NoteVerse

Computational Security

Comprehensive study notes, diagrams, and exam preparation for Computational Security.

Computational Security

Definition

Computational Security is the branch of security that uses computational and algorithmic principles to protect digital systems and information against threats, while often assuming that attackers have limited computational power or that security mechanisms can be measured in terms of feasible computation.

In simple words, it studies how to make security guarantees for computers and networks based on what attackers can or cannot realistically compute, break, guess, or exploit.

Main Content

1. Security Goals and Principles

Computational security is built on core security objectives that define what must be protected and how. These objectives are commonly known as the foundational principles of security.

Confidentiality, Integrity, and Availability (CIA Triad)

  • Confidentiality means that information should be accessible only to authorized users. For example, a student’s exam records should not be visible to other students.
  • Integrity means that data must remain accurate and unaltered except by authorized changes. For example, a bank balance should not be modified without proper authorization.
  • Availability means that systems and information should be accessible when needed. For example, an online class portal should remain available during exam submission time.

Authentication, Authorization, and Accountability

  • Authentication verifies identity. A password, fingerprint, OTP, or smart card helps confirm that a user is who they claim to be.
  • Authorization determines what an authenticated user is allowed to do. For example, a teacher may access grade submission tools, but a student may not.
  • Accountability ensures actions can be traced to a user or process. Logs, audit trails, and digital signatures support this principle.

These principles are the foundation of all secure computational systems. If one of them is weak, the system can become vulnerable. For example, if authentication is weak, an attacker may impersonate a valid user; if integrity protection is weak, attackers may modify records without detection.

A simple view of these relationships is:

User Request
    |
    v
Authentication ---> "Who are you?"
    |
    v
Authorization  ---> "What are you allowed to do?"
    |
    v
Logging/Audit  ---> "What did you do?"

Together, these principles help ensure that computational systems behave safely and reliably.

2. Cryptographic Foundations

Cryptography is one of the most important tools in computational security. It transforms readable information into secure forms and provides methods for verifying identity, ensuring data integrity, and protecting communication.

Encryption and Decryption

  • Encryption converts plaintext into ciphertext using an algorithm and a key.
  • Decryption reverses the process and restores the original data.
  • Example: A message sent over the internet can be encrypted so that even if intercepted, it cannot be read without the correct key.

Types of Cryptography

  • Symmetric-key cryptography uses the same key for encryption and decryption. It is fast and suitable for large data volumes. Example: AES.
  • Asymmetric-key cryptography uses a public key and a private key. It is useful for secure key exchange and digital signatures. Example: RSA, ECC.

Hash Functions and Digital Signatures

  • A hash function produces a fixed-length output from input data. It is used to check integrity.
  • A digital signature proves that a message came from a specific sender and has not been altered.
  • Example: Software updates are often signed digitally so users can verify authenticity before installing them.

Cryptography protects data in three major states:

Data at rest

  • : stored files, databases, backups

Data in transit

  • : data moving across networks

Data in use

  • : data being processed in memory or by applications
Plaintext --encrypt with key--> Ciphertext --decrypt with key--> Plaintext

Without cryptographic protection, attackers can read, alter, or impersonate digital communications much more easily. Cryptography therefore acts as the mathematical backbone of computational security.

3. Threat Models, Attacks, and Security Mechanisms

Computational security is not complete without understanding threats. A threat model describes the kinds of attackers, capabilities, and resources a system must withstand. Security mechanisms are then designed to counter those threats.

Common Threats and Attack Types

  • Malware: harmful software such as viruses, worms, ransomware, and spyware.
  • Phishing and social engineering: techniques used to trick users into revealing passwords or sensitive information.
  • Brute-force attacks: repeated guessing of passwords or keys.
  • Man-in-the-middle attacks: interception and possible alteration of communication between two parties.
  • Denial-of-Service (DoS) and Distributed DoS (DDoS): flooding a service to make it unavailable.
  • Privilege escalation: gaining higher access rights than intended.

Security Controls and Defenses

  • Firewalls and access control rules help block unauthorized traffic.
  • Multi-factor authentication (MFA) reduces the risk of stolen credentials.
  • Patch management fixes known vulnerabilities in software.
  • Intrusion detection and prevention systems monitor suspicious activity.
  • Backup and recovery strategies help restore systems after attacks or failures.

Principle of Least Privilege and Defense in Depth

  • Least privilege means giving users and processes only the permissions they need.
  • Defense in depth means using multiple layers of protection so that if one layer fails, others still protect the system.
  • Example: A secure application may combine MFA, encryption, server hardening, logging, monitoring, and backups.

A layered security approach may look like this:

[User]
  |
[Authentication]
  |
[Authorization]
  |
[Application Security]
  |
[Network Firewall]
  |
[Operating System Security]
  |
[Hardware / Physical Security]

Attackers often exploit the weakest link, so computational security emphasizes a layered, systematic defense rather than a single protection measure.

Working / Process

1. Identify Assets, Threats, and Security Requirements

The first step is to determine what needs protection. Assets may include user accounts, financial records, intellectual property, personal data, servers, and communication channels. The system designer then identifies possible attackers, attack methods, and consequences of compromise. For example, a healthcare system must protect patient records with high confidentiality and integrity because unauthorized access could cause legal, ethical, and safety problems.

2. Design and Apply Security Mechanisms

After identifying risks, appropriate protection mechanisms are implemented. This may include encryption, secure authentication, role-based access control, secure coding practices, network filtering, digital signatures, backups, and logging. The selection depends on the system’s purpose and threat level. For example, an online payment platform needs strong cryptography, transaction verification, fraud detection, and strict access control.

3. Monitor, Test, and Improve Continuously

Security is not a one-time task. Systems must be continuously monitored for suspicious behavior, updated with security patches, and tested through audits, vulnerability scanning, and penetration testing. Logs should be reviewed, incidents investigated, and controls improved over time. As attackers develop new techniques, defensive systems must evolve as well. This ongoing cycle keeps the system secure in practice, not just in theory.

Advantages / Applications

Protects Sensitive Information

  • Computational security prevents unauthorized access to personal, financial, medical, academic, and business data.
  • Example: Encrypted messaging apps protect private conversations from interception.

Ensures Trust in Digital Systems

  • Users are more confident using online banking, e-commerce, cloud storage, and digital government services when security is strong.
  • Example: Digital signatures help verify that software updates are authentic and untampered.

Supports Critical Real-World Applications

  • Computational security is essential in areas such as banking, defense, healthcare, cloud computing, e-learning, IoT devices, and industrial automation.
  • Example: In hospitals, secure systems help protect patient records and maintain the reliability of life-critical equipment.

It also improves system resilience, reduces fraud, strengthens privacy, and helps organizations meet legal and regulatory requirements.

Summary

  • Computational security protects digital systems and information using structured technical methods.
  • It depends on security goals like confidentiality, integrity, availability, authentication, authorization, and accountability.
  • Cryptography and layered defenses are key tools for building secure systems.
  • Important terms to remember: confidentiality, integrity, availability, encryption, decryption, authentication, authorization, hash function, digital signature, threat model, and defense in depth.
← Prev: Historical Ciphers
Next: Semantic Security and Pseudorandom Generators (PRGs) →