The ProblemToday's digital infrastructure has put your wallet on the cyber equivalent of one of those rotating watch displays in a jewelry store. The kind with the fancy lights to make the bling bling -- it's sooo tempting. You can understand if we feel an uncontrollable urge to pick up that wallet and take out all the cash, right? It’s your own fault for buying socks on the internet last year.
There is a solution, so don’t panic. All you need is good computer security. This means you need the digital equivalent of a safe, a mean dog,
a scary-looking guy in a uniform, some cameras, and a whole bunch of other
things that are super complicated and impossible to explain without putting you
into a coma.
But this time is different. I
am going to explain every detail of computer security so clearly and simply that the veil of confusion on this topic will be lifted, and your blinders removed, until you find yourself standing in a tower of pure understanding, awestruck at the majesty of truth revealed below. (Note to self: cut back to four shots of espresso in my Americano.)
EncryptionOne of the most important is something called encryption. Encryption is when you take something clear, legible and easy to understand, and make it look like chaos. Anyone who finds encrypted data will have the same reaction as someone peering into your bedroom: "I can't deal with this mess! I have to go!!" It’s like turning an Oxford lecturer into a crazy street person. It’s like taking a recipe for cinnamon rolls and turning it into an article on computer security.
How do we encrypt things? Well, imagine taking a book and
putting it into a paper shredder. Now take all those little strips and
rearrange them, completely randomly but not really, because you wrote down which strip goes where in another book. Next, burn all the little strips along with the book that tells you how to put them together.
Then take the ashes and chemically convert them into unbreakable bricks. Now take those
bricks and throw them at anyone who looks at you funny. The metaphor is not quite
correct, probably because it’s mostly inaccurate, but let’s move on to the next
topic quickly.
The next thing you need to understand is trust. Go ahead. Close your eyes and lean backwards. No, no, I meant metaphorically! Sigh.
You establish trust by starting at the top with someone who is a 100% trusted authority. Someone you can really count on. Let's call her "Mom." How do you know you can trust her? You hear her voice in your head every day telling you what a disappointment you are.
Hmm... let's go right to the top, God. Of course, God has a lot on his plate, so he has assigned various agents to help out with administrative tasks like these. However, these agents are also extremely busy dealing with the cacophony of requests for pimple removal and better looking dates. This means another level of delegation must occur, often many levels deep, until finally we end up back at your mom or maybe in the reception area of your local church/temple/mosque.
ExampleSo now let's apply all these concepts in a real world scenario. Some guy who says his name is Jim starts talking to you in front of Starbucks. He's telling you he's your friend, but a tiny voice in your head is expressing some concern and doubt about this, probably because this is the first time you've met Jim.
How can we verify that Jim really is your friend? Computer security to the rescue! Jim pulls out a piece of paper, a digitally signed certificate, that he assures you was given to him by the minister in a local church. It states that Jim really is a trustworthy fellow.
Ah, but you are smart. You just read an article on computer security. You know that this may be a forgery -- something Jim wrote himself, perhaps minutes before he asked you for money. You issue a challenge to him, asking him to confirm that the certificate is authentic.
Jim pulls out a second piece of paper, a Certificate of Authenticity, which states that the other piece of paper is valid and can be trusted. How do we know that it actually refers to the other piece of paper and is itself valid? The answer is simple. It has also been digitally signed by a bishop at another well-respected church. And it has been digitally stapled to a copy of the first piece of paper. And it has a hologram sticker on it with a very nice picture of a saint.
Jim has a suitcase full of these little pieces of paper and he's waving them around in front of your face until you start to zone out. In fact you feel like you are being... hypnotized... HEY! Where's your wallet? Dammit, you made a rookie mistake! This is why you need to understand computer security!
