CryptographicCryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering...
engineeringEngineering is the discipline, art and profession of acquiring and applying technical, scientific and mathematical knowledge to design and implement materials, structures, machines, devices, systems, and processes that safely realize a desired objective or inventions.The American Engineers' Council...
is the discipline of using cryptography to solve human problems. Cryptography is typically applied when trying to ensure data
confidentialityConfidentiality has been defined by the International Organization for Standardization in ISO-17799 as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security...
, to
authenticateAuthentication is the act of establishing or confirming something as authentic, that is, that claims made by or about the subject are true...
people or devices, or to verify
data integrityData integrity is a term used in computer science and telecommunications that can mean ensuring data is "whole" or complete, the condition in which data is identically maintained during any operation , the preservation of data for their intended use, or, relative to specified operations, the a...
in risky environments.
In modern practice, cryptographic engineering is deployed in crypto systems. Like most engineering design, these are wholly human creations. Most crypto systems are
computer softwareComputer software, or just software is a general term used todescribe the role that computer programs, procedures anddocumentation play in a computer system.The term includes:...
, either embedded in
firmwareIn electronics and computing, firmware is a term often used to denote the fixed, usually rather small, programs and data structures that internally control various electronic devices...
or running as ordinary executable files under an
operating systemAn operating system is an interface between hardware and user which is responsible for the management and coordination of activities and the sharing of the resources of the computer that acts as a host for computing applications run on the machine. As a host, one of the purposes of an operating...
.
CryptographicCryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering...
engineeringEngineering is the discipline, art and profession of acquiring and applying technical, scientific and mathematical knowledge to design and implement materials, structures, machines, devices, systems, and processes that safely realize a desired objective or inventions.The American Engineers' Council...
is the discipline of using cryptography to solve human problems. Cryptography is typically applied when trying to ensure data
confidentialityConfidentiality has been defined by the International Organization for Standardization in ISO-17799 as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security...
, to
authenticateAuthentication is the act of establishing or confirming something as authentic, that is, that claims made by or about the subject are true...
people or devices, or to verify
data integrityData integrity is a term used in computer science and telecommunications that can mean ensuring data is "whole" or complete, the condition in which data is identically maintained during any operation , the preservation of data for their intended use, or, relative to specified operations, the a...
in risky environments.
Major Issues
In modern practice, cryptographic engineering is deployed in crypto systems. Like most engineering design, these are wholly human creations. Most crypto systems are
computer softwareComputer software, or just software is a general term used todescribe the role that computer programs, procedures anddocumentation play in a computer system.The term includes:...
, either embedded in
firmwareIn electronics and computing, firmware is a term often used to denote the fixed, usually rather small, programs and data structures that internally control various electronic devices...
or running as ordinary executable files under an
operating systemAn operating system is an interface between hardware and user which is responsible for the management and coordination of activities and the sharing of the resources of the computer that acts as a host for computing applications run on the machine. As a host, one of the purposes of an operating...
. In some system designs, the cryptography runs under manual direction, in others, it is run automatically, often in the background. Like other software design, and unlike most other engineering, there are few external constraints.
Active opposition
In other engineering design, a successful design or implementation of one, is one which 'works'. Thus, an aircraft which actually flies without crashing due to some aerodynamic design blunder is a successful design. How successful is important, of course, and depends on how well it meets intended performance criteria. Continuing with the aircraft example, several
World War IWorld War I , also known as the First World War, the Great War, and the War to End All Wars, was a global military conflict which involved most of the world's great powers, assembled in two opposing alliances: the Triple Entente and the Triple Alliance...
fighter aircraftA fighter aircraft is a military aircraft designed primarily for air-to-air combat with other aircraft, as opposed to a bomber, which is designed primarily to attack ground targets by dropping bombs. Fighters are small, fast, and maneuverable...
designs only barely flew, while others flew well (at least one design flew well, but its wings broke off with some regularity) though with insufficient agility (turning, climbing, ..., rates) or insufficient stability (too frequent inescapable spins and so on) to be useful or survivable. To a considerable extent, good agility in aircraft is inversely related to inadequate stability, so fighter aircraft designs are, in this respect, inevitable compromises. The same considerations have continued in more recent times, as for instance the necessity for computer 'fly-by-wire' control in some fighters with great agility.
Cryptographic designs also have performance goals (eg, unbreakability of encryption), but must perform in a more complex, and more complexly hostile, environment than merely high (but not too low) in the Earth's atmosphere under war conditions.
Some aspects of the conditions under which crypto designs must work (to be successful and so worth bothering with) have been long recognized. Sensible cipher designers (of which there were fewer than their users would have wanted) attempted to find ways to prevent
frequency analysisIn cryptanalysis, frequency analysis is the study of the frequency of letters or groups of letters in a ciphertext. The method is used as an aid to breaking classical ciphers....
success, starting, it must be assumed, almost immediately after that cryptanalytic technique was first used. The most effective way to defeat frequency analysis attacks was the polyalphabetic substitution cipher, invented by Alberti about 1465. For the next several hundred years, other designers also tried to evade frequency analysis, usually poorly, demonstrating that few had a clear understanding of the problem. What is probably the best known (and likely the widest used) of those attempts is the (misnamed)
Vigenère cipherThe Vigenère cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution....
which is a partial implementation of Alberti's idea.
Edgar Allan PoeEdgar Allan Poe was an American writer, poet, editor and literary critic, considered part of the American Romantic Movement. Best known for his tales of mystery and the macabre, Poe was one of the earliest American practitioners of the short story and is considered the inventor of the...
famously, and rashly, boasted that no cipher could defeat his cryptanalytic talents (essentially frequency analysis); that he was almost entirely correct about the ciphertexts submitted to him suggests a low level of cryptographic awareness some 400 (!) years after Alberti. As this history suggests, an important part of crypto engineering is understanding the techniques the Opposition may have available.
In addition, it has been explicitly realized since the mid 1800s that the Opposition must be credited with certain kinds of knowledge, lest one's design efforts address too little. Kerckhoffs' Law -- "The security of a cipher must reside entirely in the key", and the equivalent, and somewhat less obscure,
ShannonClaude Elwood Shannon , an American electronic engineer and mathematician, is known as "the father of information theory".Shannon is famous for having founded information theory with one landmark paper published in 1948...
's Maxim -- "The enemy knows the system", put it more or less clearly. A crypto design must achieve its goals (eg, confidentiality, or message integrity -- see 'goals' in the article
cryptographyCryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering...
), not only despite active intelligent Opposition, but in spite of uncomfortably well informed Opposition.
Inherent zero-defect requirement
Many failures in cryptographic engineering are catastrophic. That is, success in breaking one message leads to reading all messages. Most cryptographic algorithms and protocols make certain assumptions (random
keyIn cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would have no result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption...
or
nonceIn security engineering, a nonce is an abbreviation of number used once . It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. For instance, nonces are used in HTTP digest access authentication to...
choices, for example), and when those assumptions are violated, all security is lost.
Examples: Netscape random bug found at UC Berkeley, Microsoft's PPTP protocol implementation problems found by Schneier.
Invisibility of most failure modes
Success in cryptographic engineering is unclear at best. Not crashing is a quite prominent
sine qua nonSine qua non or conditio sine qua non was originally a Latin legal term for " without which it could not be" or "but for..." or "without which nothing." It refers to an indispensable and essential action, condition, or ingredient.As a Latin term, it occurs in the work of...
in aircraft design. Not allowing the Opposition access (to protected message traffic, for instance) is the design goal, but it is far less obvious when this goal has been achieved than in other engineering. Essentially no Opponents will ever make their access to message content public, and so neither designers nor implementors nor users of crypto systems will ever learn from them that their design is insecure. It is certainly irrational to count on Opponents as a quality control resource.
One tempting measure of security is 'I can't figure out how to break it, so I will assume Opponents will not be able to do so either'. This may be true, but there is no way to actually know your Opponents have the same limitations you do. In a modern environment, in which messages travel over public networks, it is not even possible to detect eavesdropping, much less to prevent it. Accordingly, most message traffic must be presumed to be entirely in an Opponent's possession.
Known cryptographic failures fall into several classes. Future failures may also, or may find new categories. Examples include:
Design errors:
- cryptographic protocol errors
- user operational procedure errors
- algorithm implementation errors
- associated system failures
User errors:
- misunderstanding of correct operations
- arbitrary user actions
Implementation errors:
- programming errors (bugs)
- precision arithmetic errors
- random data errors
- software library routine errors
Environment errors:
- operating system insecurities with effects on cryptographic software (eg, keys retained in swap file data)
- operating system insecurities with regard to plaintext
In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is, sometimes confusingly, often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties...
access
- operating system vulnerabilities (viruses, Trojan horse
A Trojan horse, or trojan for short, is a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system. The term comes from the Trojan Horse story in Greek mythology.Trojan horses are not...
s, etc)
The effect of most of these will not be apparent to end users, generally not to the computer system's administrators, and often not even to the cryptographic system's designers. For instance, a
buffer overflowIn computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a process stores data in a buffer outside the memory the programmer set aside for it. The extra data overwrites adjacent memory, which may contain other data, including program variables and program...
vulnerability in an obligatory operating system component may not have been present in version 5.1 (used during crypto system testing), but appear only at version 5.3, available only after release of the crypto system. Or that particular vulnerability may have been removed in all operating system releases later than version 5.3, but the crytographic system is being used in this case with version 5.1.
The invisibility of many such errors makes finding and removing them more difficult than in many other kinds of engineering.