China
Africa
Explore chapters and articles related to this topic
Philosophy of Security Engineering
Published in Diane P. Michelfelder, Neelke Doorn, The Routledge Handbook of the Philosophy of Engineering, 2020
A key debate, particularly prominent in information security, is whether security designs should be made public or kept secret. In cryptography, the so-called Kerckhoffs principle (Petitcolas 2011) states that the security of a cryptographic algorithm should not depend on the algorithm being kept secret. Instead, a secret cryptographic key is used as input to the algorithm. In cryptography, but also in other areas of security, keeping designs secret is referred to as “security-by-obscurity”. Whether or not obscurity contributes to security is subject to debate (Pavlovic 2011). On the one hand, like in breaking other security measures, adversaries will (at least initially) need to spend effort to discover the secret design. On the other hand, security mechanisms that rely on secrecy carry the risk of becoming useless when the design becomes public. Being transparent about security has another benefit: it enables users to take security into account when choosing a product or service. This prevents information asymmetry leading to a so-called market of lemons, which would be dominated by less secure but cheaper offerings (Anderson 2001).
Introduction
Published in Jonathan Katz, Yehuda Lindell, Introduction to Modern Cryptography, 2020
That is, an encryption scheme should be designed to be secure even if an eavesdropper knows all the details of the scheme, so long as the attacker doesn’t know the key being used. Stated differently, security should not rely on the encryption scheme being secret; instead, Kerckhoffs’ principle demands that security rely solely on secrecy of the key.
A quarter century of usable security and privacy research: transparency, tailorability, and the road ahead
Published in Behaviour & Information Technology, 2022
Christian Reuter, Luigi Lo Iacono, Alexander Benlian
Interestingly, the first thoughts in the direction of explicitly considering users in the design and development of security mechanisms were expressed much earlier. When the Dutch-born linguist and cryptographer Auguste Kerckhoffs published two journal articles on ‘La Cryptographie Militaire’ in 1883, he listed six principles for the development of military ciphers in the first article (Kerckhoffs 1883). What is known as the ‘Kerckhoffs’ principle' is an excerpt from the six principles according to which a cryptosystem should be secure even if everything about the system, except the key, is publicly known. A less known fact is that in his sixth principle, he states that ‘given the circumstances in which such a system is applied, it must be easy to use and must neither stress the mind nor require the knowledge of a long series of rules '. It took more than 100 years for this principle to be rediscovered in computer security research on usable password security. The same is true for the security principles proposed by Saltzer and Schroeder (1975). Amongst ‘Psychological Acceptability’, two aspects are important to achieve end users' acceptance of protection measures: (i) user interfaces that promote usability, and (ii) congruence between internal system mechanisms and users' mental models. The latter is indispensable and at the same time difficult to achieve, as there is often no self-evident mental representation for the complex concepts of technical protection mechanisms, as they do not exist in the physical world and therefore cannot be experienced, such as key pairs or public key certificates.