Cryptography Reference
In-Depth Information
As a word of caution, it should be mentioned that even though very practical
results have been derived from research in the provable security of crypto schemes,
many findings are only of limited practical value. Also, the whole field is not without
controversy [84, 102].
Secure System Design
Cryptography is often an important tool for building a se-
cure system, but on the other hand secure system design encompasses many other
aspects. Security systems are intended to protect something valuable, e.g., informa-
tion, monetary values, personal property, etc. The main objective of secure system
design is to make breaking the system more costly than the value of the protected
assets, where the “cost” should be measured in monetary value but also in more
abstract terms such as effort or reputation. Generally speaking, adding security to a
system often narrows its usability.
In order to approach the problem systematically, several general frameworks ex-
ist. They typically require that assets and corresponding security needs have to be
defined, and that the attack potential and possible attack paths must be evaluated.
Finally, adequate countermeasures have to be specified in order to realize an appro-
priate level of security for a particular application or environment.
There are standards which can be used for evaluation and help to define a se-
cure system. Among the more prominent ones are ISO/IEC [94] (15408, 15443-1,
15446, 19790, 19791, 19792, 21827), the Common Criteria for Information Tech-
nology Security Evaluation [46], the German IT-Grundschutzhandbuch [37], FIPS
PUBS [77] and many more.
1.6 Lessons Learned
Never ever develop your own crypto algorithm unless you have a team of expe-
rienced cryptanalysts checking your design.
Do not use unproven crypto algorithms (i.e., symmetric ciphers, asymmetric ci-
phers, hash functions) or unproven protocols.
Attackers always look for the weakest point of a cryptosystem. For instance, a
large key space by itself is no guarantee for a cipher being secure; the cipher
might still be vulnerable against analytical attacks.
Key lengths for symmetric algorithms in order to thwart exhaustive key-search
attacks are:
64 bits: insecure except for data with extremely short-term value.
112-128 bits: long-term security of several decades, including attacks by in-
telligence agencies unless they possess quantum computers. Based on our cur-
rent knowledge, attacks are only feasible with quantum computers (which do
not exist and perhaps never will).
256 bit: as above, but possibly against attacks by quantum computers.
