Pattern is highly repeatable. Every time I am asked to work on security, even before I have asked what the requirements are, other team members have a ready made security design. Key management? That's easy, we'll embed a key in source code of two end points, and both use the same key, so they are secure. Right? Wrong !!! I have heard it repeated so many times, and seen this approach used in so many products (some of them from top rated tech companies) that it's laughable.
This seemingly simple solution is no solution at all. This solution is actually in search of a problem. What is the security problem that we are trying to solve? There is only one thing this key management solution is good for and that is if there is a reason to hide clear text data from naked eye. That's the only level of protection this scheme gives. Other than this, there is no other security benefit of this approach. Even then, almost always when non-security engineers hear the word 'key', default assumption is that it's about encryption. If they have inserted a key in the design, and applied an algorithm, without even giving a serious thought to what algorithm to use and why, all security problems magically disappear.
Now, I am not saying that those engineers are dumb, it's just that they are not aware of security requirements which may or may not be directly related to a product function. For example, when engineers are developing a protocol, they are thinking in terms of utility of the protocol, not about how somebody will try to break that. It's the difference between mindset of creating vs. destroying. Security is about figuring about how many ways it is possible to destroy something and once you know that then figuring out the solutions to protect against those destructive techniques.
Good news is, so far all the stories have ended well. Once we dive into the mechanics of security requirements and discuss about what needs to be done and why, engineers do understand. Although, some do complain about increasing their work :) Oh well, that's fine by me.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment