Physical and Digital Security Mechanisms: Properties, Combinations and Trade-offs

A. van Cleeff

    Research output: ThesisPhD Thesis - Research UT, graduation UT

    1803 Downloads (Pure)

    Abstract

    The usage of information technology implies the replacement of physical systems with digital systems: we use information technology because some properties of software, such as high speed, low cost and high accuracy, are more desirable than the corresponding properties of physical systems. Unfortunately, digital systems are not uniformly more secure than physical systems and automation can have a negative effect on the confidentiality, integrity and availability of information. Specifically, the Internet helps to spread information,which makes it harder to keep it confidential. The increased connectivity caused by the Internet makes organizations become “de-perimeterized‿: the physical barriers that once separated them are breaking down. We observe however that there is no extensive and structured body of knowledge on the differences between physical and digital systems and the way that de-perimeterization takes place. Obtaining this knowledge becomes more important now that physical and digital systems are merging in the Internet of Things:only when we understand the differences between physical and digital systems can we truly design secure combinations such as smart buildings with cameras and door locks operable by mobile phone. Developing this knowledge starts with a simple conceptual framework: systems range from being completely physical to completely automated. The former only use physical security mechanisms, whereas the latter only use digital security mechanisms. In between these lies a mixed category of hybrid systems, which can use both digital and physical security mechanisms. Following this framework we study the security of physical, digital and hybrid systems in four domains: access control, voting in elections, IT infrastructure and rights management. We begin with investigating the underlying properties of physical and digital systems: characteristics of a physical or digital object that, under specific conditions, have positive or negative effects on security. In total we present twenty physical and five digital security properties. These properties are then used to identify the differences between physical and digital security in each case. Next we examine vii viii hybrid systems to understand how to combine physical and digital security, and what the trade-offs are between these two. Finally, these results are used to create two methods that help improve information security: A method for assessing security risks of physical, digital and hybrid systems. This method is built around security properties: they are used to understand the security of existing systems (by identifying the properties and how they could change) or to design new systems (by building in those properties and conditions that have positive effects on security). A method for assessing the security of hybrid systems through security patterns. These patterns are reusable designs that show how to combine physical and digital security optimally. We present a total of thirteen patterns that are useful both to design and to evaluate the security of hybrid systems. Both methods were tested successfully in a focus group meeting with security experts.
    Original languageUndefined
    Awarding Institution
    • University of Twente
    Supervisors/Advisors
    • Wieringa, Roelf Johannes, Supervisor
    • Pieters, Wolter , Advisor
    Thesis sponsors
    Award date3 Jun 2015
    Place of PublicationEnschede
    Publisher
    Print ISBNs978-90-365-3884-8
    DOIs
    Publication statusPublished - 3 Jun 2015

    Keywords

    • Physical and Digital Security Mechanisms
    • IR-95959
    • METIS-310552
    • SCS-Cybersecurity
    • EWI-26068

    Cite this