Cryptographic engineering
Encyclopedia
Cryptographic
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...

 engineering
Engineering
Engineering is the discipline, art, skill and profession of acquiring and applying scientific, mathematical, economic, social, and practical knowledge, in order to design and build structures, machines, devices, systems, materials and processes that safely realize improvements to the lives of...

is the discipline of using cryptography to solve human problems. Cryptography is typically applied when trying to ensure data confidentiality
Confidentiality
Confidentiality is an ethical principle associated with several professions . In ethics, and in law and alternative forms of legal resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to...

, to authenticate
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...

 people or devices, or to verify data integrity
Data integrity
Data Integrity in its broadest meaning refers to the trustworthiness of system resources over their entire life cycle. In more analytic terms, it is "the representational faithfulness of information to the true state of the object that the information represents, where representational faithfulness...

 in risky environments.

Cryptographic engineering is a complicated, multidisciplinary field. It encompasses mathematics (algebra, finite groups, rings, and fields), electrical engineering(hardware design, ASIC, FPGAs) and computer science (algorithms, complexity theory, software design, embedded systems). In order to practice state-of-the-art cryptographic design, mathematicians, computer scientists,
and electrical engineers need to collaborate.

Below are the main topics that are specifically related to cryptographic engineering:

Cryptographic implementations
* Hardware architectures for public-key and secret-key cryptographic algorithms
* Cryptographic processors and co-processors
* Hardware accelerators for security protocols (security processors, network processors, etc.)
* True and pseudorandom number generators
* Physically unclonable functions (PUFs)
* Efficient software implementations of cryptography for embedded processors

Attacks against implementations and countermeasures against these attacks
* Side channel attacks and countermeasures
* Fault attacks and countermeasures
* Hardware tamper resistance
* Hardware trojans

Tools and methodologies
* Computer aided cryptographic engineering
* Verification methods and tools for secure design
* Metrics for the security of embedded systems
* Secure programming techniques
Applications
* Cryptography in wireless applications (mobile phone, WLANs, analysis of standards, etc.)
* Cryptography for pervasive computing (RFID, sensor networks, smart devices, etc.)
* FPGA design security
* Hardware IP protection and anti-counterfeiting
* Reconfigurable hardware for cryptography
* Smart card processors, systems and applications
* Security in commercial consumer applications (pay-TV, automotive, domotics, etc.)
* Secure storage devices (memories, disks, etc.)
* Technologies and hardware for content protection
* Trusted computing platforms

Interactions between cryptographic theory and implementation issues
* New and emerging cryptographic algorithms and protocols targeting embedded devices
* Non-classical cryptographic technologies
* Special-purpose hardware for cryptanalysis
* Formal methods for secure hardware

Major Issues

In modern practice, cryptographic engineering is deployed in crypto systems. Like most engineering design, these are wholly human creations. Most crypto systems are computer software
Computer software
Computer software, or just software, is a collection of computer programs and related data that provide the instructions for telling a computer what to do and how to do it....

, either embedded in firmware
Firmware
In electronic systems and computing, firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices...

 or running as ordinary executable files under an operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

. In some system designs, the cryptography runs under manual direction, in others, it is run automatically, often in the background. Like other software design, and unlike most other engineering, there are few external constraints.

Active opposition

In other engineering design, a successful design or implementation of one, is one which 'works'. Thus, an aircraft which actually flies without crashing due to some aerodynamic design blunder is a successful design. How successful is important, of course, and depends on how well it meets intended performance criteria. Continuing with the aircraft example, several World War I
World War I
World War I , which was predominantly called the World War or the Great War from its occurrence until 1939, and the First World War or World War I thereafter, was a major war centred in Europe that began on 28 July 1914 and lasted until 11 November 1918...

 fighter aircraft
Fighter aircraft
A fighter aircraft is a military aircraft designed primarily for air-to-air combat with other aircraft, as opposed to a bomber, which is designed primarily to attack ground targets...

 designs only barely flew, while others flew well (at least one design flew well, but its wings broke off with some regularity) though with insufficient agility (turning, climbing, ..., rates) or insufficient stability (too frequent inescapable spins and so on) to be useful or survivable. To a considerable extent, good agility in aircraft is inversely related to inadequate stability, so fighter aircraft designs are, in this respect, inevitable compromises. The same considerations have continued in more recent times, as for instance the necessity for computer 'fly-by-wire' control in some fighters with great agility.

Cryptographic designs also have performance goals (eg, unbreakability of encryption), but must perform in a more complex, and more complexly hostile, environment than merely high (but not too low) in the Earth's atmosphere under war conditions.

Some aspects of the conditions under which crypto designs must work (to be successful and so worth bothering with) have been long recognized. Sensible cipher designers (of which there were fewer than their users would have wanted) attempted to find ways to prevent frequency analysis
Frequency analysis
In cryptanalysis, frequency analysis is the study of the frequency of letters or groups of letters in a ciphertext. The method is used as an aid to breaking classical ciphers....

 success, starting, it must be assumed, almost immediately after that cryptanalytic technique was first used. The most effective way to defeat frequency analysis attacks was the polyalphabetic substitution cipher, invented by Alberti about 1465. For the next several hundred years, other designers also tried to evade frequency analysis, usually poorly, demonstrating that few had a clear understanding of the problem. What is probably the best known (and likely the widest used) of those attempts is the (misnamed) Vigenère cipher
Vigenère cipher
The Vigenère cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution....

 which is a partial implementation of Alberti's idea. Edgar Allan Poe
Edgar Allan Poe
Edgar Allan Poe was an American author, poet, editor and literary critic, considered part of the American Romantic Movement. Best known for his tales of mystery and the macabre, Poe was one of the earliest American practitioners of the short story and is considered the inventor of the detective...

 famously, and rashly, boasted that no cipher could defeat his cryptanalytic talents (essentially frequency analysis); that he was almost entirely correct about the ciphertexts submitted to him suggests a low level of cryptographic awareness some 400 (!) years after Alberti. As this history suggests, an important part of crypto engineering is understanding the techniques the Opposition may have available.

In addition, it has been explicitly realized since the mid-19th century that the Opposition must be credited with certain kinds of knowledge, lest one's design efforts address too little. Kerckhoffs' Law -- "The security of a cipher must reside entirely in the key", and the equivalent, and somewhat less obscure, Shannon's Maxim -- "The enemy knows the system", put it more or less clearly. A crypto design must achieve its goals (eg, confidentiality, or message integrity—see 'goals' in the article cryptography
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...

), not only despite active intelligent Opposition, but in spite of uncomfortably well informed Opposition.

Inherent zero-defect requirement

Many failures in cryptographic engineering are catastrophic. That is, success in breaking one message leads to reading all messages. Most cryptographic algorithms and protocols make certain assumptions (random key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...

 or nonce
Cryptographic nonce
In security engineering, nonce is an arbitrary number used only once to sign a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused...

 choices, for example), and when those assumptions are violated, all security is lost.

Examples: Netscape random bug found at UC Berkeley, Microsoft's PPTP protocol implementation problems found by Schneier.

Invisibility of most failure modes

Success in cryptographic engineering is unclear at best. Not crashing is a quite prominent sine qua non
Sine qua non
Sine qua non or condicio sine qua non refers to an indispensable and essential action, condition, or ingredient...

in aircraft design. Not allowing the Opposition access (to protected message traffic, for instance) is the design goal, but it is far less obvious when this goal has been achieved than in other engineering. Essentially no Opponents will ever make their access to message content public, and so neither designers nor implementors nor users of crypto systems will ever learn from them that their design is insecure. It is certainly irrational to count on Opponents as a quality control resource.

One tempting measure of security is 'I can't figure out how to break it, so I will assume Opponents will not be able to do so either'. This may be true, but there is no way to actually know your Opponents have the same limitations you do. In a modern environment, in which messages travel over public networks, it is not even possible to detect eavesdropping, much less to prevent it. Accordingly, most message traffic must be presumed to be entirely in an Opponent's possession.

Known cryptographic failures fall into several classes. Future failures may also, or may find new categories. Examples include:

Design errors:
  • cryptographic protocol errors
  • user operational procedure errors
  • algorithm implementation errors
  • associated system failures


User errors:
  • misunderstanding of correct operations
  • arbitrary user actions


Implementation errors:
  • programming errors (bugs)
  • precision arithmetic errors
  • random data errors
  • software library routine errors


Environment errors:
  • operating system insecurities with effects on cryptographic software (eg, keys retained in swap file data)
  • operating system insecurities with regard to plaintext
    Plaintext
    In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....

     access
  • operating system vulnerabilities (viruses, Trojan horse
    Trojan horse (computing)
    A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

    s, etc)


The effect of most of these will not be apparent to end users, generally not to the computer system's administrators, and often not even to the cryptographic system's designers. For instance, a buffer overflow
Buffer overflow
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....

vulnerability in an obligatory operating system component may not have been present in version 5.1 (used during crypto system testing), but appear only at version 5.3, available only after release of the crypto system. Or that particular vulnerability may have been removed in all operating system releases later than version 5.3, but the crytographic system is being used in this case with version 5.1.

The invisibility of many such errors makes finding and removing them more difficult than in many other kinds of engineering.
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK