of problem domain

Security dispositives

Security Assumptions

If the assumptions hold true, then the system should remain secure.

  • Users' private keys are kept secret
  • Factoring and DL are hard problems

Trust assumptions

Entities or components that are assumed to be trustworthy.

  • CA
  • Trusted Hardware/Software
  • Third-Party Trust (Cloud servers, authentication services)
  • Physical Security
    • A common assumption is that physical access to devices or servers is restricted and that those with physical access are trustworthy.

Attack Model

It includes details about what kind of resources an attacker might have (like computational power), what their potential goals are (like stealing data), and what strategies they might use (like social engineering or malware).

links: AC1 TOC - Security & Cryptography - Index