Security is Mathematics

<i>If you want someone to understand security, just send him to a university mathematics department for four years.</i><p>This is a testable assertion.<p>I've met a bunch of people in data security in the last few years. In fact, I do know one with a math degree and he's very sharp.<p>But I still think the premise is ridiculous. Math proofs are tall towers of lemmas and theorems existing in an insulated universe.<p>Logical and rational thought are critical, yes, but in real world security you must be very careful not to build your towers that high. Instead you need a defense-in-depth strategy, one which assumes at least some of your assumptions are going to be violated on a regular basis.<p>Seen in a crypto paper:<p>* An attack on [cryptographic primitive] A implies an attack on [cryptographic primitive] B.<p>* B is not the subject of this paper.<p>* Therefore, A is proven secure.

I would argue the opposite: The "security is mathematics" mindset leads to overall system designs that are often less secure. How? The mathematically inclined security experts fail to incorporate (mathematically fuzzy) human factors such as usability and carelessness.<p>Typical example: Require users to change a password once/month and there's a maximum of one month's time when a password thief has access to an account. True enough. So what do users do (and let's thrown in a requirement for at least one capital letter, at least 1 digit, at least one symbol, 9 character minimum)?<p>Month 1: Charlie1!<p>Month 2: Charlie2!<p>Month 3: Charlie3!<p>Month x: Charliex!<p>Meanwhile, formulations for password security that strike a reasonable balance between security and usability (and thus actually get used) are rejected immediately because of mathematical edge cases.<p>Here's my formulation for a balanced security approach for home users:<p>"Use a password manager to assign unique, random 15 character passwords for all accounts, protecting them with a strong master password."<p>I can think of quite a few edge cases where this system will fail. Keystroke logging is the most obvious. In actual practice, there has not yet been a case of a password database being breached due to keystroke logging the master password (at least not among the market-leading password managers).<p>In actual practice, taking into account human factors, this system is more secure than that practiced by the vast majority of end users. And far more secure than rotating Charliex! passwords.

Since the article references Bruce Schneier, he gave an interesting TED talk where he once again describes the usability/security tradeoff and how humans are very poor (because of hardwiring) perceivers of risk. This might also be why one needs to be "trained" to get a security mindset.<p><a href="http://www.ted.com/talks/bruce_schneier.html" rel="nofollow">http://www.ted.com/talks/bruce_schneier.html</a>

There are so many instances where non-mathematical variables play an important role in authoring security conscious code. Yes, most security issues arise from not checking edge cases, but you have to know what they are. Mathematics will surely adapt you into thinking about this practically, but it will never teach this.

Dupe: <a href="http://news.ycombinator.com/item?id=2222191" rel="nofollow">http://news.ycombinator.com/item?id=2222191</a>

Nope. Security is primarily social science and engineering. Mathematical training can help [and of course is crucial for areas like cryptography] but it's far from the only way to get a security mindset.

Well, he's basically correct — unwarranted assumptions create security holes. But the people commenting here that usability problems create security holes are also correct. If you have a system with no usability problems and no unwarranted assumptions, is it therefore secure? Or are there other ways that security holes arise?

Its a weak counterargument to Scheiner's. The ability to think logically (one example of which is writing proofs though I think writing good code requires it as much) is no protection against attacks you don't know exist. If we knew exactly how security systems could be broken then building an unbreakable protocol would just require thinking about how to satisfy a bunch of constraints (which mathematicians and computer scientists are trained to do). But, in addition to being resistant to known attacks, a new security protocol should be stress tested by trying to think of new attacks that could break it. Most university courses on security don't emphasize this way of thinking. That's all Scheiner is saying. This guy doesn't mention anywhere how a math degree trains you to do that.

And this is why I trust my files with this guy.

Interesting read. Falls into what I feel is a mindset mastery. Some individuals are just good at some things for whatever reason. As an example the best software testers I know have an almost instinctive ability to find obscure bugs.<p>No idea what can get you to land in this zone (training or otherwise) but if you do fall in one you tend to be very good at whatever it is your brain is wired for.

Is this a joke? Navel gazing and patting one's self on the back in one post. This makes it to the front of HN?<p>I guess he might be on to something. Every philosopher I have ever read has always treated assumptions in a willy-nilly matter. Not to mention any decent legal opinion.<p>Good security requires critical analysis. The same thing can be said for jurists, inventors, supply-chain logistics...etc.<p>What a surprise the math guy thought math people have such insight. What's that saying about carpenters and their hammers? At least carpenters don't go around telling everyone that everything is a nail...

Security <i>is</i> mathematics.<p>People just occasionally don't use the system correctly: that isn't the fault of the system (in terms of security).