Performance Security

Performance Based Technical Security Model

The Architectural Paradigm And Its Implementation Within Large Organizations

By Roy D. Follendore III

May 13, 2005

Almost anyone who is willing to take the time to truly understand the dynamics and consequences of security is capable of understanding that it is a complex and powerful idea. Technical security can act as a positive influence with respect to organizations reaching their internal goals, or it can be a determent. It can be implemented in ways that make data, information and knowledge more valuable or it can make them valueless. Security is not simply about the state of secretly knowing when others do not, it is also about the legitimacy, the confirmation of certainty, the appropriate delegation of accountable responsibilities and authority as well as a myriad of other management and command and control transactions. Technical security is also about the act of reaching organizational consensus, with respect to the application of technical security as well as its implementation. Just as there are operational costs to implementing technical security incorrectly, there are also organizational costs with respect to the way that technical security comes becomes implanted.

Those individuals who are chosen to be architects of technical security solutions within such situations are not mathematicians or logisticians and engineers but agents of change. This is because an honest appraisal of what technical security is actually more about the positive aspects of enabling communication rather than disabling communication. New technical security architectures induce organizational change and changes the way in which human beings operate with respect to each other. It is for these reasons that security system architectures must be flexible, scalable and perhaps most importantly coherent for without these things they become processes perpetrated upon the organization as opposed to acts of consensus which allows organizations to change. If Marshall McLuhan, the expert who wrote monumental works concerning the philosophy of technical communication, were alive today, he would undoubtedly say that security is about content, not the pipe through which the media content flows.

When organizations define their requirements for technical security, they do so with respect to the statutes and policies that govern them. In the larger sense, it is through this mechanism that security is essentially ordained to exist by proxy rather than through internal consensus. Within Federal Agencies for instance, the technical solutions often comes from legislative mandates which are handed down through National Security Agency (NSA) definitions and standards which state the technical requirements for certain types of certified systems. The upshot of this kind of implementation involves a cookie cutter approach to technical security design because such approaches tend to make it easy for organizations to decide when, where, how and why technical security systems are necessary. While this may be beneficial to the decision for the decision to create and manage technical security, there are certain drawbacks which lead to a reluctance to create and apply systems in ways that could be more beneficial. In this sense, security tends to be considered in terms of parochial secrecies instead of as organizational opportunities that can match the charter and capabilities of the organization for which it should serve.

Because traditional security policies have been largely unaccountable with respect to cost benefit ratios of economics over the life of systems, a coherent security metric is necessary in order to maintain pointers to what are necessary within budgetary, planning, and staffing. Because creation and maintenance of secrecy with respect to message content is very costly, the basis of effective and sustainable security becomes a matter of economics. Sustainable security means that the application of secrecy must remain economically justifiable as well as politically viable. This in turn means that secrecy must leverage value which can be functionally defined as verified rather than operating through economic values which are simply specified. Because of this, the ultimate economic purpose of security is that of performance. The purposeful use of cryptography are therefore based on organizational and individual performance measures which should be considered at periodic intervals in the same way that all other fiscal responsibilities are considered.

The benefits of establishing and maintaining responsible departmental accountability with respect to technical security are many.

The security expertise of organizations becomes fully vested within the operational requirements and objectives of the organization. This means that technical security decision making no longer takes place simply as a supportive afterthought.

Performance based accountability of technical security promotes the incentive for a positive organizational atmosphere of risk acceptance as opposed to risk avoidance. Instead of biasing technical security solutions strictly on the notion of cryptographic technologies as a disabler of performance opportunities, the concept of security becomes that of an investment in enabling performance opportunities through cryptographic technologies.

The nature of security is also transformed. Performance based security engages the philosophy of technical security, transforming it from a hermitically sealed bubble with point to point armored pipes carrying unquantifiable capsule payloads, to an accountable system where cryptography is a functional part of multilevel content control. Accountable content based security measure deliver all kinds of opportunities for better command and control of organizational resources, particularly within those field environments that are rapidly and constantly changing.. Within such situations, the Dr, W. Edwards Demming concept of ‘just in time’ manufacturing with respect to the delivery and receipt of command, control authority delegation and knowledge become applicable. Essentially accountable security will boil down to extending opportunities for transforming far more degrees of transformational freedom with fewer resources and greater feedback for command and control. The technological media currently exists that can handle this but the traditional security philosophy does not.

Until security systems which use cryptography are accountable to their performance there can be little incentive within organizations to generate requirements statements that accurately reflect the true needs of their organization. This means that innovation from the perspective of security can be constantly evaluated with respect to the operational playing field.

What exactly are specific architectural standards with respect to cryptography that would allow this entire philosophy to take place? There are example aspects of cryptographic architecture that tend to lend themselves to the perspectives that I have just discussed.

When and where possible, all computer content should be managed and monitored 24/7 in real time by a certifiably accountable organizational central authority and/or their duly appointed representatives who are responsible for the proper implementation of cryptography.

Wherever possible, key creation and management of encryption should jointly be managed by both the end user and the central authority of the organization.

Cipher text keys and first order initialization vectors should not exist when not in use. The sensitivity of storing and maintaining static keys is far higher than that of maintaining the means of generating appropriate keys. By cryptographically protecting and controlling the means by which authorized users are able to generate on the fly, we can reduce the potential of sensitive keys being inadvertently or intentionally discovered.

The “story” of keys with respect to content, as well as the stories necessary for the generation of keys should be cryptographically authenticated, and tracked throughout their period of life. These stories can be tracked such that the performance of the ‘organizational footprint’ can be traced and better managed.

Cryptographic keys should be given a life expectancy period with respect to users and content. In this way keys become practical organic concepts rather than static perpetual ideals. Obsolescent knowledge that induce organizational error can be eliminated, supplemented and/or refreshed.

Content cipher text keys should not be reused. While this may be a standard policy, it is typically not verifiable or validated one that can be certified in real time. Technical mechanisms can exist whereby self verifying and validating key creation and management processes can exist and it must be built into appropriate concept of failure modes. This has all kinds of potential positive performance implications for the use of cryptographic solutions that have little or nothing to do with secrecy or security.

Session keys, initialization vectors and key tokens should be managed by an operational representative of the central authority of the organization. The idea is to promote the concept of a technical security professional as part and party of the operational line. This in turn will mean that tools must be created for graphically making it possible for new classes and patterns of content based technical security transactions to rapidly occur.

Encryption must be capable of fine grain multilevel encryption involving the use of multiple cryptographic algorithms. This means that the content boundary between the differentiation of secure messages and documents disappears, and the potential for content and routing errors can be centrally managed and regulated within cooperative group environments. At the same time a degree of accountable personal privacy for trusted individuals becomes affordable.

Need to know is important precept but the ability to properly route and reroute encrypted messages should not depend on need to know. Content that contains vital data, information and knowledge must be kept associated both through artificially intelligent automation and manual user methods and processes. This not only shall promote improved organizational and individual performance but will have the propensity for possibly generating new information and knowledge through content associations that can not be predetermined.

The users need to know should be monitored and managed and verified in real time in context with the content of enciphered documents and messages. The notion of command and control can be boiled down to the concept of appropriate delegation of authority and responsibility with respect to context. Within the context of individual communication this is essentially determined by the notion of need to know. The more immediate the ability of management to deliver content based on need to know, the stronger and more precise its ability becomes to supervise and manage user assets.

These are merely a few specific measures that can be successfully embedded within the fabric of technical security mechanisms but they are not the soul of the system. I hope that by reading this you depart with a feeling that technical security and it’s underlying mechanisms of cryptography are capable of far more than is currently being expected of them. Technical security is essentially a social process.

In the final analysis, it is important to keep in mind that technology does not care if it functions, people do. To make technology work for us and to provide new opportunities we must be willing to come to terms with the fact that the potential benefits of a technical security solution set become fixed the moment that a specific matrix of engineers and managers come to the bargaining table to reach organizational congruence. We can make information security the limiting factor of our organizational societies or the enabling factor.

The implementation of technical security is about the organizational acceptance of risks vs. opportunities and benefits. Underlying cryptographic technologies are malleable if architects are given the chance to map it properly to our best organizational philosophy but they can also be rigid and brittle if the design and implementation of cryptography is simply defined in terms of a standard. This too should be an integral part of the risk benefit equation. In the end it should be the vision of the security we choose and not merely the mathematics of cryptographic algorithms which determine our organizational fate.

.