Reliability Analysis for Communication Security
- 608 Downloads
We compare a secure communication system with a machine and the cryptographic key with the key component in the machine. A key theft allows adversary to compromise communication security. Therefore, key thefts are comparable with key component failures which stop the machine from working properly. When a stolen key is replaced by a new key, the compromised secure communication system will reinstate its security status. The machine will return to work once the failed key component is repaired. There is a strong connection between the reliability model of a machine and the security model of a secure communication system when adversary could obtain the key. In this chapter, we use reliability engineering theory, the theory widely used to characterize the performance consistency of various engineering systems, to evaluate reliability of communication security. The analysis produces counter intuitive results. Firstly, we demonstrate that a common security practice, “change password once three months”, provide little help to protect users’ accounts from password thefts. In fact, all the periodic key update schemes have an inherent limitation that prevent them from promptly replacing the stolen key. The analysis suggests that the existing digital certificate system, the digital ID system of the Internet, might be unreliable and provides a false feeling of security in a significant portion of time. On the other hand, reliability analysis finds that dynamic key updates could be an effective countermeasure to key thefts and improve the availability of communication security. Secondly, the typical design of two-factor authentication systems that uses an electronic security token and a password in authentication cannot provide security in a consistent manner. Reliability analysis shows that this typical system design aims to delay the first time of security breach instead of maximizing the availability of security and the speed that the system recovers from key thefts. We could use two dynamic keys to construct a two-factor authentication system and achieve superior security performance than this typical design.