How did Alice & Bob forget that Eve was listening?

Some might say it is "an albatross around my neck" or a biblical reference to "a millstone around my neck", but to those in cybersecurity who do their job correctly, it may feel like a thankless job, because we know the hackers get all the attention.

"Eve" is that relentless threat actor who looks for that loose brick in the wall - The wall that someone who has designed and spent energy on building that wall. For that threat actor, the same high energy is used to find the vulnerabilities and exploits thru cracks in the walls.

Rethinking the energy used with randomness & uncertainty in mind

In physics, the term entropy is a measure of a system's thermal energy, which is related to the level of random motion of molecules. So how do we build that wall with some notion of randomness, disorder, or uncertainty without the wall failing?

In cybersecurity, entropy is a measure of the uncertainty an attacker faces in determining the value of a secret. It's usually stated in bits, where a value with n bits of entropy has the same degree of uncertainty as a uniformly distributed n-bit random value.

In the context of cryptography, entropy is related to random number generation and refers to the "amount of unpredictable randomness" in a physical system. A lack of good entropy can leave a cryptosystem vulnerable and unable to encrypt data securely.

With this in mind, securely encrypting data thru the use of cryptographic keys is a foundational element for cybersecurity and helps maintain secure networks for client-server communications. "Alice" and "Bob" can mutually authenticate at each end of their network connection.

Mutual TLS, or mTLS, is a method for mutual authentication. It ensures that both parties at each end of a network connection are who they claim to be. mTLS verifies that both parties have the correct private key, and the information within their respective TLS certificates provides additional verification.

mTLS establishes an encrypted TLS connection in which both parties use X. 509 digital certificates to authenticate each other. Certificates can be a safeguard against malicious network impersonators - aka "Eve".

Key Management as a Service (KMaaS)

Cryptographic keys play a vital role in safeguarding sensitive information. Through a series of characters or numbers, data can be encrypted and decrypted, thus ensuring its confidentiality and integrity. However, managing these keys effectively can be a complex and resource-intensive task for organizations.

Network Service Providers continue to look for new areas to realize a return on invested capital by leveraging the As-A-Service (AAS) deployment & business model.

KMaaS or better yet, thinking of the future state of quantum computing, Entropy-as-a-Service can serve business customers, internal or external, by shifting the traditional ownership by evolving around providing a service on a non-ownership basis.

Why does this matter?

Moreover, the number of data compromises reported in the U.S. in the first half (H1) of 2023 is higher than the total compromises reported every year between 2005 and 2020, except for 2017. For the H1 ending June 30, 2023, there were 1,393 data compromises reported, including 951 in the second quarter (Q2). Since 2005, only the full years of 2017, 2021 and 2022 have exceeded the number of compromises recorded in the first six months of 2023.

As we continue to live in this ubiquitous interconnected world, lest we forget about the cybersecurity professionals who strive to manage & mitigate security risks.

Just because your phone works and you're connected to the Internet, remember it is 10 o'clock, do you know where your keys are?