What Is Security Engineering? – Security engineering is about building systems to remain dependable in the face of malice, error, or mischance. As a discipline, it focuses on the tools, processes, and methods needed to design, implement, and test complete systems, and to adapt existing systems as their environment evolves.
Security engineering requires cross-disciplinary expertise, ranging from cryptography and computer security through hardware tamper resistance and formal methods to a knowledge of applied psychology, organizational and audit methods and the law.
System engineering skills, from business process analysis through software engineering to evaluation and testing, are also important; but they are not sufficient, as they deal only with error and mischance rather than malice.
Many security systems have critical assurance requirements. Their failure may endanger human life and the environment (as with nuclear safety and control systems), do serious damage to major economic infrastructure (cash machines and other bank systems), endanger personal privacy (medical record systems), undermine the viability of
whole business sectors (pay-TV), and facilitate crime (burglar and car alarms).
Even the perception that a system is more vulnerable than it really is (as with paying with a credit card over the Internet) can significantly hold up economic development.
The conventional view is that while software engineering is about ensuring that certain things happen (“John can read this file”), security is about ensuring that they don’t (“The Chinese government can’t read this file”). Reality is much more complex. Security requirements differ greatly from one system to another. One typically needs some combination of user authentication, transaction integrity and accountability, fault-tolerance, message secrecy, and covertness. But many systems fail because their designers protect the wrong things, or protect the right things but in the wrong way.
What Is Security Engineering?
Security Engineering Example No1 : A Bank
Banks operate a surprisingly large range of security-critical computer systems:
The core of a bank’s operations is usually a branch bookkeeping system. This keeps customer account master files plus a number of journals that record the day’s transactions. The main threat to this system is the bank’s own staff; about one percent of bankers are fired each year, mostly for petty dishonesty (the average theft is only a few thousand dollars). The main defense comes from bookkeeping procedures that have evolved over centuries.
For example, each debit against one account must be matched by an equal and opposite credit against another; so money can only be moved within a bank, never created or destroyed. In addition, large transfers of money might need two or three people to authorize them. There are also alarm systems that look for unusual volumes or patterns of transactions, and staff are required to take regular vacations during which they have no access to the bank’s premises or systems.
The public face of the bank is its automatic teller machines. Authenticating transactions based on a customer’s card and personal identification number—in such a way as to defend against both outside and inside attack—is harder than it looks! There have been many local epidemics of “phantom with- drawals” when villains (or bank staff) have found and exploited loopholes in the system. Automatic teller machines are also interesting as they were the first large-scale commercial use of cryptography, and they helped establish a number of crypto standards.
What Is Security Engineering?
Behind the scenes are a number of high-value messaging systems. These are used to move large sums of money (whether between local banks or between banks internationally); to trade in securities; to issue letters of credit and guarantees; and so on. An attack on such a system is the dream of the sophisticated white-collar criminal. The defense is a mixture of bookkeeping procedures, access controls, and cryptography.
Most bank branches still have a large safe or strongroom, whose burglar alarms are in constant communication with a security company’s control center. Cryptography is used to prevent a robber manipulating the communications and making the alarm appear to say “all’s well” when it isn’t.
Over the last few years, many banks have acquired an Internet presence, with a Web site and facilities for customers to manage their accounts online. They also issue credit cards that customers use to shop online, and they acquire the resulting transactions from merchants. To protect this business, they use standard Internet security technology, including the SSL/TLS encryption built into Web browsers, and firewalls to prevent people who hack the Web server from tunneling back into the main bookkeeping systems that lie behind it.
We will look at these applications in later chapters. Banking computer security is important for a number of reasons. Until quite recently, banks were the main non-military market for many computer security products, so they had a disproportionate influence on security standards. Second, even where their technology isn’t blessed by an international standard, it is often widely used in other sectors anyway.
Burglar alarms originally developed for bank vaults are used everywhere from jewelers’ shops to the home; they are even used by supermarkets to detect when freezer cabinets have been sabotaged by shop staff who hope to be given the food that would otherwise spoil.
What Is Security Engineering?
Security Engineering Example 2: An Air Force Base
Military systems have also been an important technology driver. They have motivated much of the academic research that governments have funded into computer security in the last 20 years. As with banking, there is not one single application but many:
Some of the most sophisticated installations are the electronic warfare systems whose goals include trying to jam enemy radars while preventing the enemy from jamming yours. This area of information warfare is particularly instructive because for decades, well-funded research labs have been developing sophisticated countermeasures, counter-countermeasures, and so on—with a depth, subtlety, and range of deception strategies that are still not found else- where.
Their use in battle has given insights that are not available anywhere
else. These insights are likely to be valuable now that the service-denial attacks, which are the mainstay of electronic warfare, are starting to be seen on the Net, and now that governments are starting to talk of “information warfare.”
Military communication systems have some interesting requirements. It is often not sufficient just to encipher messages: an enemy, who sees traffic encrypted with somebody else’s keys may simply locate the transmitter and attack it. Low-probability-of-intercept (LPI) radio links are one answer; they use a number of tricks, such as spread-spectrum modulation, that are now being adopted in applications such as copyright marking.
Military organizations have some of the biggest systems for logistics and inventory management, and they have a number of special assurance requirements. For example, one may have a separate stores management system at each different security level: a general system for things like jet fuel and boot polish, plus a second secret system for stores and equipment whose location might give away tactical intentions. (This is very like the business that keeps separate sets of books for its partners and for the tax man, and can cause similar problems for the poor auditor.) There may also be intelligence systems and command systems with even higher protection requirements. The general rule is that sensitive information may not flow down to less-restrictive classifications.
So you can copy a file from a Secret stores system to a Top Secret com-
mand system, but not vice versa. The same rule applies to intelligence systems that collect data using wiretaps: information must flow up to the intelligence analyst from the target of investigation, but the target must not know which communications have been intercepted. Managing multiple systems with information flow restrictions is a difficult problem that has inspired a lot of research.
The particular problems of protecting nuclear weapons have given rise over the last two generations to a lot of interesting security technology. These range from electronic authentication systems, which prevent weapons being used without the permission of the national command authority, through seals and alarm systems, to methods of identifying people with a high degree of certainty using biometrics such as iris patterns.
The civilian security engineer can learn a lot from these technologies. For example, many early systems for inserting copyright marks into digital audio and video, which used ideas from spread-spectrum radio, were vulnerable to desynchronization attacks which are also a problem for some spread-spectrum systems. Another example comes from munitions management, in which a typical system enforces rules such as, “Don’t put explosives and detonators in the same truck.” Such techniques may be more widely applicable, as in satisfying hygiene rules that forbid raw and cooked meats being handled together.
It is important for the security engineer to develop sensitivity about the different nuances of meaning that common words acquire in different applications, and to be able to formalize what the security policy and target actually are. That may sometimes be inconvenient for clients who wish to get away with something, but, in general, robust security design requires that the protection goals are made explicit .
If You Like This Blog Please Comment Below
For More Hacking Content Click Here