Cryptographic Defenses
On Guard
Cryptographic Defenses can be built with cryptographic primitives. However, Cryptography is only half the answer. The most secure encryption protocol can be bypassed if the system can be provoked or derailed to leak keys or secrets.
1. Humans make mistakes. If it is a methodological mistake, we can always correct them, but if it is ad hoc, there is no methodology to correct.
2. Government crypto certifications are questionable. Premature conclusion to draw from a single vulnerability. But this isn’t just a single vendor — it’s several vendors that all fell prey to the same well-known 20-year old vulnerability. Testing labs may miss them and not detect them.
Yet without certifications (e.g. FIPS), where vendors could freely implement snake-oil, honest vendors may make mistakes in their implementations of good algorithms — certifications at least ensure to meet a required set of test vectors and follow best security practices.
3. Huge number of products still use deprecated government standards. e.g. ANSI X9.31 (and its cousin X9.17) is 20+ years old. It’s been deprecated as of 2016.
Cryptographic Defenses1. A6 Defenses
2. Data And Security State Defenses
3. Mechanisms In Detection, Reaction And Recovery
4. Trusted Computing
5. Tracing…