root labs rdist

March 28, 2007

Mesh approach versus defense-in-depth

Filed under: Crypto,Network,Security,Software protection — Nate Lawson @ 3:04 pm

A commenter suggested by email that the mesh concept in my previous post is very similar to defense-in-depth. While they are similar, there are some critical differences that are especially important when you apply them to software protection.

Defense-in-depth comes from military history where a defender would build a series of positions and then fall back each time the enemy advanced forward through the first positions.   This works in security as well.  For instance, a web server may be run in a restricted chroot environment so that if the web server is compromised, damage is limited to the files in the restricted directory, not the whole system.

The mesh model, on the other hand, involves a series of interlocking checks and enforcement mechanisms.  There is nothing to fall back to because all the defenses are active at the same time, mutually reinforcing each other.  This concept is less common than defense-in-depth for network security use due to the difficulty of incorporating it into system designs.  However, it is extremely common in cryptography.

A block cipher, say AES, is a good example of a mesh design.  Plaintext data is encrypted with a 128-bit key and output as ciphertext.  Any good block cipher is designed so that even a 1 bit change in the key or plaintext will result in a 50% chance of a bit flip for each ciphertext bit.  This is called the “avalanche effect.” What does this mean for an attacker trying to guess the key by brute force to decrypt the data?  If he is incorrect by even 1 bit, on average half the plaintext bits will be incorrect.  Another way to state this is that incrementally guessing the bits of an AES key is useless since guessing 127 of the bits correctly still gives you no information about the 128th bit.

An attacker facing a defense-in-depth challenge can break down each wall in order, picking appropriate attacks for each wall.  He only has to be smart enough at any one time to compromise the next wall (i.e., O(n) where n is the number of walls).  However, for a system designed with the mesh model, the attacker has to compromise all the walls at the same time to compromise the system (i.e., O(2^n)).  This is a significant difference in effort.

Of course, the best approach is to use the mesh model plus defense-in-depth.  For example, a protocol designer that encrypts data with AES and performs integrity checking with SHA-256 HMAC (instead of an AES CBC MAC) is using defense-in-depth since a flaw in either algorithm or construction is not likely to affect the other.

2 Comments

  1. So is the logo of your blog loosely inspired by this particular idea, or just a coincidence?

    Comment by Jordan Wiens — March 28, 2007 @ 5:04 pm

  2. Coincidence, although I think it looks like something cool is happening, whizzing around and interacting with other things. ;-)

    Comment by Nate Lawson — March 29, 2007 @ 3:31 pm


RSS feed for comments on this post.

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 93 other followers