Probably Secure: What Absolute Security Really Means
Many people view security as some absolute state. “Is my computer secure? Is this website secure?” No one who’s asking these questions wants a spiel on the exact details, but are looking for a binary answer: “yes” or “no”. In reality, if something is “secure”, we’re really saying that we believe any relevant risk is within tolerance. All security is probabilistic at a base level whether it be the algorithms used, mistakes made, or just an unfortunate series of events.
Encryption algorithms take a key as input and scramble data to make it unintelligible but can also revert the scrambled data back into its original form. There are very few encryption algorithms that don’t rely on probabilistic properties for their security. If an adversary were to guess this key, they would be able to decrypt (i.e. unscramble) the data. The building blocks of national defense, e-commerce, and everyday life rely on secure communication.
Are we then just hoping the enemy never guesses the key? Technically yes, but our confidence in the algorithms is generally well-founded. The most popular encryption algorithm is probably the Advanced Encryption Standard (AES). At its maximum security level, cracking AES is equivalent to guessing 256 coin flips in a row. That’s less than a 1 in 115 quattuorvigintillion (1.15e29) chance. But just using encryption is no silver bullet. What if I wrote the key on a sticky note and stuck it to my monitor? What if it’s just my dog’s name? What if the software is implemented incorrectly? There may even be ways for adversaries to completely circumvent dealing with the encryption at all.
Defense in Layers
How do we mitigate threats if we can never make a mistake? The answer lies in a heavily-studied, 2001 film. Security is like an onion: it has layers. What we’re banking on is that an adversary can’t figure out how to break every security mechanism that lies between them and their goal, or that they at least buy us enough time to stop an intruder once detected. Each layer’s security that is not dependent on any other decreases the probability of a successful attack multiplicatively. If there are three layers and each has a 1% chance of being breached, then there’s only a one in a million chance of all three being breached.
However, throwing on more layers is not always good. Let’s reuse the last example but add in that every layer cost $1,000 annually to maintain (all of these numbers are entirely arbitrary). If we already have three layers, is paying another $1,000 worth .000099% less chance of being hacked? The price stays the same, but we receive diminishing returns. Eventually, the damage to our wallets will be more than the damage caused by potential adversaries.
Security is a balancing act in which the value must at least be equal to the cost. At some point, we have to decide that an adversary that can reverse-ollie their keyboard through a flaming hoop is an acceptable risk. Are my emails secure? Probably.