Slashdot Mirror
Cryptographic Security Architecture
Cryptographic Security Architecture is a technical book that focuses on security architectures, verification techniques, and cryptographic software and hardware. It is an excellent reference source that intricately captures the design process of a security toolkit that has been in use for several years across the globe. The security architecture presented in the book is platform-independent, but the book does touch on platform-specific issues when necessary, especially when cryptlib implementation details are described. The toolkit has been ported to a slew of platforms.
Even though the book and the toolkit benefit from each other's companionship, both can certainly stand alone. The reader doesn't have to be familiar with or even interested in cryptlib to gain from reading Cryptographic Security Architecture . In this review of the book I will keep toolkit discussion to a minimum. The semi-GPL cryptlib security toolkit is OSI-certified open source. The security toolkit includes an excellent user manual which is a formidable 310 pages.
The Passion of the Cryptographic Security Architecture
Cryptographic Security Architecture's first chapter covers the foundational software architecture and is a bit dull. I would hope that the target audience is familiar with basic subjects like object-oriented design and inter-object communications. Too much attention is given to what should have been prerequisite knowledge at the expense of security related matter. For instance, while Gutmann gives a lot of attention to basic object synchronisation (the Kiwi spelling, which is suitably preferred by him) he only alludes to a class of security issues involved with multi-threading. If you can make it through the first chapter, rest assured that Gutmann avoids this flaw in the rest of the book. To be fair, this back-to-basics review does well at underpinning the rest of the security architecture, even though it often reads like a software architecture primer.
The second chapter covers the security architecture, which features such things as permission-based access, least privilege and isolation, mediation, and other expected elements. The design goals include some common goals, like simplicity and efficient implementation. But three of the design goals represent the core philosophy of Gutmann's architecture: The separation of policy definition and enforcement mechanism, a verifiable design (practical vs. theoretical viability), and a flexible security policy.
The separation of the policy definition from the enforcement mechanism solves problems that exist in previous attempts at security architecture (e.g. some Orange Book-based systems hardcode the policy). One claimed benefit of separation is the reduction of complexity in the enforcement mechanism and the improved verifiability that simplicity brings. But I would argue that complexity has been shifted from the toolkit to the toolkit user, who can opt to configure their specialized security policy. What mechanism is going to be used to verify these user-defined policies? It's unlikely the toolkit user's policy will receive the scrutiny that the open source community bestows upon the factory bits.
But I may not fully understand the capabilities of the security policy scheme. Perhaps, when using Gutmann's cryptlib, it is impossible for the toolkit user to configure an incoherent policy. In George Orwell's 1984, the Party worked to deconstruct the English language so that only 'legal' speech could occur. As designed, Newspeak would make illegal statements unspeakable --- and in time, unthinkable. I'm unconvinced that Gutmann's security policy scheme is such a controlled means of expression, where only safe security policies can be spoken. Granted, one could always use the predefined policies, but this path undermines a chief design goal of the architecture: a flexible security policy.
Notwithstanding my nitpicking about the policy, the security architecture chapter is a good example of how the book shines. Gutmann covers in detail his design process and chocks the chapter full of references for the reader's further study. In all, there are almost 700 reference listings, which consume 15% of the book's 320 pages.
The policy definition scheme is followed by a detailed discussion of the security kernel implementation. (The kernel is the policy enforcement mechanism, referred to earlier.) Like most of the book, the writing is as dense as most detailed architectural designs and sometimes sleep-inducing. But Gutmann's writing style is clear, concise, and sometimes funny. Gutmann's writing talent makes even descriptions of "Access Control List for public-key/certificate access" and "Access Control List for an attribute that triggers an object state change" endurable.
Verification techniques for the security architecture are a major theme of the book. Anyone who has attempted to verify that software does what it was specified to do, especially in the security field, will find Gutmann's insights worthwhile reading. This is especially true for anyone who has ever done a Common Criteria-based evaluation, or a verification employing any of its ilk. Gutmann makes an excellent point about the semantic pitfalls of formal methods: "As with ISO 9000, it's possible to produce an arbitrarily bad product but still claim it's correct, since it complies with the paperwork."
Cryptographic Security Architecture also contains the obligatory chapter on random number generation. The chapter includes more of Gutmann's trademark insights. He discusses many software and hardware implementations, including the generators contained in: PGP (Pretty Good Privacy), /dev/random, ssh, Capstone / Fortezza, Intel Pentium III, Microsoft's CryptoAPI, cryptlib, and others. Random number generation flaws abound. For example, he discusses the flaws in the ssh and SSLeay/OpenSSL generators that make it possible to "...suck infinite amounts of state information out of [the random number generators] by repeatedly connecting to the server..."
Towards the end of the book, Gutmann includes a dessert-like discussion of hardware encryption modules. Gutmann's predilection for security hardware is evident as he writes about problems with crypto on end-user systems. This chapter includes all sorts of cryptographic hardware including the designed-for-hostile-environments HiDan embedded PC. One interesting technique to secure modules like the HiDan is to pour a hardening material (e.g. epoxy) into the chamber before sealing it shut.
Regarding the book's construction, while the references are excellent, the glossary and index are poor. Even if you rely on external sources for acronyms, as the author suggests, some of his acronyms are not included in the glossary. For instance, it took me awhile to determine that CMP stood for Certificate Mismanagement Protocol. The index is also oddly incomplete, considering Gutmann's otherwise good documentation habits.
Conclusion I expected Cryptographic Security Architecture to treat the topic of security architecture in a general way, offering many alternatives for designers to ponder while designing their own security architecture. The book does this, but often Gutmann whittles down the prudent design options to one, with most paths arriving at a single destination, namely Gutmann's cryptlib. Don't get me wrong: It's good to be decisive when faced with many architectural tradeoffs, and the ugly alternative is all too often design paralysis. And it's no surprise that cryptlib, according to Gutmann, contains the best architectural elements - he is the author of both the book and the toolkit. Still, the homage to cryptlib often made me unsure that a wide spectrum of design options had been considered: Did the security architecture spawn the cryptlib implementation, or did the implementation spawn the architecture?To be clear, the strong points of the book (and concepts therein) far outnumber the weak ones, and I highly recommend it to anyone interested in security architectures, verification techniques, and cryptographic software and hardware in general. Simply put, the book is excellent and it should expand most reader's knowledge of cryptographic security.
You can purchase Cryptographic Security Architecture: Design and Verification from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Umm, if you can reverse engineer a security device, and by doing this, defeat the security of that device, then the device wasn't secure to begin with.
Okay, I'll put it another way. Everyone knows how to do DES. The math is quite well understood. However, this doesn't make DES any less secure. In fact, it makes it more secure, because people, due to the openness of DES, have been able to find flaws in the algorithm (such as weak key groups).
Now, in the case of the ATM, if an ATM is designed such that breaking the machine open is sufficient to nullify the bank's security systems, then the bank needs to rethink how it's ATM's work, as their system isn't truly secure.
Most of the people who have the foundation to understand how security principles work will have access to these concepts anyway. Or to put it another way: most of the people that only find this stuff out from books like these won't be able to apply what's here because they lack the necessary foundation.
I am more concerned about people in the know making easy to use software that automates cracking functions than I am about them writing books. In general, the books require considerable knowledge to apply. A tool kit that includes things like "function brute_force($num_characters_to_try, $ip_number, $port)" can be used by the same kinds of idiots who write viruses (which are usually generated by tools).
It's like with nuclear weapons. The basics of building a bomb are relatively well known (used to be available at the local library in some places). The problem is generating the enriched plutonium (requires a nuclear reactor).
Looks to be a good book. I'm planning on getting a copy ASAP ... no doubt the DMCA will censor this book (it has provisions against crypto technology) before too long. In these times of censorship and technological tyranning, I feel sad to be an American :-(
His criticism goes further to say that some security toolkits 'lack real security features altogether.' It comes as no surprise, then, that his recent book... is a 320-page paean documenting... his (own) security toolkit.
Wouldn't it be more helpful, not to mention better motivation to purchase his own security toolkit, if he were to go into more detail of what is wrong with other toolkits than just saying they 'lack real security features altogether.'
Why not write a short critique of other toolkits, ideally explaing advantages and disadvantages each one has..... or is this not supposed to be a book on Security in general, but just documentation on his own toolkit?
I suppose even if you don't want to buy his toolkit you can get ideas from reading about it.
But I may not fully understand the capabilities of the security policy scheme. Perhaps, when using Gutmann's cryptlib, it is impossible for the toolkit user to configure an incoherent policy. In George Orwell's 1984, the Party worked to deconstruct the English language so that only 'legal' speech could occur. As designed, Newspeak would make illegal statements unspeakable --- and in time, unthinkable. I'm unconvinced that Gutmann's security policy scheme is such a controlled means of expression, where only safe security policies can be spoken. Granted, one could always use the predefined policies, but this path undermines a chief design goal of the architecture: a flexible security policy.
Problem with this is that Managment who don't understand the software are often making the decisions, and that is why there are incoherent policies. Maybe if you have pre-defined policies to work with, all of which will work, then Management can choose from the pre-defined policy, resulting in much less hair pulling frustration to the admin.
Promote Sensitivity on Slashdot, make me your friend.
So how can I trust anybody's crypto code?
this may be true of algorithms, but you may still want to keep the implementation secret.
most practical attacks utilize flaws in the implementation, not the algorithms.
to use the atm analogy, most atms use hardware that is protected by anti-reverse engineering schemes such as X-ray detectors, temperature detectors (to prevent someone from freezing the memory cells - which can sometimes keep data around for up to several weeks!), and a +-ground mesh that has been potted in polymer resin. a short in any of the things will erase the keying material in SRAM.
in other words...alot of work and money has gone into keeping the hardware secure, not the kind of thing that is "open source"! altho the crypto algorithms themselves, as you have pointed out, are better served by having peer review and full disclosure.
Having not read this book, I don't know if the author addresses the issue, but one key potential weakness in many crypto systems is the math at the core of them.
Symmetric cryptography hardly suffers from any weakness in this area. Even an instant factorization or quantum computing would do little to change that.
Public cryptography on the other hand, must by definition rely on some mathematical relationship between the public and private key. Like e.g.multiplicationfactorization, but that is not the only option.
If some mathematician creates an easy way to factor large numbers (and they have been finding better and better ways to do this), then systems like RSA become vulnerable even if they use umpteen bits.
Not really. Say I have a trivial function like multiplication, which is theoretically O(1) (will take a little longer once you have a real bit-limited computer), while factorization is say O(N^2).
Now you invent a new O(N*ln N) factorization, or an O(N). Does it matter? Not really. You need a longer key, yes. But it's a finite improvement. Unless they can find a O(1) factorization, the system still works. And that, is very unlikely.
The only thing that has held promise of O(1) is quantum computers. But anything we've been able to make in a lab has about 10 qbits at most. I seriously doubt they can keep the quantum effects effective over the thousands of bits required.
Overall mathematics has hardly ever been the problem in any modern cryptosystem, there's literally dozens of them and I can't think of one remotely popular one that has been broken (except for CSS, but whoever designed and implemented that must have flunked out of any cryptography class...)
Kjella
Live today, because you never know what tomorrow brings
oh, sorry my bad. You're right I am an asshole.
Someday, I'll have a real sig.