Beta Phase: Square45 is currently in beta testing. Expect some features or content to be incomplete or missing.
45

Network Security

Field: Information Security

The policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.

Sequence of Expressions

Let UU be the user, AA be the authenticator, and SS be the shared secret key. Define the authentication protocol Auth(U,A,S)\text{Auth}(U, A, S) as a challenge-response mechanism. The protocol verifies identity if and only if the response RR generated by AA to a challenge CC satisfies the condition: Verify(C,R,S)=True\text{Verify}(C, R, S) = \text{True}, where Verify\text{Verify} is a function that confirms RR is derived from CC using SS, and Pr(Verify(C,R,S)=TrueA is not U)0\text{Pr}(\text{Verify}(C, R, S) = \text{True} | A \text{ is not } U) \approx 0.
Define a cryptographic hash function H:DataDigestH: \text{Data} \to \text{Digest}, where Data\text{Data} is the input message space and Digest\text{Digest} is the fixed-size output space. For a transmitted message DD and its calculated checksum C=H(D)C = H(D), integrity is verified by receiving DD' and recalculating C=H(D)C' = H(D'). The message is deemed unaltered if and only if C=CC' = C.
Define the encryption algorithm Enc:(P,K)C\text{Enc}: (P, K) \to C, where PP is the plaintext, KK is the key, and CC is the ciphertext. The algorithm must be paired with a decryption function Dec:(C,K)P\text{Dec}: (C, K) \to P. For the algorithm to be mathematically sound, the following relationship must hold for all valid inputs (P,K)(P, K): P=Dec(Enc(P,K),K)P = \text{Dec}(\text{Enc}(P, K), K)
Let MM be the message space, KK be the key space, and EncK:MC\text{Enc}_K: M \to C be the encryption function. Define the set of authorized keys KauthKK_{auth} \subset K. Confidentiality is satisfied if, for any unauthorized key KunauthKKauthK_{unauth} \in K \setminus K_{auth}, the decryption operation DecKunauth(EncKauth(M))\text{Dec}_{K_{unauth}}(\text{Enc}_{K_{auth}}(M)) yields a result MM' such that the probability of MM' being indistinguishable from random noise is high, i.e., Pr(DecKunauth(EncKauth(M))=M)0\text{Pr}(\text{Dec}_{K_{unauth}}(\text{Enc}_{K_{auth}}(M)) = M) \approx 0.
Let SS be a system asset, and let C={C1,C2,,Ck}C = \{C_1, C_2, \dots, C_k\} be a set of kk independent security controls, where CiC_i protects SS against a specific threat τi\tau_i. Define the failure state Fail(Ci)\text{Fail}(C_i) as the event where control CiC_i is bypassed or fails. The system remains secure if the intersection of all failure events is empty: Pr(Fail(C1)Fail(C2)Fail(Ck))0\text{Pr}(\text{Fail}(C_1) \cap \text{Fail}(C_2) \cap \dots \cap \text{Fail}(C_k)) \approx 0.