Cryptologic Management Philosophy

Why the way that we manage cryptography affects our abstraction.

by Roy D. Follendore III

March 16, 2006

Let us assume that the principle purpose of security is not secrecy.

Therefore it is to be assumed that the principle purpose of cryptography is not secrecy.

We shall assume that cryptologic functions can and should be used to improve the performance of communication and not just to restrict communications. Such logical aspects as randomizations, XOR and NOR, authentication techniques, and cryptologic algorithm processes are simply tricks in the security designers toolbox that are there to be used or not used with respect to the philosophical objectives. These tools constantly change and depending on the application become subroutines that are increasingly complex and abstract.

The way that we choose to abstract the problem of cryptography in designing systems is a real modern problem that we must face. A typical technical expert who spends his/her day coding could easily spend a career on a single aspect of cryptography but would not be able to explain how his techniques should be deployed. There is evidence that organizations have not been interested in the design and development of the potential benefits of security as much as it has been interested in the power that goes into exploiting the authority of security.

From a scientific perspective, the patterns in which we choose to design and deploy these techniques may be regarded in terms of a forensic problem. (By choosing to do this, we expect that… or by ignoring this, we do not consider that important.)

In this way it becomes possible to build up a self understanding of what we have and have not been objectively been willing to deal with within our security philosophy. Cryptography is in itself a symbolic abstraction for it is in this self analysis that we need to pay particular attention to the True reasons why these systems that exist.

Self realization is the starting point. To be designers of cryptographic security systems we must first consider ourselves as communications analysts. Installing cryptography without regard to the performance objectives of communications is the same as randomly closing down access to satellite telecommunications in order to improve the bit error rate.

Why does this happen?

Consider the implications of the various ways that we can abstract the applications of cryptography. The bias that is put on each of these directly affects the qualities and capabilities of the resulting cryptologic design.

An abstraction is an idea, concept, or word which defines the phenomena which make up the concrete events or things which the abstraction refers to, the referents.
en.wikipedia.org/wiki/Abstraction
Sociological Abstraction refers to the varying levels at which theoretical concepts can be understood. This idea is very similar to the philosophical understanding of abstraction. There are two basic levels of sociological abstraction: sociological concepts and operationalized sociological concepts.
en.wikipedia.org/wiki/Abstraction_(sociology)
Abstraction in mathematics is the process of extracting the underlying essence of a mathematical concept, removing any dependence on real world objects with which it might originally have been connected, and generalising it so that it has wider applications.
en.wikipedia.org/wiki/Abstraction_(mathematics)
In computer science, abstraction is a mechanism and practice to reduce and factor out details so that one can focus on few concepts at a time. It is by analogy with abstraction in mathematics. The mathematical technique of abstraction begins with mathematical definitions; this has the fortunate effect of finessing some of the vexing philosophical issues of abstraction.
(voir Abstraction) (A) A concept or generalisation specifying only the features that are significant for a precise goal. (B) The fact of considering an essential element independently from the others accessory of a whole, an operation consisting of mentally representing an object in separated pieces from its concrete reality; a mental process of reasoning resulting from facts, operations and preceding processes.
www.erudium.polymtl.ca/html-eng/glossaire.php
the describing of objects by defining their unique and relevant characteristics (properties). Whilst an object may have 100s of properties normally only those properties of importance to the situation are described. (eg life policies premiums are normally important; whereas the time of day a policy was purchased is not usually of value).
www.managingchange.com/object/principl.htm
en.wikipedia.org/wiki/Abstraction_(programming)
The creation of a view or model that suppresses unnecessary details to focus on a specific set of details of interest
www.amscitech.com/_common/_topics/UML/glossary.htm
Simplification or alteration of forms, to present the essence of the object people or places.
www.irvingisd.net/macart/glossary.htm

The essence of sociology, uniqueness, levels, independence, modeling, reasoning, logic, rationality, mathematics, events and convergence are all part of the process of cryptologic abstraction. Cryptographic abstraction is ultimately a process of reductionism but the problem is that reductionistic engineering management can not manage reductionistic cryptologic design.

Each of these definitions represents remarkably different aspects of thinking and they each imply the potential of different resulting problems in their outcomes. Once again, within the explicit technical design is therefore important to understand the ‘intellectual chemistry’ of the cryptologic design process. A random group of security cryptologic designers who walk into a room to produce a security product change the way in which decisions are made.

.