Cryptography Reference
In-Depth Information
3.2.6
Adequate security
One of the points that we will keep returning to when considering the security
of real cryptosystems, especially in Chapter 12, is that in many application
environments it is acceptable to adopt levels of security that are short of 'ideal'.
This is because the potential benefits of
adequate security
, for example, in terms
of efficiency, may outweigh the benefits of stronger security.
Clearly the decision to make such a tradeoff must be made from an informed
viewpoint, which considers the realistic threat environment within which the
cryptosystem will be used. As part of this analysis, it is worth considering exactly
what process a potential attacker might have to go through in order to benefit
from an attack on a cryptosystem:
Motivation
. The attacker must want to attack the cryptosystem in the first
place. There are many applications where, realistically, there are no motivated
attackers. For example, the vast majority of email users do not encrypt their
emails. Many of these users would probably use a secure email package if they
believed in the existence of an attacker who routinely wanted to read their
email (see Section 12.7.2).
Knowledge
. An attacker with the motivation must also have the knowledge to
conduct an attack. Even an attack that can largely be 'automated', for example,
by downloading a software attack tool, often still requires an amount of
expertise (albeit fairly small) to conduct. Theremay bemany potential attackers
with enough knowledge, but this is only a threat if one of them is likely to be
motivated to conduct it.
Action
. An attacker must actually proceed with an attack. Even with the
motivation and the knowledge, there may be barriers that prevent an attacker
from proceeding. These could be logistical, for example an attacker requires
the right opportunity, perhaps access to a specific computer terminal, which
might never arise. Or these could be conceptual. For example, an attacker may
desire to access a colleague's files, and may have the knowledge of how to do
so, but knows that this action would represent a breach of the organisation's
computer use policy, which could result in the attacker losing their job.
Success
. An attacker has to succeed with their attack. For many attacks on a
cryptosystem, success is far from guaranteed. For example, an attacker with
access to a user's ATM card can usually only make three attempts to guess the
PIN before the card account is suspended.
Benefit
. An attacker has to gain benefit from the attack. Even if the attacker
successfully attacks the cryptosystem, the results may not be of great use to the
attacker. For example, a plaintext with a short cover time could be encrypted
using a fairly weak encryption algorithm. The attacker may well be able to
conduct an exhaustive key search, but if this takes longer than the cover time
then the plaintext should no longer be of value by the time the attacker finds
it. As another example, which we will discuss in more detail in Section 6.2, an
