NZ3438
## Chapter 1: What Is Security Engineering?
### Introduction
Security engineering involves designing systems to remain reliable despite malicious attacks, errors, or accidents. It requires a multidisciplinary approach, including knowledge of cryptography, computer security, hardware tamper-resistance, formal methods, economics, applied psychology, organizations, and law. This field emphasizes not only on error and accident prevention but also on defending against malicious actions.
Security systems often have critical assurance requirements, and their failure can have severe consequences, such as endangering human life, damaging economic infrastructure, compromising personal privacy, and facilitating crime. Effective security engineering involves understanding and addressing various types of protection requirements and ensuring that systems are safeguarded against threats.
### A Framework
Good security engineering combines policy, mechanism, assurance, and incentive:
1. **Policy:** Defines the security goals.
2. **Mechanism:** The tools and processes used to implement the policy, including ciphers, access controls, and hardware tamper-resistance.
3. **Assurance:** The level of confidence in each mechanism.
4. **Incentive:** The motivation for people to protect and maintain the system, as well as the motivation for attackers to breach it.
#### Example: 9/11 Terrorist Attacks
The success of the 9/11 hijackers in bringing knives on planes was due to a policy failure, not a mechanism failure. At the time, small knives were allowed, and screeners were focused on keeping guns and explosives off planes. Since then, policies have evolved, but many policy choices remain poor due to incentives that favor visible controls over effective ones.
### Example 1: A Bank
Banks utilize a variety of security-critical systems:
1. **Branch Bookkeeping System:** Records customer accounts and daily transactions. Main threats include internal staff dishonesty.
2. **Automatic Teller Machines (ATMs):** Authenticate transactions using a customer's card and PIN, facing threats from both external and internal attackers.
3. **Bank Websites:** Used for online banking, recently targeted by phishing attacks.
4. **High-Value Messaging Systems:** Used for transferring large sums of money and trading securities.
5. **Bank Branches:** Physical security relies on alarm systems, as physical facades provide little real protection.
### Example 2: A Military Base
Military systems are diverse and include:
1. **Electronic Warfare Systems:** Aim to jam enemy radars while protecting one's own.
2. **Military Communication Systems:** Often require covert communication to avoid enemy detection.
3. **Logistics and Inventory Management:** Separate systems at different security levels.
4. **Nuclear Weapon Security:** Involves advanced authentication and biometric identification systems.
### Example 3: A Hospital
Hospitals have unique protection needs:
1. **Patient Record Systems:** Must ensure privacy and implement strict access controls.
2. **Anonymized Patient Records:** Difficult to achieve without compromising research usability.
3. **Web-Based Technologies:** Introduce new assurance challenges, such as ensuring the integrity of online medical references.
4. **New Technologies:** Present risks that may not be fully understood, such as reliance on internet-based systems for critical operations.
### Example 4: The Home
Homes also use security systems:
1. **Web-Based Banking and Medical Records Access:** Increasing reliance on secure online systems.
2. **Car Immobilizers:** Use cryptographic challenges to prevent theft.
3. **Mobile Phones:** Employ cryptographic protocols to prevent cloning.
4. **Satellite TV and DVD Players:** Use cryptographic mechanisms to enforce subscription and region restrictions.
5. **Prepayment Meters:** Use smart cards for utility payments.
6. **Home Security Systems:** Increasingly rely on encrypted communications with security companies.
### Definitions
Key terms in security engineering:
- **System:** Can refer to a product, component, organizational infrastructure, applications, IT staff, users, or customers.
- **Principal:** An entity participating in a security system, which can be a person, role, piece of equipment, or communication channel.
- **Identity:** Correspondence between names of principals.
- **Trust and Trustworthiness:** A trusted system can break the security policy if it fails; a trustworthy system will not fail.
- **Confidentiality, Privacy, and Secrecy:** Confidentiality involves protecting another's secrets, privacy protects personal information, and secrecy limits access to information.
- **Vulnerability, Threat, and Security Failure:** A vulnerability can lead to security failure when combined with a threat.
### Summary
Security engineering requires understanding the complex interplay between policy, mechanism, assurance, and incentive. It involves designing systems to be resilient against a variety of threats and understanding the nuanced meanings of key terms. Robust security design demands explicit protection goals and a comprehensive understanding of past failures and successes.