Secure Application Design
Table of Content
Three core ingredients are required to build secure applications: The first ingredient is a detailed risk analysis that allows us to have a clear understanding on the application’s core assets that need to be protected, such as confidential data or correct functions (e.g., a car’s braking system). By having this clear view, we are able to identity risks (e.g., stealing data, deactivating the car’s brakes), which we can be lowered or in the best case eliminated by integrating security functions. These functions can be categorized into two further ingredients: Organizational and technical security functions. Whereas the former consists of processes related to procedures that are implemented outside of the technical scope of the application (e.g., policies on passwords, NDAs and other legal and/or contractual issues), the latter focuses on technical means to harden the application against attacks. If we further break down the technical means, we will see that there are various sub-ingredients, such as secure coding (e.g. avoiding code-injections), providing regular security updates, or using cryptographic functions to protect the applications assets. The latter – applying cryptographic functions – will be the core focus of this lecture.
In the lecture, we will focus on the available cryptographic primitives as building blocks that are combined to higher level cryptographic functions for achieving confidentiality and authenticity (and thereby integrity). While it is a rather trivial task to actually encrypt or sign data, or create e.g., password-hashes, there is a huge range of auxiliary tasks that need to be taken into consideration. Any cryptographic key that is used in a cryptographic operation needs to be deployed, stored and used securely, exchanged over the application’s lifetime and decommissioned in case of a breach. Also, we need to establish trust-relationships between communicating entities to ensure authenticity and furthermore, the cryptographic primitives, such as hash-functions or symmetric/asymmetric encryption algorithms need to be arranged in higher level protocols to achieve the desired goals.
The lecture will give a recap on the core properties of cryptographic primitives, which will themselves be regarded as a black box: e.g. an RSA-based signature algorithm or an ECC-based signature algorithm achieve the same results from an application’s point of view regardless of the huge differences in their mathematical or structural nature (hint: if you are interested in how ECC, RSA or the AES algorithm actually works, there are other lecture for that). After having a clear view on the available building blocks and their protective functions the lecture will focus on the primary task on how to build secure functions and applications by considering all aspects: key delivery, key storage and usage, trust-models, or high-level crypto protocols. To do so the lecture will focus on two to three real world examples, whose cryptographic functions will be built up from scratch dealing with all required aspects. Those examples will likely be from the areas of automotive security, secure authentication and a blockchain application.
The practical assignments will focus on the actual usage and deployment of cryptographic primitives and their associated keys.
Exam: There is a (written) exam after the lecture or on request. The practical exercise is done via a programming exercise.