Focus on 4 concepts of computer security
We often hear that no system is infallible. It depends on what we're talking about...
We often hear that no system is infallible and that hackers will always find a loophole to exploit. The idea of this article is to explain to you why you should be careful with these kinds of claims and why you can really trust certain systems.
There are 4 security objectives:
- data confidentiality (the fact that an unauthorized person cannot read the data);
- data authenticity (being able to guarantee that the data comes from a particular person or entity);
- data integrity (the fact that the data cannot be modified);
- data availability (the fact that the data is always accessible when the user requests it).
Any computer attack aims to harm one or more of these 4 objectives. Depending on the context, some objectives will be more secondary than others. For example, the availability objective is not always very critical. If your Fnac account is no longer accessible for a few hours (unavailability), this will not have much impact on your life (although it will have potentially a high impact on their business). If your postal address is replaced by a poem in the Fnac database (non-integrity), you won’t make a big deal out of it either. But if UpSignOn leaks your passwords (non-confidentiality), you will come and complain.
So here are 4 security concepts or models to know and distinguish.
Logical security
Logical security is based on algorithmic rules. Access to this or that resource is only authorized for a user with sufficient rights as recorded in a database. In the event of a bug, this security may be compromised. An administrator can modify the rights simply. In short, this security relies on trust in developers and administrators. Anyone with sufficient rights can compromise this security, and logical errors that could compromise security can quickly occurr.
Cryptographic security
Unlike logical security, cryptography makes it possible to guarantee certain properties which cannot be modified afterwards, including by someone who has full access to the system. These properties are most often mathematically provable. Cryptography is used today in many areas, from the most strategic - defense, industry, information technology - to the most personal, with the protection of privacy. It secures the transmission of messages, which are unintelligible to a third parties.
Cryptography is the set of mathematical algorithms that guarantee the confidentiality, authenticity and integrity of data (encryption, hashing and digital signature).
Note that cryptographic security is based on the fact that with current mathematical knowledge, it would in practice take millions of years of calculation, even if all the computers in the world were combined, to break a protection. So no one will ever achieve this in real life unless they obtain the cryptographic key by other means.
Implementation errors can be made by the developers who code these cryptographic algorithms, but as the stakes are high, the algorithms in question are constantly reread and challenged by expert researchers. Only governments or large scale organizations can possibly discover and exploit vulnerabilities in these algorithms.
UpSignOn obviously makes extensive use of cryptographic algorithms.
Zero-trust principle
A zero-trust system is designed under the assumption that the hacker will succeed in gaining full administrator rights (or that an administrator will become hostile). Even under these conditions, this would not be sufficient to allow him to extract sensitive data. In other words, the only person you can trust is the owner of the data. Any other person is considered hostile. If the system is designed like this, you can trust it. Of course, most UpSignOn features are designed following this principle.
Zero-knowledge principle
A zero knowledge design aims at not giving any personal information to the publisher or administrators in plain text. The only data sent to the server is completely encrypted and unusable. For example, the UpSignOn application does not send any email address to the UpSignOn server to operate personal vaults. Even we, the publisher, don’t know our users! So there is simply nothing to steal from our servers.
Conclusion
Logical security is weak, although it is necessary in many cases and widely used. The ideal is to design zero-knowledge and zero-trust systems (which will most often rely on cryptography) to guarantee that no data leak is possible (which does not mean that a hacker cannot harm in any other way, for example by paralyzing the system).
Remember the idea that just because the press announces that an attack is in progress does not mean that your data will necessarily leak. It’s also not because some data has leaked that all your secrets have been leaked. It is also possible for encrypted data to leak, but this would not be a problem if the system was designed following the zero-trust principles.