Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Embedded

Electronic security: In transit

Posted: 10 Nov 2014     Print Version  Bookmark and Share

Keywords:tampering  OSI Model  networking model  network layer  transport layer 

There is one way to absolutely, positively guarantee that someone will receive a message intact, unadulterated, authenticated, and observed by no unauthorised party. Just copy the message to a physical medium, lock it in a sturdy briefcase, handcuff the briefcase to your own wrist, and board a plane. Best of luck at the security gate.

When you arrive at your destination, remove the briefcase from your wrist, unlock it, and present the message to your intended recipient. You can be assured that nobody else has seen it. Your recipient can be assured that the message is authentic. While you are there, find a comfortable meeting room and discuss the contents of the message, the weather, Italian restaurants—whatever you like. You have a little time before your flight home.

Use any other method for transmitting a message, and your message is at risk. Someone may intercept it and discover its contents. Or intercept your message and substitute it with one of their own. Or, intercept your message and block its transmission.

These three threats—disclosure of a secret message, alteration in transit, or blocking its transmission entirely—are the primary threats to any secure system. Protecting against these threats form what is known as the "CIA Triad."[1] The term has nothing to do with the U.S. Central Intelligence Agency. Instead, the letters stand for Confidentiality, Integrity, and Availability. Any secure messaging system must protect confidentiality, provide integrity, and always be available when needed.

The problem is this: any time you employ a medium to transmit your message, you lose control, however temporarily, of that message. Write a letter, send an email, make a phone call. As soon as the message leaves you, you have relinquished control of it. We understand in theory that someone might intervene to take our message, but do we really care?

We now know that many of our electronic messages are at risk of routine, low-level snooping. And it is not just governments that do this. Businesses are archiving email messages, and some are routinely scanning inbound and outbound email to ensure that corporate secrets remain secret. Even if it is surprising, none of this is necessarily a nefarious thing.

But the time will come when each of us has news that we want to keep private. It is then and there that we care strongly about security. But in fact, the time to think about security is before you need it.

This article is the third part in a series on electronic security. In Part 1 we discussed the basic definition of security, when physical locks are less important than logical and virtual "fences." In Part 2 we dissected the meaning and processes of tampering.

In this article we do not look at the specific cryptographic algorithms involved in electronic security. We assume, until proven wrong, that properly implemented instances of (for example) AES for encryption and ECDSA for signatures are sufficiently robust to deter essentially all potential opponents.

Instead, here we examine security in transit; we assess the "chain" that links the various parts of a secure message path.

Understanding the networking model
Before we delve into system security, we need to understand the network itself.

In the early 1980s, standards organisations created what became known as the Open Systems Interconnection Reference Model (the "OSI Model")[2]. In this model, data networks were seen as a collection of seven layers, ranging from the physical layer of wires and radio signals at the bottom to the user application at the top. The concepts embodied in the model have proven extremely useful and help us understand what is happening at any point in the journey that a message takes from sender to recipient.

To simplify the discussion, we can condense the seven layers into just four, ranked from bottom to top[3]:

The physical and data link layer. This layer is how a network-connected device talks and listens over the physical medium. For example, in a digital radio system this layer would control when the station can transmit; what transmit power, frequencies, and modulation schemes may be used; what packet structure must be used; and how to address other stations that can be directly contacted.

1 • 2 • 3 • 4 Next Page Last Page

Comment on "Electronic security: In transit"
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top